Photo of Dominique Shelton Leipzig

Dominique Shelton Leipzig is a partner in Mayer Brown's Los Angeles office and a member of the Cybersecurity & Data Privacy practice. She serves as the lead for the Global Data Innovation as well as Ad Tech Privacy & Data Management practices. She is one of the country’s top privacy and data lawyers and her considerable experience helps clients navigate the evolving legal compliance issues related to privacy and data security for their digital data initiatives.

With more than 30 years of experience, Dominique provides strategic privacy and cyber-preparedness compliance advice, and defends, counsels and represents companies on privacy, global data security compliance, data breaches and investigations. Her experience includes defending companies under investigation by the Federal Trade Commission, attorneys general offices and other regulatory and government authorities. She advises companies on best practices in privacy, cybersecurity, data, mobile, cloud storage, Ad Tech privacy, Internet of Things and other areas of regulatory compliance.

Read Dominique's full bio.

Today, the UK Department for Science, Innovation and Technology announced further details on the new transatlantic data flow mechanism for UK-to-US personal data transfers. In particular, the UK Secretary of State for Science, Innovation, and Technology today laid new adequacy regulations before the UK Parliament to give effect to the proposed arrangement. The deal, announced

India—the fifth largest economy in the world—just passed a comprehensive privacy law. On August 11, 2023, the Digital Personal Data Protection Act, 2023 (the “DPDP”) was approved by the president of India, adding India to the list of global powers with a comprehensive privacy law. The law is expected to come into force in June

Oregon has joined 10 other states in enacting a comprehensive data privacy law.1 On July 18, 2023, Governor Tina Kotek signed the Oregon Consumer Privacy Act (the “Oregon Privacy Law”) into law. The law imposes a range of new data privacy requirements on non-exempt controllers and processors of Oregon consumer personal data. The Oregon

On July 26, 2023, the U.S. Securities and Exchange Commission (the “SEC”) issued a release, adopting final rules (the “Final Rules”) aimed at standardizing and enhancing disclosure relating to cybersecurity incidents and risk management processes. The SEC had proposed rules (the “Proposed Rules”) on March 9, 2022. The Final Rules reflect the considerable comments received

On July 10, 2023, the European Commission (“Commission”) adopted an adequacy decision for the EU-US Data Privacy Framework (“DPF”). The DPF is the successor to the EU-US Privacy Shield, which the Court of Justice of the European Union (“CJEU”) declared invalid in 2020.

This adequacy decision reflects agreement by the Commission that the DPF offers

On Tuesday, June 20, 2023, President Joe Biden met with industry experts at the intersection of technology and society to discuss the opportunities and challenges of artificial intelligence (AI) development. President Biden emphasized the “need to manage the risks to our society, to our economy and our national security” and referenced the Blueprint for an

On Tuesday, May 16, 2023, the US Senate Judiciary Subcommittee on Privacy & Technology held its first hearing on Artificial Intelligence.1 The hearing, called “Oversight of AI: Rules for Artificial Intelligence”, featured witness testimony from Sam Altman, the CEO of OpenAI, Christina Montgomery, the chief privacy officer at IBM, and Gary Marcus, a

On February 28, 2023, the European Data Protection Board (“EDPB”) issued its opinion on the draft adequacy decision of the European Commission (the “Commission”) on the new EU-US Data Privacy Framework (“DPF”). The EDPB expressed reservations in connection with the DPF, which will now undergo scrutiny by other European institutions.

Who Should Read This Legal

The Biden administration released its National Cybersecurity Strategy (“Strategy”) on March 2, 2023.1 The Strategy builds on previous policy actions by the Biden administration that sought to strengthen cybersecurity in critical infrastructure and protect personal data, including through regulatory action, government procurement requirements, and an emphasis on software security. The Strategy calls for (1)

On 13 December 2022, the European Commission published its draft adequacy decision for EU-U.S. data transfers. The draft decision follows the EU-U.S. announcement of an agreement on a new EU-U.S. Data Privacy Framework (“DPF”) in March 2022 as well as the Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities (“Executive Order”) signed