Jami Vibbert is the chair of the firm’s Privacy, Cybersecurity & Data Strategy group. She helps clients navigate global data protection, privacy, and cybersecurity concerns across a number of industries, including life sciences, healthcare, financial services, media, and technology. Jami counsels on compliance with the ever-growing number of data protection requirements and on how to create global data strategies and privacy programs designed to align with these requirements in an efficient, proactive, and operationalized way.
Jami is a critical, on-call resource for a host of global data protection questions for clients. Her work includes advising on using and leveraging marketing data and cookies, setting up patient support programs, and counseling on data sharing in multiple business programs. She also assists in program and policy creation, conducts privacy and data security risk assessments, advises on data risk management, negotiates privacy and data security provisions and privacy agreements (such as DPAs and BAAs), and engages in privacy and data security due diligence.
In the aftermath of a security incident or data loss, Jami guides clients through breach response and crisis management. She uses her privacy and security knowledge to successfully defend clients in privacy and data security-focused investigations with relevant privacy and data security regulators, including the Department for Health and Human Services Office for Civil Rights, the Federal Trade Commission, and multiple state attorneys general, and in privacy and data security litigation.
Jami aids clients in developing digital health, artificial intelligence, and other technology solutions to augment consumer, customer, and patient engagement and in designing new data-driven technology, products, and services in a forward-looking, flexible, and ethical manner.
Experience
- Global medical device manufacturer in leading its data strategy vision and providing global data protection, privacy, and cybersecurity counseling, including with respect to the California Consumer Privacy Act, the Health Insurance Portability and Accountability Act, the General Data Protection Regulation, and the Chinese Cybersecurity Act, and negotiating privacy and security terms of and agreements in connection with customer and vendor contracts.
- Global pharmaceutical company on global data protection issues, including with respect to patient-focused apps, related to compliance with the California Consumer Protection Act, the Health Insurance Portability and Accountability Act, and the General Data Protection Regulation.
- Premium TV network and digital media content provider in privacy and data security compliance and design for its app, data risk management issues, and updating its privacy and security program and related documents.
- Insurance and reinsurance company in privacy and data security compliance with the Gramm-Leach Bliley Act and state analogues and the New York Department of Financial Services.
- Regional bank in advising on the sufficiency of its data security program and revising and creating related policies and procedures.
- Medical device manufacturing division of a global manufacturing company in data risk strategies and data security compliance related to patient-specific implants.
- Brand management company in advising on privacy and data security compliance, conducting a risk assessment, and creating privacy and security program documentation.
- Global medical device manufacturer in conducting data protection, privacy, and cybersecurity diligence for potential corporate acquisitions.
- Adtech company in conducting a cybersecurity risk assessment and related data security compliance counseling in preparation for the California Consumer Privacy Act.
- Hedge fund in advising on privacy and data security compliance with the New York Department of Financial Services Cybersecurity Regulation and Securities and Exchange Commission's reasonable security guidance.
- International pharmaceutical company in conducting a data security risk assessment and addressing its data security issues.
- Global medical device manufacturer in overseeing Health Insurance Portability and Accountability Act Security Risk Assessments and Article 32 Assessments, and related security by design and cybersecurity remediation.
- Consumer products company in conducting a tabletop exercise and providing data protection advice.
- Substance abuse and child welfare services nonprofit organization in data protection and cybersecurity issues, including conducting an enterprise-wide cybersecurity risk assessment.
Perspectives
Recognition
General Commercial Disputes (2021)
Credentials
Education
- J.D., Tulane University Law School, 2007, magna cum laude, Order of the Coif
- B.A., University of Pennsylvania, 2000
Admissions
- New York
- U.S. District Court, Southern District of New York
- U.S. District Court, Eastern District of New York
- U.S. Court of Appeals for the Second Circuit
- U.S. Court of Appeals for the Third Circuit
Clerkships
- U.S. District Court, Eastern District of Louisiana, The Honorable Lance M. Africk
Activities
- The Sedona Conference – Data Security and Privacy Liability Working Group, Leadership Council
- International Association of Privacy Professionals
- Court Appointed Special Advocates (CASA)–New York City, Board Member
- New York City Bar Association