Ms. Ji-Otto guides her clients through a broad range of information privacy challenges and complex technology transactions. She represents clients across all industries, including global manufacturers, health care organizations, online payment service providers, software providers, insurance companies, digital marketers, retailers, and global e-commerce platforms. As a dedicated privacy and cybersecurity attorney on the Firm's Electric Vehicle and Infrastructure Team, Hannah Ji-Otto is committed to supporting clients on legal matters involving the use of technology and data. Her experience empowers clients to navigate the dynamic and rapidly growing sustainable transportation industry with confidence and success.
Ms. Ji-Otto has earned the International Association of Privacy Professionals' designations of Certified Information Privacy Professional: U.S. Private Sector (CIPP/US), Europe (CIPP/E), Canada (CIPP/C), Asia (CIPP/A), Certified Information Privacy Manager (CIPM), and Fellow of Information Privacy (FIP).
Privacy and Security
Staying ahead of the ever-changing data privacy laws for her clients, Ms. Ji-Otto is well-versed in assisting businesses with building their enterprise-wide privacy compliance programs from the ground up. She has experience in developing and implementing corporate privacy and security policies and procedures that address international and domestic regulatory guidelines. Ms. Ji-Otto's privacy consultation experience includes:
- Advising clients in complying with the GDPR, COPPA, CCPA/CPRA, and other state comprehensive privacy laws;
- Guiding multinational companies in overcoming hurdles when transferring personal data to and from jurisdictions with data export restrictions and data localization requirements, including assisting companies in executing Standard Contractual Clauses and/or applying for Privacy Shield certifications; and
- Analyzing privacy risks for data-intensive business models, including AI, IoT, and cloud products and services.
She also regularly advises her clients on preparing for and responding to data breach incidents, including clients in highly regulated health care and financial industries. The types of data incidents she managed for her clients include system-wide network intrusions, ransomware attacks, e-mail account compromises, and employee misconduct or misuse of data. She assists clients in conducting internal forensic investigations, analyzing potential cyber liabilities, notifying potentially affected individuals pursuant to breach notification laws, and communicating with law enforcement agencies and federal and state regulators.
Technology Transactions
Ms. Ji-Otto represents clients in a wide range of complex technology transactional matters involving outsourcing, licensing, hosting, software development, distribution, cloud computing, and data sharing, with a particular focus on new and transformational technologies or business models. Her technology transactions experience also includes conducting risk assessments and privacy due diligence; drafting and negotiating software licenses, data processing agreements, and vendor agreements; and supporting corporate mergers and acquisitions transactions to ensure her clients comply with information privacy and technology requirements.
Ms. Ji-Otto's experience also includes:
- Drafting and negotiating licenses for "as a service" (aaS) models, including Platform as a Service (PaaS), Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Data as a Service (DaaS);
- Preparing end-user license agreements (EULAs), master licensing agreements (MLAs), and vendor agreements; and
- Negotiating technology agreements for technology companies, including the industry leaders in HealthTech, AdTech, InsureTech, and Fintech.
- Provide legal advice to clients in the Metaverse on developing NFT trading and minting platforms, configuring smart contracts, licensing content, and integrating blockchain technology into their products and procedures.
- Supporting corporate M&A activities to ensure compliance with privacy and technology requirements.