Richard J.Johnson (Jay)

Partner

Dallas + 1.214.969.3788

Connect:

Share

Jay Johnson is an authority on data privacy, cybersecurity, and related white collar issues. He is a former federal prosecutor with 18 years of government and law firm experience leading investigations, counseling on regulatory compliance, and handling litigation in a first-chair capacity. He now conducts security-related internal investigations, leads data breach response teams, and counsels on data protection measures and compliance with privacy laws and standards to minimize potential exposure.

At the U.S. Attorney's Office, Jay was the district-wide coordinator for computer hacking and intellectual property. In that capacity he guided the district's preparation for and response to cyber and IP crime and counseled prosecutors on collecting electronic evidence. He also led numerous trial and investigations teams involving fraud, identity theft, and other federal crimes, and he received the Justice Department's Director's Award for Superior Performance as lead trial counsel in the prosecution of a large-scale mortgage fraud scheme. Jay also traveled to Bosnia and Herzegovina, Macedonia, and Croatia to train local judges and law enforcement personnel on effective investigation techniques.

Jay co-founded the Firm's Global Privacy & Cybersecurity Update, a bi-monthly publication produced by a global attorney team. He is an adjunct faculty member at the SMU Dedman School of Law where he developed and teaches the school's flagship class on data privacy and cybersecurity law. He also serves on the Leadership Council of the ABA's SciTech Section and chairs the board of directors for the Boys & Girls Clubs of Greater Dallas.

Experience

  • Fortune 500 manufacturing company investigates cyberattacks targeting payment card data on eCommerce siteJones Day directed the investigation into cyberattacks targeting payment card data on an eCommerce site of a Fortune 500 company's recently-acquired subsidiary.
  • Fortune 500 public company advised on data security and privacy regulatory compliance issuesJones Day is advising a Fortune 500 public company on data security and privacy regulatory compliance issues, including written information security program (WISP) and incident response plan.
  • Publishing company responds to ransomware attackJones Day provided advice to a New York publishing company on incident response, communication, and remediation after it had been attacked by sophisticated ransomware.
  • Jones Day representing first ever receiver in an ICO enforcement actionUpon the recommendation of the United States Securities and Exchange Commission (SEC), the United States District Court for the Northern District of Texas appointed Jones Day partner Mark Rasmussen as receiver to manage the assets of a firm facing alleged securities laws violations related to an Initial Coin Offering (ICO); Jones Day is serving as counsel to the receiver.
  • Intersil obtains reversal of $77 million judgment in trade-secret and patent disputeIntersil Corporation (now known as Renesas Electronics America Inc.), represented by a cross-office, cross-practice team of Jones Day lawyers, obtained a Federal Circuit reversal of a $77 million judgment previously entered in favor of plaintiff Texas Advanced Optoelectronic Solutions, Inc. (TAOS) after a 2015 jury trial in the U.S. District Court for the Eastern District of Texas.
  • Fortune 500 company seeks advice involving blockchain service under EU's GDPRJones Day is advising a Fortune 500 company on a software services agreement with a blockchain service provider for compliance under the EU General Data Protection Regulation (GDPR).
  • Experian defends against series of nationwide class actions after breach of T-Mobile applicant dataJones Day defended Experian in series of nationwide class actions after breach of T-Mobile applicant data held by Experian company Decisioning Solutions, Inc.
  • Manufacturing company seeks advice on potential employee appropriation of dataJones Day assisted a manufacturing company with assessing legal compliance obligations in connection with an employee's access to company data.
  • Energy provider obtains counsel on newly enacted state data breach notification lawsJones Day advised a leading energy provider on newly enacted state data breach notification laws in the wake of stalled efforts in Congress to enact a national data breach notification law.
  • Kyocera obtains stay of EDTX lawsuit accusing its camera phones of patent infringementAfter obtaining a stay of a patent infringement lawsuit against Kyocera Communications, Inc. based upon pending inter partes reviews of the two asserted patents, Jones Day subsequently secured a dismissal of the lawsuit.
  • Global private equity firm seeks cybersecurity advice concerning portfolio companyJones Day advised a global private equity firm in a potential breach response scenario involving a portfolio company, which included interfacing with law enforcement and other constituents, and monitoring and reporting on the results of an internal cybersecurity investigation.
  • Global manufacturing company conducts internal investigation into employee's potential violation of Computer Fraud & Abuse ActJones Day counseled a global manufacturing company in the internal investigation of an employee's potential violation of the Computer Fraud & Abuse Act.
  • Confidential client responds to third-party data security breach incidentJones Day assisted a confidential energy utility client with responding to a third-party data security breach incident and advised the client on appropriate individual and state attorney general notifications.
  • Online retailer seeks advice on unauthorized access compromising consumer dataJones Day represented an online retailer regarding unauthorized access to consumer data, including coordination of forensic investigation, notice to credit card companies and insurers, and nationwide breach notification.
  • Corporate service provider seeks advice on potential compromise of payroll and benefits dataJones Day represented a corporate service provider in the investigation of a data security compromise involving coordination with Secret Service, a computer forensics firm, and other interested parties to determine the extent of the breach and the appropriate response.
  • AMS-IX advised in creating corporate and operational structure to launch U.S. AMX-IX Internet exchangeJones Day advised AMS-IX BV in creating a corporate and operational structure to launch AMS-IX Internet exchange in the U.S.
    • View All

    July 2020 Commentaries

    No Search Warrant Required for Records of Bitcoin Transactions, the Fifth Circuit Holds

    JUNE 2020 Alerts

    Enhanced Focus on the "S" in ESG Investing

    April 2020 Newsletters

    Jones Day Global Privacy & Cybersecurity Update | Vol. 25

    March 2020 Alerts

    Coronavirus and Remote Work Heighten Cybersecurity Risks

    March 2020 Videos

    JONES DAY PRESENTS®: Is there a "P" in ESG? Where does privacy fit in?

    February 2020 Alerts

    SEC Releases Cybersecurity Observations and Guidance

    January 2020 Alerts

    Bank Regulators Issue Joint Statement on Heightened Cybersecurity Risk

    January 2020 Newsletters

    Jones Day Global Privacy & Cybersecurity Update | Vol. 24

    August 2019 Newsletters

    Jones Day Global Privacy & Cybersecurity Update | Vol. 23

    August 2019 Alerts

    Whistleblower Receives First False Claims Act Payout for Cybersecurity Claim
    View All

    Additional Publications

    • June 2016
      Beware the Potential Move from Inapplicable Cybersecurity Standards to an Applicable Standard of Care, Texas Lawyer
    • August 2015
      The Legal Cybersecurity Landscape for Pipeline Companies, Energy Litigation, American Bar Association Section of Litigation
    • January 2015
      If 2014 Was the Year of the Data Breach, Brace for More, Forbes
    • December 2014
      How California is Addressing Cross-Device Tracking, Edelman Blog, Cybersecutity Series
    • Fall 2014
      Class Action Suits in the Data Breach Context, Class Actions & Derivative Suits, American Bar Association Litigation Section, Vol.25, No.1
    • November 2014
      Shellshock, the Perfect 10 Exploit: Easy to Use, Devastating Impact, Cyberspace Lawyer, Thomson Reuters
    • October 2014
      Practical Considerations in Developing a Cyber Incident Response and Compliance Program, Chapter 16, Corporate Law and Practice, Corporate Counsel Institute 2014, Practicing Law Institute
    • May 2014
      Report On Big Data Hints Toward Global Interoperability, Law 360
    • November 4, 2013
      Beware the Legal Risks of Web Scraping, In-House Texas, A Publication of Texas Lawyer

    Speaking Engagements

    • April 10, 2019
      Cybercrime, Cryptocurrency, and ICOs, Texas Bar CLE
    • March 7, 2019
      Data Breach Response – The First 72 Hours, presenter, Jones Day CLE
    • February 14, 2019
      Data Privacy—A Discussion of Law and Policy, Federalist Society, Notre Dame Law School
    • February 11, 2019
      Handling a Cybersecurity Investigation: An Interactive Tabletop Exercise Led by a Regulator, a Lawyer, and a Security Expert, Utilities & Energy Compliance & Ethics Conference, SCCE
    • February 7, 2019
      Evening Conversation on Privacy, Science & Technology Section, Dallas Bar Association
    • February 7, 2019
      Evening Conversation on Privacy, Science & Technology Section, Dallas Bar Association
    • January 28, 2019
      Strategic Breach Preparation and Response in 2019, Jones Day CLE Academy
    • January 28, 2019
      Strategic Breach Preparation and Response in 2019, Jones Day CLE Academy
    • January 16, 2019
      Blockchain Technology, Security, and Privacy, ABA Science and Technology Section
    • November 6, 2018
      Identity and Access Management, CISO Executive Network
    • November 5, 2018
      Pizza & Privacy, American Constitution Society, SMU Dedman School of Law
    • October 24, 2018
      Cybersecurity and the Impact on SEC Filings and Compliance, Dallas Bar Association Securities Law Section
    • October 18, 2018
      General Data Protection Regulation "GDPR": Seeking or Supplying Information to or from the EU or EEA After May 25, 2018. Eastern District of Texas 2018 Bench Bar Conference
    • October 2, 2018
      Data-Centric Security, CISO Executive Network
    • September 28, 2018
      Handling a Cybersecurity Investigation: An Interactive Tabletop Exercise led by a Regulator, a Lawyer, and a Security Expert, Dallas Regional Compliance & Ethics Conference, Society of Corporate Compliance and Ethics
    • September 18, 2018
      Cybersecurity: The Latest Strategies for Responding to Ransomware and Other Cybersecurity Incidents, 5th Annual Government Enforcement Institute
    • September 10, 2018
      41st Annual Southwest Securities Conference
    • July 25, 2018
      2018 Essential Cybersecurity Law Conference
    • May 15, 2018
      Security Innovation, 2018 Dallas Breakfast Roundtable, CISO Executive Network
    • April 18, 2018
      Tabletop Exercise: A Breach … Now What?, 2nd Annual Cybersecurity and Data Privacy Law Conference
    • April 12, 2018
      A Gloves Off Discovery Fight, 2nd Annual Cybersecurity and Data Privacy Law Conference
    • March 2, 2018
      Security Visibility, Monitoring & Incident Response, CISO Executive Network
    • December 4, 2017
      Protecting PII—Balancing Data Security and Global Privacy Laws, cyberSecure
    • October 25, 2017
      Access Management, CISO Executive Network
    • October 18, 2017
      Handling a Cybersecurity Investigation: A Discussion with a Regulator, a Lawyer, and a Security Expert, The Society of Corporate Compliance & Ethics 16th Annual Compliance & Ethics Institute
    • October 6, 2017
      Industrial Security and Privacy—ICS/SCADA Threats, Laws, and Risk Mitigation, Privacy + Security
    • September 2017
      Security Visibility & Incident Response, Dallas Chapter Breakfast Roundtable, CISO Executive Network
    • August 29, 2017
      Anti-Counterfeiting and The Global Marketplace: How to Protect and Enforce IP While Expanding Trade
    • July 28, 2017
      Cybersecurity Regulation and Enforcement, 2017 Essential Cybersecurity Law, The University of Texas School of Law
    • July 27, 2017
      Cybersecurity, National Compliance Outreach for Broker-Dealers, Securities and Exchange Commission, Financial Industry Regulatory Authority
    • June 12-13, 2017
      Cybersecurity--Handling a Crisis, Symposium on International Law and Global Markets, Institute for Law and Technology
    • June 2, 2017
      Cyber Security Primer, Plano Bar Association
    • May 22, 2017
      The Privacy/Security Legal Risks of Connected Vehicles, Dallas Bar Association, Science & Technology Committee
    • May 2, 2017
      Lone Star Strategies for IP in China—What Texas Companies Need to Know Now, Texas Regional United States Patent and Trademark Office
    • April 20, 2017
      IAPP Global Privacy Summit
    • March 31, 2017
      Data Breaches: Working with Federal Authorities, Third Annual Health Care Cyber Security Symposium, North Texas Crime Commission
    • January 26, 2017
      Working with Law Enforcement and Government Agencies, Cybersecurity and Data Privacy Law Conference, Institute for Law and Technology
    • June 22, 2016
      The State of Cybersecurity: The Latest Threats, Legal Landscape, and Risk Mitigation Techniques, Business Navigators
    • June 9, 2016
      Tales from the Cybersecurity Front: How to Protect Your Company, Employees, and Customers When Data Has Been Hacked, Lost, Stolen, or Disposed of Improperly, Jones Day University
    • June 8, 2016
      Telecommunications Industry Association 2016: Network of the Future Conference
    • June 7, 2016
      2016 Compliance Outreach Program for Broker-Dealers, U.S. Securities & Exchange Commission and Financial Industry Regulatory Authority
    • May 12, 2016
      FFIEC Cybersecurity Assessment Tool Deep Dive Workshop, Mortgage Bankers Association
    • May 3, 2016
      Practical Tips to Avoid Cyber Risks and Understand the Legal Liability of "Smart Devices," Science & Technology Section, American Bar Association
    • February 25, 2016
      2016 Executive Roundtable Series – The 3 a.m. Issue: From Data Breaches to Hurricanes, Legal Strategies for Protecting Your Company by Preparing for, Insuring Against, and Responding to Catastrophic Risks
    • February 22, 2016
      Legal Cybersecurity Landscape for Oil & Gas Companies: The Potential Coalescence of Best Practices into an Applicable Standard of Care, Utilities & Energy Compliance & Ethics Conference, Society of Corporate Compliance & Ethics
    • February 11-12, 2016
      38th Annual Conference on Securities and Business Law
    • January 25, 2016
      Cybersecurity Law Primer: An Introduction to the Game, the Players, and the Rules, Cybersecurity and Data Privacy Law Conference, Institute for Law and Technology
    • December 11, 2015
      Doing More With Less - Preventing & Managing Digital and Financial Fraud in a Down Commodities Market
    • November 20, 2015
      FTC v. Wyndham Worldwide Corporation: FTC Oversight of Data Security, International Association of Privacy Professionals (IAPP) KnowledgeNet
    • October 27, 2015
      The New Smoking Gun: Maximizing the Recovery and Evidentiary Value of Text Massages in the Face of Privacy and Discovery Concerns, American Law Institute
    • October 23, 2015
      The Potential Coalescence of Voluntary Cybersecurity Standards and Best Practices into an Applicable Standard of Care, Cyber-Security Symposium, SMU Science & Technology Law Review
    • October 1-2, 2015
      ABA 10th Annual National Institute on Securities Fraud
    • June 18, 2015
      Information and Cyber Governance, Data Analytics and Privacy Briefing, Sandpiper Partners LLC
    • June 9, 2015
      Breach Preparedness and Response: Beyond Rules and Regulations - Best Practices for Responding to Real-World Data Breaches, Mortgage Bankers Association
    • June 4-5, 2015
      Cybersecurity and Data Breaches, SEC Conference 2015: An Accounting & Reporting Update for Public Companies, Center for Professional Education, Inc.
    • May 4, 2015
      Legal Responses, Liability Issues, Jurisdiction, panelist, Health Care Cyber Security Summit, North Texas Crime Commission
    • May 3-6, 2015
      Technological Developments Including in Data Security and Privacy, Legal Issues & Regulatory Compliance Conference 2015, Mortgage Bankers Association
    • April 27, 2015
      Cybersecurity: Effectively Dealing with Today's New International Risks & Threats, International Accounting Operations Conference, Center for Professional Education, Inc.
    • November 2014
      So, Do We Just Treat the Symptoms, or Can We Cure the Disease?, Health Care Cyber Security Symposium, North Texas Crime Commission
    • October 2014
      Cybersecurity: Why Do I Need It? How Do I Get It?, Dallas Bar Association's Bench Bar Conference
    • October 2014
      Walking the Straight and Narrow: Strategies to Comply with State, Federal, and International Privacy Laws, First Annual North Texas Crime Commission's Cyber Crime Summit
    • October 2014
      Cyber Crime and Surveillance: Thoughts from a Former Prosecutor, Information Security Summit
    • September 24, 2014
      Updates Every Corporate Counsel Should Know, State Bar of Texas: Corporate Counsel Section
    • September 2014
      A Focus on the Cyber Threat, the Legal Landscape, and the Effective In-House Response, The General Counsel forum
    • August 2014
      The Cybercrime Landscape: Thoughts on the Latest Threats, Legal Obligations, and Potential Liabilities, Dallas Bar Association Computer Law Section
    • April 1, 2014
      The Cybercrime Landscape: Thoughts on the Latest Threats, Legal Obligations, and Potential Liabilities, Dallas Bar Association Corporate Counsel Section
    • February 18, 2014
      The IP Crime Landscape and Other Random Thoughts from a Former Prosecutor, Indiana University Maurer School of Law
    • November 7, 2013
      Cyber Security and Data Privacy, 21st Annual Texas Minority Counsel Program
    • October 29, 2013
      Impacts of Cybercrime and Activities, Cyber Security Conference: Risks, Consequences and Education, The Cyber Security Research and Education Institute at The University of Texas at Dallas and the North Texas Crime Commission
    • October 25, 2013
      The Cybercrime Landscape: Thoughts from a Former Prosecutor on the Latest Threats, Prosecutions, and Legal Hot Spots, 11th Annual Information Security Summit 2013
    • October 2013
      Cybercrime: Thoughts from the Field, CEO Netweavers Dallas-Fort Worth Chapter Monthly Meeting
    • June 2013
      Cybercrime & Incident Round Table, The America’s Future Series, Cyber Security Summit
    • May 2013
      How to Obtain Electronic Evidence, 2013 North Texas International Association of Financial Crimes Investigators Annual Conference
    • March 2013
      How to Obtain Electronic Evidence, Social Media Exploitation Training for Law Enforcement, U.S. Attorney’s Office, Eastern District of Texas
    • March 2013
      How to Obtain Electronic Evidence, Social Media Exploitation Training for Law Enforcement, U.S. Attorney’s Office, Eastern District of Texas
    • January 2013
      Cybercrime in North Texas: A Panel Discussion, Dallas Bar Association, Computer Law Section
    • August/September 2012
      Financial Crimes & Investigations Seminar, U.S. Department of State
    • August 2012
      Prosecuting Intellectual Property Right Violations, National Intellectual Property Rights Enforcement Center
    • June 2012
      Press Conference on the Protection of Intellectual Property Rights in North Texas, North Texas Crime Commission, Cybercrime Committee
    • June 2012
      Intellectual Property Rights Cases from a Prosecutor’s Perspective, North Texas Crime Commission, Cybercrime Committee
    • January 2012
      Financial Crimes & Investigations Seminar, Department of Justice, Office of Overseas Prosecutorial Development, Assistance and Training
    • January 2012
      Financial Crimes & Investigations Seminar, Department of Justice, Office of Overseas Prosecutorial Development, Assistance and Training
    • November 2010
      Honey, Call the Post Office! and other Random Musings from an AUSA, United States Postal Inspection Service Mail Theft Summit
    • October 2008
      Hot Topics in Patent Law: Up-to-the-Minute Developments in the Courts, the Agencies & Congress, Patent Resources Group, Inc.
    • June 2008
      U.S. Patent Law, a Changing Landscape, National Academies’ Committee on Science, Technology, and Law
    • April 2008
      Hot Topics in Patent Law: Up-to-the-Minute Developments in the Courts, the Agencies & Congress, Patent Resources Group, Inc.
    We use cookies to deliver our online services. Details of the cookies and other tracking technologies we use and instructions on how to disable them are set out in our Cookies Policy. By using this website you consent to our use of cookies.

    Before sending, please note:

    Information on www.jonesday.com is for general use and is not legal advice. The mailing of this email is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Anything that you send to anyone at our Firm will not be confidential or privileged unless we have agreed to represent you. If you send this email, you confirm that you have read and understand this notice.