Jennifer L. Urban

Partner

Overview

As Co-Chair for Cybersecurity and Privacy within Foley & Lardner LLP’s Innovative Technology sector and one of the founding members of the Midwest Cyber Security Alliance (MCSA), Jennifer L. Urban (née Rathburn) is dedicated to helping clients navigate evolving privacy, cybersecurity, and innovative technology issues. She advises on data protection programs, incident management, breach response and recovery, monetization of data, Internet of Things, artificial intelligence, de-identification, and other emerging hot topics by leveraging her deep understanding of the complex risk, operational, and legal concerns companies must address to maintain their data.

With these issues requiring a multidisciplinary, scalable approach, Jennifer recognizes that legal advice may only address part of an issue. To provide end-to-end advice, she helps clients understand the additional services they may need to meet best practices and solve their issues by bringing her network of IT security, incident response, privacy, and other partners to the table.

Jennifer is also a member of the firm’s Technology Transactions & Outsourcing, Privacy Security & Information Management, and Environmental, Social, and Corporate Governance (ESG) practices. She routinely helps clients prepare for (and respond) to data security incidents, from preparing incident response plans and advising on cybersecurity programs to handling the breach notification response process. She regularly advises boards on current best practices and conducts table top exercises to help organizations prepare for cyber attacks.

Additionally, Jennifer guides clients in all aspects of preparing for and maintaining compliance with U.S. and global privacy and data security laws, including the California Consumer Privacy Act of 2018 (CCPA), the EU’s General Data Protection Regulation (GDPR) and other emerging U.S. and global laws, frameworks and guidance. Such efforts include conducting readiness and gap assessments, performing data mapping, reviewing and revising policies and procedures, updating customer and employee-facing privacy and consent notices, developing data subject request policies and procedures, drafting and negotiating third-party vendor templates and global transfer agreements, evaluating the appointment of a Data Protection Officer, and educating and training board members, staff, and other key stakeholders. 

Recognition

  • BTI Client All-Star MVP (2022)
  • Health Care Law, The Best Lawyers in America (2015-2022)
  • BTI Client All-Stars (2019, 2020)
  • Women in The Law, Wisconsin Law Journal (2019)
  • Data Protection and Privacy, The Legal 500 (2017)
  • Rising Star, Wisconsin Super Lawyers (2006-2008)

Education

  • St. Louis University School of Law (J.D., magna cum laude, 2000)
    • Health Law Certificate
    • Member, St. Louis University Law Journal
    • Member, Health Law Society
  • University of Kentucky (B.A., magna cum laude, 1996)
    • Member, Phi Beta Kappa
  • Northwestern University, Kellogg School of Management, Certification (2016)
  • Harvard Law School’s Leadership Development Program, Certification (2017)

Credentials

Jennifer holds the Certified Information Privacy Professional/United States (CIPP/US) credential, a global gold standard and key industry benchmark accredited by the International Association of Privacy Professionals (IAPP).

Professional Memberships

  • Founder, Midwest Cyber Security Alliance
  • Member, American Bar Association, American Health Lawyers Association, American Health Information Management Association and the International Association of Privacy Professionals

Selected Publications and Presentations

  • Co-presenter, “Cybersecurity: Ransomware Update & Anatomy of A Tabletop Exercise” Original Equipment Suppliers Association (OESA) Chief Financial Officers Council Meeting (June 8, 2022)
  • Co-presenter, “Cybersecurity as a Top Enterprise Risk, A Conversation with Cybersecurity Experts” Milwaukee Women Inc. (May 25, 2022)
  • Co-presenter, “What is Reasonable Security? Protecting your Organization from Liability” National Association of Manufacturers (March 15, 2022)
  • Presenter, “Top 5 Takeaways as HHS Addresses Misconceptions on the Applicability of HIPAA to COVID-19 Vaccination Information” National HIPAA Summit (March 2, 2022)
  • Co-presenter, “What’s New with Big Data?” Association of Community Cancer Centers (March 2, 2022)
  • Co-presenter, “NDI Reimagined: Are You Ransom Ready?” Foley Webinar (February 8, 2022)
  • Moderator, “Moving From “Checkbox” Compliance Audits to Risk-Based Standards to Better Secure Your Organization” Midwest Cyber Security Alliance (January 20, 2022)
  • Co-presenter, “The Evolving State of Cybersecurity & Consumer Data Privacy Laws in the US and Related Vendor Contract Negotiation Tips,” Foley’s CLE Week (November 18, 2021)
  • Co-presenter, “You’re Expected to Know and Disclose the Foreseeable Cybersecurity Threats That Face Your Organization and Reasonably Defend Against Them: How Do You Do This?” Midwest Cyber Security Alliance Virtual Meeting (November 16, 2021)
  • Co-presenter, “Prioritizing Security Testing to Enhance Your Cybersecurity Program,” Midwest Cyber Security Alliance Virtual Meeting (September 21, 2021)
  • Co-presenter, “Ransomware is Everywhere: What Does This Mean for Your Organization?” Midwest Cyber Security Alliance Virtual Meeting (June 24, 2021)
  • Panelist, “Privacy Compliance Hardship?”, Spirion SecureWorld Data Privacy Compliance Webinar (April 13, 2021)
  • Co-presenter, “Best Practices for Cybersecurity and IT Due Diligence Engagements,” Midwest Cyber Security Alliance Virtual Meeting (April 8, 2021)
  • Panelist, “Part I: Key Findings and Takeaways From OCR HIPAA Audit Findings,” The Virtual Thirtieth National HIPAA Summit (March 23, 2021)
  • Co-presenter, “They Know You Can’t Get to 100% Compliance … and That’s Okay (HIPAA, CCPA/CPRA, GDPR, 23 NYCRR Part 500, CMMC, PCI, FISMA, FERPA),” Midwest Cyber Security Alliance Virtual Meeting (February 18, 2021)
  • Panelist, “Data Privacy Management in 2021,” Epiq, Webinar (February 17, 2021)
  • Co-presenter, “Ten Things Non-Profits (and Many Other) Entities Should Consider Entering 2021,” Foley's Virtual CLE Week (December 10, 2020)
  • Co-presenter, “Cyber Crime & Cyber Security: Identifying & Mitigating U.S. Enforcement Risks,” International Law Institute, Webcast (December 8, 2020)
  • Quoted, “Strategic Perspectives: Cybersecurity vulnerabilities compounded by COVID-19 in 2020,” Health Law Daily (December 4, 2020)
  • Co-presenter, "CCPA, GDPR, and ISO 27001/27701: Identifying Distinctions and Overlaps for Efficient Implementation," Midwest Cyber Security Alliance Virtual Meeting (November 18, 2020)
  • Co-presenter, “The Board’s Role in Evaluating Third Party Cybersecurity Risks,” National Directors Institute (November 12, 2020)
  • Co-presenter, “Cybersecurity Best Practice Overview for DoD Contractors,” Foley’s Annual Government Contracts Update, Webinar (November 10, 2020)
  • Co-presenter, “Navigating to Recovery: How Leading Companies are Positioning for Success,” Foley/ACC-Michigan Webinar (November 5, 2020)
  • Co-author, “USA: Navigating the relationship between FERPA and HIPAA,” OneTrust DataGuidanceTM  (November 2020)
  • Presenter, “Marquette Virtual Cybersecurity Event,” Regulations and Compliance Session (October 9, 2020)
  • Co-presenter, “Protecting Against Fraud During COVID-19 for Family Offices,” Foley Family Office Webinar (June 18, 2020)
  • Presenter, “CCPA: Recent Developments & Compliance Tips,” State Bar of Wisconsin PINNACLE Webinar (April 22, 2020)
  • Co-presenter, "10 Issues Non-Profit Organizations Should Be Considering," Foley Coronavirus Webinar (April 2, 2020)
  • Co-presenter, "What Is Blockchain and How Do I Hack It?" Midwest Cyber Security Alliance Meeting, Milwaukee, WI (January 16, 2020)
  • Quoted, “California’s Privacy Law Goes Into Effect Today, Now What?” WIRED (January 1, 2020)
  • Co-presenter, “Ringing in the New Year… and the California Consumer Privacy Act,” Foley & Lardner Annual CLE Week, Milwaukee, WI (December 11, 2019)
  • Co-presenter, “Cybersecurity & the Automotive Supply Chain: CFO Risk Mitigation Strategies,” Original Equipment Suppliers Association (OESA) Chief Financial Officers Council Meeting, Detroit, MI (December, 10, 2019)
  • Co-presenter, “Down to the Wire: Strategies for Compliance with the California Consumer Privacy Act (CCPA),” Foley & Lardner Women Lawyers’ Forum CLE Event, Chicago, IL (December 5, 2019)
  • Co-presenter, “The California Consumer Privacy Act (CCPA) - How it Will Apply to Wisconsin Businesses and Compliance Tips,” Foley's Fox Valley CLE Conference, Appleton, WI (November 21, 2019)
  • Co-presenter, “Health Care Data Security in the Age of Risk,” AHLA Fundamentals of Health Law, Chicago, IL (November 19, 2019)
  • Co-presenter, “Data, Data Everywhere: Practical Strategies for Access Controls,” Midwest Cyber Security Alliance Meeting, Milwaukee, WI (November 13, 2019)
  • Co-presenter, “Privacy Law Developments,” INSUREFEST CLE, New York, NY (November 6, 2019)
  • Co-presenter, “Emerging Hot Topics: AI and the Changing Privacy and Security Legal Landscape,” Foley's 15th Annual IP Conference: Knowing When and How to Pivot, Chicago, IL (October 4, 2019)
  • Co-presenter, “The California Consumer Privacy Act (CCPA): Applicability, Requirements, and Practical Tips on Compliance,” Midwest Cyber Security Alliance Meeting, Milwaukee, WI (September 12, 2019)
  • Co-presenter, “DoCRA - Adopting Duty of Care Risk Analysis to Drive GRC,” American Health Lawyers Association Webinar (June 5, 2019)
  • Co-presenter, “Cybersecurity: How to Prepare for and Respond to an Attack,” InfraGuard Wisconsin: SuperCon 2019 Conference, Wisconsin Dells, WI (June 5, 2019)
  • Moderator, “Cybersecurity Panel of Experts,” Information Systems Security Association (ISSA) – Wisconsin Chapter Annual Meeting, Milwaukee, WI (May 16, 2019)
  • Moderated the Panel of Experts at the Information Systems Security Association – Wisconsin Chapter Annual Meeting, Milwaukee, WI (May 16, 2019)
  • Co-presenter, “The Internet of Things: IoT Security by Design,” Midwest Cyber Security Alliance Meeting, Milwaukee, WI (May 9, 2019)
  • Co-presenter, “General Counsel Panel on Legal Collaboration with Security Programs,” Domestic Security Alliance Council (DSAC) 2019 Annual Meeting, Arlington, VA (May 2, 2019)
  • Co-presenter, “Beyond HIPAA: What You Need to Know to Implement a Cybersecurity Program,” Long-Term Care CEO Roundtable, Milwaukee, WI (April 10, 2019)
  • Co-presenter, “Compliance with the NIST SP 800-171 Security Framework: DoD Contractors and Beyond,” Midwest Cyber Security Alliance Meeting, Milwaukee, WI (March 19, 2019)
  • Featured, “With Cyberattacks On The Rise, Current Cybersecurity Workforce Can't Keep Up,” Lake Effect on WUWM Milwaukee Public Radio (February 7, 2019)
  • Co-presenter, “Cyber Security – What’s at Risk in Your District?” MOLEG Cyber Week, Jefferson City, MO (February 6, 2019)
  • Co-presenter, “Issues in Cybersecurity Workforce Development,” Midwest Cyber Security Alliance Meeting, Milwaukee, WI (January 17, 2019)
  • Presenter, “What PR Pros Need to Know to Prepare for a Cyberattack,” Public Relations Society of America Southeastern Wisconsin Chapter Event, Milwaukee, WI (January 16, 2019
  • Co-presenter, “Protecting the Confidentiality of CDI – DoD Data Crash Course,” Client In-Service Presentation (January 7, 2019)
  • Co-presenter, “It’s the Most Wonderful Time of the Year – Your Cybersecurity Lawyers Are Here (To Update You on Cybersecurity Hot Topics),” Foley’s Annual CLE Week, Milwaukee, WI (December 13, 2018)
  • Co-presenter, “How to Develop and Maintain an Effective Security Awareness Training Program,” Midwest Cyber Security Alliance Meeting, Milwaukee, WI (December 5, 2018)
  • Co-presenter, “Understanding Incident Response Through Real World Examples,” Seminar Presented by Hold Security LLC and Foley & Lardner LLP, Milwaukee, WI (September 25, 2018)
  • Co-presenter, “Duty of Care Risk Analysis: Leveraging the New Risk Assessment Method to Reduce Liability,” Midwest Cyber Security Alliance Meeting, Milwaukee, WI (September 19, 2018)
  • Co-presenter, “Been Hacked? Now What? Lessons in Recovery,” BraveIT Conference, Chicago, IL (September 13, 2018)
  • Presenter, "Cybersecurity Hot Topics," 27th Annual Law of Product Distribution & Franchise Seminar: Building Prosperity, Chicago, IL (September 6, 2018)
  • Co-presenter, “Data Management, Security & Governance Session – Data, Data Everywhere: Rethinking Data Governance,” The Health Management Academy Cybersecurity Collaborative, Dallas, TX (June 14, 2018)
  • Co-presenter, “Standardization of Contract Language Session – Security Contracting: Triaging Risk & Leveraging Standardized Approaches,” The Health Management Academy Cybersecurity Collaborative, Dallas, TX (June 14, 2018)
  • Presenter, “What is Reasonable Security? Considerations From a Legal Perspective,” FBI Public-Private Partnership Meeting on Security and Legal Issues, St. Francis, WI (June 12, 2018)
  • Co-presenter, “Meet the Feds: An Exclusive Q&A With Government Officials,” Midwest Cyber Security Alliance Meeting, Milwaukee, WI (May 17, 2018)
  • Presenter, “Cybersecurity: Bricking Up the Company’s Defenses," 27th Annual Law of Product Distribution & Franchise Seminar: Building Prosperity, Milwaukee, WI (May 16, 2018)
  • Co-presenter, “Tick Tock and Knock Knock: The Science and the Art of Responding to an Incident," ISSA-LA Summit X, Universal City, CA (May 4, 2018)
  • Co-presenter, “Building a GDPR Program: The Critical Relationship Between Privacy Counsel and the Data Protection Officer,” Midwest Cyber Security Alliance Meeting, St. Louis, MO (April 19, 2018)
  • Co-presenter, “You've Been Breached: An Interactive Incident Response Simulation,” Midwest Cyber Security Alliance Meeting, Milwaukee, WI (March 22, 2018)
  • Co-presenter, “Creating an Incident Response Plan,” Midwest Cyber Security Alliance Meeting, Milwaukee, WI (January 25, 2018)
  • Presenter, “Cybersecurity Hot Topics,” PS Companies Roundtable: Women Leaders in Corporate Law Departments, West Allis, WI (January 24, 2018)
  • Co-presenter, “Got Security? When Does a Managed Security Service Make Sense for Your Business and How Does It Integrate Into Your IT, Legal, and Compliance Functions?,” Midwest Cyber Security Alliance Meeting, Milwaukee, WI (November 30, 2017)
  • Presenter, "Health Care Cybersecurity Hot Topics,” Foley/Deloitte Health Care Compliance Roundtable, Boston, MA (November 9, 2017)
  • Co-presenter, “Integrating Cybersecurity Into Day-to-Day Operations,” 2017 National Directors Institute Executive Exchange, Chicago, IL (November 7, 2017)
  • Co-presenter, “Health Care Cybersecurity Hot Topics: Ransomware, Cloud Storage, the Health Care Industry Cybersecurity Task Force Report, and Enforcement,” Association of Corporate Counsel Health Law Committee Webinar (September 26, 2017)
  • Co-presenter, “How to Manage Third Party Risk: Your Cloud Is Larger Than You Think,” Midwest Cyber Security Alliance Meeting, Milwaukee, WI (September 14, 2017)
  • Quoted, “Why Guidance is Critical for Strengthening Healthcare Cybersecurity,” HealthITSecurity (September 13, 2017)
  • Co-presenter, “Cyber Threats, Ransomware, Malware: Is Your Health Care Organization Prepared?” Juniper Networks and Midwest Cyber Security Alliance Webinar (September 7, 2017)
  • Featured, “Cybersecurity on Interconnected Devices, Blue Zones Project, Milwaukee Bees,” Lake Effect on WUWM Milwaukee Public Radio (August 28, 2017)
  • Quoted, “Medical Device Cybersecurity: Staying Safe in the Midst of Change,” Wolters Kluwer’s Health Law Daily Wrap Up (August 11, 2017)
  • Co-presenter, “Privacy & Security: Incident Response,” ACC Legal Quick Hit: Health Law Committee Webinar (August 1, 2017)
  • Co-presenter, “Securing the Digital Transformation,” Midwest Cyber Security Alliance Meeting, Milwaukee, WI (July 27, 2017)
  • Co-presenter, “OCR Audits: Provider Insights and Legal Overview,” The Academy Philips Innovation Institute's Cybersecurity Collaborative, Washington, D.C. (June 13, 2017)
  • Co-presenter, “Cybersecurity - A Team Sport: A Case Study of Building an Effective and Resilient Program,” Insurance Accounting & Systems Association (IASA) 89th Annual Educational Conference & Business Show, Orlando, FL (June 5, 2017)
  • Featured, “Cyber Security, Milwaukee's Rise, Aja Monet, Pfister Artist-in-Residence,” Lake Effect on Milwaukee Public Radio's Lake Effect Podcast (May 25, 2017)
  • Co-presenter, “Healthcare Privacy and Security Forum Lunch Panel Discussion,” ISSA-LA 9th Annual Information Security Summit (May 19, 2017)
  • Co-presenter, “Are You Prepared for a Ransomware or Business Email Compromise Attack?” Midwest Cyber Security Alliance Meeting, Milwaukee, WI (May 18, 2017)
  • Co-presenter, “Building a Risk Management Program for Cybersecurity,” Western Independent Bankers Webinar (May 8, 2017)
  • Featured, “Strategic Perspectives: Does the Revised Medical Emergency Exception Give Substance Use Disorder Providers More Disclosure Discretion?” Wolters Kluwer Health Law Daily (March 29, 2017)
  • Co-presenter, “Cyber Insurance 2017: Ensuring Your Coverage is Sound," Midwest Cyber Security Alliance Meeting, Milwaukee, WI (March 23, 2017)
  • Presenter, “Cybersecurity Hot Topics,” Chicago Bar Association Business Law Committee Meeting, Chicago, IL (March 20, 2017)
  • Co-presenter, “Beyond HIPAA: What You Need to Know to Implement a Cybersecurity Program,” ACC Legal Quick Hit: Health Law Committee Webinar (March 7, 2017)
  • Co-presenter, “Got Cybersecurity? Practical Strategies for Approaching Security Risk Management,” AHLA Physicians and Hospitals Law Institute, Orlando, FL (February 2, 2017)
  • Co-presenter, “Cybersecurity – A Team Sport: A Case Study of Building an Effective and Resilient Program," Midwest Cyber Security Alliance Meeting, Milwaukee, WI (January 12, 2017)
  • Co-presenter, “Timely Issues in Intellectual Property and Data Security,” Foley & Lardner’s Annual CLE Week, Milwaukee, WI (December 7, 2016)
  • Presenter, “How to Prepare Your Company for a Cyber Attack,” Foley & Lardner’s Women Lawyers’ Forum, Chicago, IL (December 1, 2016)
  • Presenter, “Delicate Balance: Regulatory Implications on Technology Strategy,” The Health Management Academy Cybersecurity Collaborative, Phoenix, AZ (November 1, 2016)
  • Co-presenter, “Ransomware is Targeting the Health Care Industry – How to Prepare and Respond,” HIPAA COW, Brookfield, WI (October 28, 2016)
  • Featured, “Jennifer Rathburn: Building a Niche Data Security Practice,” Wisconsin Lawyer (October 2016)
  • Co-presenter, “Cyber Health Crisis: How to Manage the Risk,” Illinois Health Care Association 66th Annual Convention and Expo, Peoria, IL (September 15, 2016)
  • Panelist, “Big Data in Health Care: Peaks, Valleys, and Pitfalls on the Horizon,” Health, Labor, and Employment Law Institute (August 19, 2016)
  • Quoted, “Latest Round of OCR HIPAA Audits Not a Reason for Panic,” HealthITSecurity (July 25, 2016)
  • Panelist, “Strategies for Implementing Cybersecurity Measures,” State of Illinois Commerce Commission Cybersecurity Policy Session, Chicago, IL (July 21, 2016)
  • Co-author, “Cyber Health Crisis: How to Manage the Risk,” Health Law Handbook 2016 Edition (June 28, 2016)
  • Co-presenter, Ransomware Summit, Milwaukee, WI (June 13, 2016)
  • Co-presenter, “The Most Important Steps for In-House Counsel After a Data Breach,” Association of Corporate Counsel Wisconsin 11th Annual Chapter Conference, Elkhart Lake, WI (May 20, 2016)
  • Presenter, “Cybersecurity & Data Breach Overview for Community Colleges,” Arizona School Risk Retention Trust Webinar (February 24, 2016)
  • Co-presenter, “Technically Challenged by Cybersecurity Risk Management? Practical Strategies for Integrating Best Practices into Your Compliance Efforts” AHLA Physicians and Hospitals Law Institute, Austin, TX (February 9, 2016)
  • Featured, “What’s Hot, What’s Not: Wisconsin Practice Trends 2016,” Wisconsin Lawyer (February 1, 2016)
  • Author, “Top Ten Health Law Issues 2016 – Cybersecurity,” AHLA Connections (February 2016)
  • Co-presenter, “BDA Cybersecurity Webinar: Practical Guidance for Broker-Dealers,” Bond Dealers of America (January 20, 2016)
  • Featured, “The hacking and cybersecurity problem,” CBS St. Louis (June 23, 2015)
  • Featured, “Table of Experts – Cybersecurity,” Milwaukee Business Journal (April 17, 2015)
  • Quoted, “Don’t overlook HIPAA, data security issues during merger, acquisition,” Medical Practice Compliance Alert (March 16, 2015)
  • Featured, “Anthem Insurance Data Breach,” Fox6 News (February 5, 2015)
  • Quoted, “HACKED: Health insurance giant Anthem hit by massive data breach,” FOX6 Now (February 4, 2015)
  • Quoted, “How to Mitigate Data Monetization Risks,” CIO Journal (January 26, 2015)
  • Quoted, “Michaels Breach Lawsuits Dismissed,” BankInfoSecurity (July 25, 2014)
  • Quoted, “Million-Dollar Babies Should Have Been Non-Issue for AOL,” NBC News (February 11, 2014)
  • Featured, “Protecting Health Care Information: Federal Laws Expanding to Include Many Private Employers,” Milwaukee Business Journal (June 1, 2012)

Admissions

  • Wisconsin
  • Illinois