L. Hannah Ji-Otto, CIPP/US, CIPP/E, CIPP/C, CIPP/A, CIPM, FIP*

Ms. Ji-Otto has earned the International Association of Privacy Professionals' designations of Certified Information Privacy Professional: U.S. Private Sector (CIPP/US), Europe (CIPP/E), Canada (CIPP/C), Asia (CIPP/A), Certified Information Privacy Manager (CIPM), and Fellow of Information Privacy (FIP).

Privacy and Security

Staying ahead of the ever-changing data privacy laws for her clients, Ms. Ji-Otto is well-versed in assisting businesses with building their enterprise-wide privacy compliance programs from the ground up. She has experience in developing and implementing corporate privacy and security policies and procedures that address international and domestic regulatory guidelines. Ms. Ji-Otto's privacy consultation experience includes:

• Advising clients in complying with the GDPR, COPPA, CCPA/CPRA, and other state comprehensive privacy laws;
• Guiding multinational companies in overcoming hurdles when transferring personal data to and from jurisdictions with data export restrictions and data localization requirements, including assisting companies in executing Standard Contractual Clauses and/or applying for Privacy Shield certifications; and
• Analyzing privacy risks for data-intensive business models, including AI, IoT, and cloud products and services.

She also regularly advises her clients on preparing for and responding to data breach incidents, including clients in highly regulated health care and financial industries. The types of data incidents she managed for her clients include system-wide network intrusions, ransomware attacks, e-mail account compromises, and employee misconduct or misuse of data. She assists clients in conducting internal forensic investigations, analyzing potential cyber liabilities, notifying potentially affected individuals pursuant to breach notification laws, and communicating with law enforcement agencies and federal and state regulators.

Technology Transactions

Ms. Ji-Otto represents clients in a wide range of complex technology transactional matters involving outsourcing, licensing, hosting, software development, distribution, cloud computing, and data sharing, with a particular focus on new and transformational technologies or business models. Her technology transactions experience also includes conducting risk assessments and privacy due diligence; drafting and negotiating software licenses, data processing agreements, and vendor agreements; and supporting corporate mergers and acquisitions transactions to ensure her clients comply with information privacy and technology requirements.

Ms. Ji-Otto's experience also includes:

• Drafting and negotiating licenses for "as a service" (aaS) models, including Platform as a Service (PaaS), Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Data as a Service (DaaS);
• Preparing end-user license agreements (EULAs), master licensing agreements (MLAs), and vendor agreements; and
• Negotiating technology agreements for technology companies, including the industry leaders in HealthTech, AdTech, InsureTech, and Fintech.
• Provide legal advice to clients in the Metaverse on developing NFT trading and minting platforms, configuring smart contracts, licensing content, and integrating blockchain technology into their products and procedures.
• Supporting corporate M&A activities to ensure compliance with privacy and technology requirements.