I focus on how cybersecurity and data privacy are shaping my clients’ businesses. I help organizations of all sizes manage and protect consumer data by identifying, explaining and guarding against regulatory and litigation risks.
Amy L. Hanna Keeney, CIPP/US, has an in-depth understanding of privacy and data protection. In a society that is beginning to put a high premium on giving consumers control over their personal information, businesses look to Amy to ensure that they are collecting and organizing sensitive consumer data in the most efficient and legally compliant way. She regularly provides regulatory counseling to ensure her clients are collecting consent from consumers properly and protecting sensitive consumer data appropriately. Her experience includes counseling businesses as well as app and software developers regarding compliance with state and federal privacy regulations, including the California Consumer Privacy Act (CCPA), biometric data regulations such as the Illinois Biometric Privacy Act (BIPA) and Children's Online Privacy Protection Act (COPPA).
Additionally, Amy often advises clients in the financial services industry, and she serves as the firm’s Financial Services Regulatory/Operations Team Leader. She has extensive experience counseling organizations of all sizes, including banks and financial services providers, regarding compliance with the Fair Credit Reporting Act (FCRA) and the Gramm-Leach-Bliley Act (GLBA).
Amy also evaluates third-party vendor contracts to ensure clients are properly protecting against the risk associated with external access to and use of consumer data. If a client’s data is compromised, Amy leads the legal response in the aftermath and works to coordinate timely notification of the affected individuals, regulatory bodies and public.
Further, Amy is an experienced litigator who has defended businesses in state and federal litigation throughout the Southeast. After spending years litigating and counseling financial services clients in the wake of the Dodd-Frank Wall Street Reform and Consumer Protection Act, Amy’s experience enables her to address not only compliance issues, but also litigation risks a client could face for non-compliance.
Amy is the Pro Bono Chair of the firm’s Atlanta office and a proud supporter of the Atlanta Volunteer Lawyers Foundation. In her spare time, Amy is an avid home cook.
- University of Florida Levin College of Law, J.D., 2010, cum laude
- University of Florida, B.S., 2007, Journalism, magna cum laude
- United States District Court for the Northern District of Georgia
- United States District Court for the Middle District of Georgia
- United States District Court for the Southern District of Georgia
- United States Court of Appeals for the Eleventh Circuit
- Georgia Court of Appeals
- Georgia Supreme Court
Areas of Practice
- Georgia Rising Stars® (by Thomson Reuters) Consumer Law 2017-2020
- Florida Law Review, Executive Editor
Professional Affiliations & Memberships
- ANSI-accredited Certified Information Privacy Professional (CIPP/US)
- Thomson Reuters’ NextGen Leadership: Advancing Lawyers of Color, Advisory Board
Leadership Institute for Women of Color Attorneys (IWOCA), CLE Committee
- Atlanta Volunteer Lawyers Foundation
- Atlanta Bar Association
- Florida Bar Association
- Reviewed several financial institutions’ standard initial privacy notices for compliance with GLBA and state financial privacy statutes, including the California Financial Information Privacy Act
- Counseled lender during its efforts to stand up a text and email notification program that is compliant with federal and state privacy statutes
- Counseled telecommunication services company during its efforts to build out California Consumer Privacy Act (CCPA) compliance program
- Provided legal advice to startup regarding compliance with the Illinois Biometric Privacy Act (BIPA)
- Provided legal advice to app developer regarding compliance with the Children's Online Privacy Protection Act (COPPA)
Data Breach Response
- Counseled several organizations of varying sizes through data breach incidents, including incident analysis and breach containment, incident disclosure (i.e., notification in compliance with all regulatory requirements), loss mitigation and remediation