Skip to Main Content
Professional Photo


Of Counsel

L. Hannah Ji-Otto, an experienced privacy and technology attorney, regularly advises domestic and international clients on all aspects of privacy, security, information management, and AI governance issues.

Featured Video

Cross Border Data Flows for Business Growth in China: Frontline Updates May 23, 2023

Professional Biography

Ms. Ji-Otto is committed to supporting clients on legal matters involving the use of technology and data. Her clientele spans a broad spectrum of sectors, from manufacturing to e-commerce, and includes a diverse range of businesses, from startups to Fortune 500 companies. She is actively involved in multiple client service groups centered around technology and innovation, including the Firm's Electric Vehicle and Infrastructure, Artificial Intelligence, and Blockchain and Digital Assets Technology Groups.

Privacy Compliance

Staying ahead of evolving privacy laws, Ms. Ji-Otto is well-versed in helping businesses build their enterprise-wide privacy compliance programs. She's experienced in developing and implementing privacy and security policies that address international and domestic regulatory requirements and industry guidelines. Ms. Ji-Otto's privacy consultation experience includes:

  • Advising clients in complying with the GDPR, CAN-SPAM, COPPA, CCPA/CPRA, and state comprehensive privacy laws;
  • Guiding multinational companies navigate challenges in transferring personal data across regions with data export restrictions and data localization requirements. This includes assisting with the implementation of Standard Contractual Clauses and applying for the EU-U.S. Data Privacy Framework; and
  • Analyzing privacy risks for data-intensive business models, including AI, biometrics, IoT, and cloud products and services.

Ms. Ji-Otto has earned the following designations from the International Association of Privacy Professional (IAPP):  U.S. Private Sector (CIPP/US), Europe (CIPP/E), Canada (CIPP/C), Asia (CIPP/A), Certified Information Privacy Manager (CIPM), and Fellow of Information Privacy (FIP).

Security Incident Response

She also regularly advises her clients on preparing for and responding to data breach incidents, including clients in highly regulated health care and financial industries. The types of data incidents she managed for her clients include network intrusions, ransomware attacks, e-mail compromises, and employee misconduct. She assists clients in conducting internal forensic investigations, analyzing potential cyber liabilities, notifying potentially affected individuals pursuant to breach notification laws, and communicating with law enforcement agencies and federal and state regulators.

Technology Transactions

Ms. Ji-Otto represents clients in a wide range of complex technology transactional matters involving outsourcing, licensing, hosting, software development, distribution, cloud computing, and data sharing, with a particular focus on new technologies or business models that often have a cross-border aspect. Her technology transactions experience also includes conducting risk assessments and privacy due diligence; drafting and negotiating software licenses, data processing agreements, and vendor agreements; and supporting corporate mergers and acquisitions transactions to ensure her clients comply with information privacy and technology requirements.

Ms. Ji-Otto's experience also includes:

  • Drafting and negotiating licenses for "as a service" (aaS) models;
  • Preparing end-user license agreements (EULAs), master licensing agreements (MLAs), and vendor agreements;
  • Negotiating technology agreements for industry leaders in HealthTech, AdTech, InsureTech, and Fintech.
  • Provide legal advice to clients in the Metaverse on developing NFT trading and minting platforms, configuring smart contracts, licensing content, and integrating blockchain technology into their products and procedures.
  • Supporting corporate M&A activities to ensure compliance with privacy and technology requirements.
  • Represented multiple domestic and international clients with preparation of comprehensive privacy and security programs from the ground up.

  • Represented multiple clients regarding compliance with international, federal, and state privacy, data protection, and cybersecurity laws, rules, and regulations.

  • Assisted numerous clients with remediation and reporting of security incidents, including those caused by ransomware, phishing, malware, employee misconduct, and other cyber-attacks.

  • Represented a private equity backed Fintech company in its negotiation of a complex Banking-as-a-Service agreement with a financial institution.

  • Represented a Fortune 100 client during negotiations with a top-tier consulting firm for its services related to global ESG initiatives and AI strategic planning.

  • Provided strategic and legal counseling for an Australian solar company's entrance into the U.S. market.

  • Represented a leading EV company in preparing licensing agreements for its cutting edge data related products and services.

  • Member – International Women's Cyber Alliance (IWCA)
    • Member of Legal Governance Committee
    • Member of Content/Speaker Committee
  • Participant – Minority Corporate Counsel Association 2023 Sources of Success™ Program
  • Member – St. Louis Regional Business Council Young Professional Network Leadership 100 Cohort
  • Member – St. Louis Asian American Chamber of Commerce
  • Member – International Association of Privacy Professionals (IAPP)
  • Member – National Asian Pacific American Bar Association (NAPABA)
  • Member – Missouri and New York Bar Associations
  • Member – DRI
  • Member – The Bar Association of Metropolitan St. Louis (BAMSL)
  • "Data Security Compliance and Risks: A Business Attorney's Guide," National Business Institute (February 2023)
  • "Managing Your Business Risk in Today's Data Privacy and Security Environment," ACC Corporate Counsel Institute, St. Louis, Missouri (August 2021)



Baker Donelson professional admitted to the practice of law in Missouri and New York; not admitted in Tennessee.

Email Disclaimer

NOTICE: The mailing of this email is not intended to create, and receipt of it does not constitute an attorney-client relationship. Anything that you send to anyone at our Firm will not be confidential or privileged unless we have agreed to represent you. If you send this email, you confirm that you have read and understand this notice.
Cancel Accept