Jami Mills Vibbert

Vibbert Jami
Jami Mills Vibbert is a partner in Venable's eCommerce, Privacy, and Cybersecurity Group who advises and counsels clients on matters related to cybersecurity, data protection and privacy, and data risk management, focusing on the healthcare, life sciences, and financial industries. She advises clients on how to realize their data vision while complying with the ever-growing set of data protection requirements. Jami conducts comprehensive data security risk assessments and gap analyses, and develops and implements data risk solutions and breach prevention and incident response programs. She also assists clients in handling data security incidents and crises, including responding to regulatory investigations and inquiries and defending clients in related litigation.

Jami began her legal career at an international law firm, focusing on data security, protection, and risk management, and all aspects of complex and cross-border commercial litigation and arbitration.


Representative Matters

Cybersecurity and Data Protection Advice and Compliance

  • Represents a global medical device manufacturer with respect to HIPAA compliance and oversees HIPAA Security Risk Assessments 
  • Represents a nonprofit organization providing substance abuse and child welfare services on data protection and cybersecurity issues, including conducting an enterprise-wide cybersecurity risk assessment
  • Represents the medical device manufacturing arm of a global manufacturing company on data risk strategies and data security compliance with respect to patient-specific implants
  • Provides data protection, privacy, and cybersecurity counsel to a global medical device manufacturer with respect to a digital health application, including HIPAA and GDPR compliance
  • Represents a media content provider on privacy and data security compliance, data risk management issues, and updating privacy and security program and related documents
  • Conducts a HIPAA Security Risk Assessment for a covered entity health plan
  • Conducts data protection, privacy, and cybersecurity diligence on potential acquisitions for a global medical device manufacturer
  • Conducts data security risk assessment and addresses data security issues for an international pharmaceutical company
  • Leads the data strategy vision for a global medical device manufacturer
  • Advised an international pharmaceutical company regarding enterprise data risk, including with respect to data security, data transfer, and information governance
  • Advised a regional bank on sufficiency of data security program and related policies and procedures
  • Developed a pharmaceutical company's privacy and data security and information governance programs and assessed and advised on data risk mitigation
  • Advises a large healthcare provider on data security and data risk issues and oversees the development of its information governance program
  • Advised a global financial services company on regulatory compliance with respect to broad information governance issues, including privacy and data security concerns

Crisis Management, Regulatory Investigations, Inquiries, and Disputes

  • Represented a covered entity in an inquiry by HHS, Office for Civil Rights
  • Represents an app provider in responding to data security and privacy investigative demands by the Vermont AG 
  • Represents a technology provider an in inquiry by the Federal Trade Commission
  • Advises a global medical device manufacturer in connection with an incident response, including conducting HIPAA risk assessments and determining notification obligations
  • Oversees the representation of a large business associate in crises management and response to multiple security incidents, including notification to covered entity clients
  • Advises a mental health provider on response to a security incident
  • Represented lender and hedge fund in crisis management, including with respect to notification obligations and liability issues
  • Represented a large media company in incident response and crisis management
  • Represented a digital health company in incident response and crisis management 
  • Advised a large educational institution regarding a data security incident inquiry by the Federal Trade Commission
  • Coordinated representation of a major pharmaceutical company in litigations to recover confidential data; obtained favorable orders on motion for contempt and nearly $1,000,000 in costs; assisted in obtaining relief from an injunction in a related action
  • Represented a major pharmaceutical company in a putative class action lawsuit alleging fraud in connection with sales of its products; advised on cross-border data protection issues




  • J.D. magna cum laude Tulane University Law School 2007
    • Editor in Chief, Tulane Law Review
    • Guest Editor, Tulane Journal of International and Comparative Law
    • Order of the Coif
  • B.A. University of Pennsylvania 2000

Bar Admissions

  • New York

Court Admissions

  • U.S. District Court for the Southern District of New York
  • U.S. District Court for the Eastern District of New York
  • U.S. Court of Appeals for the Second Circuit
  • U.S. Court of Appeals for the Third Circuit

Clerk Experience

  • Honorable Lance M. Africk U.S. District Court for the Eastern District of Louisiana

Professional Memberships and Activities

  • The Sedona Conference – Data Security and Privacy Liability Working Group Steering Committee
  • International Association of Privacy Professionals
  • New York City Bar Association


  • Rising Star, New York Metro Super Lawyers, 2011 - 2018


Personal Activities

Jami serves on the board of directors for the Court Appointed Special Advocates for Children (CASA) – New York City, and is the chair of the nominating committee. She is also on the board of advisory editors of the Tulane Law Review and the board of directors of the Tulane Law Review Alumni Association.