Aaron Ogunro is an associate in the Technology Transactions and Data Privacy practice group. His practice primarily focuses on data privacy and security compliance with specific focus on US and EU regulatory regimes, including the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Health Insurance Portability and Accountability Act (HIPAA). 

He advises clients ranging from start-ups to multinational public companies across various industries on how to identify and manage risks with respect to data usage, maintenance, and disclosures, including in the context of global deal-making and other commercial transactions. Aaron conducts privacy and data security due diligence, negotiates privacy and data security provisions and addendums, and prepares internal and public-facing data privacy policies and procedures.

Aaron also assists clients with sensitive cybersecurity incidents, including coordinating forensic investigations and ransom negotiations and advising clients on their legal obligations. 

Education

  • Vanderbilt Law School (J.D., 2019)
    • Dean's List
  • Vanderbilt University (B.A., 2015)
    • Dean's List

Bar Admission

  • Illinois, 2019

Professional Affiliations

  • International Association of Privacy Professionals
  • Chicago Bar Association

Recognition

  • IAPP Certified Information Privacy Professional/U.S.
  • Vanderbilt Wond’ry Mentor
Publications
All Publications
$1.35M CPPA Fine Signals New Focus on Privacy Disclosures
Key Takeaways The CPPA fined Tractor Supply $1.35 million — more than double its previous largest penalty — for failing to comply with privacy notice and consumer rights requirements. This is the agency’s first enforcement action targeting job applicant notices and failure to update privacy disclosures annually. Businesses should expect heightened scrutiny and broader enforcement, including multi-year compliance obligations for violators. Earlier this week, the California Privacy Protection Agency (CPPA) levied the agency’s largest fine under the California Consumer Privacy Act. Announced on Sept. 26, the $1.35 million fine is the third enforcement action brought by the agency and a steep jump compared to its prior penalties — double the $632,500 amount levied against Honda in March 2025 and four times the CPPA’s second
Read More
What Honda's CCPA Penalty Means for Your Privacy Compliance
The California Privacy Protection Agency (CPPA) has reached a settlement with American Honda Motor Co., Inc. (Honda), as outlined in this Order of Decision. The Order is the CPPA’s first public enforcement action involving a significant monetary penalty of $632,500, arising from its investigation into the privacy practices of connected vehicle manufacturers that began in July 2023.   The CPPA asserted that Honda violated the California Consumer Privacy Act (CCPA) by requiring consumers to undergo an extensive identity verification process, including for requests where verification is not permitted under the CCPA. Honda’s process for accepting data subject requests through authorized agents also included unnecessary and non-permitted steps. Additionally, the CPPA asserted that Honda’s cookie management platform violated the CCPA, as it required
Read More