John Babione

John is a member of the Constangy Cyber Team. He provides compliance advisory services to clients by proactively navigating the legal landscape of data privacy and security. John advises clients on a wide range of state, federal, and international privacy laws, including the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), the European Union General Data Protection Regulation (GDPR), and other state and federal privacy laws.

He brings experience drafting data privacy policies to help businesses communicate their practices to consumers and analyzing contracts to address privacy and cybersecurity issues related to collecting and processing information. John also assists businesses in creating plans for a prompt and effective response to data privacy and security incidents to protect confidential information.

John relies on substantial, complex litigation experience in a variety of matters affecting businesses, including employee data theft and government investigations, to guide clients away from liability via policies and data privacy and security-related agreements.  He also represents clients facing privacy and data breach related litigation matters.

John advises clients on a wide range of data governance and risk-related legal issues affecting businesses, including risk management, vendor management, information governance practices, and data retention and destruction. He assists businesses in navigating regulatory compliance requirements for their online and offline operations.

John is a Certified Information Privacy Professional for U.S. law (CIPP/US) and a Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals (IAPP).

• Recognized in The Best Lawyers in America^® for Mass Tort Litigation/Class Actions - Defendants (2024)
• Indianapolis Bar Foundation Distinguished Fellow, 2019

Associations

• Indiana Executive Council on Cybersecurity (IECC)
  • Advisory member 
  • Personally Identifiable Information Working Group, 2019-2023
• International Association of Privacy Professionals (IAPP)
  
  • Indianapolis KnowledgeNet Chapter co-chair (2020-2021)
• Defense Research Institute (DRI)
  • Privacy SLG, vice chair (2019)
  • Data Management and E-Discovery SLG
• InfraGard
• Indianapolis Bar Association
  • E-Discovery, Information Governance & Cybersecurity Steering Committee
• Georgia Bar Association
  
  • Privacy & Technology section

Certifications

• Certified Information Privacy Professional (CIPP) for United States law (US) through the International Association of Privacy Professionals (IAPP)
• Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals (IAPP)

Pro Bono & Philanthropy

• St. Mark’s United Methodist Church
  • Trustees President (2022)
  • Trustees Committee (2020-2022)
• Stafford Place Board of Directors (2016-present)
• Joy’s House, a non-profit adult daycare organization in Indianapolis
  • Board of Directors (2013-2016)
  • Board adviser and chair of the Governance Committee
    (2009-2016)
• Indianapolis Bar Association
  • Ask a lawyer and Legal Line volunteer (2006-2012)

• Speaker, “10 Steps to Lay a Strong Foundation for CPRA Compliance”, webinar, October 27, 2022
• Speaker, “U.S. Privacy Law Update & Challenges on the Horizon,” Indianapolis Bar Association, May 5, 2022
• Speaker, “How Your Security Became My Problem, Risks at the Intersection of Ediscovery and Cybersecurity,” April 21, 2022
• Speaker, “Crisis Management in Cases of a Cyberattack: Legal and Tech Perspectives & Actions,” (Panel Moderator), World Services Group Presentation, March 23, 2021
• Speaker, “The Data Iceberg: How to Navigate in the Digital World,” Evansville Bar Association Bench Bar Conference, March 15, 2019

Publications

• Author, “Your Company’s First Step for Managing Data Privacy,” Indianapolis Business Journal, August 8, 2018
• Author, “Manage Employees’ Use of ‘Shadow IT’ Apps at Work,” The Indiana Lawyer, May 15, 2018