Jenny Holmes is the deputy leader of the firm’s Cybersecurity & Privacy team.
Jenny advises clients on the ever-changing legal landscape of data privacy and cybersecurity law, taking an active role in the development and management of the firm’s capability in this evolving area. Her practice involves developing and implementing system-wide privacy and security plans for numerous companies of various sizes, and creating response plans that address the mandates of the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the NY SHIELD Act, among others. Jenny is a Certified Information Privacy Professional/United States (CIPP/US), a preeminent credential in the field of privacy.
My practice focuses on the following areas:
The data privacy regime of various international, federal, and state laws is a complex patchwork of overlapping and sometimes conflicting laws. I routinely assist clients in analyzing which laws and regulations apply and design privacy programs that comply with the various applicable laws. In doing so, I draft external privacy policies, information security plans, and privacy response plans. Understanding that individual data is often a company’s biggest asset and biggest risk, I create programs that ensure safe storage and usage of personal information while also considering the practical needs of a company.
I also advise clients on the changing legal and regulatory data privacy landscape, including on the NY SHIELD Act, the CCPA, and the GDPR, and develop strategies for creating new privacy programs and leveraging existing regimes to comply with new and updated laws.
I advise clients in the aftermath of a privacy breach by explaining the regulatory framework of the various applicable data privacy laws while helping to craft a practical and cost-efficient response plan. I work together with third-party vendors to ensure complete breach remediation and review forensic reports to understand the root cause. I draft required notices, provide guidance on consumer or employee communications, and design and implement company policies to prevent future breaches.
In various corporate structure changes, I advise clients on pre- and post-transaction compliance issues relating to data privacy and cybersecurity. As part of due diligence reviews, I analyze deal documents, draft representations, disclosures, and warranties, and assess potential risk factors. I counsel clients on potential liabilities, required corrective actions, and prepare and implement those corrections.
Personal privacy is going to continue to be an issue at the forefront of consumers’ and employees’ minds. As international, federal, state, and local laws are quickly drafted and implemented to address these concerns, companies will need to be flexible in the design of their privacy schemes to ensure compliance with various laws. Like we are seeing with the CCPA and the NY SHIELD Act, the United States is on the path to a patchwork of individual states laws with nuanced differences. Being able to leverage existing programs and policies to comply with new requirements will become even more important.
At Syracuse Law, Jenny was Business Editor of Syracuse Law Review, on the Moot Court Honor Society, and a member of the Justinian Honorary Law Society. She is a member of the Syracuse Law’s Chapter of the Order of the Coif and a recipient of the CALI (Constitutional Law) and the Cornelius W. Wickersham Jr. Awards.
Rochester Business Journal | May 13, 2022
Rochester Privacy & Technology counsel Jenny Holmes contributed this article, which takes a deep dive into the California Consumer Privacy Act (CCPA), and explains the requirements and risks for businesses that use loyalty programs to incentivize consumers in exchange for their personal information.
Bloomberg Law | December 23, 2021
Washington, DC Intellectual Property associate Palash Basu and Rochester Corporate associate Jenny Holmes, deputy leader of NP’s Cybersecurity & Privacy team, co-authored this article looking at potential facial recognition regulation in the year ahead, while also highlighting recent developments in this area.
Rochester Business Journal | July 16, 2021
Cybersecurity & Privacy deputy leader and Rochester Corporate associate Jenny Holmes contributed this article on New York State’s pending Biometric Privacy Act and New York City’s biometric law, which came into effect earlier this month, and their impact on businesses.
Bloomberg Law | June 28, 2021
This article on the U.S. Department of Labor’s abrupt enforcement of retirement plan cybersecurity quotes Cybersecurity & Privacy deputy team leader and Rochester Corporate associate Jenny Holmes on the rushed nature of the rollout and how plan sponsors are preparing for potential audits.
Bloomberg Law | June 09, 2021
This article, covering the New York biometric privacy statute set to take effect in July and its impact on businesses, quotes Data Privacy & Cybersecurity deputy team leader and Rochester Corporate associate Jenny Holmes on the 30-day cure period that provides business owners time to fix a violation before they can be sued.
The New IT Podcast | December 02, 2020
Data Privacy & Cybersecurity deputy team leader and Rochester associate Jenny Holmes appears as a guest in this tech-focused podcast to discuss her outlook and best practices on cloud computing, putting together an incident response plan, and the Privacy Shield.
HR News | December 01, 2020
This article on the shrinking number of funds offered to 401(k) plan participants quotes a recent Fall Employee Benefits Briefing blog post written by Employee Benefits & Executive Compensation leader and Corporate partner Eric Paley, Corporate partners Christian Hancey and Brian Kopp, and Corporate associates Lena Gionnette and Jenny Holmes, all in Rochester; and Washington, D.C. Corporate counsel Damian Myers.
Rochester Business Journal | November 06, 2020
Data Privacy & Cybersecurity deputy leader and Rochester associate Jenny Holmes contributed this article analyzing the European Court of Justice’s recent invalidation of the Privacy Shield and its impact on data flows between the US and the EU. This article was co-developed with Los Angeles partner Jason P. Gonzalez and Boston associate Troy K. Lieberman, both from the Data Privacy & Cybersecurity team.
Rochester Business Journal | October 23, 2020
The following article in Rochester Business Journal’s special report on Cybersecurity quote Data Privacy & Cybersecurity deputy team leader and Rochester associate Jenny Holmes for her insights on state, federal and international cybersecurity laws, and legal best practices on selecting a cloud computing service provider and putting together an incident response plan.
Rochester Business Journal | October 23, 2020
The following article in Rochester Business Journal’s special report on Cybersecurity quote Data Privacy & Cybersecurity deputy team leader and Rochester associate Jenny Holmes for her insights on state, federal and international cybersecurity laws, and legal best practices on selecting a cloud computing service provider and putting together an incident response plan.
Rochester Business Journal | September 04, 2020
In this article on the most common COVID-related issues that businesses and companies are seeking legal help for, Data Privacy & Cybersecurity deputy leader Jenny Holmes and Complex Commercial Disputes associate Eric Ferrante, both in Rochester, are quoted for their outlook on cybersecurity best practices, force majeure clauses, and rent concerns from both landlords and tenants.
Rochester Business Journal | November 29, 2019
Rochester Corporate associate Jenny Holmes talks to the Rochester Business Journal for their special report on the impact of the California Consumer Privacy Act, which goes into effect January 1. Jenny anticipates that companies will have to comply with the strictest state law on the books if Congress does not pass a federal law.
Rochester Business Journal | November 15, 2019
In the latest installment of his monthly column, Rochester Corporate partner Jeremy Wolk analyzes state-level legislation aimed at enhancing consumer privacy rights and protections, similar to the European Union’s General Data Protection Regulation. Rochester Corporate associate Jenny Holmes contributed to the column.
Rochester Business Journal | October 25, 2019
Jenny Holmes, Nixon Peabody associate, is quoted in this article about the trend of rising costs for cybersecurity protection.
Boston Globe | July 16, 2019
In this story, Rochester Corporate associate Jenny Holmes discusses privacy concerns raised by employers who are leveraging wearable devices such as fitness trackers to learn more about workplace productivity.
Syracuse University College of Law, J.D., Order of the Coif, magna cum laude
University of Virginia, B.A.
New York
U.S. District Court, Western District of New York
U.S. District Court, Northern District of New York
Jenny is a member of the Leaders Build Committee of the Habitat for Humanity and the co-chair of the Rochester Jewish Sports Hall of Fame. She also is a member of the Monroe County Bar Association, the New York State Bar Association, and the American Bar Association. Jenny serves as an office representative on the firm’s Associate Council.