Jennifer L. Urban

Foley & Lardner LLP

As Co-Chair for Cybersecurity and Privacy within Foley & Lardner LLP’s Innovative Technology sector and one of the founding members of the Midwest Cyber Security Alliance (MCSA), Jennifer L. Urban (née Rathburn) is dedicated to helping clients navigate evolving privacy, cybersecurity, and innovative technology issues. She advises on data protection programs, incident management, breach response and recovery, monetization of data, Internet of Things, artificial intelligence, de-identification, and other emerging hot topics by leveraging her deep understanding of the complex risk, operational, and legal concerns companies must address to maintain their data.With these issues requiring a multidisciplinary, scalable approach, Jennifer recognizes that legal advice may only address part of an issue. To provide end-to-end advice, she helps clients understand the additional services they may need to meet best practices and solve their issues by bringing her network of IT security, incident response, privacy, and other partners to the table.

Jennifer is also a member of the firm’s Technology Transactions & Outsourcing, Privacy Security & Information Management, and Environmental, Social, and Corporate Governance (ESG) practices. She routinely helps clients prepare for (and respond) to data security incidents, from preparing incident response plans and advising on cybersecurity programs to handling the breach notification response process. She regularly advises boards on current best practices and conducts table top exercises to help organizations prepare for cyber attacks.

Additionally, Jennifer guides clients in all aspects of preparing for and maintaining compliance with U.S. and global privacy and data security laws, including the California Consumer Privacy Act of 2018 (CCPA), the EU’s General Data Protection Regulation (GDPR) and other emerging U.S. and global laws, frameworks and guidance. Such efforts include conducting readiness and gap assessments, performing data mapping, reviewing and revising policies and procedures, updating customer and employee-facing privacy and consent notices, developing data subject request policies and procedures, drafting and negotiating third-party vendor templates and global transfer agreements, evaluating the appointment of a Data Protection Officer, and educating and training board members, staff, and other key stakeholders.