Jacqueline W. Cooney

/My focus

Privacy Governance and Compliance

I translate complex regulatory frameworks into practical business solutions that help clients navigate the evolving landscape of privacy and cybersecurity laws. I provide clients with guidance related to regulatory compliance, cross-border data transfers, data protection contracts, and privacy and cybersecurity policies.

I’ve worked with clients across a wide range of industry sectors to develop, enhance, and maintain comprehensive data protection programs tailored to specific geographic and industry mandates. This experience includes advising entities in life sciences, financial services, fintech, e-commerce, retail, entertainment, and private equity, among many other sectors.

Data Breach Response

From the first hours of an incident through forensic and government investigations, I help clients navigate data breach response—collaborating with them to craft clear, practical escalation plans, draft stakeholder notifications, and identify and mitigate the risk of future breaches.

Life Sciences

Given the sensitive nature of the personal data that life sciences companies process and the complex jurisdictional requirements they face, I often help clients in the sector navigate cybersecurity and data privacy challenges. From startups coordinating clinical trials to companies with established products on the market, I create programs that are tailored for safeguarding a wide range of critical information in this environment.

Artificial Intelligence

I help clients design compliant AI products, manage the data risks posed by those innovations, and anticipate enforcement trends—turning shifting requirements into actionable guidance that aligns technological breakthroughs with legal guardrails, accelerates go‑to‑market timelines, reduces costly rework and regulatory exposure, and builds resilient privacy and cybersecurity programs that scale with growth.

/Looking ahead

A significant shift has been underway in privacy and cybersecurity law over the past several years. While personal data protection remains important, the field has broadened to encompass corporate data security, systems integrity, and comprehensive digital asset governance.

This evolution reflects multiple converging factors: increasingly stringent regulatory requirements for corporate system security, emerging frameworks governing artificial intelligence functions and risk, and a growing recognition that data stewardship extends beyond privacy concerns alone.

These developments are prompting organizations to adopt a more holistic approach to their digital ecosystems—one that considers not only personal data protection but also the full spectrum of data processing activities and digital assets under their control.

/Insights

• “Legal Compliance Considerations for Websites and Website-Enhancing Technologies,” Intellectual Property & Technology Law Journal, November 10, 2025
• “Illumina Cybersecurity Case A ‘Warning’ To Medical Industry,” Law360, August 26, 2025
• “DOJ Sharpens Focus on Cybersecurity Compliance in Healthcare: Illumina FCA Settlement Signals Broader Trend,” JD Supra, August 12, 2025
• “California’s Invasion of Privacy Act: A New Frontier for Website Tracking Litigation,” American Bar Association, Business Law Today, August 5, 2025
• “State-by-State Privacy Legislation Update: A Compliance Roadmap for 2025,” JD Supra, June 12, 2025
• “Legal Issues Lurking on Your Website,” JD Supra, April 22, 2025
• “Access to US Sensitive Personal Information and Government Related Data by Countries of Concern or Covered Persons Subject to New, Potentially Far-Reaching Restrictions,” JD Supra, February 3, 2025
• “Preparing for Enhanced POPIA Enforcement in South Africa,” JD Supra, November 25, 2024
• “Preparing for the Digital Operational Resilience Act (DORA): Key Steps for Payments and Fintech Clients,” JD Supra, October 8, 2024
• “Navigating California’s Surge in CIPA Cases: How to Safeguard Websites Using Third-Party Tech,” JS Supra, April 30, 2024
• “An NYDFS-Regulated Bank's Guide To Proper Internal Audits,” Law360, April 12, 2024
• “Jacqueline W. Cooney: US Privacy Laws—An Overview for Non-US Companies (Ireland Inc),” World News, March 21, 2024
• “New SEC Cybersecurity Rules Are Here: What Should Companies Be Doing to Comply?” JD Supra, August 21, 2023