Nixon Peabody LLP

  • People
  • Capabilities
  • Insights
  • About

Trending Topics

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni

    Practices

    View All

    • Affordable Housing
    • Community Development Finance
    • Corporate & Finance
    • Cybersecurity & Privacy
    • Environmental
    • Franchising & Distribution
    • Government Investigations & White Collar Defense
    • Healthcare
    • Intellectual Property
    • International Services
    • Labor & Employment
    • Litigation
    • Private Wealth & Advisory
    • Project Finance
    • Public Finance
    • Real Estate
    • Regulatory & Government Relations

    Industries

    View All

    • Cannabis
    • Consumer
    • Energy
    • Entertainment
    • Financial Services
    • Healthcare
    • Higher Education
    • Infrastructure
    • Manufacturing
    • Non Profit
    • Real Estate
    • Technology

    Value-Added Services

    View All

    • Alternative Fee Arrangements

      Developing innovative pricing structures and alternative fee agreement models that deliver additional value for our clients.

    • Continuing Education

      Advancing professional knowledge and offering credits for attorneys, staff and other professionals.

    • Crisis Advisory

      Helping clients respond correctly when a crisis occurs.

    • DEI Strategic Services

      Providing our clients with legal, strategic, and practical advice to make transformational changes in their organizations.

    • eDiscovery

      Leveraging law and technology to deliver sound solutions.

    • Global Services

      Delivering seamless service through partnerships across the globe.

    • Innovation

      Leveraging leading-edge technology to guide change and create seamless, collaborative experiences for clients and attorneys.

    • IPED

      Industry-leading conferences focused on affordable housing, tax credits, and more.

    • Legal Project Management

      Providing actionable information to support strategic decision-making.

    • Legally Green

      Teaming with clients to advance sustainable projects, mitigate the effects of climate change, and protect our planet.

    • Nixon Peabody Trust Company

      Offering a range of investment management and fiduciary services.

    • NP Capital Connector

      Bringing together companies and investors for tomorrow’s new deals.

    • NP Second Opinion

      Offering fresh insights on cases that are delayed, over budget, or off-target from the desired resolution.

    • NP Trial

      Courtroom-ready lawyers who can resolve disputes early on clients’ terms or prevail at trial before a judge or jury.

    • Social Impact

      Creating positive impact in our communities through increasing equity, access, and opportunity.

    1. Home
    2. People
    3. Jenny L. HolmesPeople
    1. Home
    2. People
    3. Jenny L. HolmesPeople

    Jenny L. Holmes

    Counsel / Deputy Leader, Cybersecurity & Privacy


    • Rochester
    • Office585.263.1494
    • jholmes@nixonpeabody.com

    I'm a 2023 Nixon Peabody Pro Bono Champion.Read more about our Pro Bono program

    • Download vCard
    • Share
    • LinkedIn Profile

    Introduction

    Jenny Holmes is the deputy leader of the firm’s Cybersecurity & Privacy team.


    Jenny advises clients on the ever-changing legal landscape of data privacy and cybersecurity law, taking an active role in the development and management of the firm’s capability in this evolving area. Her practice involves developing and implementing system-wide privacy and security plans for numerous companies of various sizes, and creating response plans that address the mandates of the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the NY SHIELD Act, among others. Jenny is a Certified Information Privacy Professional/United States (CIPP/US), a preeminent credential in the field of privacy.

    Practice Areas

    Cybersecurity & PrivacyTCPA & Consumer PrivacyLabor & EmploymentEmployee Benefits & ERISAExecutive Compensation

    Industries

    Social MediaTechnology

    My focus

    My practice focuses on the following areas:

    Privacy Compliance

    The data privacy regime of various international, federal, and state laws is a complex patchwork of overlapping and sometimes conflicting laws. I routinely assist clients in analyzing which laws and regulations apply and design privacy programs that comply with the various applicable laws. In doing so, I draft external privacy policies, information security plans, and privacy response plans. Understanding that individual data is often a company’s biggest asset and biggest risk, I create programs that ensure safe storage and usage of personal information while also considering the practical needs of a company.

    I also advise clients on the changing legal and regulatory data privacy landscape, including on the NY SHIELD Act, the CCPA, and the GDPR, and develop strategies for creating new privacy programs and leveraging existing regimes to comply with new and updated laws.

    Data Breach Response

    I advise clients in the aftermath of a privacy breach by explaining the regulatory framework of the various applicable data privacy laws while helping to craft a practical and cost-efficient response plan. I work together with third-party vendors to ensure complete breach remediation and review forensic reports to understand the root cause. I draft required notices, provide guidance on consumer or employee communications, and design and implement company policies to prevent future breaches.

    M&A Transaction

    In various corporate structure changes, I advise clients on pre- and post-transaction compliance issues relating to data privacy and cybersecurity. As part of due diligence reviews, I analyze deal documents, draft representations, disclosures, and warranties, and assess potential risk factors. I counsel clients on potential liabilities, required corrective actions, and prepare and implement those corrections.

    Looking ahead

    The combination of the political climate and consumers’ increased expectations will create massive impacts on companies’ data management, requiring increased attention to satisfy legal obligations and protect data.

    Insights

    • “The Clock Is Ticking: Cyberattack,” Nixon Peabody 2023 California MCLE Virtual Seminar, January 18, 2023
    • “War and Cyberwar Expert Panel,” 2022 NYS Cyber Security Conference, June 7, 2022
    • “Vendor Due Diligence in the Age of Data Protection Laws,” IAPP Global Privacy Summit 2021, May 19, 2021
    • “Practical Incident Response: An Interactive Tabletop Exercise,” Rochester Security Summit 2019, Rochester, NY
    • “Cybersecurity Takes a Village: Governance, Legal, and Cyber Perspectives,” 2019 NY Tech Summit, Turning Stone Conference Center, Verona, NY

    Prior to joining the firm

    At Syracuse Law, Jenny was Business Editor of Syracuse Law Review, on the Moot Court Honor Society, and a member of the Justinian Honorary Law Society. She is a member of the Syracuse Law’s Chapter of the Order of the Coif and a recipient of the CALI (Constitutional Law) and the Cornelius W. Wickersham Jr. Awards.

    Admitted to practice

    New York
    U.S. District Court, Western District of New York
    U.S. District Court, Northern District of New York

    Education

    Syracuse University College of Law, J.D., Order of the Coif, magna cum laude
    University of Virginia, B.A.

    Professional activities

    Jenny is a member of the Leaders Build Committee of the Habitat for Humanity and the co-chair of the Rochester Jewish Sports Hall of Fame. She also is a member of the Monroe County Bar Association, the New York State Bar Association, and the American Bar Association. Jenny serves as an office representative on the firm’s Associate Council.

    In the News

    • Mergers & Acquisitions

      S&P Global Mobility purchases Market Scan

      This article covering S&P Global Mobility’s purchase of automotive pricing and incentive intelligence company Market Scan, mentions NP for advising Market Scan in the sale. The NP deal team was led by San Francisco Corporate partner Lior Zorea, leader of the firm’s West Coast Emerging Companies and Venture Capital team. The team also included Corporate partners Christian Hancey of Rochester and Shahzad Malik of Los Angeles; San Francisco Affordable Housing & Real Estate partners Ian O’Banion and Alison Torbitt; Corporate counsels Michael Fitzpatrick of Boston and Matthew Goedert of San Francisco; Washington, DC Complex Disputes counsel Brian Whittaker; Rochester Cybersecurity & Privacy counsel Jenny Holmes; Corporate associates Robert Pethick of Boston and Brian Kenney of Washington, DC; and Washington, DC Construction & Real Estate Litigation associate Martha Medina.

      March 10, 2023
    • Compliance Week

      Best practices for navigating changing US data privacy landscape

      Rochester counsel Jenny Holmes, deputy leader of the Cybersecurity & Privacy team, is quoted throughout this article covering best practices for businesses as they work to comply with existing and upcoming data privacy laws.

      Feb 27, 2023
    • Business Insurance

      States expand data liability for employers

      Rochester counsel Jenny Holmes, deputy leader of NP’s Cybersecurity & Privacy practice, is quoted in this article on state data privacy laws that are set to take effect in 2023, noting that the California Privacy Rights Act is closer to what is seen in Europe with the General Data Protection Regulation (GDPR).

      Dec 20, 2022
    • The Deal

      Resonetics to acquire two SAES units

      The following article covers Resonetics LLC’s $900 million agreement to acquire Memry Corp. and SAES Smart Materials Inc. from NP client SAES Getters SpA. The article mentions Manchester partner and Private Equity & Family Offices team leader Phil Taub and Boston partner Amy O’Keefe, both of the Corporate group, for leading the NP team representing SAES Getters on U.S. legal matters. The team also includes Chicago partner and Global Finance co-leader Rob Drobnak; Corporate partners Alexandra Lopez-Casero and Thomas McCord from Boston, Andrew Share from Manchester, and Sean Clancy from Washington, DC; Affordable Housing & Real Estate partners Mark Beaudoin from Manchester and Alison Torbitt from San Francisco; Boston Labor & Employment partner Jeff Gilbreth; Rochester Intellectual Property partner Kristen Walsh; Washington, DC Complex Disputes partner and Antitrust leader Gordon Lang; Manchester Government Investigations & White-Collar Defense partner Mark Knights; Rochester counsel and Cybersecurity & Privacy deputy leader Jenny Holmes; Boston Corporate counsel David Crosby; Washington, DC Complex Disputes counsel Brian Whittaker; Albany Affordable Housing & Finance counsel Dana Stanton; Corporate associates Shaziah Singh from New York, Anthony Bova from Boston, Corey Habib from Manchester, and Hrishikesh Shah from Chicago; and Manchester Corporate department attorney Dave Zimmermann.

      Dec 9, 2022
    • Rochester Business Journal

      Corporate social responsibility impacts everyone from employees to community

      This article by Rochester counsel Jenny Holmes, deputy leader of the firm’s Cybersecurity & Privacy practice, previews next week’s inaugural NP Impact Week of Service and discusses the role corporate social responsibility plays in bettering society.

      Oct 21, 2022
    • Rochester Business Journal

      Loyalty programs - What you should know about compliance with the CCPA

      Rochester Privacy & Technology counsel Jenny Holmes contributed this article, which takes a deep dive into the California Consumer Privacy Act (CCPA), and explains the requirements and risks for businesses that use loyalty programs to incentivize consumers in exchange for their personal information.
      May 13, 2022
    • Rochester Business Journal

      What AG report on “credential stuffing” hacks mean for your business

      This article by Rochester counsel Jenny Holmes, deputy leader of the firm’s Cybersecurity & Privacy practice, summarizes the New York Attorney General’s January report on the findings of a broad investigation into “credential stuffing” revealing more than 1.1 million online accounts have been compromised in cyberattacks at 17 prominent companies.

      Feb 11, 2022
    • Bloomberg Law

      Facial Recognition Systems Regulation: Outlook for 2022

      Washington, DC Intellectual Property associate Palash Basu and Rochester Corporate associate Jenny Holmes, deputy leader of NP’s Cybersecurity & Privacy team, co-authored this article looking at potential facial recognition regulation in the year ahead, while also highlighting recent developments in this area.
      Dec 23, 2021
    • Rochester Business Journal

      NY follows suit: Increased privacy protections for biometric data

      Cybersecurity & Privacy deputy leader and Rochester Corporate associate Jenny Holmes contributed this article on New York State’s pending Biometric Privacy Act and New York City’s biometric law, which came into effect earlier this month, and their impact on businesses.
      July 16, 2021
    • Bloomberg Law

      Retirement plan cybersecurity audits shock unprepared industry

      This article on the U.S. Department of Labor’s abrupt enforcement of retirement plan cybersecurity quotes Cybersecurity & Privacy deputy team leader and Rochester Corporate associate Jenny Holmes on the rushed nature of the rollout and how plan sponsors are preparing for potential audits.
      June 28, 2021
    • Bloomberg Law

      New York’s biometric law will bring hefty fines for noncompliance

      This article, covering the New York biometric privacy statute set to take effect in July and its impact on businesses, quotes Data Privacy & Cybersecurity deputy team leader and Rochester Corporate associate Jenny Holmes on the 30-day cure period that provides business owners time to fix a violation before they can be sued.
      June 9, 2021
    • The New IT Podcast

      Laying Down the Law with Data Privacy and Cybersecurity

      Data Privacy & Cybersecurity deputy team leader and Rochester associate Jenny Holmes appears as a guest in this tech-focused podcast to discuss her outlook and best practices on cloud computing, putting together an incident response plan, and the Privacy Shield.
      Dec 2, 2020
    • HR News

      Number of 401(k) Funds Offered to Plan Participants Shrinks

      This article on the shrinking number of funds offered to 401(k) plan participants quotes a recent Fall Employee Benefits Briefing blog post written by Employee Benefits & Executive Compensation leader and Corporate partner Eric Paley, Corporate partners Christian Hancey and Brian Kopp, and Corporate associates Lena Gionnette and Jenny Holmes, all in Rochester; and Washington, D.C. Corporate counsel Damian Myers.
      Dec 1, 2020
    • Rochester Business Journal

      The Once-and-Future Privacy Shield

      Data Privacy & Cybersecurity deputy leader and Rochester associate Jenny Holmes contributed this article analyzing the European Court of Justice’s recent invalidation of the Privacy Shield and its impact on data flows between the US and the EU. This article was co-developed with Los Angeles partner Jason P. Gonzalez and Boston associate Troy K. Lieberman, both from the Data Privacy & Cybersecurity team.
      Nov 6, 2020
    • Rochester Business Journal

      Incident response plans critical for any organization

      The following article in Rochester Business Journal’s special report on Cybersecurity quote Data Privacy & Cybersecurity deputy team leader and Rochester associate Jenny Holmes for her insights on state, federal and international cybersecurity laws, and legal best practices on selecting a cloud computing service provider and putting together an incident response plan.
      Oct 23, 2020
    • Rochester Business Journal

      Transitioning to cloud-based services: Due diligence is key

      The following article in Rochester Business Journal’s special report on Cybersecurity quote Data Privacy & Cybersecurity deputy team leader and Rochester associate Jenny Holmes for her insights on state, federal and international cybersecurity laws, and legal best practices on selecting a cloud computing service provider and putting together an incident response plan.
      Oct 23, 2020
    • Rochester Business Journal

      Legal guidance a necessity for companies amid coronavirus uncertainty

      In this article on the most common COVID-related issues that businesses and companies are seeking legal help for, Data Privacy & Cybersecurity deputy leader Jenny Holmes and Complex Commercial Disputes associate Eric Ferrante, both in Rochester, are quoted for their outlook on cybersecurity best practices, force majeure clauses, and rent concerns from both landlords and tenants.
      Sep 4, 2020
    • Rochester Business Journal

      California data security law to have widespread impact

      Rochester Corporate associate Jenny Holmes talks to the Rochester Business Journal for their special report on the impact of the California Consumer Privacy Act, which goes into effect January 1. Jenny anticipates that companies will have to comply with the strictest state law on the books if Congress does not pass a federal law.
      Nov 29, 2019
    • Rochester Business Journal

      Keep up with laws developing to protect our consumer data

      In the latest installment of his monthly column, Rochester Corporate partner Jeremy Wolk analyzes state-level legislation aimed at enhancing consumer privacy rights and protections, similar to the European Union’s General Data Protection Regulation. Rochester Corporate associate Jenny Holmes contributed to the column.
      Nov 15, 2019
    • Rochester Business Journal

      Corporate spending on cybersecurity continues to increase

      Jenny Holmes, Nixon Peabody associate, is quoted in this article about the trend of rising costs for cybersecurity protection.

      Oct 25, 2019
    • Boston Globe

      What makes you work harder? Strap on a sensor and find out

      In this story, Rochester Corporate associate Jenny Holmes discusses privacy concerns raised by employers who are leveraging wearable devices such as fitness trackers to learn more about workplace productivity.
      July 16, 2019
    • Law360

      Nexstar sells 19 stations for $1.32B to satisfy regulators

      In the following coverage, Nixon Peabody is mentioned for its role as counsel to Tegna, which agreed to purchase a number of television stations from Nexstar Media Group for $740 million. Washington, DC, Corporate partner John Partigan led the deal team.
      March 21, 2019
    • Rochester Business Journal

      Facebook lawsuit underscores importance of transparent collection and use of data

      Rochester Corporate partner Jeremy Wolk wrote this contributed column analyzing a lawsuit filed against Facebook in Washington, DC, alleging violations of state-level consumer protection laws by the social media company. This article incorporates perspective from an alert written by Washington Complex Commercial Disputes associate Brian Donnelly, Rochester Corporate associate Jenny Holmes, and Los Angeles Government Investigations & White Collar Defense associate Karina Puttieva.
      Jan 25, 2019
    • Confero

      Cybersecurity and benefits plans: The next front in the ongoing battle to protect personal information

      Rochester Corporate group associate Jenny Holmes contributed this article to the quarterly magazine for Westminster Consulting, discussing why benefit plans are inviting targets for would-be data thieves, and what plan administrators need to do to protect personal data.
      July 1, 2018
    • Rochester Business Journal

      European Union law on data protection takes effect

      Rochester corporate group partner Jeremy Wolk and associate Jenny Holmes co-wrote this contributed article on the introduction of the General Data Protection Regulation, “a set of tougher rules designed to give European Union citizens more control over their personal data.” The regulation applies to all organizations, regardless of location, that handle the personal data of EU citizens.
      June 8, 2018
    • Journal of Compensation and Benefits

      The Delayed Final Rule and Disability Claims Procedures: Are You Ready? Do You Have to Be?

      Labor and employment associates Claire Rowland and Jenny Holmes authored this article about key changes and impact of the U.S. Department of Labor’s updated regulations for required disability claims procedures (Final Rule) going into effect on April 1, 2018.
      March 20, 2018
    • Pensions & Investments

      Partial delay of fiduciary rule leaves investment industry in limbo

      Rochester labor and employment partner Christian Hancey and associate Jenny Holmes co-wrote this article on the Department of Labor’s new fiduciary rule regulations.
      Dec 7, 2017
    • Rochester Business Journal

      Before acquiring a firm, check its cybersecurity setup

      Rochester private equity and investment funds partner Jeremy Wolk and labor and employment associate Jenny Holmes co-authored this column about cybersecurity due diligence.
      March 17, 2017
    • Rochester Business Journal

      Employees' smartphones threaten company security

      Chief Information Officer Mike Green and Rochester labor and employment associate Jenny Holmes are quoted in this article about data protection issues surrounding bring your own device policies.

      Jan 20, 2017
    • Rochester Business Journal

      No immunity from cyberattacks and data breaches in 2016 and beyond

      Rochester private equity and investment funds partner Jeremy Wolk and labor and employment associate Jenny Holmes co-authored this column about cyber security. The column provides an overview of the risks and potential legislative changes that could help small businesses and tips for creating a privacy policy.
      Jan 13, 2017

    Insights And Happenings

    View All
    • Article

      Let's Talk! A conversation with Payton Iheme

      Dec 1, 2022
    • Alert

      Prepare now — California Privacy Rights Act effective January 1, 2023

      Dec 1, 2022
    • Alert

      Data privacy in the post-Roe era

      July 12, 2022
    View All

    Professionals in the Practice Area

    View All
    • Jason C. Kravitz

      Partner / Leader, Cybersecurity & Privacy
      • Boston
      • Office:617.345.1318
      • jkravitz@nixonpeabody.com
      Jason C. Kravitz
    • Dan Deane

      Partner / Leader, Class Actions and Aggregate Litigation / Co-Leader, TCPA & Consumer Privacy Team
      • Manchester
      • Office:603.628.4047
      • ddeane@nixonpeabody.com
      Dan Deane
    • Valerie Breslin Montague

      Partner
      • Chicago
      • Office:312.977.4485
      • vbmontague@nixonpeabody.com
      Valerie  Breslin Montague
    • Christopher M. Mason

      Partner / Deputy Leader, Class Actions and Aggregate Litigation / Leader, Arbitration Team
      • New York
      • Office:212.940.3017
      • cmason@nixonpeabody.com
      Christopher M. Mason
    • Jéna M. Grady

      Counsel
      • New York
      • Office:212.940.3114
      • jgrady@nixonpeabody.com
      Jéna M. Grady
    View All

    Subscribe to stay informed of the latest legal news, alerts, and business trends.Subscribe

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    • © 2023 Nixon Peabody. All rights reserved
    • Privacy Policy
    • Terms of Use
    • Statement of Client Rights
    • Supplier Diversity Program
    • Nixon Peabody International LLC
    • PAL