Jennifer Smith has nearly two decades experience as a General Counsel, Chief Privacy Officer, Data Privacy and Insurance Subject Matter Expert. As Chair of the Shulman Rogers Cybersecurity and Data Privacy practice group, Jennifer focuses on data collection, use, transfer and security. Most recently, she focused on “Big Data” and building health care analytics platforms. She supported several hundred sales associates, drafted countless data use and data supply agreements, and aligned five disparate entities (post acquisition) into one operation. While counseling customers (Health IT vendors, payers and providers), Jennifer also monitored CMS/CCIIO, FTC (GLBA ), FCC (TCPA), CFPB (FCRA), HHS/OCR (HIPAA) and DEA regulations. She takes tremendous pride in working with organizations to not only keep them compliant from a regulatory or contractual vantage point, but also to assist in the design or development of data-driven products and solutions. Jennifer is convinced that lawyers can, in fact, generate revenue within their organizations.
Jennifer was one the original architects of a State-based HIE, as well as of two State and Federal-based Health Care Exchanges. The former enabled EHR/EMR file-sharing across multiple IT platforms, as well as enabled the detection of Fraud, Waste and Abuse. She helped design HIPAA/HITECH compliant platforms in connection with the implementation of the Affordable Care Act. During that time, Jennifer also worked with state and federal regulators, financial institutions and IT integrators in developing data privacy, security and compliance guidelines for industry-wide constituents. For several years, she served as a Compliance Officer, drafting countless RFP responses, policies and procedures in response to procurement requirements, consumers and industry standard-setting organizations such as URAC and NCQA.
Here in Washington, D.C., Jennifer served as a U.S. Practice Leader for a Global Technology & Privacy Practice for two of the top five insurance brokerage firms. Her work focused primarily on risk transfer strategies, best practices and data privacy regulation. As an expert in insurance recovery, Jennifer assisted in litigation related to e-commerce, online advertising and domain name registration. Between 2004 - 2012, Jennifer recovered over $150MM in cyber losses relating to mobile apps, online advertising, data privacy breaches and satellite communications.
Jennifer has appeared regularly before the 112th Congress, Department of Commerce, the SEC, FTC, FCC, ACC, ABA and ICANN as a nationally-recognized authority in Data Privacy, HIPAA, GLBA, Directors’ & Officers’ Liability, Risk Management and Insurance. She has been recognized by America’s Health Insurance Plans, the industry’s policy group and trade association, as an authority on the intersection consumer privacy and predictive analytics. She has also been recognized by the Washington Business Journal and Business Insurance as a nominee for “Women to Watch”, “40 under 40.”
Ms. Smith received her Juris Doctorate from Fordham University Law School and her Bachelor of Arts from Florida State University. Jennifer also earned a Masters Certificate (Artists Diploma) in Vocal Arts from the Juilliard School.
- Jennifer Smith serves as panelist at Capital One/Spark Business Cybersecurity Program
- Mission Critical Communications announces Jennifer Smith's arrival to Shulman Rogers
- Jennifer G. Smith, former divisional Lead Counsel for LexisNexis Health Care IT and former practice leader of Lockton's Global Technology & Privacy Practice, has joined Shulman Rogers
- “Big Data & Health Care: Leveraging Claims Data while Safeguarding Consumer Privacy,” Executive Insight, November 2015.
- “30 days later: Surviving Post-Breach Losses and Data Breach Valuation,” NetDiligence Cybersecurity Conference, Philadelphia, PA, June 4-5, 2012 (soundbite on YouTube, published by NetDiligence)
- “Insurance Coverage for Cyber Risks: Coverage under CGL and “Cyber” Policies,” co-authored with Scott Godes, published by ABA, Litigation Section, Insurance Coverage Litigation Committee on March 3, 2012 (re-published twice in 2012)
- “Insurance coverage for Data breaches, Denial-of-service attacks & Cybersecurity Events,” American Bar Association, Tucson, AZ, March 1-3, 2012 (re-published twice in 2012)
- “Quarterbacking the Cybersecurity Playbook,”ABA/ACC, March 25, 2010 (re-published by ACC)
- “From Zero to Hero - Maximizing Recovery under Insurance Policies,” ACC, October 15, 2009
- IoT Emerge 2016: IoT Risk to the Power Grid
- CyberMaryland 2016
- American Small Business Cybersecurity XChange 2016
- Breakfast Panel Discussion, Shulman Rogers and Capital One Spark Business - Cyber Security: Assess Threats & Reduce Risk
September 22, 2016
- The Power Conference: Women Doing Business
August 25, 2016
Seminars & Speaking Engagements
- "The New Provider Data Paradigm: Navigating Regulations." AHIP National Health Policy Conference, March 10, 2016
- Provider Data Management: Provider Directory Accuracy & Network Adequacy in 2017, AHIP Webinar, February 2016
- “Navigating without a Compass: HITECH and HHS post Affordable Care Act," Association of Corporate Counsel Annual Meeting, New Orleans, LA, October 28-31, 2014
- "Cyber-Liability a Cultural Epidemic for Small and Middle Market Corporations," Keynote Speaker for California CPCU Annual Meeting, March 9, 2014
- "No Immunity for Insurers: A Privacy Lesson for Financial Services," AmWINS Presentation, Charlotte, North Carolina, September 24, 2012
- Cyber 201: Complex Cyber Losses & Solutions (compliance training), San Francisco, CA, June 24, 2012.
- Healthcare Data Privacy: Covered Entities and Business Associates 101 (training), San Francisco, CA, June 25, 2012
- Complex Cyber Loss Recovery (compliance training), San Francisco, CA. June 25, 2012
- “CyberLiability and Social Media,” Washington Metropolitan Association of Corporate Counsel (WMACCA), March 13, 2012
- “Social Media Liability and Insurability,” International Association of Defense Counsel, Palm Springs, CA, Feb.13, 2012
- "HIPAA, HITECH and the HHS: What you need to Know for 2012," Blue Cross Blue Shield Annual Meeting, Newport, Rhode Island, September 26-27, 2011
- "Cyber Crime & Enterprise Risk Management," joint RIMS/CPCU, Los Angeles, CA, August 8, 2011
- “Data Breach Incident Response & Insurance Recovery,” IRMI Cyber and Privacy Risk Conference (Faculty), San Francisco, CA, July 20-21, 2011
- “Social Media Maze: Liability in Behavioral Advertising and Social Media Sites," NetDiligence Cybersecurity Conference, Philadelphia, PA, June 9-10, 2011
- "Corporate and Professional Liability Insurance Law 2010," Practicing Law Institute, June 7, 2010
- “Claims-Made Litigation Conference,” HB Litigation, October 7, 2009