Ashley Pusey
Profile
Education
- Massachusetts Institute of Technology, Professional Certification in Cybersecurity, 2023
- Maurice A. Deane School of Law at Hofstra University, JD, 2020
- Fashion Law Institute at Fordham Law, Certification, 2018
- Ithaca College, BS (cum laude), 2015
Ashley is an associate in the New York office and focuses her practice on navigating clients through data breach and incident response, including ransomware attacks, business email compromises and employee-related events, working closely with insurers, forensics, regulators and other key stakeholders to minimize the impact and costs associated with cyber events. Ashley also advises clients on a wide array of data privacy and security, including breach response, compliance under such laws CCPA/CPRA, GDPR, PIPEDA, JDPA, LGPD, VCDPA, NYDFS, the SHIELD Act, and HIPAA.
Prior to joining Kennedys, Ashley served as a virtual Chief Privacy Officer for organizations across various sectors. Ashley has collaborated extensively with CISOs, VP of Technology, and Identity Access Management Teams, ensuring seamless alignment between security and privacy compliance programs. Her responsibilities encompassed developing, delivering, and overseeing privacy training for both internal and external stakeholders. Additionally, she has experience in developing policies and procedures around data ethics and AI technology procurement, as well as incident response.
While in law school, Ashley interned in the Department of Justice, Office of Privacy and Civil Liberties where she gained substantial experience in the privacy industry. During her time at DOJ, Ashley evaluated privacy impact assessments and system of records notices for component organization information systems to ensure compliance with privacy-related statutes, regulations, and official guidance and policies. She also researched and summarized relevant new case law for inclusion in the 2020 Edition of the Overview of the Privacy Act of 1974.
Certifications:
- Fellow of Information Privacy (FIP), IAPP
- CIPP/US, IAPP
- CIPP/EU, IAPP
- CIPM
Qualifications and admissions
- District of Columbia
- New York
Work highlights
Cyber
- Drafted and assisted clients with incident response policies and procedures
- Advised and assisted clients with drafting and implementing information security programs under NYDFS cyber regulation 23 NYCRR 500, SHIELD ACT, GDPR, CCPA
- Drafted and assisted clients with information security and data governance policies and procedures
- Trained C-level executives on privacy and security best practices
- Trained insurance company on privacy and security best practices
Privacy
- Advised and assisted clients with drafting and implementing data privacy programs across multiple jurisdictions (e.g., PIPEDA, GDPR, JDPA, CCPA)
- Drafted privacy notices for clients across different sectors
- Drafted data processing agreements for clients
- Advised and helped prepare international transfer impact assessment for internal cross-border data transfers
- Advised and strategized with clients on processes and procedures for vendor risk management and due diligence
AI & Data Ethics
- Drafted and assisted clients with AI acceptable use policy and procedures
- Provide guidance and strategic planning on vendor due diligence, incorporating AI data ethics assessments into the technology procurement processes.
Presentations and publications
- “AI regulation in the US and how AI influenced the US elections,” presented for the Digital Education Institute (November 2024)
- “Cybersecurity: Are you really protected?” presented at the Subcontractors Trade Association (September 2024)
- Co-author, “Pa.'s Insurance Data Security Law – Getting ready for the second phase,” published for Legal Intelligencer (August 2024)
- "Legal considerations for social media success," presented at the Social Media Association Social Media Workshop (June 2024)
- “Innovations in Fashion Law: AI and Digital Design Rights,” presented at the Fashion Law Institute Fashion Law Conference (April 2024)
- Co-author, “Artificial intelligence and the law: Deepfakes, privacy and the ethics of liability,” published for the New York Law Journal (March 2024)
- “Navigating the future of privacy & compliance in the age of AI,” In-House client training (February 2024)
- Co-author, “Is AI Right for Your Company? Four Things General Counsel Should Consider,” published for Legal Intelligencer (January 2024)
- “Data Privacy Panel,” presented at the Maureen Data Systems Cybersecurity Conference (October 2022)
- “Global Trade Panel,” presented at the 13th Annual Symposium: Spring Florals, Fordham Fashion Law Institute (April 2023)
- “Ethical & Privacy Considerations for AI Technology Procurement,” presented at the Maureen Data Systems Cybersecurity Conference (October 2023)