Nixon Peabody LLP

Trending Topics

    Practices

    View All

    Industries

    View All

    Value-Added Services

    View All

    Jenny L. Holmes

    Counsel / Deputy Leader, Cybersecurity & Privacy

    I'm a 2023 Nixon Peabody Pro Bono Champion.Read more about our Pro Bono program

    Introduction

    Jenny Holmes is the deputy leader of the firm’s Cybersecurity & Privacy team. She is a Certified Information Privacy Professional/United States (CIPP/US), a preeminent credential in the field of privacy.


    Jenny advises clients on the ever-changing legal landscape of data privacy and cybersecurity law. She develops and implements system-wide privacy and security plans and creates response plans that address the mandates of the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the NY SHIELD Act, among others.

    Practice Areas

    Cybersecurity & PrivacyTCPA & Consumer PrivacyLabor, Employment, and BenefitsEmployee Benefits & ERISAExecutive CompensationEmployee Benefits & ERISAExecutive Compensation

    Industries

    Social MediaTechnology

    My focus

    My practice focuses on the following areas:

    Privacy Compliance

    International, federal, and state data privacy laws form a complex patchwork of overlapping—and sometimes conflicting—regulatory guidance. I help companies understand their obligations under these various laws and design comprehensive and compliant privacy programs, including external privacy policies, information security plans, and privacy response plans. Because individual data is often a company’s biggest asset and biggest risk, I establish architecture that enables and ensures safe storage and usage of personal information while also considering the practical needs of a company.

    Privacy laws are not static, and the strategies I develop are designed to evolve with the changing legal and regulatory data privacy landscape, staying ahead of the NY SHIELD Act, the CCPA, and the GDPR, among others.

    Data Breach Response

    In the aftermath of a privacy breach, such as a ransomware attack or a funds transfer fraud incident, I help clients craft practical and cost-effective response plans that adhere to the applicable data privacy laws. This entails working with third-party vendors to ensure complete breach remediation, reviewing forensic reports to understand the root cause, and engaging with local, state, federal, and international law enforcement agencies. I also draft required notices, provide guidance on consumer or employee communications, and design and implement company policies to prevent future breaches and minimize the risk of class-action litigation.

    M&A Transactional Analysis

    When businesses pursue changes to corporate structure, I complete due diligence reviews and advise clients on pre- and post-transaction compliance issues relating to data privacy and cybersecurity. I counsel clients on risk factors and potential liabilities, required corrective actions, and how to implement those corrections.

    Representative experience

    • Representing a large municipality in its response to a crippling ransomware attack
    • Resolved allegations of TCPA violations without litigation for an e-commerce client
    • Advised a physical training gym center on data privacy policies
    • Counseled a fitness equipment wholesaler on privacy policies and permissible data usage and collection relating to minors
    • Advised a franchise Italian ice company regarding the data privacy compliance of its loyalty program
    • Represented a chain restaurant regarding its privacy program
    • Counseling parent company of multiple brands on compliance with CPRA and GDPR, including the ability to share information between brands
    • Advising online testing platform regarding its global data collection and use practices
    • Providing data privacy compliance counsel to an American multinational consumer products company
    • Advising a German multinational corporate manufacturer of luxury vehicles and motorcycles on cross-border transfers of information related to connected driving technology
    • Assisting an NBA basketball team on matters including negotiation of an SaaS agreement relating to SMS marketing and advice on best practices under the TCPA for conducting an SMS marketing campaign
    • Developed website privacy policy and terms of use and providing general privacy advice to an e-commerce company that sells cosmetic products
    • Assisting a mobile social payment service with terms of use and a privacy policy for the launch of its new app
    • Advising a large provider of metal food packaging in the United States on terms of a compliance privacy statement
    • Developed a comprehensive written information security program for a child developmental and learning center
    • Advising an affiliated healthcare provider network after it was victimized by a ransomware attack, working closely with forensic investigators to assess the scope of network penetration and counselling on reporting requirements and remediation
    • Counseled a veteran mentoring association on data privacy compliance
    • Advising a New England university on necessary revisions to its privacy policies to ensure GDPR compliance

    Looking ahead

    The combination of the political climate and consumers’ increased expectations will create massive impacts on companies’ data management, requiring increased attention to satisfy legal obligations and protect data.

    Insights

    • “The Clock Is Ticking: Cyberattack,” Nixon Peabody 2023 California MCLE Virtual Seminar, January 18, 2023
    • “War and Cyberwar Expert Panel,” 2022 NYS Cyber Security Conference, June 7, 2022
    • “Vendor Due Diligence in the Age of Data Protection Laws,” IAPP Global Privacy Summit 2021, May 19, 2021
    • “Practical Incident Response: An Interactive Tabletop Exercise,” Rochester Security Summit 2019, Rochester, NY
    • “Cybersecurity Takes a Village: Governance, Legal, and Cyber Perspectives,” 2019 NY Tech Summit, Turning Stone Conference Center, Verona, NY

    Prior to joining the firm

    At Syracuse Law, Jenny was Business Editor of Syracuse Law Review, on the Moot Court Honor Society, and a member of the Justinian Honorary Law Society. She is a member of the Syracuse Law’s Chapter of the Order of the Coif and a recipient of the CALI (Constitutional Law) and the Cornelius W. Wickersham Jr. Awards.

    In the news

    • The Daily Record/Rochester Business Journal

      2023 Legal Excellence honorees announced

      This article mentions counsel Jenny Holmes, deputy leader of the Cybersecurity & Privacy practice, and Affordable Housing & Real Estate associate Stephen Fantuzzo, both of Rochester, for being recognized as “Up and Coming Lawyers” as part of the publications’ 2023 Legal Excellence Awards.

      Aug 17, 2023
    • Cybersecurity Law Report

      Analyzing 2023’s new state privacy laws: The first six plus compliance measures

      Rochester counsel Jenny Holmes, deputy leader of the firm’s Cybersecurity & Privacy practice, is quoted in this article analyzing the first wave of new data privacy state laws set to take effect this year. Jenny discusses how companies can ensure their data privacy programs are adaptable, and the potential impact for companies that have already needed to comply with the California Consumer Privacy Act.

      July 27, 2023
    • Bloomberg Law |

      Vista invests in supply chain risk software

      This article mentions NP for advising Resilinc Corp. in its strategic growth investment transaction with Vista Equity Partners LLC. The NP team was led by San Francisco Cybersecurity & Privacy partner Greg O’Hara and included Corporate partners David Martland, Thomas McCord, and Alexandra Lopez-Casero of Boston, Rachel Pugliese of New York City, and Shahzad Malik of Los Angeles; San Francisco Labor & Employment partner Seth Neulight; Cybersecurity & Privacy counsels Jenny Holmes of Rochester and Jason Kunze of Chicago; Boston Corporate counsel David Crosby; Chicago Intellectual Property counsel Wayne Tang; and Corporate associates James Mangan from Boston, Jacalyn Smith from Chicago, Corey Habib from Manchester, and Brian Kenney of Washington, DC.

      May 9, 2023
    • The Deal

      Vista Equity invests in Resilinc

      This article mentions San Francisco Cybersecurity & Privacy partner Greg O’Hara for leading the NP team advising Resilinc Corp. in its strategic growth investment transaction with Vista Equity Partners LLC. The NP team also included Corporate partners David Martland, Thomas McCord, and Alexandra Lopez-Casero of Boston, Rachel Pugliese of New York City, and Shahzad Malik of Los Angeles; San Francisco Labor & Employment partner Seth Neulight; Cybersecurity & Privacy counsels Jenny Holmes of Rochester and Jason Kunze of Chicago; Boston Corporate counsel David Crosby; Chicago Intellectual Property counsel Wayne Tang; and Corporate associates James Mangan from Boston, Jacalyn Smith from Chicago, Corey Habib from Manchester, and Brian Kenney of Washington, DC.

      May 8, 2023
    • Compliance Week

      Companies should be on alert as California closes in on final CPRA rules

      Rochester counsel and Cybersecurity & Privacy deputy practice leader Jenny Holmes is quoted throughout this article on California releasing its first round of final rules to implement the California Privacy Rights Act. Jenny also discusses best practices for businesses working to comply with the rules.

      April 11, 2023
    • Mergers & Acquisitions

      S&P Global Mobility purchases Market Scan

      This article covering S&P Global Mobility’s purchase of automotive pricing and incentive intelligence company Market Scan, mentions NP for advising Market Scan in the sale. The NP deal team was led by San Francisco Corporate partner Lior Zorea, leader of the firm’s West Coast Emerging Companies and Venture Capital team. The team also included Corporate partners Christian Hancey of Rochester and Shahzad Malik of Los Angeles; San Francisco Affordable Housing & Real Estate partners Ian O’Banion and Alison Torbitt; Corporate counsels Michael Fitzpatrick of Boston and Matthew Goedert of San Francisco; Washington, DC Complex Disputes counsel Brian Whittaker; Rochester Cybersecurity & Privacy counsel Jenny Holmes; Corporate associates Robert Pethick of Boston and Brian Kenney of Washington, DC; and Washington, DC Construction & Real Estate Litigation associate Martha Medina.

      March 10, 2023
    • Compliance Week

      Best practices for navigating changing US data privacy landscape

      Rochester counsel Jenny Holmes, deputy leader of the Cybersecurity & Privacy team, is quoted throughout this article covering best practices for businesses as they work to comply with existing and upcoming data privacy laws.

      Feb 27, 2023
    • Business Insurance

      States expand data liability for employers

      Rochester counsel Jenny Holmes, deputy leader of NP’s Cybersecurity & Privacy practice, is quoted in this article on state data privacy laws that are set to take effect in 2023, noting that the California Privacy Rights Act is closer to what is seen in Europe with the General Data Protection Regulation (GDPR).

      Dec 20, 2022
    • The Deal

      Resonetics to acquire two SAES units

      The following article covers Resonetics LLC’s $900 million agreement to acquire Memry Corp. and SAES Smart Materials Inc. from NP client SAES Getters SpA. The article mentions Manchester partner and Private Equity & Family Offices team leader Phil Taub and Boston partner Amy O’Keefe, both of the Corporate group, for leading the NP team representing SAES Getters on U.S. legal matters. The team also includes Chicago partner and Global Finance co-leader Rob Drobnak; Corporate partners Alexandra Lopez-Casero and Thomas McCord from Boston, Andrew Share from Manchester, and Sean Clancy from Washington, DC; Affordable Housing & Real Estate partners Mark Beaudoin from Manchester and Alison Torbitt from San Francisco; Boston Labor & Employment partner Jeff Gilbreth; Rochester Intellectual Property partner Kristen Walsh; Washington, DC Complex Disputes partner and Antitrust leader Gordon Lang; Manchester Government Investigations & White-Collar Defense partner Mark Knights; Rochester counsel and Cybersecurity & Privacy deputy leader Jenny Holmes; Boston Corporate counsel David Crosby; Washington, DC Complex Disputes counsel Brian Whittaker; Albany Affordable Housing & Finance counsel Dana Stanton; Corporate associates Shaziah Singh from New York, Anthony Bova from Boston, Corey Habib from Manchester, and Hrishikesh Shah from Chicago; and Manchester Corporate department attorney Dave Zimmermann.

      Dec 9, 2022
    • Rochester Business Journal

      Corporate social responsibility impacts everyone from employees to community

      This article by Rochester counsel Jenny Holmes, deputy leader of the firm’s Cybersecurity & Privacy practice, previews next week’s inaugural NP Impact Week of Service and discusses the role corporate social responsibility plays in bettering society.

      Oct 21, 2022
    • Rochester Business Journal

      Loyalty programs - What you should know about compliance with the CCPA

      Rochester Privacy & Technology counsel Jenny Holmes contributed this article, which takes a deep dive into the California Consumer Privacy Act (CCPA), and explains the requirements and risks for businesses that use loyalty programs to incentivize consumers in exchange for their personal information.
      May 13, 2022
    • Rochester Business Journal

      What AG report on “credential stuffing” hacks mean for your business

      This article by Rochester counsel Jenny Holmes, deputy leader of the firm’s Cybersecurity & Privacy practice, summarizes the New York Attorney General’s January report on the findings of a broad investigation into “credential stuffing” revealing more than 1.1 million online accounts have been compromised in cyberattacks at 17 prominent companies.

      Feb 11, 2022
    • Bloomberg Law

      Facial Recognition Systems Regulation: Outlook for 2022

      Washington, DC Intellectual Property associate Palash Basu and Rochester Corporate associate Jenny Holmes, deputy leader of NP’s Cybersecurity & Privacy team, co-authored this article looking at potential facial recognition regulation in the year ahead, while also highlighting recent developments in this area.
      Dec 23, 2021
    • Rochester Business Journal

      NY follows suit: Increased privacy protections for biometric data

      Cybersecurity & Privacy deputy leader and Rochester Corporate associate Jenny Holmes contributed this article on New York State’s pending Biometric Privacy Act and New York City’s biometric law, which came into effect earlier this month, and their impact on businesses.
      July 16, 2021
    • Bloomberg Law

      Retirement plan cybersecurity audits shock unprepared industry

      This article on the U.S. Department of Labor’s abrupt enforcement of retirement plan cybersecurity quotes Cybersecurity & Privacy deputy team leader and Rochester Corporate associate Jenny Holmes on the rushed nature of the rollout and how plan sponsors are preparing for potential audits.
      June 28, 2021
    • Bloomberg Law

      New York’s biometric law will bring hefty fines for noncompliance

      This article, covering the New York biometric privacy statute set to take effect in July and its impact on businesses, quotes Data Privacy & Cybersecurity deputy team leader and Rochester Corporate associate Jenny Holmes on the 30-day cure period that provides business owners time to fix a violation before they can be sued.
      June 9, 2021
    • The New IT Podcast

      Laying Down the Law with Data Privacy and Cybersecurity

      Data Privacy & Cybersecurity deputy team leader and Rochester associate Jenny Holmes appears as a guest in this tech-focused podcast to discuss her outlook and best practices on cloud computing, putting together an incident response plan, and the Privacy Shield.
      Dec 2, 2020
    • HR News

      Number of 401(k) Funds Offered to Plan Participants Shrinks

      This article on the shrinking number of funds offered to 401(k) plan participants quotes a recent Fall Employee Benefits Briefing blog post written by Employee Benefits & Executive Compensation leader and Corporate partner Eric Paley, Corporate partners Christian Hancey and Brian Kopp, and Corporate associates Lena Gionnette and Jenny Holmes, all in Rochester; and Washington, D.C. Corporate counsel Damian Myers.
      Dec 1, 2020
    • Rochester Business Journal

      The Once-and-Future Privacy Shield

      Data Privacy & Cybersecurity deputy leader and Rochester associate Jenny Holmes contributed this article analyzing the European Court of Justice’s recent invalidation of the Privacy Shield and its impact on data flows between the US and the EU. This article was co-developed with Los Angeles partner Jason P. Gonzalez and Boston associate Troy K. Lieberman, both from the Data Privacy & Cybersecurity team.
      Nov 6, 2020
    • Rochester Business Journal

      Incident response plans critical for any organization

      The following article in Rochester Business Journal’s special report on Cybersecurity quote Data Privacy & Cybersecurity deputy team leader and Rochester associate Jenny Holmes for her insights on state, federal and international cybersecurity laws, and legal best practices on selecting a cloud computing service provider and putting together an incident response plan.
      Oct 23, 2020
    • Rochester Business Journal

      Transitioning to cloud-based services: Due diligence is key

      The following article in Rochester Business Journal’s special report on Cybersecurity quote Data Privacy & Cybersecurity deputy team leader and Rochester associate Jenny Holmes for her insights on state, federal and international cybersecurity laws, and legal best practices on selecting a cloud computing service provider and putting together an incident response plan.
      Oct 23, 2020
    • Rochester Business Journal

      Legal guidance a necessity for companies amid coronavirus uncertainty

      In this article on the most common COVID-related issues that businesses and companies are seeking legal help for, Data Privacy & Cybersecurity deputy leader Jenny Holmes and Complex Commercial Disputes associate Eric Ferrante, both in Rochester, are quoted for their outlook on cybersecurity best practices, force majeure clauses, and rent concerns from both landlords and tenants.
      Sep 4, 2020
    • Rochester Business Journal

      California data security law to have widespread impact

      Rochester Corporate associate Jenny Holmes talks to the Rochester Business Journal for their special report on the impact of the California Consumer Privacy Act, which goes into effect January 1. Jenny anticipates that companies will have to comply with the strictest state law on the books if Congress does not pass a federal law.
      Nov 29, 2019
    • Rochester Business Journal

      Keep up with laws developing to protect our consumer data

      In the latest installment of his monthly column, Rochester Corporate partner Jeremy Wolk analyzes state-level legislation aimed at enhancing consumer privacy rights and protections, similar to the European Union’s General Data Protection Regulation. Rochester Corporate associate Jenny Holmes contributed to the column.
      Nov 15, 2019
    • Rochester Business Journal

      Corporate spending on cybersecurity continues to increase

      Jenny Holmes, Nixon Peabody associate, is quoted in this article about the trend of rising costs for cybersecurity protection.

      Oct 25, 2019
    • Boston Globe

      What makes you work harder? Strap on a sensor and find out

      In this story, Rochester Corporate associate Jenny Holmes discusses privacy concerns raised by employers who are leveraging wearable devices such as fitness trackers to learn more about workplace productivity.
      July 16, 2019
    • Law360

      Nexstar sells 19 stations for $1.32B to satisfy regulators

      In the following coverage, Nixon Peabody is mentioned for its role as counsel to Tegna, which agreed to purchase a number of television stations from Nexstar Media Group for $740 million. Washington, DC, Corporate partner John Partigan led the deal team.
      March 21, 2019
    • Rochester Business Journal

      Facebook lawsuit underscores importance of transparent collection and use of data

      Rochester Corporate partner Jeremy Wolk wrote this contributed column analyzing a lawsuit filed against Facebook in Washington, DC, alleging violations of state-level consumer protection laws by the social media company. This article incorporates perspective from an alert written by Washington Complex Commercial Disputes associate Brian Donnelly, Rochester Corporate associate Jenny Holmes, and Los Angeles Government Investigations & White Collar Defense associate Karina Puttieva.
      Jan 25, 2019
    • Confero

      Cybersecurity and benefits plans: The next front in the ongoing battle to protect personal information

      Rochester Corporate group associate Jenny Holmes contributed this article to the quarterly magazine for Westminster Consulting, discussing why benefit plans are inviting targets for would-be data thieves, and what plan administrators need to do to protect personal data.
      July 1, 2018
    • Rochester Business Journal

      European Union law on data protection takes effect

      Rochester corporate group partner Jeremy Wolk and associate Jenny Holmes co-wrote this contributed article on the introduction of the General Data Protection Regulation, “a set of tougher rules designed to give European Union citizens more control over their personal data.” The regulation applies to all organizations, regardless of location, that handle the personal data of EU citizens.
      June 8, 2018
    • Journal of Compensation and Benefits

      The Delayed Final Rule and Disability Claims Procedures: Are You Ready? Do You Have to Be?

      Labor and employment associates Claire Rowland and Jenny Holmes authored this article about key changes and impact of the U.S. Department of Labor’s updated regulations for required disability claims procedures (Final Rule) going into effect on April 1, 2018.
      March 20, 2018
    • Pensions & Investments

      Partial delay of fiduciary rule leaves investment industry in limbo

      Rochester labor and employment partner Christian Hancey and associate Jenny Holmes co-wrote this article on the Department of Labor’s new fiduciary rule regulations.
      Dec 7, 2017
    • Rochester Business Journal

      Before acquiring a firm, check its cybersecurity setup

      Rochester private equity and investment funds partner Jeremy Wolk and labor and employment associate Jenny Holmes co-authored this column about cybersecurity due diligence.
      March 17, 2017
    • Rochester Business Journal

      Employees' smartphones threaten company security

      Chief Information Officer Mike Green and Rochester labor and employment associate Jenny Holmes are quoted in this article about data protection issues surrounding bring your own device policies.

      Jan 20, 2017
    • Rochester Business Journal

      No immunity from cyberattacks and data breaches in 2016 and beyond

      Rochester private equity and investment funds partner Jeremy Wolk and labor and employment associate Jenny Holmes co-authored this column about cyber security. The column provides an overview of the risks and potential legislative changes that could help small businesses and tips for creating a privacy policy.
      Jan 13, 2017

    Admitted to practice

    New York
    U.S. District Court, Western District of New York
    U.S. District Court, Northern District of New York

    Education

    Syracuse University College of Law, J.D., Order of the Coif, magna cum laude
    University of Virginia, B.A.

    Professional activities

    Jenny is the co-chair of the Rochester Jewish Sports Hall of Fame and a member of the events committee for Bivona Child Advocacy Center. She also is a member of the Monroe County, New York State, and American bar associations. Jenny serves on the firm’s recruiting committee.

    Recognition

    • Selected, through a peer-review survey, for inclusion in Best Lawyers: Ones to Watch 2024 in the field of Privacy and Data Security Law
    • Recognized as an “Up and Coming Lawyer” as part of The Daily Record and Rochester Business Journal’s Legal Excellence Awards

    Insights And Happenings

    View All
    View All

    Professionals in the Practice Area

    View All

    • Jason C. Kravitz

      Partner / Leader, Cybersecurity & Privacy
      • Boston
      • Office:617.345.1318
      • jkravitz@nixonpeabody.com
      Jason C. Kravitz

    • Dan Deane

      Partner / Leader, Class Actions and Aggregate Litigation / Co-Leader, TCPA & Consumer Privacy Team
      • Manchester
      • Office:603.628.4047
      • ddeane@nixonpeabody.com
      Dan Deane

    • Valerie Breslin Montague

      Partner
      • Chicago
      • Office:312.977.4485
      • vbmontague@nixonpeabody.com
      Valerie Breslin Montague

    • Christopher M. Mason

      Partner / Deputy Leader, Class Actions and Aggregate Litigation / Leader, Arbitration Team
      • New York
      • Office:212.940.3017
      • cmason@nixonpeabody.com
      Christopher M. Mason

    • Jéna M. Grady

      Counsel
      • New York
      • Office:212.940.3114
      • jgrady@nixonpeabody.com
      Jéna M. Grady
    View All

    Subscribe to stay informed of the latest legal news, alerts, and business trends.Subscribe