Lael Bellamy

Lael Bellamy has over 25 years of experience advising clients on U.S. privacy, consumer protection and cyber security laws covering a wide range of issues including AI, AdTech, data use and governance, consumer protection, and security and data breach laws. 

Leveraging her extensive in-house experience as a Chief Privacy Officer and technology lawyer, Lael offers a practical approach to help clients operationalize data protection requirements globally including:

• conducting website, cookie, pixel and tracking assessments and remediation
• monitoring and responding to global privacy developments and legislative changes
• advising on all facets of incident response and breach notification
• building governance and privacy programs
• negotiating and drafting privacy, data protection and security agreements
• drafting data use rights in complex technical transactions and outsourcing agreements
• drafting data privacy and AI impact and transfer assessments and agreements
• providing proactive advice regarding risk management, data strategy and privacy litigation risks
• conducting privacy and cybersecurity due diligence related to M&A transactions
• advising on the development of white label apps and programs  
• providing product counseling and reviews, including privacy impact assessments, strategy and risk mitigation, and design and implementation of privacy controls and supporting user testing
• assisting with risk analysis, strategic advice, and implementation related to global expansions and post-merger integrations
• advising on implementation of PETs (privacy enhancing technologies such as GPC, OOPS & UOOMs)
• advising on compliance with U.S. state and federal privacy laws and regulations, including:
  o CCPA/CPRA and other comprehensive or “omnibus” state consumer privacy laws
  o Daniel’s Law 
  o Video Privacy Protection Act, ADA and Drivers Privacy Protection Act
  o BIPA and biometrics privacy laws and requirements
  o Health Breach Notification Rule and UDAP claims
  o CAN-SPAM and other communications laws
  o Washington My Health My Data Act and state consumer health privacy laws
  o California Invasion of Privacy Act (CIPA) and state wiretapping and monitoring laws
  o California Age-Appropriate Design Code Act and children’s online privacy laws
  o Location tracking
  o Advertising, analytics, measurement and the use of deidentified data
  o Industry self-regulatory requirements including The Digital Advertising Alliance (DAA) self-regulatory principles and The Network Advertising Initiative (NAI) code of conduct

Lael understands her clients’ businesses with direct experience in the insurance and financial services, technology, retail, and AdTech industries. Specifically, Lael has collaborated with DLA colleagues and partner firms globally on numerous projects regarding:

• use of AI tools and approved use cases
• monitoring of employees and return to work initiatives
• drafting and updating employee notices and privacy policies
• conducting joint data privacy and AI impact assessments
• documenting technical and operational measures
• training international legal, compliance, security, HR and marketing teams 
• developing of AI governance committees, policies, and programs
• drafting AI product licensing and data use agreements
• complying with Data Privacy Framework
• transcribing and recording meetings
• managing numerous security incidents and drafting all documents relating to security breach response for numerous clients, including notification letters, scripts, FAQs for individuals and  notification letters to regulators, law enforcement, clients and credit reporting agencies
• negotiating and drafted privacy, security, data breach and data use and limitation provisions of sophisticated global outsourcing, licensing, consulting, and services agreements

Previously, Lael was the Chief Privacy Officer of Voya/ING and The Weather Channel and led the privacy office at The Home Depot, where she addressed privacy and data use globally, including working with stakeholders to embed privacy into the design of new products and services and overseeing the privacy program with internal and external stakeholders. Lael is adept at translating privacy requirements into actionable next steps and enabling clients with the right tools and guidelines to manage and mature their own programs independently.

Lael is honored to have been named a Westin Emeritus Fellow by the International Association of Privacy Professionals (IAPP), an award commemorating privacy legal scholar, Alan Westin, and designating Distinguished Privacy Professionals who have contributed significantly to the field. 

Lael served on the Executive Board of Directors of the IAPP and as President of the Association of Corporate Counsel (ACC) GA Chapter as well as on ACC national committees. The ACC named Lael “Member of the Year” for her volunteer leadership and contributions to the inhouse legal community.

Lael currently serves on the Advisory Committee of the Pro Bono Partnership of Atlanta, a nonprofit organization that provides free legal services to community-based nonprofits in Georgia.

Lael is a frequent speaker on privacy, AdTech, AI and technology issues and is an adjunct privacy professor at the Emory University School of Law. She holds a BS from Cornell University, a JD from the Emory University School of Law and is a Certified Information Privacy Professional (CIPP-US).