WHAT CLIENTS SAY
“Jennifer is always helpful.”
“She's a proactive go-getter.”
MY CLIENT PHILOSOPHY
"My approach to client service is focusing on the bottom line and providing practical advice from a multidisciplinary perspective. Cybersecurity and privacy issues are rapidly developing – and legal developments are often lagging behind industry best practices. This is why I formed the Midwest Cyber Security Alliance to learn from IT and risk professionals on how to provide risk management and solution-focused, legal advice to clients grappling with how to best allocate their resources in a changing compliance environment."
– Jennifer R. Urban
Jennifer L. Urban (formerly Rathburn) is a partner with Foley & Lardner LLP. Jennifer focuses her practice on counseling clients on data protection programs, data incident management, breach response and recovery, monetization of data and other privacy and security issues. She is one of the founders of the Midwest Cyber Security Alliance and has a deep understanding of the complex risk, operational and legal issues companies must address to maintain the confidentiality of, access to and integrity of their data.
As a member of the firm’s Technology Transactions & Outsourcing and Privacy, Security & Information Management Practices, Jennifer routinely helps clients prepare for and respond to data security incidents, from preparing incident response plans and advising on cybersecurity programs, to handling the breach notification response process. Her depth of experience in this area and her collaboration with IT, risk, forensic, dark web, communication/PR and other data experts provides a multi-disciplinary, practical approach to client issues.
Additionally, Jennifer guides clients in all aspects of preparing for and maintaining compliance with U.S. and global privacy and data security laws including the California Consumer Privacy Act of 2018 (CCPA) and the EU’s General Data Protection Regulation (GDPR). Such efforts include conducting readiness assessments; performing data mapping and inventory; reviewing and revising privacy, data security and incident response policies and plans; updating customer- and employee-facing privacy and consent notices as well as third-party vendor templates and agreements; evaluating the appointment of a Data Protection Officer; and educating and training board members, staff and other key stakeholders.