Photo of Jess Gonzalez Valenzuela

Jess Gonzalez Valenzuela

Jess (they/them & she/her) is an associate in the firm’s Palo Alto office and is a member of the Privacy and Cybersecurity and Corporate practice groups.

Jess helps clients address complex, cutting-edge challenges to manage data privacy and cybersecurity risk, including by providing regulatory compliance advice in connection with specific business practices and assisting in responding to cybersecurity incidents. Jess also maintains an active pro bono practice.

Jess is committed to DEI efforts in the legal profession, is a member of Covington’s LGBTQ+ and Latino Affinity Groups, and is working to develop a first generation professionals network and a disability advocacy network at Covington.

Last month, the Maryland legislature passed the Maryland Online Data Privacy Act (“MODPA”). Pending Governor’s signature, Maryland will become the latest state to enact comprehensive privacy legislation, joining California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Montana, Oregon, Texas, Florida, Delaware, New Jersey, New Hampshire, Kentucky, and Nebraska.

MODPA contains unique provisions that will require careful analysis to ensure compliance, including: data minimization requirements; restrictions on the collection, sale, or transfer of sensitive data; and consumer health data-related obligations.  These unique provisions have the potential to create additional work streams even for companies who have come into compliance for existing state laws.  This blog post summarizes the statute’s key takeaways.Continue Reading The Maryland Online Data Privacy Act Set to Reshape the State Privacy Legislation Landscape with Stringent Requirements

At its March 8, 2024 meeting, the Board of the California Privacy Protection Agency (“CPPA”) moved, by a 3-2 vote, to advance proposed regulations addressing automated decision-making technology (“ADMT”) and risk assessments for the processing of personal information.  Notably, the Board’s vote only allows staff to begin paperwork preliminary to a rulemaking; it did not actually initiate the formal rulemaking process.  At the meeting, the CPPA Staff clarified that the Board will need to re-review the draft rules for ADMT, privacy risk assessments, and cyber audits and vote again to initiate the rulemaking process.  The CPPA’s General Counsel Philip Laird said he expects the Board will vote to begin the formal rulemaking process for all three topics in July 2024, at the earliest.  Once formal rulemaking begins, the Board has one year to finalize the regulations, per California’s Administrative Procedure Act.Continue Reading California Privacy Protection Agency Takes Next Step on New Automated Decision-Making Regulations and Privacy Risk Assessments