John P.Tomaszewski

John’s experience in the understanding of a company’s data protection and management needs provides a specialized point of view which allows for holistic solutions. A good answer should always solve at least three problems.

As part of our International Data Protection practice group and co-leader of the Global Privacy & Security team, John has significant experience counseling companies regarding data protection and information security throughout the Americas, Europe, and Asia. His clients have included a myriad of technology companies as well as financial services, transportation, logistics, electric vehicle manufacturer, pharmaceutical, and e-commerce businesses of all sizes.

John has built and deployed compliance programs for big data analytics providers, pharmaceutical companies, cloud service providers, social media companies, health care providers, semi-autonomous vehicle manufacturers, supply-chain platforms, and a host of both traditional “brick-and-mortar” and emerging technology clients. He has also advised on digital signatures, enterprise technology acquisition transactions, cybersecurity maturity model certification requirements, and other information security and confidentiality instruments. 

John brings an important perspective to this practice area. John was the first chief privacy officer for CheckFree (now FISERV), where he created internal and external global privacy programs for the online bill payment pioneer. In his role as general counsel at TRUSTe, the most successful privacy Trustmark in the world, he ensured that privacy certification programs were recognized as best-in-class on an international scale.

As a result of those 13 years of in-house experience, John has developed a unique point of view that allows him to provide holistic solutions for his clients. John uses the tools and thinking of Lean Six Sigma to ensure compliance and improve quality, and he leverages Seyfarth resources in project management and technology to continually improve service delivery. This allows him to manage large, complex, cross-border data protection frameworks, while effectively controlling costs.

John has been a co-author of several information security and privacy publications, including the PKI Assessment Guidelines and Privacy, Security and Information Management: An Overview, as well as publishing scholarly works of his own on the topic. He has also provided input to the drafting of various security and privacy laws around the world; including acting as the initial drafter and rapporteur to the APEC Cross-Border Privacy Rules system. He is a frequent speaker globally on the topics of cloud computing, supply-chain security, self-regulatory organizations, data protection, and cross-border privacy frameworks.

Since joining Seyfarth in 2013, John and his clients have enjoyed the outcomes-oriented approach that is hard-wired into the DNA of the firm, motivating a collegial practice among all the attorneys. He appreciates working with colleagues that focus on solving client problems in practical, real, and measurable ways. In his words: "We don't just want to be 'right,' we want to be effective."