John B. Kennedy


John has helped clients manage the rapidly evolving risks of an information-based society for decades. In John’s view, this is still the dawn of the information age as new capabilities arise every day, entailing multiparty business relationships and fresh concerns around data privacy, cyber security, and the evolving legal environment for emerging technologies such as machine learning and artificial intelligence.

As a Partner in Wiggin and Dana's Corporate Department and a member of the Outsourcing and Technology Practice Group and the Cybersecurity and Privacy Practice Group, John assists clients with transactions and advice in all aspects of information law.

For example, clients seek John’s guidance regarding new regulatory schemes such as the European Union’s new General Data Protection Regulation (GDPR) and the California Consumer Protection Act (CCPA), which set stricter-than-ever guidelines on the use of personal data and impose harsh sanctions for violations. Clients also seek John’s guidance regarding privacy and security compliance risk in the growing economy of “intelligent” and “connected” devices (also known as the "Internet of Things"). John also advises regulated clients such as insurance and financial services companies and healthcare startups, regarding enhanced cybersecurity regulations such as New York State’s cybersecurity regulation. Compliance and liability risks in artificial intelligence and predictive analytics are also increasingly becoming client concerns, introducing new opportunities, risks, and regulations.

John’s transactional practice includes outsourcing, cloud services, robotics, software development and licensing, e-commerce transactions, technology transfer and intellectual property-intensive M&A, divestitures, joint ventures, and restructurings. His clients have included Fortune 500 companies as well as emerging companies in the financial services, technology, manufacturing, biotechnology and healthcare, media, energy, and consumer products sectors.

John has negotiated complex information technology (IT) outsourcing services agreements involving cloud computing, IT infrastructure and software procurement, systems integration, software development and maintenance, voice and data services, and disaster recovery and business continuity. He has also negotiated business process outsourcing (BPO) agreements for call centers and customer support services, finance and accounting services, human resources administration, enterprise procurement services, government passport and visa services, research and development services, and supply chain management.

In his extensive practice in information privacy and security law, John has represented clients in connection with risk and compliance assessments of data privacy and security policies and practices, data breach preparedness and response, regulatory investigations of data practices, uses of data analytics and machine learning, and “privacy by design” analyses of products and services in social media and mobile e-commerce. He also advises clients on corporate information governance programs, international data transfers, and compliance with U.S., state, and federal data privacy and information security laws.

John has authored numerous articles on privacy and data security and from 2000 to 2016 served as a co-chair of Practicing Law Institute's Annual Privacy and Data Security Law Institute. Bloomberg BNA recently published John's Privacy & Data Security Practice Portfolio Series, Cybersecurity and Privacy in Business Transactions: Managing Data Risk in Deals.

He has been named in Who's Who of Business Lawyers for Internet, e-Commerce, and Data Protection, and Chambers USA ranks John nationally in its Outsourcing category. The Best Lawyers in America  has named him for his work in Information Technology Law since 2009, and he was recently elected to The American Law Institute (ALI), the leading independent organization in the United States producing scholarly work to clarify, modernize, and otherwise improve the law. John is currently serving as an adviser to ALI’s project to develop a baseline set of information privacy law principles to help guide lawmakers, courts, and policy makers.

John received his J.D. from Columbia Law School. He was a William Rainey Harper Fellow at the University of Chicago, where he earned an M.A. in English and American literature, and graduated magna cum laude from Carleton College.


  • Columbia University School of Law  (J.D., 1985)
  • University of Chicago  (M.A., 1976)
  • Carleton College  (B.A., 1970)
    • magna cum laude

Bar Admissions

  • Connecticut
  • New York

Memberships and Affiliations

  • International Association of Privacy Professionals
  • American Law Institute