We recently sat down with Jennifer Dickey to speak about how she has navigated her career as a privacy and AI governance attorney. Jennifer is an Associate Attorney in the Chicago office of Dykema Gossett PLLC, where her practice focuses on advising clients on privacy compliance and regulatory requirements. She is heavily involved in professional organizations that include Women in Privacy and Security (WISP), the IAPP, and the Chicago Bar Association Cyber Law and Data Privacy Committee. In 2025, she was awarded the Privacy Hero “The Champion” Award by DataGrail, which recognizes “the greatest privacy innovators, visionaries, and champions.” She has also been named a Global Fellow by AI 2030 in recognition of her dedication in shaping the future of Responsible AI. She holds the CIPP/US, CIPP/E, CIPM, CIPT, and AIGP certifications from the IAPP, and has been recognized as a Fellow of Information Privacy (FIP).
The below conversation has been lightly edited for clarity. If you’d like to reach out to Jennifer, you can contact her via her LinkedIn account here.
Q: I want to start back at the beginning, during your time in law school. During law school, you were able to obtain temporary positions with both Google and Mastercard where you got to work directly on privacy-related issues. When applying for those positions early in your career, where you still did not have a well-established background in the field, how did you go about conveying your interest in privacy law or set yourself apart in order to obtain those roles?
A: To be honest, timing helped. When I started focusing on privacy, there were not as many students trying to enter the field as there are now, and interest has grown dramatically. I also already had some privacy experience through law firm and policy work, so I was able to clearly articulate my interest and show that I could contribute right away. I made sure I could speak concretely about the work, not just say I was interested. That combination of timing, early experience, and being able to explain the value I could add is what helped me earn those opportunities.
Q: You are only three years out of law school, but you’ve already made a significant impression on the field of data privacy and AI governance. You speak on panels frequently, you’ve racked up a ton of industry awards, and you have a very active and well-known online presence. What do you think you’ve done differently from other young attorneys that has allowed you to set yourself apart?
A: Privacy and AI governance were already established practice areas when I entered the field. What I think I did differently was how deeply and intentionally I immersed myself in them early on. I focused on making myself genuinely useful to the partners and teams I worked with by becoming someone who could quickly absorb new laws, guidance, and technical developments and translate them into something practical. While partners were understandably focused on client work, deals, and litigation, I spent a lot of time tracking new statutes, AI regulations, and regulatory guidance and turning that into research, memos, and actionable insights they could rely on. That allowed me to add value early and help teams stay ahead in a fast-moving area of law.
Q: For some of the awards and recognitions that you have earned, how did those come to be? Did you apply yourself? Were you recommended by others?
A: My major recognitions, including Best Lawyers and the DataGrail Data Privacy Hero Award, came through peer nominations from people I had worked with, mentored, or collaborated with. That said, I am a strong believer in self-advocacy. If there is something you have built or contributed to that you believe deserves recognition, it is absolutely okay to nominate yourself. Visibility matters, especially in emerging fields like privacy and AI.
Q: So, you’re a big believer in the “squeaky wheel gets the grease.” I guess that makes a lot of sense when you consider that you are very active on LinkedIn, where you do things such as post collections of job listings or publish documents about breaking into the privacy profession. How do you conceptualize balancing these “extracurricular” activities with the day-to-day work you do at a law firm? And how do you think these activities have helped you professionally?
A: I do not see them as separate. I see them as part of what it means to be a data privacy and AI lawyer. My firm work informs my writing and community work, and my public-facing work keeps me connected to what professionals and organizations are dealing with in real time. They reinforce each other. The “extracurricular” work also strengthens my ability to communicate complex issues clearly, which directly translates to client counseling.
Q: You’ve also been involved in a lot of different organizations from a volunteer perspective. For example, you have served as a chair or vice-chair for the local IAPP Knowledge Net, the Chicago Chapter of Women in Security and Privacy, and the Chicago Bar Association Cyber Law and Data Privacy Committee. How have you chosen what organizations to devote your time towards?
A: I chose organizations based on where I could have meaningful impact and build real community. Groups like IAPP, Women in Security and Privacy, and the Chicago Bar Association sit at the intersection of law, technology, and professional development, which is exactly where my work lives. I was not interested in collecting titles. I wanted to be in spaces where I could shape programming, mentor others, and contribute to the growth of the field.
Q: For a lot of professionals looking to get into the privacy profession, there seems to be a cold-start problem. Most employers want experience, but it is hard to get experience without a prior work in the field. What advice do you have for other professionals looking to break into the field?
A: The cold-start problem is very real. Employers want experience, but you cannot get experience without an opportunity. That is why I tell people to create proof of commitment early. You do not need a formal privacy job to show that you belong in the field. You can join your local bar association’s privacy committee, become a free student member of IAPP, write about privacy or AI on LinkedIn, or volunteer on data-related projects. When someone’s résumé or LinkedIn shows none of that, I am much less inclined to believe this is a field they truly care about.
Q: Have you done any mentoring of younger attorneys or non-legal professionals looking to break into the privacy profession? If so, what do you look for in a potential mentee before deciding to invest time and effort into that relationship?
A: I interact with hundreds of students and early-career professionals through group mentoring, events, online conversations, and professional organizations. What I look for is effort and follow-through. If someone says they want to work in privacy or AI, I expect to see some signal of that in their résumé or LinkedIn, whether that is writing, involvement in organizations, attending events, or volunteering. The people who stand out are the ones who actively show up.
Q: You’ve already mentioned several things that an early career professional should be doing. But if there was just one piece of advice that you’d give to current law students that are looking to start a career in privacy law, cybersecurity law, or AI governance – what would that be?
A: My biggest advice is to think about privacy and AI as business and technology problems, not just legal ones. The lawyers who succeed in this space understand how products are built, how data moves, and how decisions get made inside organizations. Take courses, clinics, and internships that expose you to technology and operations, not just statutes. That context will make you far more effective early in your career.
Q: It’s interesting you say that. When we interviewed Frank Gonnello, Jr., in-house counsel for Shopify, that was something that he made a point of mentioning as well. And by that, I mean that fact that Privacy law and AI Governance sit at the intersection of law and technology like few other practice areas do. Having at least some technical knowledge seems indispensable. Is that one of the reasons that you recently obtained the AIGP certification, to better learn the underlying technology?
A: My motivation for AIGP came from seeing how quickly AI moved from experimental to being deployed in real contexts like hiring, monitoring, and decision-making. That made it clear lawyers needed to understand how these systems actually work, not just the legal theories around them. AIGP grounded me in governance, documentation, and risk frameworks that organizations can operationalize. More broadly, the IAPP certifications have helped me build structured fluency across privacy law and privacy program operations so I can translate legal requirements into practical guidance and communicate effectively with engineers, compliance teams, and business stakeholders.
Q: When you are interacting with engineers, compliance teams, or other business stakeholders, what are some of the types of questions they come to you to answer?
A: Product teams ask about data use and AI training. Marketing asks about cookies, pixels, tracking technologies, and AdTech vendors. HR asks about employee monitoring, background checks, and AI tools used in hiring and performance management. Engineering teams ask about data flows and model inputs. It is really context and role dependent. On a daily basis, most issues involve vendor and data-sharing questions, cross-border transfers, tracking technology compliance, and translating new privacy and AI requirements into workable processes.
Q: This is a final question and one we like to ask because it seems people always have an interesting take on it. We are starting to see AI regulations pop up around the globe, much the same way that privacy laws are now pervasive across jurisdictions. From your vantage point, do you anticipate that “AI law” will become its own field of practice or be subsumed under privacy law or another area of practice?
A: In my view, AI law is already its own field of practice. There is overlap with privacy because AI systems rely on data, but in practice AI law involves its own regulatory frameworks, technical concepts, and risk domains. At law firms, those practices are increasingly distinct, even if some attorneys work across both.
This is the second installment of our “Path to the Privacy Profession” series. If you think you have an interesting story to tell or would like to be featured, reach out to us at hello@privacybootcamp.com
