Dominique Shelton Leipzig

Dominique Shelton Leipzig is a partner in Mayer Brown’s Los Angeles office and a member of the Cybersecurity & Data Privacy practice. She serves as the lead for the Global Data Innovation as well as Ad Tech Privacy & Data Management practices. She is one of the country’s top privacy and data lawyers and her considerable experience helps clients navigate the evolving legal compliance issues related to privacy and data security for their digital data initiatives.

With more than 30 years of experience, Dominique provides strategic privacy and cyber-preparedness compliance advice, and defends, counsels and represents companies on privacy, global data security compliance, data breaches and investigations. Her experience includes defending companies under investigation by the Federal Trade Commission, attorneys general offices and other regulatory and government authorities. She advises companies on best practices in privacy, cybersecurity, data, mobile, cloud storage, Ad Tech privacy, Internet of Things and other areas of regulatory compliance.

Dominique has deep experience advising publicly-traded and privately held companies in technology, healthcare, media, entertainment, e-commerce, financial services and other industries. She leads companies in legal assessments of data security, cyber preparedness and compliance with such regulations as the California Confidentiality of Medical Information Act (CMIA), HIPAA, the Video Privacy Protection Act (VPPA), the Children’s Online Privacy Protection Act (COPPA), the California Consumer Privacy Act (CCPA), and the NIST Cybersecurity Framework. She frequently conducts trainings for senior leadership, corporate boards and audit committees regarding risk identification and mitigation in the areas of privacy and cyber. She has trained more than 18,000 professionals on the CCPA and the California Privacy Rights Act. She represented the California Chamber of Commerce in a six-week negotiation with Alastair Mactaggart, his lawyer James Harrison, his consultant former FTC Technologist Ashkan Soltani and Senator Hertzberg regarding the CCPA 2.0—many of the business-friendly terms were obtained through those negotiations.

Dominique is the co-founder and co-CEO of NxtWork, a non-profit dedicated to diversifying the C-suite and the boardroom. She was recently appointed to the Nasdaq Center for Board Excellence’s Risk and Cybersecurity Insights Council and is a member of the International Association of Privacy Professionals (IAPP) board. Her landmark book on the CCPA recently published a new edition, and she pioneered the concept of data as a pre-tangible asset in what she calls “our post-data world.”

Experience

US Privacy Counseling

Ad Tech Counseling

  • Advising website and online services operators on privacy and data security issues relating to ad tech (including behavioral tracking, privacy disclosures for tracking and consent).
  • Advising health tech companies on privacy and data security marketing initiatives relating to health data.
  • Advising fintech companies on privacy and data security initiatives involving health tech.
  • Assisting large retail chains on privacy and cybersecurity compliance in the areas of cloud, Big Data and mobile.

Board Reports and Privacy Assessments

  • Preparing board reports for public organizations concerning legal compliance with privacy and cybersecurity best practices.*
  • Conducted employee, HR and IT interviews as part of comprehensive legal assessments of adequacy of privacy and cybersecurity policies.

Health Tech

  • Advised a major medical device company on mobile medical application, Big Data, compliance with HIPAA privacy and security rules, the California Confidentiality of Medical Information Act (CMIA), cloud storage and privacy notices, policies and other privacy disclosures for its website for patient social networking, and communication with health care advisers.*
  • Advised a health tech company regarding its online portal for diagnosis of ADHD, concerning compliance with HIPAA and the CMIA, and preparing privacy policies and CMIA disclosures.*
  • Assisted a medical billing company with compliance with an FTC enforcement order and creating an updated website privacy policy, terms of use and website disclosures.*
  • Conducted privacy due diligence in connection with a Fortune 100 consulting company’s acquisition of two medical billing companies.*

Global Privacy & Data Protection Compliance

  • Leading EU General Data Protection Regulation (GDPR) and Asia-Pacific Economic Area data legal compliance project for global companies in the semiconductor, IT, media and retail industries.
  • Led a review of one of the largest online auction website’s vendor agreements for GDPR compliance.
  • Handling cybersecurity compliance strategy in the United States and EU for major media corporations.
  • Led an EU, Asia and South America data privacy and security compliance project for a major Japanese gaming company.*
  • Lead cross-border transfer legal compliance strategies and vendor management strategies for several major retail, consulting, communications, payments and fast food companies.

Data Breach Investigations

  • Served as project lead for a breach investigation for a global retail brand.*
  • Lead a forensic breach investigation for a financial institution.*
  • Lead a breach investigation for a global e-commerce website.*
  • Lead a forensic breach investigation for an online service for a health and wellness mobile app.*
  • Lead a forensic breach investigation and consumer notification for a global media company.*
  • Lead a forensic breach investigation for a national consumer product retailer.*

Cyber Preparedness Counseling

  • Lead a comprehensive data security legal assessment.
  • Lead a cybersecurity preparedness program for a financial institution and serving as outside counsel member of its Cybersecurity Incident Response Team.
  • Lead a privacy and data security legal assessment compliant with the NIST Cybersecurity Framework.
  • Lead a review of data security and IT policies for a cloud service provider for compliance with the NIST Cybersecurity Framework.
  • Lead a privacy and data security legal assessment for a media company.

California Consumer Privacy Act (CCPA) – Regulatory Experience

  • Led a team that drafted comments to the California Attorney General’s Office in connection with its CCPA rulemaking process on behalf of the California Chamber of Commerce, which includes a number of retailers. See California Chamber of Commerce Comments to the California Attorney General’s Office for CCPA Rulemaking (March 8, 2019), available at CCPA Public Comments (at CCPA00000067).
  • Testified before the California Senate Judiciary Committee in a hearing titled “Informational Hearing on the State of Privacy: CCPA vs GDPR” (March 5, 2019). See March 5, 2019 – Senate Judiciary Committee: Informational Meeting on State if Privacy CCPA vs GDPR.
  • Testified before the Senate. See April 9, 2019 – Senate Judiciary Committee Hearing re Bill to expand Private Right of Action Under the CCPA – creating greater class action exposure for companies (SB 561) testimony.

CCPA and GDPR Compliance Counseling

  • Representing several business-to-consumer clients in CCPA compliance, including multiple national retailers, a social networking platform, a medical provider and a fintech money transfer app embedded in multiple major national bank mobile apps.
  • Representing a global device manufacturer in CCPA compliance efforts. Advising one of the largest semiconductor companies in the United States in CCPA compliance, having first led the company’s GDPR compliance in 2017-2018.
  • Representing a global ad tech company in CCPA compliance.
  • Representing a global smart television app developer in CCPA and GDPR compliance.
  • Representing the largest domestic consortium for financial data in CCPA compliance, after completing a privacy and data security assessment in 2018.
  • Representing one of the largest ad serving networks in CCPA compliance.

*Prior firm experience

Education

  • Georgetown University Law Center, JD
  • Brown University, BA

Admissions

California

Court

  • US District Court for the Central District of California
  • US Court of Appeals for the Ninth Circuit
  • US District Court for the Northern District of California
  • US Supreme Court

Activities

  • The National Black Lawyers
  • International Association of Privacy Professionals (IAPP), Board of Directors, 2020
  • Certified US Information Privacy Professional (CIPP/US) through the International Association of Privacy Professionals (IAPP)
  • Federal Bar Association of Los Angeles, Board of Directors
  • Magistrate Judge Merit Selection Panel for the U.S. District Court for the Central District of California, 2011 – 2017
  • Los Angeles County Bar Association, Entertainment & Intellectual Property Law Section (ELIPS), Chair, 2011 – 2012
  • Ninth Circuit Judicial Conference, Lawyer Representative
  • Women Lawyers Association of Los Angeles (WLALA), President, 2005 – 2006, Life Member
  • National Bar Association (NBA), Life Member
  • Black Women Lawyers Association of Los Angeles (BWL), Life Member
  • Langston Bar Association, Life Member
  • California Women Lawyers Association, Board Member, 2004 – 2006
  • Big Brothers Big Sisters of Greater Los Angeles, Board Member, 2007 – 2010
  • Center Dance Arts, Board of Directors, Member 2013 – present
  • Museum of Contemporary Arts, Drawings Committee, 2008 – 2011

Los Angeles Based

dsheltonleipzig@mayerbrown.com