Skip to main content
Wilan, Jonathan M.

Jonathan M. Wilan

Partner
  • Privacy and Cybersecurity
  • State Attorneys General and Local Enforcement
Jump To

Biography

JONATHAN WILAN has focused his practice for over 20 years on the intersection between legal risk and data. Jonathan has extensive experience in the areas of cybersecurity, complex litigation, privacy, investigations, and large-scale compliance technology implementations. He regularly advises on disputes arising from data security incidents including consumer class actions, commercial disputes, and regulatory litigation. His matters frequently involve international and cross-border data flows. Jonathan also regularly advises on emerging legal requirements and standards regarding model development and defensibility, including artificial intelligence.

Jonathan is also a frequent speaker and thought leader on issues related to cybersecurity, information management, and complex litigation. He is a former member of the steering committee of The Sedona Conference Working Group 11 on Data Security and Privacy Liability and currently is an active member of the Sedona Conference Working Group 13 on AI and the Law.

Prior to joining the firm, Jonathan was a partner at another international law firm.

Experience

Representative Matters

Recent matters include:

  • Defending a domestic life insurance company in the ongoing MOVEit data breach MDL proceeding in Boston, which is one of the largest and most complex MDLs in history.
  • Defending one of the leading mortgage processing companies in the United States in a consolidated data breach class action in Florida federal court related to a prior cybersecurity incident and which resulted in an early settlement following mediation.
  • Representing an analytics platform provider to the health industry in New York state class action litigation related to a prior cyber incident. The matter was resolved successfully before motion practice. 
  • Representing a large global IT vendor in a dispute with corporate customer arising from operationally impactful cyber incident.
  • Counseling companies on compliance with Technology Consumer Protection Act (TCPA) obligations.   
  • Advising companies in the transportation, financial services, insurance, manufacturing, mortgage processing, investment management, technology platform, satellite, and IT services industries on cybersecurity matters including conducting investigations and advising on regulatory obligations and disputes.
  • Advising large money services business on complex multi-year technology implementations and model defensibility and validation obligations in the context of meeting anti-money laundering and consumer protection obligations.
  • Advising on the development of AI and model development programs and policies including extensive work on model defensibility.
  • Advising a retail company on integration of privacy controls in the context of large acquisition and prior consent order.
  • Counseling on compliance with Federal Acquisition Regulation and DoD standards in the context of cybersecurity and data protection obligations.    
  • Conducting due diligence and drafting contract provisions related to large third-party vendor agreements and in the context of mergers and acquisitions.
  • Researched and prepared a white paper for a non-profit organization to describe data laws, regulations, guidance, and practices relevant to their mission.      

Credentials

Admissions & Certifications
  • District of Columbia
  • Virginia
Education
  • Harvard Law School, J.D., 1997, cum laude
  • University of Maryland, B.A., 1994, magna cum laude

Capabilities

News & Insights

  • Panelist, “Shifting U.S. Federal Regulatory Priorities in the Privacy and Data Security Landscape,” Sedona Conference Working Group 11, Annual Meeting, Redmond, Washington, May 2025.
  • Panelist, “From Breach to Insight: Incident Response & PII Recovery,” Lexology Masterclass, May 2024.
  • Moderator, “Privacy and Data Security Challenges Presented by Artificial Intelligence,” The Sedona Conference on AI and the Law, Reston, Virginia, April 2024.
  • Panelist, “Protecting Personal Data After a Data Incident,” Masters Conference, Washington, D.C., April 2024.
  • Panelist, “Cyber Incident Response: Practical Guidance & Insights from the Trenches,” Today’s General Counsel, February 2024.
  • Panelist, “AI: Regulatory Landscape,” Sedona Conference Working Group 11, Annual Meeting, Denver, Colorado, May 2023.
  • Moderator, “Balancing Privacy and Data Security Against Efficacy in NextGen Healthcare,” Sedona Conference Working Group 11, Mid-Year Meeting, Cleveland, Ohio, November 2022.
  • Panelist, “When Data Is Held Hostage: A Tripartite Workshop on Best Practices for Preventing, Responding to, and Recovering from a Ransomware Attack,” MER Conference, Indianapolis, Indiana, May 2022.
  • Panelist, Second Edition of The Sedona Conference Commentary on Application of Attorney-Client Privilege and Work-Product Protection to Documents and Communications Generated in the Cybersecurity Context, Phoenix, Arizona, April 2022.
  • Panelist, “Impact of Pandemic Response on Global Privacy,” Sedona Conference Working Group 11, Mid-Year Meeting, Houston, Texas, October 2021.
  • Moderator, “COVID-19 Related Data Collection and Processing: Navigating the Potential Conflict Between Public Health Needs and Privacy and Data Security Mandates,” April 2021.
  • Panelist, “The Potential Promise of Proportionality: Platitude or Progress?” ACEDS, February 2021.
  • Speaker, “The Sedona Conference Draft Commentary on Quantifying Violations under U.S. Privacy Laws,” June 2020.