Jenny L. Holmes

Jenny Holmes is the deputy leader of the firm’s Data Privacy & Cybersecurity team and a member of the Employee Benefits and Executive Compensation team.

Jenny advises clients on the ever-changing legal landscape of data privacy and cybersecurity law, taking an active role in the development and management of the firm’s capability in this evolving area. Her practice involves developing and implementing system-wide privacy and security plans for numerous companies of various sizes, and creating response plans that address the mandates of the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the NY SHIELD Act, among others. Additionally, Jenny counsels’ clients on the design, drafting, implementation, and ongoing operation of retirement plans, multiple employer plans, multi-employer plans, and health and welfare plans.

What do you focus on?

My practice focuses on the following areas:

Privacy Compliance

The data privacy regime of various international, federal, and state laws is a complex patchwork of overlapping and sometimes conflicting laws. I routinely assist clients in analyzing which laws and regulations apply and design privacy programs that comply with the various applicable laws. In doing so, I draft external privacy policies, Information Security Plans, and privacy response plans. Understanding that individual data is often a company’s biggest asset and biggest risk, I create programs that ensure safe storage and usage of personal information while also considering the practical needs of a company.

I also advise clients on the changing legal and regulatory data privacy landscape, including on the NY SHIELD Act, the CCPA, and the GDPR, and develop strategies for creating new privacy programs and leveraging existing regimes to comply with new and updated laws.

Data Breach Response

I advise clients in the aftermath of a privacy breach by explaining the regulatory framework of the various applicable data privacy laws while helping to craft a practical and cost-efficient response plan. I work together with third-party vendors to ensure complete breach remediation and review forensic reports to understand the root cause. I draft required notices, provide guidance on consumer or employee communications, and design and implement company policies to prevent future breaches.

Retirement Plans Design and Regulatory Compliance

I assist clients with the successful implementation and operation of various types of retirement plans, including pension, profit-sharing, 401(k) and 403(b) plans, multiple employer plans, multi-employer plans, and 457(b) and 457(f) plans. I draft plan documents and summary plan descriptions, respond to plan documents and operational failures through the Internal Revenue Service’s Employee Plans Compliance Resolution System, and counsel retirement plan committees on their fiduciary responsibilities under ERISA.

Executive Compensation

I have experience helping clients on issues related to stock option plans, non-qualified deferred compensation plans, supplemental executive retirement plans, and severance plans. My experience includes advising individuals on various tax and other estate planning implications of executive compensation structures.

M&A Transaction

In various corporate structure changes, I advise clients on pre- and post-transaction compliance issues in both Employee Benefits and Data Privacy. As part of due diligence reviews, I analyze deal documents, draft representations, disclosures, and warranties, and assess potential risk factors. I counsel clients on potential liabilities, required corrective actions, and prepare and implement those corrections.

What do you see on the horizon?

Employee Benefits

Regulatory reforms will continue to affect plan design and operation of retirement and group health plans. Employers need to effectively align these reforms with their desire to provide more creative and sophisticated benefit programs to incentivize employees.


Personal privacy is going to continue to be an issue at the forefront of consumer’s and employee’s minds. As international, federal, state, and local laws are quickly drafted and implemented to address these concerns, companies will need to be flexible in the design of their privacy schemes to ensure compliance with various laws. Like we are seeing with the CCPA and the NY SHIELD Act, the United States is on the path to a patchwork of individual states laws with nuanced differences. Being able to leverage existing programs and policies to comply with new requirements will become even more important.

Prior to joining the firm

At Syracuse Law, Jenny was Business Editor of Syracuse Law Review, on the Moot Court Honor Society, and a member of the Justinian Honorary Law Society. She is a member of the Syracuse Law’s Chapter of the Order of the Coif and a recipient of the CALI (Constitutional Law) and the Cornelius W. Wickersham Jr. Awards.


  • “Practical Incident Response: An Interactive Tabletop Exercise,” Rochester Security Summit 2019, Rochester, NY
  • “Cybersecurity Takes a Village: Governance, Legal, and Cyber Perspectives,” 2019 NY Tech Summit, Turning Stone Conference Center, Verona, NY

Incident response plans critical for any organization

Rochester Business Journal | October 23, 2020

The following article in Rochester Business Journal’s special report on Cybersecurity quote Data Privacy & Cybersecurity deputy team leader and Rochester associate Jenny Holmes for her insights on state, federal and international cybersecurity laws, and legal best practices on selecting a cloud computing service provider and putting together an incident response plan.

Transitioning to cloud-based services: Due diligence is key

Rochester Business Journal | October 23, 2020

The following article in Rochester Business Journal’s special report on Cybersecurity quote Data Privacy & Cybersecurity deputy team leader and Rochester associate Jenny Holmes for her insights on state, federal and international cybersecurity laws, and legal best practices on selecting a cloud computing service provider and putting together an incident response plan.

California data security law to have widespread impact

Rochester Business Journal | November 29, 2019

Rochester Corporate associate Jenny Holmes talks to the Rochester Business Journal for their special report on the impact of the California Consumer Privacy Act, which goes into effect January 1. Jenny anticipates that companies will have to comply with the strictest state law on the books if Congress does not pass a federal law.

Keep up with laws developing to protect our consumer data

Rochester Business Journal | November 15, 2019

In the latest installment of his monthly column, Rochester Corporate partner Jeremy Wolk analyzes state-level legislation aimed at enhancing consumer privacy rights and protections, similar to the European Union’s General Data Protection Regulation. Rochester Corporate associate Jenny Holmes contributed to the column.

Corporate spending on cybersecurity continues to increase

Rochester Business Journal | October 25, 2019

Jenny Holmes, Nixon Peabody associate, is quoted in this article about the trend of rising costs for cybersecurity protection.

What makes you work harder? Strap on a sensor and find out

Boston Globe | July 16, 2019

In this story, Rochester Corporate associate Jenny Holmes discusses privacy concerns raised by employers who are leveraging wearable devices such as fitness trackers to learn more about workplace productivity.

Facebook lawsuit underscores importance of transparent collection and use of data

Rochester Business Journal | January 25, 2019

Rochester Corporate partner Jeremy Wolk wrote this contributed column analyzing a lawsuit filed against Facebook in Washington, DC, alleging violations of state-level consumer protection laws by the social media company. This article incorporates perspective from an alert written by Washington Complex Commercial Disputes associate Brian Donnelly, Rochester Corporate associate Jenny Holmes, and Los Angeles Government Investigations & White Collar Defense associate Karina Puttieva.

Cybersecurity and benefits plans: The next front in the ongoing battle to protect personal information

Confero | June 30, 2018

Rochester Corporate group associate Jenny Holmes contributed this article to the quarterly magazine for Westminster Consulting, discussing why benefit plans are inviting targets for would-be data thieves, and what plan administrators need to do to protect personal data.

European Union law on data protection takes effect

Rochester Business Journal | June 07, 2018

Rochester corporate group partner Jeremy Wolk and associate Jenny Holmes co-wrote this contributed article on the introduction of the General Data Protection Regulation, “a set of tougher rules designed to give European Union citizens more control over their personal data.” The regulation applies to all organizations, regardless of location, that handle the personal data of EU citizens.

The Delayed Final Rule and Disability Claims Procedures: Are You Ready? Do You Have to Be?

Journal of Compensation and Benefits | March 19, 2018

Labor and employment associates Claire Rowland and Jenny Holmes authored this article about key changes and impact of the U.S. Department of Labor’s updated regulations for required disability claims procedures (Final Rule) going into effect on April 1, 2018.

Partial delay of fiduciary rule leaves investment industry in limbo

Pensions & Investments | December 06, 2017

Rochester labor and employment partner Christian Hancey and associate Jenny Holmes co-wrote this article on the Department of Labor’s new fiduciary rule regulations.


Jenny L. Holmes

Deputy Leader, Data Privacy & Cybersecurity Team


Phone: 585-263-1494

Syracuse University College of Law, J.D., Order of the Coif, magna cum laude

University of Virginia, B.A.

New York

U.S. District Court, Western District of New York

U.S. District Court, Northern District of New York

Jenny is a member of the Leaders Build Committee of the Habitat for Humanity and the Co-Chair of the Rochester Jewish Sports Hall of Fame. She also is a member of the Monroe County Bar Association, New York State Bar Association, and the American Bar Association. Jenny serves as an office representative on the firm’s Associate Council.

Back to top