Jonathan M. Wilan

JONATHAN WILAN has focused his practice for over 25 years on the intersection between legal risk and data. Jonathan has extensive experience in the areas of cybersecurity, complex litigation, artificial intelligence law, privacy, investigations, corporate diligence, and large-scale compliance technology implementations. Jonathan’s work addresses data risks before, during, and after an incident, including proactive counseling and policy development, investigation of the incident, counseling on regulatory and customer inquiries and disputes, and defending the litigation that often follows. He regularly defends companies in courts around the country faced with class action litigation arising from data breaches including currently the MOVEit data breach MDL, one of the largest and most complex multidistrict litigations in history. Jonathan also frequently advises companies on commercial disputes and litigation that arise following cyber incidents including representing service providers faced with significant customer claims.   

Jonathan also advises on emerging legal requirements around artificial intelligence. Well before the surge in interest in AI, Jonathan led the legal aspects of projects that included large-scale corporate implementations and evaluation of artificial intelligence and models to meet compliance and legal obligations for some of the largest companies in the world.

Jonathan also advises on complex privacy and cybersecurity aspects of corporate deals. Building on his 25 years of experience in the space, he regularly leads diligence and advises on and negotiates privacy and cybersecurity obligations. This includes a deep understanding of the legal foundation and the risks that could lead to disputes and crafting provisions to address real-world risks and scenarios.

Jonathan is also recognized as a thought leader on issues related to cybersecurity, information governance, and complex litigation. He is a frequent speaker and a former member of the steering committee of The Sedona Conference Working Group 11 on Data Security and Privacy Liability. He currently is an active member of both WG11 and the Sedona Conference Working Group 13 on AI and the Law.

Recent matters include:

• Defending a domestic life insurance company in the ongoing MOVEit data breach MDL proceeding in Boston.
• Defending one of the leading mortgage processing companies in the United States in a consolidated data breach class action in Florida federal court related to a prior cybersecurity incident and which resulted in an early settlement following mediation.
• Representing an analytics platform provider to the health industry in New York state class action litigation related to a prior cyber incident. The matter was resolved successfully before motion practice. 
• Representing a large global IT vendor in a dispute with corporate customer arising from operationally impactful cyber incident.
• Advising on the development of AI and model development programs and policies including extensive work on model defensibility.
• Advising large money services business on complex multi-year technology implementations and model defensibility and validation obligations in the context of meeting anti-money laundering and consumer protection obligations.
• Conducting cyber diligence and negotiating contract provisions and exhibits related to cyber and privacy risk including recently in the financial services, transportation, retail, information technology, cybersecurity, and pipeline industries.
• Counseling companies on compliance with Telephone Consumer Protection Act (TCPA) obligations.   
• Advising companies in the transportation, financial services, insurance, manufacturing, mortgage processing, investment management, technology platform, satellite, and IT services industries on cybersecurity matters including conducting investigations and advising on regulatory obligations and disputes.
• Advising a retail company on integration of privacy controls in the context of large acquisition and prior consent order.
• Counseling on compliance with Federal Acquisition Regulation and DoD standards in the context of cybersecurity and data protection obligations.    
• Conducting due diligence and drafting contract provisions related to large third-party vendor agreements and in the context of mergers and acquisitions.
• Researching and preparing a white paper for a non-profit organization to describe data laws, regulations, guidance, and practices relevant to their mission.