Jenny L. Holmes

Jenny Holmes is the deputy leader of the firm’s Data Privacy & Cybersecurity team and a member of the Employee Benefits and Executive Compensation team.

Jenny advises clients on the ever-changing legal landscape of data privacy and cybersecurity law, taking an active role in the development and management of the firm’s capability in this evolving area. Her practice involves developing and implementing system-wide privacy and security plans for numerous companies of various sizes, and creating response plans that address the mandates of the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the NY SHIELD Act, among others. Additionally, Jenny counsels’ clients on the design, drafting, implementation, and ongoing operation of retirement plans, multiple employer plans, multi-employer plans, and health and welfare plans.

What do you focus on?

My practice focuses on the following areas:

Privacy Compliance

The data privacy regime of various international, federal, and state laws is a complex patchwork of overlapping and sometimes conflicting laws. I routinely assist clients in analyzing which laws and regulations apply and design privacy programs that comply with the various applicable laws. In doing so, I draft external privacy policies, Information Security Plans, and privacy response plans. Understanding that individual data is often a company’s biggest asset and biggest risk, I create programs that ensure safe storage and usage of personal information while also considering the practical needs of a company.

I also advise clients on the changing legal and regulatory data privacy landscape, including on the NY SHIELD Act, the CCPA, and the GDPR, and develop strategies for creating new privacy programs and leveraging existing regimes to comply with new and updated laws.

Data Breach Response

I advise clients in the aftermath of a privacy breach by explaining the regulatory framework of the various applicable data privacy laws while helping to craft a practical and cost-efficient response plan. I work together with third-party vendors to ensure complete breach remediation and review forensic reports to understand the root cause. I draft required notices, provide guidance on consumer or employee communications, and design and implement company policies to prevent future breaches.

Retirement Plans Design and Regulatory Compliance

I assist clients with the successful implementation and operation of various types of retirement plans, including pension, profit-sharing, 401(k) and 403(b) plans, multiple employer plans, multi-employer plans, and 457(b) and 457(f) plans. I draft plan documents and summary plan descriptions, respond to plan documents and operational failures through the Internal Revenue Service’s Employee Plans Compliance Resolution System, and counsel retirement plan committees on their fiduciary responsibilities under ERISA.

Executive Compensation

I have experience helping clients on issues related to stock option plans, non-qualified deferred compensation plans, supplemental executive retirement plans, and severance plans. My experience includes advising individuals on various tax and other estate planning implications of executive compensation structures.

M&A Transaction

In various corporate structure changes, I advise clients on pre- and post-transaction compliance issues in both Employee Benefits and Data Privacy. As part of due diligence reviews, I analyze deal documents, draft representations, disclosures, and warranties, and assess potential risk factors. I counsel clients on potential liabilities, required corrective actions, and prepare and implement those corrections.

What do you see on the horizon?

Employee Benefits

Regulatory reforms will continue to affect plan design and operation of retirement and group health plans. Employers need to effectively align these reforms with their desire to provide more creative and sophisticated benefit programs to incentivize employees.


Personal privacy is going to continue to be an issue at the forefront of consumer’s and employee’s minds. As international, federal, state, and local laws are quickly drafted and implemented to address these concerns, companies will need to be flexible in the design of their privacy schemes to ensure compliance with various laws. Like we are seeing with the CCPA and the NY SHIELD Act, the United States is on the path to a patchwork of individual states laws with nuanced differences. Being able to leverage existing programs and policies to comply with new requirements will become even more important.

Prior to joining the firm

At Syracuse Law, Jenny was Business Editor of Syracuse Law Review, on the Moot Court Honor Society, and a member of the Justinian Honorary Law Society. She is a member of the Syracuse Law’s Chapter of the Order of the Coif and a recipient of the CALI (Constitutional Law) and the Cornelius W. Wickersham Jr. Awards.


  • “Practical Incident Response: An Interactive Tabletop Exercise,” Rochester Security Summit 2019, Rochester, NY
  • “Cybersecurity Takes a Village: Governance, Legal, and Cyber Perspectives,” 2019 NY Tech Summit, Turning Stone Conference Center, Verona, NY

Laying Down the Law with Data Privacy and Cybersecurity

The New IT Podcast | December 02, 2020

Data Privacy & Cybersecurity deputy team leader and Rochester associate Jenny Holmes appears as a guest in this tech-focused podcast to discuss her outlook and best practices on cloud computing, putting together an incident response plan, and the Privacy Shield.

Number of 401(k) Funds Offered to Plan Participants Shrinks

HR News | December 01, 2020

This article on the shrinking number of funds offered to 401(k) plan participants quotes a recent Fall Employee Benefits Briefing blog post written by Employee Benefits & Executive Compensation leader and Corporate partner Eric Paley, Corporate partners Christian Hancey and Brian Kopp, and Corporate associates Lena Gionnette and Jenny Holmes, all in Rochester; and Washington, D.C. Corporate counsel Damian Myers.

The Once-and-Future Privacy Shield

Rochester Business Journal | November 06, 2020

Data Privacy & Cybersecurity deputy leader and Rochester associate Jenny Holmes contributed this article analyzing the European Court of Justice’s recent invalidation of the Privacy Shield and its impact on data flows between the US and the EU. This article was co-developed with Los Angeles partner Jason P. Gonzalez and Boston associate Troy K. Lieberman, both from the Data Privacy & Cybersecurity team.

Incident response plans critical for any organization

Rochester Business Journal | October 23, 2020

The following article in Rochester Business Journal’s special report on Cybersecurity quote Data Privacy & Cybersecurity deputy team leader and Rochester associate Jenny Holmes for her insights on state, federal and international cybersecurity laws, and legal best practices on selecting a cloud computing service provider and putting together an incident response plan.

Transitioning to cloud-based services: Due diligence is key

Rochester Business Journal | October 23, 2020

The following article in Rochester Business Journal’s special report on Cybersecurity quote Data Privacy & Cybersecurity deputy team leader and Rochester associate Jenny Holmes for her insights on state, federal and international cybersecurity laws, and legal best practices on selecting a cloud computing service provider and putting together an incident response plan.

Legal guidance a necessity for companies amid coronavirus uncertainty

Rochester Business Journal | September 04, 2020

In this article on the most common COVID-related issues that businesses and companies are seeking legal help for, Data Privacy & Cybersecurity deputy leader Jenny Holmes and Complex Commercial Disputes associate Eric Ferrante, both in Rochester, are quoted for their outlook on cybersecurity best practices, force majeure clauses, and rent concerns from both landlords and tenants.

California data security law to have widespread impact

Rochester Business Journal | November 29, 2019

Rochester Corporate associate Jenny Holmes talks to the Rochester Business Journal for their special report on the impact of the California Consumer Privacy Act, which goes into effect January 1. Jenny anticipates that companies will have to comply with the strictest state law on the books if Congress does not pass a federal law.

Keep up with laws developing to protect our consumer data

Rochester Business Journal | November 15, 2019

In the latest installment of his monthly column, Rochester Corporate partner Jeremy Wolk analyzes state-level legislation aimed at enhancing consumer privacy rights and protections, similar to the European Union’s General Data Protection Regulation. Rochester Corporate associate Jenny Holmes contributed to the column.

Corporate spending on cybersecurity continues to increase

Rochester Business Journal | October 25, 2019

Jenny Holmes, Nixon Peabody associate, is quoted in this article about the trend of rising costs for cybersecurity protection.

What makes you work harder? Strap on a sensor and find out

Boston Globe | July 16, 2019

In this story, Rochester Corporate associate Jenny Holmes discusses privacy concerns raised by employers who are leveraging wearable devices such as fitness trackers to learn more about workplace productivity.

Facebook lawsuit underscores importance of transparent collection and use of data

Rochester Business Journal | January 25, 2019

Rochester Corporate partner Jeremy Wolk wrote this contributed column analyzing a lawsuit filed against Facebook in Washington, DC, alleging violations of state-level consumer protection laws by the social media company. This article incorporates perspective from an alert written by Washington Complex Commercial Disputes associate Brian Donnelly, Rochester Corporate associate Jenny Holmes, and Los Angeles Government Investigations & White Collar Defense associate Karina Puttieva.

Cybersecurity and benefits plans: The next front in the ongoing battle to protect personal information

Confero | June 30, 2018

Rochester Corporate group associate Jenny Holmes contributed this article to the quarterly magazine for Westminster Consulting, discussing why benefit plans are inviting targets for would-be data thieves, and what plan administrators need to do to protect personal data.

European Union law on data protection takes effect

Rochester Business Journal | June 07, 2018

Rochester corporate group partner Jeremy Wolk and associate Jenny Holmes co-wrote this contributed article on the introduction of the General Data Protection Regulation, “a set of tougher rules designed to give European Union citizens more control over their personal data.” The regulation applies to all organizations, regardless of location, that handle the personal data of EU citizens.


Jenny L. Holmes

Deputy Leader, Data Privacy & Cybersecurity Team


Phone: 585-263-1494

Syracuse University College of Law, J.D., Order of the Coif, magna cum laude

University of Virginia, B.A.

New York

U.S. District Court, Western District of New York

U.S. District Court, Northern District of New York

Jenny is a member of the Leaders Build Committee of the Habitat for Humanity and the Co-Chair of the Rochester Jewish Sports Hall of Fame. She also is a member of the Monroe County Bar Association, New York State Bar Association, and the American Bar Association. Jenny serves as an office representative on the firm’s Associate Council.

Back to top