Mary Ellen Callahan Partner and Chair of Jenner & Block’s Privacy and Information Governance Practice
Jenner & Block

Mary Ellen Callahan, Chair of Jenner & Block’s Privacy and Information Governance Practice, has unique and broad experience advising clients at the interface of privacy protection with cybersecurity and national security issues. A nationally recognized privacy attorney with a decade and a half of outside counsel experience, she served as Chief Privacy Officer of the U.S. Department of Homeland Security from 2009 until August 2012. She is a prolific writer and speaker on cutting-edge commercial privacy issues. She provides advice and counsel to an array of clients in industries that include media, public health and health care, manufacturing, online retail, government contracts, energy and other critical infrastructure sectors.

Since returning to private practice, Ms. Callahan has assisted over two dozen clients on privacy- and cybersecurity-related matters. Her work includes providing up-front guidance on establishing compliance programs that reflect privacy policy and industry best practices. She has counseled companies on data governance issues, including use of customer and advertising data. She has advised industry associations on future privacy issues and measures to address cybersecurity vulnerabilities. In the rapidly growing area of mobile privacy, she has advised and written on privacy best practices and evolving standards and approaches. She counsels frequently on the Children’s Online Privacy Protection Act, the Video Privacy Protection Act, compliance with the European Union Data Protection Directive and the implications for businesses of the emerging White House Framework on Critical Infrastructure Cybersecurity. Ms. Callahan regularly advises clients on requirements and protocols associated with data breaches.

In October, Ms. Callahan accepted the highest award in the privacy industry, the 2013 Privacy Vanguard Award, given by the International Association of Privacy Professionals. The award honors the privacy professional who has demonstrated outstanding leadership, knowledge and creativity in privacy and data protection. In 2011, she received the select Federal 100 Award, which recognizes individuals in government and industry who have played pivotal roles in the federal government information systems community. Ms. Callahan’s work on integrating cybersecurity, transparency and privacy at the Department of Homeland Security was cited as the reason for her Federal 100 recognition.

She is a prolific writer and speaker on privacy issues, including having testified before Congressional Committees numerous times in her capacity as Department of Homeland Security Chief Privacy/Chief FOIA Officer. Ms. Callahan has served as Vice-Chair of the American Bar Association’s Privacy and Information Security Committee of the Antitrust Division; Co-chair of the Privacy Committee of the CIO Council, the principal interagency forum for improving agency practices related to the design, acquisition, development, modernization, use, sharing, and performance of Federal information resources; and Co-chair of the Privacy and Civil Liberties Subcommittee of the Information Sharing and Access Interagency Policy Committee. She is a Certified Information Privacy Professional/United States (CIPP/US).

Prior to joining the Department of Homeland Security in 2009, as a partner in the DC office of an international law firm, Ms. Callahan focused on privacy, security, data protection, consumer protection, and e-commerce issues across a wide variety of industries including retail, technology, entertainment, financial services, health care, telecommunications and government contracts. She advised businesses, including multinational companies, on a variety of privacy and information governance issues, including privacy and security policies; performed audits of clients’ privacy and security policies as related to relevant state and federal legislation and created and implemented requisite compliance strategies and programs; and drafted website privacy policies and terms of use. Ms. Callahan is also experienced as a litigator and has represented clients before federal administrative agencies, in federal and state courts in the District of Columbia and in federal courts in Virginia and New York.

She serves the Firm as a member of the Diversity & Inclusion Committee and is a Co-chair of the Firm’s Women’s Forum Steering Committee. Her pro bono legal work has included assisting in the development of privacy policies, terms of use and communications strategies for non-profit entities.

Representative matters include:

  • Advice on privacy protections for biometric-based transportation screening program, and on its proposal to the Transportation Security Administration on a passenger-screening program. Counsel to major trade association on cybersecurity vulnerabilities in hospitals, development of association-wide educational campaign on cybersecurity and hospital assets, and development on standards following the 2013 Executive Order on Cybersecurity.
  • Counsel to major Real-Time Bidding advertising platform on collection and use of information worldwide. Advice regarding mobile best practices, Children’s Online Privacy Protection Act, compliance with EU e-Privacy Directive and related Member State cookie laws, geo-location, Do-Not-Track, and novel approaches to ad serving.
  • Advise a wide range of consumer-facing clients on privacy best practices and industry standards associated with the use of information, such as mobile application data including geolocation data, or home use products such as cable set-tops or energy smart meters.
  • Strategic advice to trade associations on major future privacy issues for online games and gaming developers; advice and analysis on mobile application best practices, multi-stakeholder processes, and Children’s Online Privacy Protection Act.
  • Advise and assist major online companies in organizing its electronic assets, systematizing its use of customer, mobile, web, and vendor data; establishing standardized procedures for the introduction of new products or services.
  • Additional advice on compliance with payment card industry data security standards (PCI-DSS), Children’s Online Privacy Protection Act, Video Privacy Protection Act, counseling on compliance with the European Union Data Protection Directive.
  • Assist major media company in developing and establishing a Data Governance Council to encompass holistic data governance decisions including use of customer data, mobile application data, and advertising data; continuing counsel on how the decisions can be implemented. Additional advice on Children’s Online Privacy Protection Act, Video Privacy Protection Act, and compliance with the European Union Data Protection Directive.
  • Advise and help structure a web data extraction program for a company developing a social media software prioritization service. Draft End User License Agreement, Service Provider Agreement, and Terms of Use. Develop social media acceptance use policies. Develop social media training.
  • Counsel to major media company on data integration plans for newly-acquired assets; perform privacy reviews of assets prior to acquisition. Review of mobile applications and compliance with privacy policy and industry best practices. Review and analysis of international web properties, compliance with local laws, and compliance with worldwide privacy policy. Additional advice on Children’s Online Privacy Protection Act, mobile privacy standards, and behavioral advertising.