Skip to main content

Fifteenth Annual Institute on Privacy and Data Security Law 2014

 
Author(s): Lisa J. Sotto, John B. Kennedy, Thomas J. Smedinghoff, Francoise Gilbert
Practice Area: Health Care, Intellectual Property, Privacy & Cybersecurity
Published: May 2014
PLI Item #: 51896
CHB Spine #: G1185, G1186

John Kennedy is a partner in Wiggin and Dana’s Corporate Department and a member of the Information Technology and Outsourcing, and Privacy and Information Security Groups.

In 25 years of practice, Mr. Kennedy has focused on transactions and counseling in the law of information technology, data privacy and security, intellectual property and e-commerce. His transactional practice includes outsourcing, software development and licensing, e-commerce transactions, technology transfer and intellectual property-intensive M&A, divestitures, joint ventures and re-structurings. His clients have included Fortune 500 as well as emerging companies in the financial services, technology, communications, media, energy and consumer products sectors.

Mr. Kennedy has negotiated complex information technology (IT) outsourcing services agreements involving cloud computing, IT infrastructure and software procurement, systems integration, software development and maintenance, voice and data services and disaster recovery and business continuity. He has also negotiated business process outsourcing (BPO) agreements for call centers and customer support services, finance and accounting services, human resources administration, enterprise procurement services, government passport and visa services, research and development services and supply chain management. His work in this area includes advising clients on all stages of the contract process, including RFP preparation and evaluation, vendor diligence, negotiation of definitive agreements and ongoing advice concerning governance, dispute management and amendments.

In Mr. Kennedy’s extensive practice in information privacy and security law, he has represented clients in connection with risk and compliance assessments of data privacy policies and practices, data breach preparedness and response, regulatory investigations of data practices, behavioral advertising campaigns and ‘privacy by design’ analyses of products and services in social media and mobile e-commerce, corporate information governance programs, international data transfers and compliance with U.S. state and federal data privacy and information security laws. His clients in this area include companies in the financial services, technology, media, energy and consumer products industries. He is the author of numerous articles on privacy and data security and since 2000 has co-chaired Practicing Law Institute’s Annual Privacy and Data Security Law Institute. Bloomberg BNA recently published Mr. Kennedy’s Privacy & Data Security Practice Portfolio Series, Cybersecurity and Privacy in Business Transactions: Managing Data Risk in Deals (March 2015).

He has been named in the Who’s Who of Business Lawyers for 2012 for Internet, e-Commerce and Data Protection (for more about the standards for inclusion in Who’s Who of Business Lawyers, please see www.whoswholegal.com/wwl100/methodology). Chambers USA ranks Mr. Kennedy nationally in their Outsourcing category (for more information about the standards for inclusion in Chambers USA, please see www.chambersandpartners.com/methodology). The Best Lawyers in America has named him for his work in Information Technology Law since 2009 (for more about the standards for inclusion in The Best Lawyers in America, please see www.bestlawyers.com/about/methodologybasic. aspx).  Recently he was elected to the The American Law Institute, the leading independent organization in the United States producing scholarly work to clarify, modernize, and otherwise improve the law.

Mr. Kennedy received his J.D. from Columbia Law School. He was a William Rainey Harper Fellow at the University of Chicago, where he earned an M.A. in English and American Literature, and graduated magna cum laude from Carleton College.


Named among The National Law Journal’s “100 Most Influential Lawyers,” Lisa Sotto is the managing partner of the firm’s New York office and chairs the firm’s top-ranked Global Privacy and Cybersecurity practice.  She also serves on the firm’s Executive Committee.  Ms. Sotto was voted the world’s leading privacy advisor in all surveys by Computerworld magazine and was recognized by Chambers and Partners as a “Star” performer (the highest honor) for privacy and data security.  Ms. Sotto also is recognized as a “leading lawyer” by The Legal 500 United States for cyber crime and privacy and data security.  She serves as the Chairperson of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. 

Ms. Sotto was named one of Ethisphere Magazine’s 2015 “Attorneys Who Matter,” listing attorneys who “have risen to the top,” and was named among The National Law Journal’s 2015 “Cybersecurity & Data Privacy Trailblazers” and “Regulatory & Compliance Trailblazers.”  She has been profiled in numerous publications including the Crain’s New York Business feature “Lawyer Goes Into the Breach” and the SC Magazine feature “Women of Influence.”  She also was featured as “The Queen of Breach” in an article by New York Super Lawyers Magazine.  Ms. Sotto is the editor and lead author of the legal treatise entitled Privacy and Data Security Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business. 

In 2014, Ms. Sotto was selected to represent the U.S. Chamber of Commerce to present a report, “Business Without Borders: The Importance of Cross-Border Data Transfers to Global Prosperity,” which the firm prepared in collaboration with the Chamber.  The two-day workshop was hosted by AmCham Indonesia and the U.S. Chamber of Commerce in Jakarta, Indonesia.  In addition, in 2012, Ms. Sotto was selected to advise the Serbian government on global data protection law and to draft the country’s data security and breach notification laws.  Her work in Serbia was sponsored by the USAID-funded Judicial Reform and Government Accountability Project.

Ms. Sotto is co-chair of the International Privacy Law Committee of the New York State Bar Association, chair of the New York Privacy Officers’ Forum, and former member of the Board of Directors of the International Association of Privacy Professionals.  Ms. Sotto received her J.D. from the University of Pennsylvania Law School, where she was an editor of the Law Review.  She received her B.A. from Cornell University, with Distinction in All Subjects.  She is admitted to practice in New York and the District of Columbia.


Francoise Gilbert, a partner at Greenberg Traurig, is the author of the two volume treatise “Global Privacy and Security Law” (Wolters Kluwer Publishing), covering 68 countries. Her practice has focused on information privacy and security for more than 25 years. Interested in the challenges raised by hackers such as Robert Morris and Kevin Mitnick in the late 1980’s and early 1990’s, she began conducting extensive research of the existing laws. In 1991, she published her first law review article on Breaches of Security and started working with clients on the legal issues stemming from attacks on their systems. In 1992, she became involved in emerging health security and privacy issues in the use of technology for telemedicine services. In this connection, throughout the 1990’s, she contributed to the drafting of several federal and state bills that were the predecessors of HIPAA.

Since then, her practice has evolved as privacy and cyber security laws and jurisprudence were developed in the United States and globally. Francoise deals regularly with compliance challenges raised by cloud computing, connected objects, smart cities, big data, mobile applications, wearable devices, social media, data analytics, artificial intelligence, internet of things, autonomous vehicles and other cutting-edge developments. As a practicing attorney, she advises public companies, emerging technology businesses and non-profit organizations, on the entire spectrum of domestic and international privacy and cyber security issues legal issues. Sample engagements include, compliance, product strategy, privacy-by-design, privacy policies, mergers & acquisitions, cross border data transfers and global privacy programs.

Françoise holds law degrees from Paris University (France) and Loyola University (Chicago, Illinois) and a graduate degree in Mathematics from Paris University (France). She is accredited as a Certified Information Privacy Manager (CIPM) and a Certified Information Privacy Professional (CIPP/US, CIPP/E).

Internationally recognized as a thought leader and expert in data privacy and cyber security, Francoise Gilbert has been continuously praised for her experience and in-depth knowledge of this area. She was named “2014 San Francisco Lawyer of the Year” by Best Lawyers for her work in information privacy and security, and a “Cybersecurity and Privacy Trailblazer” by the National Law Journal in 2015.  She is listed in Chambers USA and Chambers Global (since 2008), Best Lawyers in America (since 2007), and Who’s Who in Ecommerce and Internet Law (since 1998). Françoise has also been recognized as one of the US “top privacy advisers” by Computer World and as an “attorney who matters” by Ethisphere.


Thomas J. Smedinghoff is Of Counsel in the Privacy & Cybersecurity Practice Group in the Chicago office of Locke Lord LLP.  His practice focuses on the developing field of information law and electronic business activities, with an emphasis on electronic transactions, identity management, data security, privacy, and online authentication.

Mr. Smedinghoff has been actively involved in developing e-business, e-signature, identity management, and data security legal policy both in the U.S. and globally.  He currently serves as Chair of the Identity Management Legal Task Force of the American Bar Association (ABA) Section of Business Law, and Co-Chair of its Cybersecurity Committee.  Mr. Smedinghoff is also a member of the U.S. Delegation to the United Nations Commission on International Trade Law (UNCITRAL), where he participates in the Working Group on Electronic Commerce. In that capacity, he helped to negotiate the international e-commerce treaty titled the United Nations Convention on the Use of Electronic Communications in International Contracts, and will soon be working with UNCITRAL to address international eID issues.

Mr. Smedinghoff is author of the book titled Information Security Law: The Emerging Standard for Corporate Compliance, (2008), and the editor and primary author of the e-commerce book titled Online Law: The Legal Guide to Doing Business on the Internet (1996).