Photo of Jayne Ponder

Jayne Ponder

Jayne Ponder provides strategic advice to national and multinational companies across industries on existing and emerging data privacy, cybersecurity, and artificial intelligence laws and regulations.

Jayne’s practice focuses on helping clients launch and improve products and services that involve laws governing data privacy, artificial intelligence, sensitive data and biometrics, marketing and online advertising, connected devices, and social media. For example, Jayne regularly advises clients on the California Consumer Privacy Act, Colorado AI Act, and the developing patchwork of U.S. state data privacy and artificial intelligence laws. She advises clients on drafting consumer notices, designing consent flows and consumer choices, drafting and negotiating commercial terms, building consumer rights processes, and undertaking data protection impact assessments. In addition, she routinely partners with clients on the development of risk-based privacy and artificial intelligence governance programs that reflect the dynamic regulatory environment and incorporate practical mitigation measures.

Jayne routinely represents clients in enforcement actions brought by the Federal Trade Commission and state attorneys general, particularly in areas related to data privacy, artificial intelligence, advertising, and cybersecurity. Additionally, she helps clients to advance advocacy in rulemaking processes led by federal and state regulators on data privacy, cybersecurity, and artificial intelligence topics.

As part of her practice, Jayne also advises companies on cybersecurity incident preparedness and response, including by drafting, revising, and testing incident response plans, conducting cybersecurity gap assessments, engaging vendors, and analyzing obligations under breach notification laws following an incident.

Jayne maintains an active pro bono practice, including assisting small and nonprofit entities with data privacy topics and elder estate planning.

Contact:Read more about Jayne PonderEmail

On April 28, 2026, Maryland Governor Moore signed HB 895 (the Protection From Predatory Pricing Act) into law, which will impose limitations on the use of personalized pricing in the food retail and grocery delivery context.  The law will go into effect on October 1, 2026.  As we have detailed in prior blog posts, there has been a wave of personalized pricing proposals at the state level, and the FTC is focusing attention on pricing in the grocery sector.

Continue Reading Maryland Enacts Law on Personalized Food Pricing

The Federal Trade Commission (FTC) announced a settlement with dating app operator OkCupid and its affiliate Match Group Americas (Match), resolving allegations that the company had violated Section 5 of the FTC Act by sharing users’ personal information with a third party in a manner that was not disclosed in

Continue Reading FTC Alleges OkCupid Data Sharing Amounted to a Deceptive Practice

On April 17, 2026, the Governor of Alabama signed HB 351, Alabama Personal Data Protection Act (ALDPA), into law.  The law resembles Connecticut’s data privacy statute, but omits certain requirements, such as a data protection impact assessment.  Alabama follows  Oklahoma as the second state to enact a comprehensive privacy

Continue Reading Alabama Enacts Comprehensive Privacy Law

U.S. state lawmakers have introduced more than 40 bills across at least 24 states to regulate personalized algorithmic pricing in 2026 thus far, already outpacing the number of personalized algorithmic pricing bills introduced in all of 2025.  While their definitions and scope vary, the 2026 bills broadly refer to “personalized

Continue Reading State Lawmakers Introduce New Wave of Personalized Algorithmic Pricing Bills

On February 27, 2026, CalPrivacy and PlayOn settled a CCPA claim for $1.1 million. PlayOn is a digital ticketing platform used by schools and other organizations for ticketing, streaming, fundraising, concessions, merchandise sales, and website management. The settlement resolves allegations that PlayOn unlawfully “sold” and “shared” users’ personal information without providing sufficient opt-outs and notice, in violation of the CCPA. This marks the agency’s first enforcement action involving students’ data privacy.

Continue Reading CalPrivacy Fines PlayOn Sports for Insufficient Opt-Out Process

The Connecticut Office of the Attorney General (“OAG”) issued an updated Enforcement Report (“Enforcement Report”) under the Connecticut Data Privacy Act (“CTDPA”). The Enforcement Report discusses the OAG’s enforcement actions in 2025 and suggests some areas of focus from the regulator, summarized below.

Continue Reading Connecticut Attorney General Releases 2025 CTDPA Enforcement Report

On January 8, 2026, the California Privacy Protection Agency (“CalPrivacy”) announced an enforcement action against Rickenbacher Data LLC (d/b/a “Datamasters”), an information reseller, for failing to register as a data broker under the California Delete Act.  Datamasters agreed to pay a $45,000 administrative fine, among other remedial measures.  In November, CalPrivacy launched a Data Broker Enforcement Strike Force within its enforcement division to investigate violations of the law in the data broker industry, which builds upon a 2024 investigative sweep into data broker compliance.

Continue Reading CalPrivacy Announces $45,000 Fine Against Data Broker for Delete Act Violations

On November 21, 2025, California Attorney General Rob Bonta announced a $1.4 million settlement with Jam City, Inc. (“Jam City”), a mobile app gaming company, for alleged violations of the California Consumer Privacy Act (“CCPA”) and Unfair Competition Law (“UCL”). The Jam City settlement marks Attorney General Bonta’s sixth settlement obtained under the CCPA and reflects a continued focus on how businesses present opt-out rights mechanisms to California consumers, including minors.

Continue Reading California AG Announces $1.4 Million Settlement with Mobile App Gaming Developer Over CCPA Violations