Photo of Dominique Shelton Leipzig

Dominique Shelton Leipzig is a partner in Mayer Brown's Los Angeles office and a member of the Cybersecurity & Data Privacy practice. She serves as the lead for the Global Data Innovation as well as Ad Tech Privacy & Data Management practices. She is one of the country’s top privacy and data lawyers and her considerable experience helps clients navigate the evolving legal compliance issues related to privacy and data security for their digital data initiatives.

With more than 30 years of experience, Dominique provides strategic privacy and cyber-preparedness compliance advice, and defends, counsels and represents companies on privacy, global data security compliance, data breaches and investigations. Her experience includes defending companies under investigation by the Federal Trade Commission, attorneys general offices and other regulatory and government authorities. She advises companies on best practices in privacy, cybersecurity, data, mobile, cloud storage, Ad Tech privacy, Internet of Things and other areas of regulatory compliance.

Read Dominique's full bio.

On May 11, 2022, the Senate confirmed President Biden’s appointment of Alvaro Bedoya to fill the vacant Democratic seat on the Federal Trade Commission (FTC). Commissioner Bedoya’s confirmation gives the Democratic commissioners a voting majority on the Commission, and we expect the FTC will pursue actions previewed by Chair Lina Khan. In this Legal Update,

Strengthening the nation’s cybersecurity has been a top priority for the Biden administration, as reflected in its collaboration with industry, regulatory actions, and the legislation it has supported in Congress, including the Cyber Incident Reporting for Critical Infrastructure Act of 2022. Executive action has been a key tool in the Biden administration’s cyber policymaking toolkit.

Connecticut has become the fifth state to pass comprehensive consumer data privacy legislation. Connecticut Governor Ned Lamont signed the bill into law on May 10, 2022, and the Connecticut Data Privacy Act” (CTDPA) will take effect on July 1, 2023. This Legal Update discusses the CTDPA’s scope; compares it with the other state privacy laws

In a recent decision upholding the denial of a motion to compel arbitration, a panel of the Ninth Circuit provided new guidance about the formation of online contracts under California and New York law.1 The court held that, to place a consumer on inquiry notice of terms and conditions on a website, the website

On February 9, 2022, the Securities Exchange Commission (“SEC” or “Commission”) voted 3-1 to propose rules, forms and amendments concerning cybersecurity risk management, as well as registered investment adviser and fund disclosures. As we have previously discussed, the proposal under the Investment Advisers Act of 1940 (Advisers Act) and the Investment Company Act of

On March 25, 2022, the United States and the European Union jointly announced an “agreement in principle” to a new trans-Atlantic data privacy framework to facilitate the cross-border transfer of personal data (the “Framework”).1 As part of the Framework, the US has made “unprecedented commitments” related to intelligence collection and surveillance practices.2 The

Following in the footsteps of California, Virginia and Colorado, Utah has become the fourth state to pass comprehensive consumer data privacy legislation. Utah Governor Spencer Cox signed Utah Consumer Privacy Act (“UCPA”) into law on March 24, 2022—the first major state law domino to fall in 2022 and the first comprehensive data privacy legislation since

On March 15, 2022, President Biden signed into law the Consolidated Appropriations Act, 2022, H.R. 2471. Division Y of this omnibus appropriations legislation—the Cyber Incident Reporting for Critical Infrastructure Act of 2022—will create significant new rules requiring US critical infrastructure entities to report cybersecurity incidents and ransom payments to the US government. This legislation marks

On March 9, 2022, the U.S. Securities and Exchange Commission (the “SEC”) released proposed amendments (the “Proposed Amendments”) aimed at enhancing and standardizing disclosure relating to cybersecurity risks and incidents. Under the existing regulatory framework, neither Regulation S-K nor Regulation S-X expressly requires that cybersecurity risk management procedures, cybersecurity risks or incidents be disclosed. However,

New comprehensive privacy frameworks in California, Virginia and Colorado are set to come into effect in 2023, and in recent days attention has turned to Utah, where a privacy bill closely resembling Virginia’s is on the governor’s desk for signature. The rulemaking processes for the enacted laws are in their early stages. To the chagrin