John has helped clients manage the rapidly evolving risks of an information-based society for decades. In John's view, this is still the dawn of the information age as new capabilities arise every day, entailing multiparty business relationships and fresh concerns around data privacy, cyber security, and the evolving legal environment for emerging technologies such as machine learning and artificial intelligence.
As a Partner in Wiggin and Dana's Corporate Department and a member of the Outsourcing and Technology Practice Group and the Privacy and Information Security Practice Group, John assists clients with transactions and advice in all aspects of information law.
For example, clients seek John's guidance regarding new regulatory schemes such as the European Union's new General Data Protection Regulation (GDPR), which sets stricter-than-ever guidelines on the use of personal data and imposes harsh sanctions for violations. Clients also seek John's guidance regarding privacy and security compliance risk in the growing economy of "intelligent" and "connected" devices (also known as the "Internet of Things"). John also advises regulated clients such as insurance and financial services companies and healthcare startups, regarding enhanced cybersecurity regulations such as New York State's cybersecurity regulation (which requires financial services institutions to implement comprehensive cybersecurity programs). Compliance and liability risks in artificial intelligence and predictive analytics are also increasingly becoming client concerns, introducing new opportunities, risks, and regulations.
John's transactional practice includes outsourcing, cloud services, robotics, software development and licensing, e-commerce transactions, technology transfer and intellectual property-intensive M&A, divestitures, joint ventures, and restructurings. His clients have included Fortune 500 companies as well as emerging companies in the financial services, technology, manufacturing, biotechnology and healthcare, media, energy, and consumer products sectors.
John has negotiated complex information technology (IT) outsourcing services agreements involving cloud computing, IT infrastructure and software procurement, systems integration, software development and maintenance, voice and data services, and disaster recovery and business continuity. He has also negotiated business process outsourcing (BPO) agreements for call centers and customer support services, finance and accounting services, human resources administration, enterprise procurement services, government passport and visa services, research and development services, and supply chain management.
In his extensive practice in information privacy and security law, John has represented clients in connection with risk and compliance assessments of data privacy and security policies and practices, data breach preparedness and response, regulatory investigations of data practices, uses of data analytics and machine learning, and "privacy by design" analyses of products and services in social media and mobile e-commerce. He also advises clients on corporate information governance programs, international data transfers, and compliance with U. S., state, and federal data privacy and information security laws.
John has authored numerous articles on privacy and data security and from 2000 to 2016 served as a co-chair of Practicing Law Institute's Annual Privacy and Data Security Law Institute. Bloomberg BNArecently published John's Privacy & Data Security Practice Portfolio Series, Cybersecurity and Privacy in Business Transactions: Managing Data Risk in Deals.
John is currently serving as an adviser to ALI's project to develop a baseline set of information privacy law principles to help guide lawmakers, courts, and policy makers.John received his J.D. from Columbia Law School. He was a William Rainey Harper Fellow at the University of Chicago, where he earned an M.A. in English and American literature, and graduated magna cum laude from Carleton College.