Skip to Main Content
Professional Photo


Of Counsel

L. Hannah Ji-Otto, an experienced privacy and security attorney, regularly advises domestic and international clients on all aspects of data security, privacy, and technology transactions.

Featured Video

Cross Border Data Flows for Business Growth in China: Frontline Updates May 23, 2023

Professional Biography

Ms. Ji-Otto guides her clients through a broad range of information privacy challenges and complex technology transactions. She represents clients across all industries, including global manufacturers, health care organizations, online payment service providers, software providers, insurance companies, digital marketers, retailers, and global e-commerce platforms. As a dedicated privacy and cybersecurity attorney on the Firm's Electric Vehicle and Infrastructure Team, Hannah Ji-Otto is committed to supporting clients on legal matters involving the use of technology and data. Her experience empowers clients to navigate the dynamic and rapidly growing sustainable transportation industry with confidence and success.

Ms. Ji-Otto has earned the International Association of Privacy Professionals' designations of Certified Information Privacy Professional: U.S. Private Sector (CIPP/US), Europe (CIPP/E), Canada (CIPP/C), Asia (CIPP/A), Certified Information Privacy Manager (CIPM), and Fellow of Information Privacy (FIP).

Privacy and Security

Staying ahead of the ever-changing data privacy laws for her clients, Ms. Ji-Otto is well-versed in assisting businesses with building their enterprise-wide privacy compliance programs from the ground up. She has experience in developing and implementing corporate privacy and security policies and procedures that address international and domestic regulatory guidelines. Ms. Ji-Otto's privacy consultation experience includes:

  • Advising clients in complying with the GDPR, COPPA, CCPA/CPRA, and other state comprehensive privacy laws;
  • Guiding multinational companies in overcoming hurdles when transferring personal data to and from jurisdictions with data export restrictions and data localization requirements, including assisting companies in executing Standard Contractual Clauses and/or applying for Privacy Shield certifications; and
  • Analyzing privacy risks for data-intensive business models, including AI, IoT, and cloud products and services.

She also regularly advises her clients on preparing for and responding to data breach incidents, including clients in highly regulated health care and financial industries. The types of data incidents she managed for her clients include system-wide network intrusions, ransomware attacks, e-mail account compromises, and employee misconduct or misuse of data. She assists clients in conducting internal forensic investigations, analyzing potential cyber liabilities, notifying potentially affected individuals pursuant to breach notification laws, and communicating with law enforcement agencies and federal and state regulators.

Technology Transactions

Ms. Ji-Otto represents clients in a wide range of complex technology transactional matters involving outsourcing, licensing, hosting, software development, distribution, cloud computing, and data sharing, with a particular focus on new and transformational technologies or business models. Her technology transactions experience also includes conducting risk assessments and privacy due diligence; drafting and negotiating software licenses, data processing agreements, and vendor agreements; and supporting corporate mergers and acquisitions transactions to ensure her clients comply with information privacy and technology requirements.

Ms. Ji-Otto's experience also includes:

  • Drafting and negotiating licenses for "as a service" (aaS) models, including Platform as a Service (PaaS), Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Data as a Service (DaaS);
  • Preparing end-user license agreements (EULAs), master licensing agreements (MLAs), and vendor agreements; and
  • Negotiating technology agreements for technology companies, including the industry leaders in HealthTech, AdTech, InsureTech, and Fintech.
  • Provide legal advice to clients in the Metaverse on developing NFT trading and minting platforms, configuring smart contracts, licensing content, and integrating blockchain technology into their products and procedures.
  • Supporting corporate M&A activities to ensure compliance with privacy and technology requirements.
  • Member – International Association of Privacy Professionals (IAPP)
  • Member – National Asian Pacific American Bar Association (NAPABA)
  • Member – Missouri and New York Bar Associations
  • Member – The Bar Association of Metropolitan St. Louis (BAMSL)
  • Member – Legal Services of Eastern Missouri (LSEM)
  • Member – St. Louis Volunteer Lawyers and Accountants for the Arts (VLAA)
  • "Data Security Compliance and Risks: A Business Attorney's Guide," National Business Institute (February 2023)
  • "Managing Your Business Risk in Today's Data Privacy and Security Environment," ACC Corporate Counsel Institute, St. Louis, Missouri (August 2021)



Baker Donelson professional admitted to the practice of law in Missouri and New York; not admitted in Tennessee.

Email Disclaimer

NOTICE: The mailing of this email is not intended to create, and receipt of it does not constitute an attorney-client relationship. Anything that you send to anyone at our Firm will not be confidential or privileged unless we have agreed to represent you. If you send this email, you confirm that you have read and understand this notice.
Cancel Accept