Jennifer L. Rathburn

Partner

Overview

Jennifer L. Rathburn is a partner with Foley & Lardner LLP. Jennifer focuses her practice on counseling clients on data protection programs, data incident management, breach response and recovery, monetization of data, and other privacy and security issues. She is one of the founders of the Midwest Cyber Security Alliance and has a deep understanding of the complex risk, operational, and legal issues companies must address to maintain the confidentiality of, access to, and integrity of their data.

As a member of the firm’s Technology Transactions & Outsourcing and Privacy, Security & Information Management Practices, Jennifer routinely helps clients prepare for and respond to data security incidents, from preparing incident response plans and advising on cybersecurity programs, to handling the breach notification response process. Her depth of experience in this area and her collaboration with IT, risk, forensic, dark web, communication/PR, and other data experts provides a multi-disciplinary, practical approach to client issues.

Additionally, Jennifer guides clients in all aspects of preparing for and maintaining compliance with U.S. and global privacy and data security laws including the California Consumer Privacy Act of 2018 (CCPA), and the EU’s General Data Protection Regulation (GDPR). Such efforts include conducting readiness assessments; performing data mapping and inventory; reviewing and revising privacy, data security, and incident response policies and plans; updating customer- and employee-facing privacy and consent notices as well as third-party vendor templates and agreements; evaluating the appointment of a Data Protection Officer; and educating and training board members, staff, and other key stakeholders.

Representative Experience

  • Counsels clients on handling privacy and security investigations and assists clients through the security breach notification process
  • Advises on big data, data monetization, the Internet of Things, and de-identification/anonymization
  • Drafts and reviews privacy and security policies and procedures, including enterprise-wide and department-specific policies and procedures and privacy notices
  • Conducts privacy and security risk assessments
  • Reviews vendor management practices, including preparation of vendor due diligence checklists and review of contractual liability issues
  • Provides board and management oversight of privacy and security programs
  • Creates and counsels clients on security incident response plans
  • Advises clients in the areas of federal privacy and security laws, including HIPAA, FERPA, GINA, and the Confidentiality of Alcohol and Drug Abuse Treatment Records (42 CFR Part 2), as well as state law governing the confidentiality of medical records
  • Provides guidance on privacy and security issues faced by clients as they implement new health innovation solutions, including interoperable electronic medical record systems and other technology involving health information
  • Advises clients on obtaining incentives for certifying, adopting, and implementing electronic health records and meeting meaningful use requirements
  • Provides guidance and assists in the development and implementation of health information exchanges and data warehouses for associations, multispecialty physician groups, integrated delivery systems, and other clients
  • Drafts and negotiates agreements regarding disclosures of health data for benchmarking, research, treatment, health care operations, and public health purposes
  • Counsels clients on how employer-focused laws (OSHA, DOT, workers’ compensation, etc.) affect the maintenance of occupational health records and negotiates occupational health contracts
  • Advises and negotiates agreements with and on behalf of health plans, disease management companies, TPAs, wellness companies, and employers on the privacy and security issues affecting the use and disclosure of health plan enrollee and employer health data
  • Advises clients on the privacy and security issues associated with websites that gather, use, and disclose health information and drafts Website Privacy Policies and Terms of Use that address the interplay between health care and website privacy requirements
  • Works with strategic partners in forensics and investigation, IT technical and physical security compliance and management, cybersecurity, data classification, data analytics, public relations, and crisis management

Recognition

Jennifer is one of four Foley attorneys named to the BTI Client Service All-Stars 2019 list, having been nominated by corporate counsel for her superior client service. Additionally, she was selected by Wisconsin Law Journal as a 2019 Women in the Law Honoree. Jennifer was also recommended by The Legal 500 for her work in cyber law, including data protection and privacy (2017), selected for inclusion in The Best Lawyers in America© list for her work in health care law (2015 - 2020) and recognized on the Wisconsin Super Lawyers – Rising Stars® list (2006 - 2008).

Education

  • St. Louis University School of Law (J.D., magna cum laude, 2000)
    • Health Law Certificate
    • Member, St. Louis University Law Journal
    • Member, Health Law Society
  • University of Kentucky (B.A., magna cum laude, 1996)
    • Member, Phi Beta Kappa
  • Northwestern University, Kellogg School of Management, Certification (2016)
  • Harvard Law School’s Leadership Development Program, Certification (2017)

Credentials

Jennifer holds the Certified Information Privacy Professional/United States (CIPP/US) credential, a global gold standard and key industry benchmark accredited by the International Association of Privacy Professionals (IAPP).

Admissions

  • Wisconsin
  • Illinois

Professional Memberships

  • Founder, Midwest Cyber Security Alliance
  • Member, American Bar Association, American Health Lawyers Association, American Health Information Management Association, and the International Association of Privacy Professionals

Selected Publications and Presentations

  • Co-presenter, “Hot Topics in Data Privacy and Cybersecurity,” Foley Seminar, Dallas, TX (October 10, 2019)
  • Co-presenter, “Emerging Hot Topics: AI and the Changing Privacy and Security Legal Landscape,” Foley's 15th Annual IP Conference: Knowing When and How to Pivot, Chicago, IL (October 4, 2019)
  • Co-presenter, “The California Consumer Privacy Act (CCPA): Applicability, Requirements, and Practical Tips on Compliance,” Midwest Cyber Security Alliance Meeting, Milwaukee, WI (September 12, 2019)
  • Co-presenter, “DoCRA - Adopting Duty of Care Risk Analysis to Drive GRC,” American Health Lawyers Association, Webinar (June 5, 2019)
  • Co-presenter, “Cybersecurity: How to Prepare for and Respond to an Attack,” InfraGuard Wisconsin: SuperCon 2019 Conference, Wisconsin Dells, WI (June 5, 2019)
  • Moderator, “Cybersecurity Panel of Experts,” Information Systems Security Association (ISSA) – Wisconsin Chapter Annual Meeting, Milwaukee, WI (May 16, 2019)
  • Co-presenter, “The Internet of Things: IoT Security by Design,” Midwest Cyber Security Alliance Meeting, Milwaukee, WI (May 9, 2019)
  • Co-presenter, “General Counsel Panel on Legal Collaboration with Security Programs,” Domestic Security Alliance Council (DSAC) 2019 Annual Meeting, Arlington, VA (May 2, 2019)
  • Moderated the Panel of Experts at the Information Systems Security Association – Wisconsin Chapter Annual Meeting, Milwaukee, WI (May 16, 2019)
  • Co-presenter, “Beyond HIPAA: What You Need to Know to Implement a Cybersecurity Program,” Long-Term Care CEO Roundtable, Milwaukee, WI (April 10, 2019)
  • Co-presenter, “Compliance with the NIST SP 800-171 Security Framework: DoD Contractors and Beyond,” Midwest Cyber Security Alliance Meeting, Milwaukee, WI (March 19, 2019)
  • Featured, “With Cyberattacks On The Rise, Current Cybersecurity Workforce Can't Keep Up,” Lake Effect on WUWM Milwaukee Public Radio (February 7, 2019)
  • Co-presenter, “Cyber Security – What’s at Risk in Your District?” MOLEG Cyber Week, Jefferson City, MO (February 6, 2019)
  • Co-presenter, “Issues in Cybersecurity Workforce Development,” Midwest Cyber Security Alliance Meeting, Milwaukee, WI (January 17, 2019)
  • Presenter, “What PR Pros Need to Know to Prepare for a Cyberattack,” Public Relations Society of America Southeastern Wisconsin Chapter Event, Milwaukee, WI (January 16, 2019)
  • Co-presenter, “Protecting the Confidentiality of CDI – DoD Data Crash Course,” Client In-Service Presentation (January 7, 2019)
  • Co-presenter, “It’s the Most Wonderful Time of the Year – Your Cybersecurity Lawyers Are Here (To Update You on Cybersecurity Hot Topics),” Foley’s Annual CLE Week, Milwaukee, WI (December 13, 2018)
  • Co-presenter, “How to Develop and Maintain an Effective Security Awareness Training Program,” Midwest Cyber Security Alliance Meeting, Milwaukee, WI (December 5, 2018)
  • Co-presenter, “Understanding Incident Response Through Real World Examples,” Seminar Presented by Hold Security LLC and Foley & Lardner LLP, Milwaukee, WI (September 25, 2018)
  • Co-presenter, “Duty of Care Risk Analysis: Leveraging the New Risk Assessment Method to Reduce Liability,” Midwest Cyber Security Alliance Meeting, Milwaukee, WI (September 19, 2018)
  • Co-presenter, “Been Hacked? Now What? Lessons in Recovery,” BraveIT Conference, Chicago, IL (September 13, 2018)
  • Presenter, "Cybersecurity Hot Topics," 27th Annual Law of Product Distribution & Franchise Seminar: Building Prosperity, Chicago, IL (September 6, 2018)
  • Co-presenter, “Data Management, Security & Governance Session – Data, Data Everywhere: Rethinking Data Governance,” The Health Management Academy Cybersecurity Collaborative, Dallas, TX (June 14, 2018)
  • Co-presenter, “Standardization of Contract Language Session – Security Contracting: Triaging Risk & Leveraging Standardized Approaches,” The Health Management Academy Cybersecurity Collaborative, Dallas, TX (June 14, 2018)
  • Presenter, "What is Reasonable Security? Considerations From a Legal Perspective," FBI Public-Private Partnership Meeting on Security and Legal Issues, St. Francis, WI (June 12, 2018)
  • Co-presenter, "Meet the Feds: An Exclusive Q&A With Government Officials," Midwest Cyber Security Alliance Meeting, Milwaukee, WI (May 17, 2018)
  • Presenter, "Cybersecurity: Bricking Up the Company’s Defenses," 27th Annual Law of Product Distribution & Franchise Seminar: Building Prosperity, Milwaukee, WI (May 16, 2018)
  • Co-presenter, "Tick Tock and Knock Knock: The Science and the Art of Responding to an Incident," ISSA-LA Summit X, Universal City, CA (May 4, 2018)
  • Co-presenter, "Building a GDPR Program: The Critical Relationship Between Privacy Counsel and the Data Protection Officer," Midwest Cyber Security Alliance Meeting, St. Louis, MO (April 19, 2018)
  • Co-presenter, "You've Been Breached: An Interactive Incident Response Simulation," Midwest Cyber Security Alliance Meeting, Milwaukee, WI (March 22, 2018)
  • Co-presenter, "Creating an Incident Response Plan," Midwest Cyber Security Alliance Meeting, Milwaukee, WI (January 25, 2018)
  • Presenter, "Cybersecurity Hot Topics," PS Companies Roundtable: Women Leaders in Corporate Law Departments, West Allis, WI (January 24, 2018)
  • Co-presenter, "Got Security? When Does a Managed Security Service Make Sense for Your Business and How Does It Integrate Into Your IT, Legal, and Compliance Functions?," Midwest Cyber Security Alliance Meeting, Milwaukee, WI (November 30, 2017)
  • Presenter, "Health Care Cybersecurity Hot Topics," Foley/Deloitte Health Care Compliance Roundtable, Boston, MA (November 9, 2017)
  • Co-presenter, "Integrating Cybersecurity Into Day-to-Day Operations," 2017 National Directors Institute Executive Exchange, Chicago, IL (November 7, 2017)
  • Co-presenter, "Health Care Cybersecurity Hot Topics: Ransomware, Cloud Storage, the Health Care Industry Cybersecurity Task Force Report, and Enforcement," Association of Corporate Counsel Health Law Committee Webinar (September 26, 2017)
  • Co-presenter, "How to Manage Third Party Risk: Your Cloud Is Larger Than You Think," Midwest Cyber Security Alliance Meeting, Milwaukee, WI (September 14, 2017)
  • Quoted, “Why Guidance is Critical for Strengthening Healthcare Cybersecurity,” HealthITSecurity (September 13, 2017)
  • Co-presenter, "Cyber Threats, Ransomware, Malware: Is Your Health Care Organization Prepared?" Juniper Networks and Midwest Cyber Security Alliance Webinar (September 7, 2017)
  • Featured, "Cybersecurity on Interconnected Devices, Blue Zones Project, Milwaukee Bees," Lake Effect on WUWM Milwaukee Public Radio (August 28, 2017)
  • Quoted, "Medical Device Cybersecurity: Staying Safe in the Midst of Change," Wolters Kluwer’s Health Law Daily Wrap Up (August 11, 2017)
  • Co-presenter, "Privacy & Security: Incident Response," ACC Legal Quick Hit: Health Law Committee Webinar (August 1, 2017)
  • Co-presenter, "Securing the Digital Transformation," Midwest Cyber Security Alliance Meeting, Milwaukee, WI (July 27, 2017)
  • Co-presenter, "OCR Audits: Provider Insights and Legal Overview," The Academy Philips Innovation Institute's Cybersecurity Collaborative, Washington, D.C. (June 13, 2017)
  • Co-presenter, "Cybersecurity - A Team Sport: A Case Study of Building an Effective and Resilient Program," Insurance Accounting & Systems Association (IASA) 89th Annual Educational Conference & Business Show, Orlando, FL (June 5, 2017)
  • Featured, "Cyber Security, Milwaukee's Rise, Aja Monet, Pfister Artist-in-Residence," Lake Effect on Milwaukee Public Radio's Lake Effect Podcast (May 25, 2017)
  • Co-presenter, "Healthcare Privacy and Security Forum Lunch Panel Discussion," ISSA-LA 9th Annual Information Security Summit (May 19, 2017)
  • Co-presenter, "Are You Prepared for a Ransomware or Business Email Compromise Attack?" Midwest Cyber Security Alliance Meeting, Milwaukee, WI (May 18, 2017)
  • Co-presenter, “Building a Risk Management Program for Cybersecurity,” Western Independent Bankers Webinar (May 8, 2017)
  • Featured, “Strategic Perspectives: Does the Revised Medical Emergency Exception Give Substance Use Disorder Providers More Disclosure Discretion?” Wolters Kluwer Health Law Daily (March 29, 2017)
  • Co-presenter, "Cyber Insurance 2017: Ensuring Your Coverage is Sound," Midwest Cyber Security Alliance Meeting, Milwaukee, WI (March 23, 2017)
  • Presenter, “Cybersecurity Hot Topics,” Chicago Bar Association Business Law Committee Meeting, Chicago, IL (March 20, 2017)
  • Co-presenter, “Beyond HIPAA: What You Need to Know to Implement a Cybersecurity Program,” ACC Legal Quick Hit: Health Law Committee Webinar (March 7, 2017)
  • Co-presenter, “Got Cybersecurity? Practical Strategies for Approaching Security Risk Management,” AHLA Physicians and Hospitals Law Institute, Orlando, FL (February 2, 2017)
  • Co-presenter, "Cybersecurity – A Team Sport: A Case Study of Building an Effective and Resilient Program," Midwest Cyber Security Alliance Meeting, Milwaukee, WI (January 12, 2017)
  • Co-presenter, “Timely Issues in Intellectual Property and Data Security,” Foley & Lardner’s Annual CLE Week, Milwaukee, WI (December 7, 2016)
  • Presenter, “How to Prepare Your Company for a Cyber Attack,” Foley & Lardner’s Women Lawyers’ Forum, Chicago, IL (December 1, 2016)
  • Presenter, “Delicate Balance: Regulatory Implications on Technology Strategy,” The Health Management Academy Cybersecurity Collaborative, Phoenix, AZ (November 1, 2016)
  • Co-presenter, “Ransomware is Targeting the Health Care Industry – How to Prepare and Respond,” HIPAA COW, Brookfield, WI (October 28, 2016)
  • Featured, “Jennifer Rathburn: Building a Niche Data Security Practice,” Wisconsin Lawyer (October 2016)
  • Co-presenter, “Cyber Health Crisis: How to Manage the Risk,” Illinois Health Care Association 66th Annual Convention and Expo, Peoria, IL (September 15, 2016)
  • Co-presenter, Ransomware Summit, Milwaukee, WI (June 13, 2016)
  • Panelist, “Big Data in Health Care: Peaks, Valleys, and Pitfalls on the Horizon,” Health, Labor, and Employment Law Institute (August 19, 2016)
  • Panelist, “Strategies for Implementing Cybersecurity Measures,” State of Illinois Commerce Commission Cybersecurity Policy Session, Chicago, IL (July 21, 2016)
  • Co-author, “Cyber Health Crisis: How to Manage the Risk,” Health Law Handbook 2016 Edition (June 28, 2016)
  • Co-presenter, “The Most Important Steps for In-House Counsel After a Data Breach,” Association of Corporate Counsel Wisconsin 11th Annual Chapter Conference, Elkhart Lake, WI (May 20, 2016)
  • Presenter, “Cybersecurity & Data Breach Overview for Community Colleges,” Arizona School Risk Retention Trust Webinar (February 24, 2016)
  • Co-presenter, “Technically Challenged by Cybersecurity Risk Management? Practical Strategies for Integrating Best Practices into Your Compliance Efforts” AHLA Physicians and Hospitals Law Institute, Austin, TX (February 9, 2016)
  • Author, “Top Ten Health Law Issues 2016 – Cybersecurity,” AHLA Connections (February 2016)
  • Co-presenter, “BDA Cybersecurity Webinar: Practical Guidance for Broker-Dealers,” Bond Dealers of America (January 20, 2016)
  • Quoted, “Latest Round of OCR HIPAA Audits Not a Reason for Panic,” HealthITSecurity (July 25, 2016)
  • Featured, “What’s Hot, What’s Not: Wisconsin Practice Trends 2016,” Wisconsin Lawyer (February 1, 2016)
  • Featured, “The hacking and cybersecurity problem,” CBS St. Louis (June 23, 2015)
  • Featured, “Table of Experts – Cybersecurity,” Milwaukee Business Journal (April 17, 2015)
  • Quoted, “Don’t overlook HIPAA, data security issues during merger, acquisition,” Medical Practice Compliance Alert (March 16, 2015)
  • Featured, “Anthem Insurance Data Breach,” Fox6 News (February 5, 2015)
  • Quoted, “HACKED: Health insurance giant Anthem hit by massive data breach,” FOX6 Now (February 4, 2015)
  • Quoted, “How to Mitigate Data Monetization Risks,” CIO Journal (January 26, 2015)
  • Quoted, “Michaels Breach Lawsuits Dismissed,” BankInfoSecurity (July 25, 2014)
  • Quoted, “Million-Dollar Babies Should Have Been Non-Issue for AOL,” NBC News (February 11, 2014)
  • Featured, “Protecting Health Care Information: Federal Laws Expanding to Include Many Private Employers,” Milwaukee Business Journal (June 1, 2012)
  • Quoted, “New HIPAA Provisions: More Important than You May Think” HCPro, Billing Alert for Long-Term Care (May 1, 2009)