Madison "MJ" McMahan

On the advisory and transactional side, MJ supports technology agreement negotiations – including software-as-a-service (SaaS) agreements, statements of work (SOWs) for AI-enabled product development, and vendor master services agreements (MSAs) – with an emphasis on data protection and cybersecurity.

MJ's experience also includes assisting with contracts, managed care, and complex commercial litigation. Since joining the Firm, she has handled a variety of complex civil matters through all stages of litigation, including drafting pleadings, discovery requests, dispositive motions, and Daubert challenges, and supporting class action defense in data breach and wiretapping matters.

Prior to joining Baker Donelson, MJ served as a health law legal extern for the Massachusetts Joint Committee on Public Health, where she conducted extensive legal research and regulatory analysis in support of public health initiatives, including evaluation of state health statutes and proposed regulatory frameworks.

• Served as lead associate defending a regional health care system in a proposed class action under the California Invasion of Privacy Act involving wiretapping claims.

• Drafted and revised an acceptable use policy addressing generative AI deployment in regulated employment contexts and employee use of third-party AI tools in environments involving sensitive data for a global company.

• Developed compliant data subject access request (DSAR) response workflows for a global company processing cross-border data under the GDPR and FDAP.

• Counseled a clinical-stage biopharmaceutical company on global data protection compliance for international research partnerships, including genetic data governance under the Texas Genetic Privacy Act, data security program requirements, and NIH data-sharing obligations.

• Drafted and supported the negotiation of SOWs and SaaS agreements for a global medical device company governing AI-enabled device development.

• Conducted a HIPAA security risk assessment for a health care software vendor to determine breach notification obligations.

• Supported the design and facilitation of a tabletop incident response exercise for a financial services firm.

• Assisted in the defense of a national services company in multistate data breach class actions.

• Supported complex managed care litigation and arbitration on behalf of national health care providers, including drafting pleadings, Daubert challenges and replies, and managing large-scale exhibit and discovery materials.

• Successfully drafted a Uniform Domain-Name Dispute Resolution Policy complaint for a transportation company in an intellectual property dispute, resulting in the transfer of an infringing domain name.

• Successfully resolved a privacy breach dispute for an industrial manufacturer by drafting a dismissal motion and preparing a settlement agreement, resulting in early and favorable resolution of all claims.

• Drafted an appellate brief for a municipality in a 42 U.S.C. § 1983 civil rights appeal.

• Drafted a global settlement offer and demand for arbitration in a multimillion-dollar commercial litigation dispute.

• Drafted a Daubert motion in a complex multimillion-dollar, multidistrict class action involving allegations of fiduciary breach and negligence related to the management of an employee pension fund.

• "Privacy Laws Ring in the New Year: State Requirements Expand Across the U.S. in 2026" (January 2026)
• "Cybersecurity Awareness Month 2025: How to Preserve Privilege in Cyber Investigations," republished in the November/December 2025 issue of FinTech Law Report (October 2025)
• "Cybersecurity Awareness Month 2025: Don't Get Haunted by Shadow AI," republished in the November/December 2025 issue of FinTech Law Report (October 2025)
• "Privilege Under Fire: Protecting Forensic Reports in the Wake of a Data Breach," republished June 6, 2025, in Westlaw Today (May 2025)
• "T-Minus Two Months: Another State Enters the National Stage – Preparing for the Tennessee Information Protection Act," republished in the Daily Report (May 2025)
• "CFPB Proposes Rule to Regulate Data Brokers Selling Sensitive Information," republished on January 14, 2025, in Law.com (December 2024)
• "California's New Generative AI Law – What Your Organization Needs to Know," republished in California Daily Journal (December 2024)

• "Women Leading Privacy," International Association of Privacy Professionals, Memphis Chapter (February 2025)

• Baker Donelson Adds 34 Associates Across the Firm (November 20, 2024)