Jenny Holmes is the deputy leader of the firm’s Data Privacy & Cybersecurity team and a member of the Employee Benefits and Executive Compensation team.
Jenny advises clients on the ever-changing legal landscape of data privacy and cybersecurity law, taking an active role in the development and management of the firm’s capability in this evolving area. Her practice involves developing and implementing system-wide privacy and security plans for numerous companies of various sizes, and creating response plans that address the mandates of the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the NY SHIELD Act, among others. Additionally, Jenny counsels’ clients on the design, drafting, implementation, and ongoing operation of retirement plans, multiple employer plans, multi-employer plans, and health and welfare plans.
My practice focuses on the following areas:
The data privacy regime of various international, federal, and state laws is a complex patchwork of overlapping and sometimes conflicting laws. I routinely assist clients in analyzing which laws and regulations apply and design privacy programs that comply with the various applicable laws. In doing so, I draft external privacy policies, Information Security Plans, and privacy response plans. Understanding that individual data is often a company’s biggest asset and biggest risk, I create programs that ensure safe storage and usage of personal information while also considering the practical needs of a company.
I also advise clients on the changing legal and regulatory data privacy landscape, including on the NY SHIELD Act, the CCPA, and the GDPR, and develop strategies for creating new privacy programs and leveraging existing regimes to comply with new and updated laws.
I advise clients in the aftermath of a privacy breach by explaining the regulatory framework of the various applicable data privacy laws while helping to craft a practical and cost-efficient response plan. I work together with third-party vendors to ensure complete breach remediation and review forensic reports to understand the root cause. I draft required notices, provide guidance on consumer or employee communications, and design and implement company policies to prevent future breaches.
I assist clients with the successful implementation and operation of various types of retirement plans, including pension, profit-sharing, 401(k) and 403(b) plans, multiple employer plans, multi-employer plans, and 457(b) and 457(f) plans. I draft plan documents and summary plan descriptions, respond to plan documents and operational failures through the Internal Revenue Service’s Employee Plans Compliance Resolution System, and counsel retirement plan committees on their fiduciary responsibilities under ERISA.
I have experience helping clients on issues related to stock option plans, non-qualified deferred compensation plans, supplemental executive retirement plans, and severance plans. My experience includes advising individuals on various tax and other estate planning implications of executive compensation structures.
In various corporate structure changes, I advise clients on pre- and post-transaction compliance issues in both Employee Benefits and Data Privacy. As part of due diligence reviews, I analyze deal documents, draft representations, disclosures, and warranties, and assess potential risk factors. I counsel clients on potential liabilities, required corrective actions, and prepare and implement those corrections.
Regulatory reforms will continue to affect plan design and operation of retirement and group health plans. Employers need to effectively align these reforms with their desire to provide more creative and sophisticated benefit programs to incentivize employees.
Personal privacy is going to continue to be an issue at the forefront of consumer’s and employee’s minds. As international, federal, state, and local laws are quickly drafted and implemented to address these concerns, companies will need to be flexible in the design of their privacy schemes to ensure compliance with various laws. Like we are seeing with the CCPA and the NY SHIELD Act, the United States is on the path to a patchwork of individual states laws with nuanced differences. Being able to leverage existing programs and policies to comply with new requirements will become even more important.
At Syracuse Law, Jenny was Business Editor of Syracuse Law Review, on the Moot Court Honor Society, and a member of the Justinian Honorary Law Society. She is a member of the Syracuse Law’s Chapter of the Order of the Coif and a recipient of the CALI (Constitutional Law) and the Cornelius W. Wickersham Jr. Awards.
Rochester Business Journal | October 23, 2020
The following article in Rochester Business Journal’s special report on Cybersecurity quote Data Privacy & Cybersecurity deputy team leader and Rochester associate Jenny Holmes for her insights on state, federal and international cybersecurity laws, and legal best practices on selecting a cloud computing service provider and putting together an incident response plan.
Rochester Business Journal | October 23, 2020
The following article in Rochester Business Journal’s special report on Cybersecurity quote Data Privacy & Cybersecurity deputy team leader and Rochester associate Jenny Holmes for her insights on state, federal and international cybersecurity laws, and legal best practices on selecting a cloud computing service provider and putting together an incident response plan.
Rochester Business Journal | November 29, 2019
Rochester Corporate associate Jenny Holmes talks to the Rochester Business Journal for their special report on the impact of the California Consumer Privacy Act, which goes into effect January 1. Jenny anticipates that companies will have to comply with the strictest state law on the books if Congress does not pass a federal law.
Rochester Business Journal | November 15, 2019
In the latest installment of his monthly column, Rochester Corporate partner Jeremy Wolk analyzes state-level legislation aimed at enhancing consumer privacy rights and protections, similar to the European Union’s General Data Protection Regulation. Rochester Corporate associate Jenny Holmes contributed to the column.
Rochester Business Journal | October 25, 2019
Jenny Holmes, Nixon Peabody associate, is quoted in this article about the trend of rising costs for cybersecurity protection.
Boston Globe | July 16, 2019
In this story, Rochester Corporate associate Jenny Holmes discusses privacy concerns raised by employers who are leveraging wearable devices such as fitness trackers to learn more about workplace productivity.
Rochester Business Journal | January 25, 2019
Rochester Corporate partner Jeremy Wolk wrote this contributed column analyzing a lawsuit filed against Facebook in Washington, DC, alleging violations of state-level consumer protection laws by the social media company. This article incorporates perspective from an alert written by Washington Complex Commercial Disputes associate Brian Donnelly, Rochester Corporate associate Jenny Holmes, and Los Angeles Government Investigations & White Collar Defense associate Karina Puttieva.
Confero | June 30, 2018
Rochester Corporate group associate Jenny Holmes contributed this article to the quarterly magazine for Westminster Consulting, discussing why benefit plans are inviting targets for would-be data thieves, and what plan administrators need to do to protect personal data.
Rochester Business Journal | June 07, 2018
Rochester corporate group partner Jeremy Wolk and associate Jenny Holmes co-wrote this contributed article on the introduction of the General Data Protection Regulation, “a set of tougher rules designed to give European Union citizens more control over their personal data.” The regulation applies to all organizations, regardless of location, that handle the personal data of EU citizens.
Journal of Compensation and Benefits | March 19, 2018
Labor and employment associates Claire Rowland and Jenny Holmes authored this article about key changes and impact of the U.S. Department of Labor’s updated regulations for required disability claims procedures (Final Rule) going into effect on April 1, 2018.
Pensions & Investments | December 06, 2017
Rochester labor and employment partner Christian Hancey and associate Jenny Holmes co-wrote this article on the Department of Labor’s new fiduciary rule regulations.
Syracuse University College of Law, J.D., Order of the Coif, magna cum laude
University of Virginia, B.A.
New York
U.S. District Court, Western District of New York
U.S. District Court, Northern District of New York
Jenny is a member of the Leaders Build Committee of the Habitat for Humanity and the Co-Chair of the Rochester Jewish Sports Hall of Fame. She also is a member of the Monroe County Bar Association, New York State Bar Association, and the American Bar Association. Jenny serves as an office representative on the firm’s Associate Council.
