Jennifer C. Archie

  • Partner
  • 555 Eleventh Street, NW
  • Suite 1000
  • Washington, D.C. 20004-1304
  • USA
  • T +1.202.637.2205


Jennifer Archie is a partner in the Washington, D.C. office of Latham & Watkins and a member of the firm’s Litigation & Trial Department. She possesses broad investigations, litigation, and counseling experience advising clients from emerging companies to global enterprises across all market sectors in matters involving computer fraud and cybercrime, privacy and data security compliance and program management, advertising and marketing practices, information governance, consumer fraud, employment, and trade secrets. Ms. Archie has particular expertise defending clients in Federal Trade Commission and state consumer protection investigations and preparing for and leading the response to complex and large-scale data breach incidents.

Prior to entering the practice of law, she served as Legislative Assistant and subsequently Press Secretary to Congressman Christopher H. Smith (R-NJ) from 1983-86. She has lectured for various industry, client, and bar groups on diverse topics related to litigation or compliance issues relevant to state and federal computer crime and privacy laws, unfair or deceptive trade practice laws, and social media compliance considerations for regulated industries and public companies.

Ms. Archie is the editor of the Global Privacy & Security Compliance Law Blog, which discusses a wide range of legal developments and controversies involving data protection and privacy issues and practices, transborder data transfers, and data and system security terms and breaches across numerous industry sectors.


Ms. Archie's experience includes:

  • Advisor to leading cybersecurity solution providers on legal considerations related to new features, release of research results, vulnerability investigation, reporting and client management, and portals, new product roll-out, and new market channels
  • Represent leading vendor of secure collaboration and data room services on all aspects of security readiness, service reliability, incident response
  • Supply chain security. Represented power grid vendor in connection with multiple complex cybersecurity and data leakage matters, involving electricity reliability and supply chain security (B2B security promises)
  • Advanced malware. Served as lead legal advisor to multiple global enterprises (gross revenues exceeding US$10 billion) following state-sponsored advanced persistent threat cyber-attacks targeting internal corporate data, i.e., where external direct expense on investigation and recovery have exceeded US$25 million
  • Insider threat. Lead advisor to technology companies following discovery that critical intellectual property had been improperly handled by employees or vendors, supervising key crisis work-streams such as interrogation of employees, expert forensic investigation, dark web research, and other damage assessment, communications with external stakeholders, and internal remedial actions, and follow on whistleblower issues
  • Ransomware. Advised medical device and other organizations regarding global WannaCry ransomware infection impacting critical equipment or systems in use in hospitals worldwide
  • Personal data. Supervise forensic, investigatory, insurance, advisory, litigation work-streams in connection with theft or leakage of consumer or employee data on behalf of dozens of clients in consumer, healthcare, retail, professional services, and technology sectors
  • Enforcement. Represented multi-billion dollar healthcare provider in HHS investigation and resolution of violations of HIPAA associated with inadvertent leakage of patient data to the internet
  • Enforcement. Defending confidential retail client (>US$18 billion revenue) in connection with two successive FTC investigations of adequacy and reasonableness of information security and anti-fraud measures in connection with website and mobile application (closed voluntarily without public disclosure)
  • Enforcement. Defended VIZIO in a year-long investigation by the US Federal Trade Commission (FTC) concerning VIZIO's data collection and use practices. In this precedent-setting enforcement action, the FTC established a new industry standard for data collection from Smart TVs   
  • Selected counsel. Competitively selected as designated outside counsel on data security matters for multi-billion dollar enterprises, across diverse industry sectors for confidential clients, including asset managers, global telecommunications conglomerate, global retail and investment bank, commercial airline, global accounting firms, global engineering firms, healthcare providers, technology companies, online and retail companies
  • Investigated, assessed, and remediated compliance with diverse global data protection laws and standards on behalf of multi-billion global enterprise related to use of cloud computing, reasonableness of security program, compliance with laws restricting export of personal data to servers in the United States written policies, and breach preparedness and response
  • Advising software-as-service-provider on suspected distributed denial of service attack
  • Regularly advising on strategic acquisitions and investments on behalf of large financial institutions, investors, private equity clients on due diligence in connection with investments, acquisitions, and public offerings in connection with cybersecurity risks
  • Standing up corporate structure, regulatory compliance, outsourcing agreements for a highly advanced, secure, interoperable technology platform for hospitals or other healthcare industry members, involving the exchange and processing of Protected Health Information to support treatment decisions

Thought Leadership

  • Practical Considerations for Assessing Data Transfers after Schrems II  -  September 07, 2020
  • COVID-19: Due Diligence Considerations for M&A Transactions -  May 13, 2020
  • The Pervasive Threat of Business Email Compromise Fraud — and How to Prevent It -  February 20, 2020
  • What’s New, What It Means: California AG Releases Modified CCPA Regulations -  February 13, 2020
  • Data Privacy & Security Partner Shares Lessons Learned From Data Breach War Stories  -  January 14, 2020
  • Financial Firms Beware: Dangers Lurk in the Cloud -  November 26, 2019
  • California Consumer Privacy Act Draft Regulations: What’s New, What’s Next -  October 22, 2019
  • The California Consumer Privacy Act’s Amendments Are Final: What Businesses Need to Know -  September 20, 2019
  • 4 Questions to Consider When Dealing With Children’s Data in the US -  February 26, 2019
  • FTC Hearings Discuss the State of Data Security in the 21st Century -  December 18, 2018
  • Deep Dive on Deep Learning: FTC Considers Artificial Intelligence  -  November 20, 2018
  • FTC Hearing Evaluates Regulatory Oversight of Big Data and Privacy -  November 14, 2018
  • MD Anderson v. OCR: Key Takeaways -  September 20, 2018
  • A New Era for Data Protection in Brazil -  August 09, 2018
  • California Consumer Privacy Act of 2018 May Usher in Sweeping Change  -  July 02, 2018
  • Boardroom Perspectives: 5 Key Takeaways on Cybersecurity -  June 01, 2018
  • New DoD Cybersecurity Requirements Go Into Effect -  December 21, 2017
  • Call for Cybersecurity Guidelines in International Arbitration  -  November 24, 2017
  • How Can Healthcare Organizations Prepare for the Next Cyberattack? -  July 10, 2017
  • New Executive Order on “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure” -  May 18, 2017
  • Ransomware Attacks: When Is Notification Required? -  April 26, 2017
  • Keeping Your Company’s Data Safe This Tax Season  -  February 13, 2017
  • NYSDFS Revises Cybersecurity Rules to Accommodate Industry Concerns -  January 05, 2017
  • Financial Institutions Await Response to Concerns Over NYSDFS’ Proposed Cybersecurity Rules -  December 22, 2016
  • Cyber Security Issues in Arbitration -  December 21, 2016
  • China Issues Its First Network Security Law  -  November 21, 2016
  • FCC Institutes New Privacy Regime for Broadband Providers and Other Telecommunications Carriers -  November 16, 2016
  • Mitigating Cybersecurity Risks  -  November 10, 2016
  • 5 Preventative Steps to Manage Legal Risk Following a Cybersecurity Breach -  November 08, 2016
  • Employee Notice Provision of Defend Trade Secrets Act – Immediate Action Needed -  May 12, 2016
  • FCC Proposes Sweeping Broadband Privacy Rules -  April 13, 2016
  • Privacy Blog: Privacy Shield Is on Its Way  -  March 23, 2016
  • Cybersecurity—Rapidly Escalating Regulatory Expectations for Financial Institutions in the US and UK -  March 14, 2016
  • What You Need to Know About the Cybersecurity Act of 2015 -  February 18, 2016
  • Privacy Blog: Proposal of EU-US Privacy Shield Leaves Businesses in State of Uncertainty -  February 04, 2016
  • Privacy Blog: FTC Issues Initial Decision in LabMD Matter  -  November 17, 2015
  • 7 Tips for Conducting Effective Cybersecurity Due Diligence in M&A Transactions  -  October 29, 2015
  • Privacy Blog: Do German Data Protection Authorities Have Hope for Model Contracts? -  October 26, 2015
  • European Data Protection Authorities Grant Grace Period Until End of January 2016  -  October 16, 2015
  • EU Court of Justice Invalidates US Safe Harbor Decision -  October 06, 2015
  • Cybersecurity Due Diligence in M&A Transactions: Tips for Conducting a Robust and Meaningful Process -  October 05, 2015
  • Privacy Blog: Medical Center Pays US$218,400 to Settle HIPAA Case  -  September 01, 2015
  • Cybersecurity regulation and best practice in the US and UK -  August 25, 2015
  • Privacy Blog: FCC Releases New Clarifications Regarding the TCPA -  July 16, 2015
  • What General Counsel Need To Know About The Latest Cybersecurity Developments -  February 26, 2015
  • Privacy Blog: SEC Issues Regulation SCI Upping Information Security Requirements for Key Market Participants -  December 05, 2014
  • The General Counsel’s Role Before and After a Data Breach Incident -  October 06, 2014
  • Privacy Blog: California's Privacy Laws on the Move -  October 03, 2014
  • Privacy Blog: Microsoft Stands Up in Court for European Privacy Rights? -  September 08, 2014
  • Privacy Blog: 8 Key Takeaways from FTC's Settlement with Snapchat -  May 09, 2014
  • Privacy Blog: California Governor Jerry Brown Signs "Do Not Track" Disclosure Bill -  October 01, 2013
  • Managing Advanced Persistent Threats and Attacks — A Cybersecurity Update -  April 19, 2013
  • Data Security: Compliance and Enforcement in the Hospitality Industry -  November 15, 2012
  • Recent Developments in Trademark Law - Fall 2012 -  September 01, 2012
  • Recent Developments in Trademark Law - Fall 2011 -  September 01, 2011
  • HHS Proposes Changes to the HIPAA Privacy Rule’s Requirement for Accounting of Disclosures and the Addition of a New Individual Right to an Access Report -  June 20, 2011
  • Recent Developments in Trademark Law -  April 29, 2011
  • Federal Agencies Propose Rules on Dodd-Frank Incentive Compensation Requirements for Financial Institutions -  April 20, 2011
  • Federal Trade Commission Data Breach Notification Rule Regarding Personal Health Records -  September 9, 2009
  • Protecting Your Rights in 140 Characters or Less: Trademark Protection on Twitter -  June 16, 2009
  • Social Networking and the Law: Virtual Social Communities Are Creating Real Legal Issues -  March 1, 2009
Recognized in the Incident Response 30 list as one of the “best and brightest data breach response lawyers in the business."Cybersecurity Docket 2020
Bar Qualification
  • District of Columbia
  • Maryland
  • JD, Cornell Law School, 1989
  • BA, St. Lawrence University, 1983
  • Financial Institutions
  • Technology
  • Retail & Consumer Products
  • White Collar Defense & Investigations
  • Litigation & Trial Practice
  • Benefits, Compensation & Employment
  • Complex Commercial Litigation
  • Data Privacy & Security
  • Dodd-Frank & The Consumer Financial Protection Bureau
  • Payments & Emerging Financial Services
  • Communications Law
  • Technology Transactions
  • Advertising & Marketing Regulation