Hannah Ji-Otto is a privacy & technology transaction attorney with ample experience working in-house and at a law firm. She is well-versed in assisting businesses to build their global privacy compliance programs from the ground up. Hannah is dedicated to understanding each client's needs regarding their business model, practices and objectives to protect and profit from their investment in data and technologies. She utilizes her experience to advise various industries, including global manufacturers, health care conglomerates, software providers, insurance companies, digital marketers, retailers, and global e-commerce platforms. Hannah frequently represents clients on privacy, data security, and various technology transactional matters.
Data Privacy & Security
Hannah's practice helps clients develop strategies to prepare and comply with international and domestic data protection laws, regulations, standards and frameworks, including the General Data Protection Regulation (GDPR), the privacy and cybersecurity laws of the People's Republic of China, the California Consumer Privacy Act (CCPA), the Children's Online Privacy Protection Rule (COPPA), the Controlling the Assault of Non-Solicited Pornography And Marketing Act (CAN-SPAM) and the EU/Swiss-US Privacy Shield Frameworks. Hannah has extensive certifications in this space, including:
- Fellow of Information Privacy (FIP)
- Certified Information Privacy Professional: U.S. Private Sector (CIPP/US), Europe (CIPP/E), Canada (CIPP/C), Asia (CIPP/A)
- Certified Information Privacy Manager (CIPM)
Hannah helps organizations of all sizes to stay ahead of the ever-changing data privacy laws. Her experience includes:
- Developing corporate policies and procedures around data privacy, security and business continuity;
- Guiding multinationals in overcoming hurdles to transfer personal data to and from jurisdictions with data export and data localization requirements, including the countries within the EU and the APAC regions;
- Assisting U.S.-based companies in applying EU-US and Swiss-US Privacy Shield certifications;
- Conducting risk assessments and privacy due diligence for various corporate transactions, including mergers and acquisitions;
- Responding to governmental inquires resulting from data breaches, conducting internal investigations, and analyzing potential cyber liabilities;
- Assist companies in providing breach notifications to affected individuals and regulators.
Hannah regularly represents companies in complex technology transactions involving outsourcing, licensing, hosting, software development, distribution, cloud computing, and data sharing, with a particular focus on new and transformational technologies or business models. Her experience includes:
- Drafting and negotiating licenses for "as a service" (aaS) models, including Platform as a Service (PaaS), Software as a Service (SaaS), Infrastructure as a Service (IaaS) and Data as a service (DaaS);
- Preparing end-user license agreements (EULAs), master licensing agreements (MLAs) and vendor agreements;
- Negotiating technology agreements for (or against) a variety of technology companies, including the industry leaders in HealthTech, AdTech, InsureTech and Fintech.