Jay Johnson is an authority on data privacy, cybersecurity, and related white collar issues. He is a former federal prosecutor with 18 years of government and law firm experience leading investigations, counseling on regulatory compliance, and handling litigation in a first-chair capacity. He now conducts security-related internal investigations, leads data breach response teams, and counsels on data protection measures and compliance with privacy laws and standards to minimize potential exposure.
At the U.S. Attorney's Office, Jay was the district-wide coordinator for computer hacking and intellectual property. In that capacity he guided the district's preparation for and response to cyber and IP crime and counseled prosecutors on collecting electronic evidence. He also led numerous trial and investigations teams involving fraud, identity theft, and other federal crimes, and he received the Justice Department's Director's Award for Superior Performance as lead trial counsel in the prosecution of a large-scale mortgage fraud scheme. Jay also traveled to Bosnia and Herzegovina, Macedonia, and Croatia to train local judges and law enforcement personnel on effective investigation techniques.
Jay co-founded the Firm's Global Privacy & Cybersecurity Update, a bi-monthly publication produced by a global attorney team. He is an adjunct faculty member at the SMU Dedman School of Law where he developed and teaches the school's flagship class on data privacy and cybersecurity law. He also serves on the Leadership Council of the ABA's SciTech Section and chairs the board of directors for the Boys & Girls Clubs of Greater Dallas.
Experience
Additional Publications
- June 2016
Beware the Potential Move from Inapplicable Cybersecurity Standards to an Applicable Standard of Care, Texas Lawyer - August 2015
The Legal Cybersecurity Landscape for Pipeline Companies, Energy Litigation, American Bar Association Section of Litigation - January 2015
If 2014 Was the Year of the Data Breach, Brace for More, Forbes - December 2014
How California is Addressing Cross-Device Tracking, Edelman Blog, Cybersecutity Series - Fall 2014
Class Action Suits in the Data Breach Context, Class Actions & Derivative Suits, American Bar Association Litigation Section, Vol.25, No.1 - November 2014
Shellshock, the Perfect 10 Exploit: Easy to Use, Devastating Impact, Cyberspace Lawyer, Thomson Reuters - October 2014
Practical Considerations in Developing a Cyber Incident Response and Compliance Program, Chapter 16, Corporate Law and Practice, Corporate Counsel Institute 2014, Practicing Law Institute - May 2014
Report On Big Data Hints Toward Global Interoperability, Law 360 - November 4, 2013
Beware the Legal Risks of Web Scraping, In-House Texas, A Publication of Texas Lawyer
Speaking Engagements
- April 10, 2019
Cybercrime, Cryptocurrency, and ICOs, Texas Bar CLE - March 7, 2019
Data Breach Response – The First 72 Hours, presenter, Jones Day CLE - February 14, 2019
Data Privacy—A Discussion of Law and Policy, Federalist Society, Notre Dame Law School - February 11, 2019
Handling a Cybersecurity Investigation: An Interactive Tabletop Exercise Led by a Regulator, a Lawyer, and a Security Expert, Utilities & Energy Compliance & Ethics Conference, SCCE - February 7, 2019
Evening Conversation on Privacy, Science & Technology Section, Dallas Bar Association - February 7, 2019
Evening Conversation on Privacy, Science & Technology Section, Dallas Bar Association - January 28, 2019
Strategic Breach Preparation and Response in 2019, Jones Day CLE Academy - January 28, 2019
Strategic Breach Preparation and Response in 2019, Jones Day CLE Academy - January 16, 2019
Blockchain Technology, Security, and Privacy, ABA Science and Technology Section - November 6, 2018
Identity and Access Management, CISO Executive Network - November 5, 2018
Pizza & Privacy, American Constitution Society, SMU Dedman School of Law - October 24, 2018
Cybersecurity and the Impact on SEC Filings and Compliance, Dallas Bar Association Securities Law Section - October 18, 2018
General Data Protection Regulation "GDPR": Seeking or Supplying Information to or from the EU or EEA After May 25, 2018. Eastern District of Texas 2018 Bench Bar Conference - October 2, 2018
Data-Centric Security, CISO Executive Network - September 28, 2018
Handling a Cybersecurity Investigation: An Interactive Tabletop Exercise led by a Regulator, a Lawyer, and a Security Expert, Dallas Regional Compliance & Ethics Conference, Society of Corporate Compliance and Ethics - September 18, 2018
Cybersecurity: The Latest Strategies for Responding to Ransomware and Other Cybersecurity Incidents, 5th Annual Government Enforcement Institute - September 10, 2018
41st Annual Southwest Securities Conference - July 25, 2018
2018 Essential Cybersecurity Law Conference - May 15, 2018
Security Innovation, 2018 Dallas Breakfast Roundtable, CISO Executive Network - April 18, 2018
Tabletop Exercise: A Breach … Now What?, 2nd Annual Cybersecurity and Data Privacy Law Conference - April 12, 2018
A Gloves Off Discovery Fight, 2nd Annual Cybersecurity and Data Privacy Law Conference - March 2, 2018
Security Visibility, Monitoring & Incident Response, CISO Executive Network - December 4, 2017
Protecting PII—Balancing Data Security and Global Privacy Laws, cyberSecure - October 25, 2017
Access Management, CISO Executive Network - October 18, 2017
Handling a Cybersecurity Investigation: A Discussion with a Regulator, a Lawyer, and a Security Expert, The Society of Corporate Compliance & Ethics 16th Annual Compliance & Ethics Institute - October 6, 2017
Industrial Security and Privacy—ICS/SCADA Threats, Laws, and Risk Mitigation, Privacy + Security - September 2017
Security Visibility & Incident Response, Dallas Chapter Breakfast Roundtable, CISO Executive Network - August 29, 2017
Anti-Counterfeiting and The Global Marketplace: How to Protect and Enforce IP While Expanding Trade - July 28, 2017
Cybersecurity Regulation and Enforcement, 2017 Essential Cybersecurity Law, The University of Texas School of Law - July 27, 2017
Cybersecurity, National Compliance Outreach for Broker-Dealers, Securities and Exchange Commission, Financial Industry Regulatory Authority - June 12-13, 2017
Cybersecurity--Handling a Crisis, Symposium on International Law and Global Markets, Institute for Law and Technology - June 2, 2017
Cyber Security Primer, Plano Bar Association - May 22, 2017
The Privacy/Security Legal Risks of Connected Vehicles, Dallas Bar Association, Science & Technology Committee - May 2, 2017
Lone Star Strategies for IP in China—What Texas Companies Need to Know Now, Texas Regional United States Patent and Trademark Office - April 20, 2017
IAPP Global Privacy Summit - March 31, 2017
Data Breaches: Working with Federal Authorities, Third Annual Health Care Cyber Security Symposium, North Texas Crime Commission - January 26, 2017
Working with Law Enforcement and Government Agencies, Cybersecurity and Data Privacy Law Conference, Institute for Law and Technology - June 22, 2016
The State of Cybersecurity: The Latest Threats, Legal Landscape, and Risk Mitigation Techniques, Business Navigators - June 9, 2016
Tales from the Cybersecurity Front: How to Protect Your Company, Employees, and Customers When Data Has Been Hacked, Lost, Stolen, or Disposed of Improperly, Jones Day University - June 8, 2016
Telecommunications Industry Association 2016: Network of the Future Conference - June 7, 2016
2016 Compliance Outreach Program for Broker-Dealers, U.S. Securities & Exchange Commission and Financial Industry Regulatory Authority - May 12, 2016
FFIEC Cybersecurity Assessment Tool Deep Dive Workshop, Mortgage Bankers Association - May 3, 2016
Practical Tips to Avoid Cyber Risks and Understand the Legal Liability of "Smart Devices," Science & Technology Section, American Bar Association - February 25, 2016
2016 Executive Roundtable Series – The 3 a.m. Issue: From Data Breaches to Hurricanes, Legal Strategies for Protecting Your Company by Preparing for, Insuring Against, and Responding to Catastrophic Risks - February 22, 2016
Legal Cybersecurity Landscape for Oil & Gas Companies: The Potential Coalescence of Best Practices into an Applicable Standard of Care, Utilities & Energy Compliance & Ethics Conference, Society of Corporate Compliance & Ethics - February 11-12, 2016
38th Annual Conference on Securities and Business Law - January 25, 2016
Cybersecurity Law Primer: An Introduction to the Game, the Players, and the Rules, Cybersecurity and Data Privacy Law Conference, Institute for Law and Technology - December 11, 2015
Doing More With Less - Preventing & Managing Digital and Financial Fraud in a Down Commodities Market - November 20, 2015
FTC v. Wyndham Worldwide Corporation: FTC Oversight of Data Security, International Association of Privacy Professionals (IAPP) KnowledgeNet - October 27, 2015
The New Smoking Gun: Maximizing the Recovery and Evidentiary Value of Text Massages in the Face of Privacy and Discovery Concerns, American Law Institute - October 23, 2015
The Potential Coalescence of Voluntary Cybersecurity Standards and Best Practices into an Applicable Standard of Care, Cyber-Security Symposium, SMU Science & Technology Law Review - October 1-2, 2015
ABA 10th Annual National Institute on Securities Fraud - June 18, 2015
Information and Cyber Governance, Data Analytics and Privacy Briefing, Sandpiper Partners LLC - June 9, 2015
Breach Preparedness and Response: Beyond Rules and Regulations - Best Practices for Responding to Real-World Data Breaches, Mortgage Bankers Association - June 4-5, 2015
Cybersecurity and Data Breaches, SEC Conference 2015: An Accounting & Reporting Update for Public Companies, Center for Professional Education, Inc. - May 4, 2015
Legal Responses, Liability Issues, Jurisdiction, panelist, Health Care Cyber Security Summit, North Texas Crime Commission - May 3-6, 2015
Technological Developments Including in Data Security and Privacy, Legal Issues & Regulatory Compliance Conference 2015, Mortgage Bankers Association - April 27, 2015
Cybersecurity: Effectively Dealing with Today's New International Risks & Threats, International Accounting Operations Conference, Center for Professional Education, Inc. - November 2014
So, Do We Just Treat the Symptoms, or Can We Cure the Disease?, Health Care Cyber Security Symposium, North Texas Crime Commission - October 2014
Cybersecurity: Why Do I Need It? How Do I Get It?, Dallas Bar Association's Bench Bar Conference - October 2014
Walking the Straight and Narrow: Strategies to Comply with State, Federal, and International Privacy Laws, First Annual North Texas Crime Commission's Cyber Crime Summit - October 2014
Cyber Crime and Surveillance: Thoughts from a Former Prosecutor, Information Security Summit - September 24, 2014
Updates Every Corporate Counsel Should Know, State Bar of Texas: Corporate Counsel Section - September 2014
A Focus on the Cyber Threat, the Legal Landscape, and the Effective In-House Response, The General Counsel forum - August 2014
The Cybercrime Landscape: Thoughts on the Latest Threats, Legal Obligations, and Potential Liabilities, Dallas Bar Association Computer Law Section - April 1, 2014
The Cybercrime Landscape: Thoughts on the Latest Threats, Legal Obligations, and Potential Liabilities, Dallas Bar Association Corporate Counsel Section - February 18, 2014
The IP Crime Landscape and Other Random Thoughts from a Former Prosecutor, Indiana University Maurer School of Law - November 7, 2013
Cyber Security and Data Privacy, 21st Annual Texas Minority Counsel Program - October 29, 2013
Impacts of Cybercrime and Activities, Cyber Security Conference: Risks, Consequences and Education, The Cyber Security Research and Education Institute at The University of Texas at Dallas and the North Texas Crime Commission - October 25, 2013
The Cybercrime Landscape: Thoughts from a Former Prosecutor on the Latest Threats, Prosecutions, and Legal Hot Spots, 11th Annual Information Security Summit 2013 - October 2013
Cybercrime: Thoughts from the Field, CEO Netweavers Dallas-Fort Worth Chapter Monthly Meeting - June 2013
Cybercrime & Incident Round Table, The America’s Future Series, Cyber Security Summit - May 2013
How to Obtain Electronic Evidence, 2013 North Texas International Association of Financial Crimes Investigators Annual Conference - March 2013
How to Obtain Electronic Evidence, Social Media Exploitation Training for Law Enforcement, U.S. Attorney’s Office, Eastern District of Texas - March 2013
How to Obtain Electronic Evidence, Social Media Exploitation Training for Law Enforcement, U.S. Attorney’s Office, Eastern District of Texas - January 2013
Cybercrime in North Texas: A Panel Discussion, Dallas Bar Association, Computer Law Section - August/September 2012
Financial Crimes & Investigations Seminar, U.S. Department of State - August 2012
Prosecuting Intellectual Property Right Violations, National Intellectual Property Rights Enforcement Center - June 2012
Press Conference on the Protection of Intellectual Property Rights in North Texas, North Texas Crime Commission, Cybercrime Committee - June 2012
Intellectual Property Rights Cases from a Prosecutor’s Perspective, North Texas Crime Commission, Cybercrime Committee - January 2012
Financial Crimes & Investigations Seminar, Department of Justice, Office of Overseas Prosecutorial Development, Assistance and Training - January 2012
Financial Crimes & Investigations Seminar, Department of Justice, Office of Overseas Prosecutorial Development, Assistance and Training - November 2010
Honey, Call the Post Office! and other Random Musings from an AUSA, United States Postal Inspection Service Mail Theft Summit - October 2008
Hot Topics in Patent Law: Up-to-the-Minute Developments in the Courts, the Agencies & Congress, Patent Resources Group, Inc. - June 2008
U.S. Patent Law, a Changing Landscape, National Academies’ Committee on Science, Technology, and Law - April 2008
Hot Topics in Patent Law: Up-to-the-Minute Developments in the Courts, the Agencies & Congress, Patent Resources Group, Inc.
- University of Iowa (J.D. with high distinction 2002; Editor, Law Review); Kansas State University (B.S. in Mechanical Engineering with honors 1999; Elected outstanding senior in mechanical engineering by faculty)
- Texas, District of Columbia, U.S. Courts of Appeals for the Fifth and Federal Circuits, U.S. District Courts for the Eastern and Northern Districts of Texas, and registered to practice before the U.S. Patent and Trademark Office
- Assistant U.S. Attorney, Eastern District of Texas (2009-2013)
Recommended by Legal 500 US (2020) for intellectual property/trade secrets
Selected by D Magazine in 2016, 2017, and 2019 for "Best Lawyers in Dallas" in digital information law
Recipient of the 2013 Director's Award for Superior Performance as an Assistant U.S. Attorney — Criminal from the Department of Justice
Nominated for the 2011 Attorney General's Award for Outstanding Contributions by a New Employee
- Law Clerk to: Judge Raymond C. Clevenger III, U.S. Court of Appeals, Federal Circuit (2004-2005) and Judge Monti L. Belot, U.S. District Court, District of Kansas (2002-2004)