Ashley Pusey

Associate | New York, United States
Get in touch

Profile

Education

  • Massachusetts Institute of Technology, Professional Certification in Cybersecurity, 2023
  • Maurice A. Deane School of Law at Hofstra University, JD, 2020
  • Fashion Law Institute at Fordham Law, Certification, 2018
  • Ithaca College, BS (cum laude), 2015

Ashley is an associate in the New York office and advises clients across industries on cyber incident response, privacy compliance and AI governance. She leads complex breach investigations and manages regulatory engagements across the US, EMEA, LATAM and APAC. Her work often involves coordination with agencies such as the Office for Civil Rights (OCR), particularly in matters involving HIPAA, the GLBA Safeguards Rule and other rapidly evolving regulatory frameworks.

With a forward-looking approach to innovation, Ashley also counsels companies on the ethical and operational risks of AI and emerging technologies. She helps clients operationalize responsible tech—whether launching generative AI tools, adapting to regulatory change or building consumer trust in data-driven markets.

Ashley’s passion for AI and data privacy was sparked not in a server room, but on the runway. While exploring how smart fabrics and wearable technologies were reshaping the fashion industry, she became deeply curious about the legal and ethical questions those innovations posed. That curiosity quickly evolved into a dynamic career at the intersection of emerging technology, global privacy regulation, and cybersecurity.

Prior to joining Kennedys, Ashley served as a virtual Chief Privacy Officer, where she helped organizations design and implement global privacy programs, assess regulatory risk and align compliance efforts with business and technology strategies. She regularly advised clients on vendor procurement, privacy-by-design and operationalizing compliance frameworks like the GDPR, CCPA and HIPAA.

Ashley holds multiple designations from the International Association of Privacy Professionals (IAPP), including CIPP/US, CIPP/E and CIPM, and is recognized as a Fellow of Information Privacy (FIP). She also holds certifications in Cybersecurity from MIT Professional Education, Artificial Intelligence from the Center for AI and Digital Policy and Fashion Law from the Fashion Law Institute—merging creative insight with regulatory depth.

At her core, Ashley is committed to building trustworthy, human-centered systems—and to shaping a future where innovation is guided by integrity, transparency and equity.

Certifications:

  • Fellow of Information Privacy (FIP), IAPP
  • CIPP/US, IAPP
  • CIPP/EU, IAPP
  • CIPM

Related articles

Article

Understanding the NAIC model AI bulletin: what it means for insurers

21/01/2025

Article

Pa.'s insurance data security law—getting ready for the second phase

26/08/2024

Article

Deepfakes, privacy and the ethics of liability

01/03/2024

View more

Qualifications and admissions

  • District of Columbia
  • New York

Work highlights

Cyber

  • Drafted and assisted clients with incident response policies and procedures
  • Advised and assisted clients with drafting and implementing information security programs under NYDFS cyber regulation 23 NYCRR 500, SHIELD ACT, GDPR, CCPA
  • Drafted and assisted clients with information security and data governance policies and procedures
  • Trained C-level executives on privacy and security best practices
  • Trained insurance company on privacy and security best practices

Privacy

  • Advised and assisted clients with drafting and implementing data privacy programs across multiple jurisdictions (e.g., PIPEDA, GDPR, JDPA, CCPA)
  • Drafted privacy notices for clients across different sectors
  • Drafted data processing agreements for clients
  • Advised and helped prepare international transfer impact assessment for internal cross-border data transfers
  • Advised and strategized with clients on processes and procedures for vendor risk management and due diligence

AI & Data Ethics

  • Drafted and assisted clients with AI acceptable use policy and procedures
  • Provide guidance and strategic planning on vendor due diligence, incorporating AI data ethics assessments into the technology procurement processes.

Presentations and publications

  • “Trustworthy AI: Ensuring privacy and security in AI transformation,” presented at ALM Legal Week (March 2025)
  • “AI regulation in the US and how AI influenced the US elections,” presented for the Digital Education Institute (November 2024)
  • “Cybersecurity: Are you really protected?” presented at the Subcontractors Trade Association (September 2024)
  • Co-author, “Pa.'s Insurance Data Security Law – Getting ready for the second phase,” published for Legal Intelligencer (August 2024)
  • "Legal considerations for social media success," presented at the Social Media Association Social Media Workshop (June 2024)
  • “Innovations in Fashion Law: AI and Digital Design Rights,” presented at the Fashion Law Institute Fashion Law Conference (April 2024)
  • Co-author, “Artificial intelligence and the law: Deepfakes, privacy and the ethics of liability,” published for the New York Law Journal (March 2024)
  • “Navigating the future of privacy & compliance in the age of AI,” In-House client training (February 2024)
  • Co-author, “Is AI Right for Your Company? Four Things General Counsel Should Consider,” published for Legal Intelligencer (January 2024)
  • “Data Privacy Panel,” presented at the Maureen Data Systems Cybersecurity Conference (October 2022)
  • “Global Trade Panel,” presented at the 13th Annual Symposium: Spring Florals, Fordham Fashion Law Institute (April 2023)
  • “Ethical & Privacy Considerations for AI Technology Procurement,” presented at the Maureen Data Systems Cybersecurity Conference (October 2023)

Services

Sectors