Elimu Kajunju

Mr. Kajunju is one of the premier privacy and cybersecurity lawyers in the world. He has over 25 years of experience handling privacy, cybersecurity and technology matters. As a former security engineer, business owner and corporate executive, he has a strong appreciation of the complexity of the intersection of technology, business objectives and the law. He has been relied upon to navigate complexity by some of the world’s largest and most innovative companies, including Google, Honeywell and McKesson.

Mr. Kajunju’s practice spans the following key areas:

• Privacy:
  • Agreements (BAAs, DPAs, SCCs, etc.) drafting and negotiation
  • Application and implication of artificial intelligence, Internet of Things, facial recognition, biometrics, data mining and other emerging technologies and innovation
  • Compliance with regulatory requirements and standards, including BIPA, CAN-SPAM, COPPA, ePrivacy Directive, EU and UK GDPR, FCRA, FERPA, GLBA, HIPAA Privacy & Breach Notification, TCPA, etc.
  • Cookie notices, policies and practices
  • Data acquisition, data rights and data use strategies
  • Due diligence for Mergers and Acquisitions and post M&A integration
  • Governance, risk and compliance
  • Incident/breach preparedness, investigation, response, communication and remediation
  • Legislative monitoring, assessment and analysis
  • Program review and assessment
  • Training and awareness programs
  • Privacy-by-design program design, documentation and implementation
  • Product privacy reviews
  • Regulatory filings, response and communication
  • State privacy laws (California, Colorado, Connecticut, Utah, Virginia, etc.)
  • Workplace privacy

• Security:
  • Agreements (DPAs, Security Addendum, etc.) drafting and negotiation
  • Application and implication of artificial intelligence, Internet of Things, facial recognition, biometrics, data mining and other emerging technologies and innovation
  • Compliance with regulatory requirements and standards, including CMMC 2.0, CRA, DORA, FASCSA, HIPAA Security, NIS 2 Directive, PCI DSS, RED, etc.
  • Cyber insurance evaluation and negotiation
  • Due diligence for Mergers and Acquisitions and post M&A integration
  • External statements and messaging relating to the organization’s security posture and compliance
  • Governance, risk and compliance
  • Incident/breach preparedness, investigation, response, communication and remediation
  • Legislative monitoring, assessment and analysis
  • Materiality assessments for incident notification
  • Physical security, surveillance, monitoring, personnel security and other matters related to the security of facilities, equipment and people
  • Privileged investigations, assessments and penetration tests
  • Program review and assessment
  • Regulatory filings, response and communication
  • Training and awareness programs
  • Security-by-design program design, documentation and implementation
  • Security exception, concessions, deviations and compensating controls review
  • State security laws
  • Vulnerability management program components, including bug bounty programs, vulnerability notifications, security advisories, fix prioritization, etc.

• Technology:
  • AI governance program design and implementation
  • Compliance with regulatory requirements and standards, including EU AI Act, EU Data Act, etc.
  • Cross-border transfer issues
  • Data localization strategies and compliance
  • Legislative monitoring, assessment and analysis
  • Product compliance for digital products
  • Records management programs