Jim is the co-chair of our privacy and cybersecurity practice. He advises emerging startups to Fortune 100 companies on a range of issues, including global privacy compliance, security/cybersecurity and breach response, data use policies and regulatory investigations, and enforcement actions or class-action litigations relating to privacy and cybersecurity practices. Jim also has extensive experience helping companies with new and emerging technologies, including analytics, machine learning, social media, mobile, location-based services, internet of things, behavioral advertising, autonomous vehicles/connected cars, smart homes/cities, biotech/medical devices, genetics, blockchain security and others.
Jim is ranked by Chambers Global among the world’s leading lawyers for U.S. Privacy and Data Security (2020). He has also been honored by The Legal 500 as a top lawyer in cyber law, including data privacy and data protection and recognized in the National Law Journal’s inaugural list of Cybersecurity Trailblazers.
Key highlights from Jim’s practice include:
- Over the last ten years, he has represented global clients in the financial services, retail, pharmaceutical/healthcare, cable, telecommunications, car rental, airline, social media, technology and manufacturing industries, including 35% of the companies currently in the Fortune 100
- Represented an array of global clients on privacy and data security projects involving more than 125 countries
- Co-founded the International Association of Privacy Professionals (IAPP)
Drawing on his experience and reputation with regulators, Jim also regularly advises companies on compliance practices and through regulatory investigations. His work has included serving as the lead subject matter expert designing security, privacy and business solutions in a number of the recent high-profile U.S. Federal Trade Commission (FTC) and U.S. Department of Health and Human Services’ Office of Civil Rights (OCR) enforcement proceedings involving social media, mobile and healthcare companies, including:
- The first two FTC privacy consent decrees
- The first FTC “Comprehensive Information Security Program” case
- The first four FTC “Comprehensive Privacy Program” cases
- The first FTC mobile security case
- The two largest OCR HIPAA enforcements
Jim recently served as an expert to the OCR in connection with the agency’s efforts to modify the HIPAA compliance protocols and enforcement procedures, and served as an expert to the Consumer Financial Protection Bureau (CFPB) regarding data analytics and de-identification of sensitive information. Jim also acted as an expert on behalf of the FTC in several landmark cases relating to email privacy and security enforcements.
Prior to joining Fenwick, Jim led the privacy and cybersecurity practice of an Am Law 100 firm. Prior to that, Jim built and globally led the privacy practice and co-led the security response and data management practices at PricewaterhouseCoopers and Booz Allen—two global consulting firms. In these roles, Jim has helped some of the largest companies in the world audit, build and enhance privacy, security and cybersecurity controls and respond to high-profile cyber-attacks and regulatory investigations and audits.
Jim has also previously held senior marketing, management and legal positions at QVC, MaMaMedia.com (a children’s education internet startup) and another international law firm. He is also a named inventor or co-inventor on six patent applications relating to security and privacy-enhancing technologies.
Jim is “one of the most business-minded outside counsel available. Jim has the unique ability to take complex, often still-evolving privacy laws and turn them into something that companies can begin executing in practice. He is also a pleasure to work with.”
- “IoT and Other Innovations and Impact in Digital Health Privacy,” IAPP Privacy-Security-Risk Conference, October 2018 (panelist)
- “Managing Creative Genius – Balancing Innovation with Respect for Consumer Privacy,” In-House Counsel Summit on Privacy & Security, September 2018 (keynote panelist)
- “GDPR: Analysis of Forecast Data Privacy Authority Enforcement Actions Impacting Healthcare,” Life Science Data Privacy Governance & GDPR Alignment Conference, July 2018 (keynote speaker)
- “The Autonomous Turtle Wins the Race – Managing Privacy and Security in Faced-Paced Technology Development and Innovation, TechGC NY Meeting, January 2018 (keynote speaker)
- “Talking Tech about EU General Data Protection Regulation (GDPR), Bloomberg eDiscovery Live Event, November 2017 (panelist)
- “Convenient or Creepy? – Navigating Privacy to Realize the Promise of Connected Cars,” TEDx Talk, October 2017 (keynote speaker)
- “Privacy Shield and GDPR – A World of Difference,” TechLaw Brazil Conference, October 2017 (panelist)
- "General Data Protection Regulation – One Stop Shop…Really?” Privacy + Security Forum, October 2017 (panelist)
- “The Countdown is On – Tips to Quickly Address GDPR’s Toughest Areas,” CBI’s Data Privacy for Life Sciences Summit, October 2017 (panelist)
- “General Data Protection Regulation – A Roadmap to Quick GDPR Compliance,” Bloomberg Law, Inside Counsel and ALM Webinar, October 2017 (panelist)
- “RegTech for Privacy and the Envisioned Future,” The Alliance of Global Privacy Solution Providers GDPR Compliance Conference, October 2017 (keynote panelist)
- “The Ins and Outs of Cloud Computing for the Legal Industry,” ALM Webinar, August 2017 (panelist)
- “Benchmarking Your GDPR Compliance: Will You Make the Grade?” TrustArc Privacy Insight Series Webinar Program, July 2017 (panelist)
- “GDPR Halftime Report – Will Companies Make It Across the Finish Line,“ TRUSTe, Privacy Risk Summit, June 2017 (keynote panelist)
- Align Technology
- InMobi Technologies
Education & Admissions
J.D., University of Miami School of Law
Massachusetts Institute of Technology
Certified Information Privacy Professional
Admitted to practice in New York