Shannon Yavorsky
Partner
旧金山
伦敦
Shannon Yavorsky is the head of Orrick’s global Cyber, Privacy & Data Innovation group and co-leads the Artificial Intelligence (AI) group. She is a leading authority on United States (U.S.) and European (EU) privacy, cybersecurity and AI issues.
Shannon is uniquely qualified in California, England and Wales and helps global companies navigate the increasingly complex global privacy, cybersecurity and AI regulatory landscape.
Shannon also advises public and private companies across sectors such as life sciences, health technology, financial services, private equity, insurance, social media and technology on a wide range of EU and U.S. federal and state privacy, security and AI laws. Her strategic counseling covers compliance with key regulations and frameworks including the EU AI Act, GDPR, EPD, NIST AI Risk Management Framework, HIPAA, GLBA, FCRA, ECPA, CAN-SPAM, TCPA, advertising and payment card processing standards as well as U.S. state privacy and breach notification laws in California, Colorado, Connecticut, Utah, Virginia and other jurisdictions.
Shannon helps clients undertake comprehensive privacy, cybersecurity and AI risk assessments, evaluates privacy, security and AI risks in corporate transactions and drafts and negotiates data-related contracts. She advises clients on cross-border data transfers, data breaches and developing global privacy and AI compliance programs.
Shannon advises clients across diverse industries on designing tailored AI use policies and compliance frameworks, including innovative tools such as Gen AI Policy Builder and Privacy in a Box. She supports global companies with AI governance, privacy, cybersecurity and quantum computing, from negotiating agreements for AI-enabled features, and navigating technology integrations and ensuring compliance with rapidly evolving regulations. Her work includes counseling on responsible AI innovation, algorithm development, quantum computing and enterprise privacy programs leading technology, healthcare and cybersecurity organizations. She also helps clients build robust incident preparedness and response strategies and provides ongoing guidance to strengthen privacy and AI governance across their operations.
Additionally, Shannon is recognized for her thought leadership in the AI space, regularly speaking game at industry events and training corporate legal departments on AI regulatory developments, emerging risks and opportunities.
-
- Advising a popular global online marketplace on emerging AI laws in the U.S. and internationally.
- Representing a leading data‑driven venue management and premium experiences company on a wide range of AI, privacy and cybersecurity matters including negotiating agreements for AI features and data usage, supporting technology integrations and providing ongoing guidance on privacy, data protection and AI governance across its global operations.
- Representing a leading multinational technology company on compliance with EU and U.S. AI legislation, supporting regulatory engagement and AI training for teams in both regions.
- Representing a leading medical device company on privacy and AI compliance for diabetes management products including launching a direct-to-consumer monitor, navigating HIPAA and state privacy laws, developing an AI compliance program, negotiating privacy terms for a joint venture and ensuring compliance with the EU-AI Act.
- Advised the nation’s largest network of independent primary care on privacy and cybersecurity matters, developed AI governance and responsible use policies and provided proactive guidance on incident preparedness and management.
- Regularly advise clients across multiple sectors on developing tailored AI use policies including the Gen AI Policy Builder to guide employee and contractor use of generative and non-generative AI tools while balancing creativity, efficiency and risk management.
- Designed Privacy in a Box—a unique, comprehensive platform for managing data and optimizing global privacy and security compliance, pairing innovative tools and attorney counseling to help companies efficiently update policies, manage vendors, respond to incidents and strengthen privacy programs while building trust and supporting business growth.
- Developed a global privacy compliance program for an American non-profit advocacy organization, ensuring GDPR compliance and providing tailored cyber and privacy counseling for international nonprofit operations, positioning Orrick at the forefront of global data protection and digital rights policy.
- Advised a computer and network security company on global privacy and data protection compliance including workforce notices, data transfer agreements and vendor cookie and chatbot guidance to support its work with Fortune 500, government and university clients.
- Advised a leading computing infrastructure and AI solutions company on privacy compliance considerations for algorithm development, shaping best practices for responsible AI innovation and deployment.
2026 Global Corporate Venturing and Innovation Summit
March.24.2026 - March.26.2026
Trucordia Acquires Five Insurance Businesses Across the United States
2 minute read | November.26.2025
