Socio
Dominique Shelton Leipzig
Cybersecurity & Data Privacy, Fintech, Technology
Visión general
Dominique Shelton Leipzig is a Chambers-ranked partner in Mayer Brown's Los Angeles office and a member of the Cybersecurity & Data Privacy practice. She leads the firm’s Ad Tech Privacy & Data Management team. She also serves as leader of the firm’s Global Data Innovation team and, in that role, Dominique advises CEOs and Board Members on their fiduciary duty of oversight as it relates to emerging digital and data technologies, including generative AI. She is one of the country’s top privacy, artificial intelligence and data lawyers and her considerable experience helps clients navigate the evolving legal compliance issues related to privacy, artificial intelligence and data security for their digital data initiatives. In her fourth book, Trust. Responsible AI, Innovation, Privacy and Data Leadership, Dominique has pioneered a step-by-step approach for successfully optimizing digital technology through responsible data stewardship.
Watch Dominique’s interview with Bloomberg on the subject of AI at a recent policy meeting of the US Senate.
Dominique has trained over 50,000 professionals in the area of data privacy, AI and data leadership. She is known for translating complex technical concepts into actionable information that leaders can use to establish effective governance and enjoy resilience in a fast-paced regulatory environment. Dominique shows non-technical executives how to achieve success with their data by following trusted AI/privacy/security legal frameworks and accelerating digital opportunities. She brings clarity to chaos by providing executives and general counsel with actionable information they can use to properly assess and mitigate enterprise risks like privacy and cyber, while moving ahead with smart innovation to optimize technological advances, like generative AI, at speed and scale.
By founding and leading the firm’s Global Data Innovation team Dominique has established the AM Law 50’s first-ever multidisciplinary group focused on data leadership. She also founded and established the first-ever day-long program on generative AI, privacy and cyber governance for CEOs and Board Members called the Digital Trust Summit. To get a sense of the importance of the event, see a video about the first Digital Trust Summit linked here. The 60+ CEOs called it “Davos-plus” in that the conversation stimulated the CEOs and Board Members to reimagine their oversight roles and data leadership.
In an environment with over 160 countries adopting data protection laws and 37 countries across six continents considering artificial intelligence laws, Dominique draws upon her decades of experience to spot trends by reviewing legislative developments globally and helping clients to issue spot and map to trends even before they become final laws. In this way, Dominique has focused on a strategy of leveraging global trends so companies can future-proof their investments in technology – by mapping, in advance, to trusted legal frameworks for privacy, data security and AI. In this respect, Dominique helps companies to look around corners and avoid costly digital blind-spots while leveraging technology in a way that is highly profitable. Dominique’s advice has also helped clients heighten goodwill and demonstrate data leadership in the areas of AI, privacy, security and data more broadly.
Dominique’s clients value the way she advises them years before headlines emerge of trends so they can avoid legal issues as they pursue digital strategies. Her method is thorough. She studies trends occurring globally so as to help clients shape a data strategy that not only addresses current news but looks to the future to address those down the line that are not yet generally discussed.
Dominique not only reads the privacy/data/AI/security laws, she is instrumental in shaping them. For example, in California, she represented the CEO of the CalChamber and led a 6-week negotiation with the proponents of the law (Alastair Mactaggart, Ashkan Soltani and Bob Hertzberg). Many of the business-friendly terms emerged from that negotiation. She is now on the front-lines as it relates to AI, meeting with governmental officials around the world in developing strategies for business.
Through her roles on the Board of Directors of the International Association of Privacy Professionals, a member of NASDAQ’s Advisory Council on Risk and Cybersecurity, and as a member of the Advisory Board for the AI Governance Center for IAPP, Dominique interacts with global business leaders, regulators, legislators to set the agenda for data leadership.
When she is not in the Boardroom, Dominique leads the firm’s Ad Tech Privacy & Data Management team – a group of Mayer Brown attorneys that provides strategic AI, privacy and cyber-preparedness compliance advice, and defends, counsels and represents companies on privacy, global data security, AI compliance, data breaches and investigations. Her experience includes defending companies under investigation by the Federal Trade Commission, attorneys general offices and other global regulatory and governmental authorities. She advises companies on best practices in AI, privacy, cybersecurity, data, mobile, cloud storage, Ad Tech privacy, Internet of Things and other areas of regulatory compliance.
Dominique has deep experience advising publicly-traded and privately held companies in technology, healthcare, media, entertainment, e-commerce, financial services and other industries. She leads companies in legal assessments of AI, data security, cyber preparedness and compliance with such emerging regulatory trends as the draft AI laws in 37 countries spanning 6 continents, and domestically, California’s privacy laws including (California Consumer Privacy Act, as amended by the California Privacy Rights Act, the California Age Appropriate Design Act, the California Confidentiality of Medical Information Act (CMIA)), as well as the numerous other states that have adopted privacy laws similar to the CCPA. She has a global practice that incorporates developments in privacy and AI in North America, EU, APAC and LATAM. With regard to the US, Dominique has advised clients on AI and privacy compliance, as well as Board-level oversight of same under emerging regimes like the SEC Cybersecurity Rule amendments, NY DFS Cybersecurity Rule amendments, FTC enforcement against CEOs and Board Members in data matters. She has advised clients on compliance with HIPAA, the Video Privacy Protection Act (VPPA), the Children’s Online Privacy Protection Act (COPPA), the NIST AI/ Privacy and Cybersecurity Frameworks.
Dominique is the co-founder and co-CEO of NxtWork, a non-profit dedicated to diversifying the C-suite and the boardroom. She has received many accolades. She was recently named a “Legal Visionary” by the Los Angeles Times. In addition to her fourth book called Trust, her two other landmark books Transform and Implementing the CCPAi (2nd Ed), cover data leadership. In those books, Dominique pioneered the concept of data as a pre-tangible asset in what she calls “our post-data world.”
She is a Certified Information Privacy Professional by the IAPP. She is also certified in AI Governance. She has been certified in Board governance by the UCLA Andersen School of Business and the Berkeley Haas School of Business.
Experiencia
US Privacy Counseling
Ad Tech Counseling
- Advising website and online services operators on privacy and data security issues relating to ad tech (including behavioral tracking, privacy disclosures for tracking and consent).
- Advising health tech companies on privacy and data security marketing initiatives relating to health data.
- Advising fintech companies on privacy and data security initiatives involving health tech.
- Assisting large retail chains on privacy and cybersecurity compliance in the areas of cloud, Big Data and mobile.
AI Experience
- Representing providers of large language model generative AI services
- Representing the provider of large language model generative AI products/services in negotiations with licensees to discuss privacy, cybersecurity, and trusted AI legal frameworks legal compliance in licensee negotiations
- Representing a large consulting organization in thinking through the risk categorization frameworks for trust AI data leadership.
- Representing developers/licensees/users
- Representing a healthcare organization on AI legal compliance and risk management and governance.
- Representing a large retailer on developing an AI risk governance program based upon “trusted legal AI frameworks” and mapping to technical standards.
- Representing a top financial institution in developing an AI governance program grounded in the foundations of the trusted legal AI Framework.
- Representing a large consulting organization in thinking through the risk categorization frameworks for trust AI data leadership.
Board Level AI Engagements
- Advising the Corporate Secretary and the Board of Directors of a major retailer on risks and opportunities associated with generative AI. Dominique will be advising both the Board, and the management teams leading the AI Governance project, on the legal contours around a Trusted AI program that conforms to the consensus around legal norms for responsible AI development as reflected in 37 countries and six continents. In this regard, she prepared a 106 paged workplan. She will be leading the guidance for the client in all aspects of the development of their risk assessment, governance and compliance frameworks. She will also be providing the Board with these metrics so they have actionable information upon which to assess opportunities and risks associated with the deployment of generative AI in various use cases in the company.
- Advising a publicly listed home healthcare system in architecting an assessment of the current data practices for the Board of Directors and creating strategy for appropriate governance over AI, privacy and cybersecurity. To that end, in May 2023, she presented her recommendations to the full board in conjunction with the general counsel and corporate secretary . Dominique has been engaged to create an appropriate board level privacy/cyber/AI incident plan and will be advising the audit committee on an on/going basis emerging legal trends so that the organization can stay ahead of the curve to come data leaders
Board Privacy & Cybersecurity Engagements
- Representing the Board of Directors of a major public company in the energy field , in the aftermath of ransomware attacks on critical infrastructure companies like Colonial Pipeline. Dominique led a team that reviewed 85 shareholder derivative actions for data breach and congressional testimony of the CEO of Colonial Pipeline, to customize a Board-level incident response plan , a set of applicable questions for Board Members to ask regarding the state of cyber preparedness, and series of Board trainings so that the Board could exercise effective oversight as part of its fiduciary over cyber and privacy-preparedness.
- Represented the California Chamber of Commerce as it negotiated business-friendly terms with Alastair Mactaggart, the individual behind the creation of California’s landmark Consumer Privacy Law. With regard to the updating of the law in 2019, by the California Privacy Rights Act, Dominique advised the CEO of the Chamber directly and together they architected a strategy that led to the business-friendly terms of the CCPA being added. Dominique represented the California Chamber on California Consumer Privacy Act privacy matters and developments in privacy in Europe affecting same from 2018-2023. Her presentations to leadership on these matters is exemplified by the presentation to the California Chamber Board of Directors on Data Privacy Issues referenced online here.
- For the largest county pension fund in the country, led the privacy and data security assessment for the Los Angeles County Employee Retiree Association (LACERA). LACERA is a 52 billion fund. In this capacity Dominique regularly reported to the LACERA board. Her final report provided detailed recommendations 95% of which were adopted by the CEO and the Board. Her presentations to the board on this initiative continue to protect the organization. Her final report is referenced online in fall 2016 board meeting minutes. Of the 60 + recommendations made by Dominique, the Board of Directions adopted 95% of them.
- Guided a large retailer through a data breach that involved more credit cards than the Home Depot breach. Over a two year period, Dominique regularly briefed the company’s executive leadership on the status of the incident, 8K disclosures, interactions with law enforcement and mitigation. She handled privacy counseling for the company and reporter to the board on the status of the company’s compliance efforts.
- For a global entertainment company, conducted a top-to-bottom assessment of the state of the company’s privacy and data security program. Dominique’s 100-page report provided the board and general counsel with clarity regarding the state of majority. During the course of that engagement, Dominique regularly reported to the board and sat as a legal advisor to the privacy and cyber audit teams.
- Defended a publicly-traded medical device company against a confidential privacy regulatory matter that ended with no fine to the company. Dominique led the effort to quickly transform the client’s practices such that the regulator elected to exercise discretion not to impose a 20 year consent decree. Thereafter, she conducted a training program for the audit and ethics committee about the state of compliance and maturity of the program.
Board Reports and Privacy Assessments
- Preparing board reports for public organizations concerning legal compliance with privacy and cybersecurity best practices.*
- Conducted employee, HR and IT interviews as part of comprehensive legal assessments of adequacy of privacy and cybersecurity policies.
Health Tech
- Advised a major medical device company on mobile medical application, Big Data, compliance with HIPAA privacy and security rules, the California Confidentiality of Medical Information Act (CMIA), cloud storage and privacy notices, policies and other privacy disclosures for its website for patient social networking, and communication with health care advisers.*
- Advised a health tech company regarding its online portal for diagnosis of ADHD, concerning compliance with HIPAA and the CMIA, and preparing privacy policies and CMIA disclosures.*
- Assisted a medical billing company with compliance with an FTC enforcement order and creating an updated website privacy policy, terms of use and website disclosures.*
- Conducted privacy due diligence in connection with a Fortune 100 consulting company’s acquisition of two medical billing companies.*
Global Privacy & Data Protection Compliance
- Leading EU General Data Protection Regulation (GDPR) and Asia-Pacific Economic Area data legal compliance project for global companies in the semiconductor, IT, media and retail industries.
- Lead a review of one of the largest online auction website’s vendor agreements for GDPR compliance.
- Handling cybersecurity compliance strategy in the United States and EU for major media corporations.
- Led an EU, Asia and South America data privacy and security compliance project for a major Japanese gaming company.*
- Lead cross-border transfer legal compliance strategies and vendor management strategies for several major retail, consulting, communications, payments and fast food companies.
Data Breach Investigations
- Served as project lead for a breach investigation for a global retail brand.*
- Lead a forensic breach investigation for a financial institution.*
- Lead a breach investigation for a global e-commerce website.*
- Lead a forensic breach investigation for an online service for a health and wellness mobile app.*
- Lead a forensic breach investigation and consumer notification for a global media company.*
- Lead a forensic breach investigation for a national consumer product retailer.*
Cyber Preparedness Counseling
- Lead a comprehensive data security legal assessment.
- Lead a cybersecurity preparedness program for a financial institution and serving as outside counsel member of its Cybersecurity Incident Response Team.
- Lead a privacy and data security legal assessment compliant with the NIST Cybersecurity Framework.
- Lead a review of data security and IT policies for a cloud service provider for compliance with the NIST Cybersecurity Framework.
- Lead a privacy and data security legal assessment for a media company.
California Consumer Privacy Act (CCPA) - Regulatory Experience
- Led a team that drafted comments to the California Attorney General’s Office in connection with its CCPA rulemaking process on behalf of the California Chamber of Commerce, which includes a number of retailers. See California Chamber of Commerce Comments to the California Attorney General's Office for CCPA Rulemaking (March 8, 2019), available at CCPA Public Comments (at CCPA00000067).
- Testified before the California Senate Judiciary Committee in a hearing titled “Informational Hearing on the State of Privacy: CCPA vs GDPR” (March 5, 2019). See March 5, 2019 - Senate Judiciary Committee: Informational Meeting on State if Privacy CCPA vs GDPR.
- Testified before the Senate. See April 9, 2019 - Senate Judiciary Committee Hearing re Bill to expand Private Right of Action Under the CCPA - creating greater class action exposure for companies (SB 561) testimony.
CCPA and GDPR Compliance Counseling
- Representing several business-to-consumer clients in CCPA compliance, including multiple national retailers, a social networking platform, a medical provider and a fintech money transfer app embedded in multiple major national bank mobile apps.
- Representing a global device manufacturer in CCPA compliance efforts. Advising one of the largest semiconductor companies in the United States in CCPA compliance, having first led the company’s GDPR compliance in 2017-2018.
- Representing a global ad tech company in CCPA compliance.
- Representing a global smart television app developer in CCPA and GDPR compliance.
- Representing the largest domestic consortium for financial data in CCPA compliance, after completing a privacy and data security assessment in 2018.
- Representing one of the largest ad serving networks in CCPA compliance.
*Prior firm experience
Servicios e Industrias Relacionadas
Publicaciones y Presentaciones
Publications
View All InsightsNews
View All NewsEvents
View All Events
Reconocimeinto
- Named to Forbes' “50 Over 50: Innovation” list, 2024
- Received the “Privacy Vanguard Award” by International Association of Privacy Professionals (IAPP), 2024 and received the “Diversity in Privacy Award” by International Association of Privacy Professionals (IAPP), 2024
- Listed a “Top 50 Diverse Board Candidate” by Equilar and the Nasdaq Center for Board Excellence, 2023
- Named a “Diligent Modern Governance 100 Compliance and Ethics Leader” by Diligent Corporation, 2023
- Named by The Los Angeles Business Journal as a "Legal Visionary," 2023
- Named in The Recorder for “Woman Leader in Tech Law,” 2022 – 2023
- Named in Engatica for “Top 40 Data Privacy Pioneers to Follow in 2023”
- Listed in Chambers USA for Privacy & Data Security, 2020 – 2023
- Listed in Chambers Global for Privacy & Data Security, 2021 – 2023
- Named one of the “Top 100 Women Lawyers in California” by the Daily Journal, 2021
- Named by The Los Angeles Business Journal as one of the "Women of Influence: Attorney," 2021
- Listed by Los Angeles Magazine as being among “Southern California Super Lawyers,” 2012 – 2022
- Listed in the Cybersecurity Docket "Incident Response 30," 2019; listed in the Cybersecurity Docket “Incident Response 40,” 2020 – 2023; and listed in the Cybersecurity Docket “Incident Response 50,” 2024
- Listed by The Best Lawyers in America in Privacy and Data Security Law, 2016 – 2019
- Named by The Los Angeles Business Journal as one of the “Most Influential Lawyers: White Collar & Cyber Crimes Law,” 2015
- Named a “Woman Leader in Tech Law," by The Recorder, 2014
- Named by The Los Angeles Business Journal as one of the “Most Influential Lawyers: Digital Media and E-Commerce Law,” 2014
- Named “Intellectual Property Lawyer of the Year” by the Century City Bar Association, 2012
Educación
- Brown University, BA
- Georgetown University Law Center, JD
Admisiones
- California
Courts
- US District Court for the Central District of California
- US Court of Appeals for the Ninth Circuit
- US District Court for the Northern District of California
- US Supreme Court
Idiomas
- English
- French
Participación Profesional y Comunitaria
- The National Black Lawyers
- International Association of Privacy Professionals (IAPP), Board of Directors, 2020
- Certified US Information Privacy Professional (CIPP/US) through the International Association of Privacy Professionals (IAPP)
- Federal Bar Association of Los Angeles, Board of Directors
- Magistrate Judge Merit Selection Panel for the U.S. District Court for the Central District of California, 2011 – 2017
- Los Angeles County Bar Association, Entertainment & Intellectual Property Law Section (ELIPS), Chair, 2011 – 2012
- Ninth Circuit Judicial Conference, Lawyer Representative
- Women Lawyers Association of Los Angeles (WLALA), President, 2005 – 2006, Life Member
- National Bar Association (NBA), Life Member
- Black Women Lawyers Association of Los Angeles (BWL), Life Member
- Langston Bar Association, Life Member
- California Women Lawyers Association, Board Member, 2004 – 2006
- Big Brothers Big Sisters of Greater Los Angeles, Board Member, 2007 – 2010
- Center Dance Arts, Board of Directors, Member 2013 – present
- Museum of Contemporary Arts, Drawings Committee, 2008 – 2011