News
Jon Sriro
- E jsriro@taftlaw.com
- T (313) 800-6502
- F (313) 961-1205
Summary
Jon is a member of Taft’s Privacy and Data Security and Intellectual Property practices, and serves as the main contact for privacy-related matters in Taft’s Detroit office. He is a Certified Information Privacy Professional/United States (CIPP/US) with the International Association of Privacy Professionals (IAPP).
Jon’s work focuses on the representation of companies in technology transactions and data privacy and data security matters. He has extensive experience counseling clients on a wide range of privacy, cybersecurity, and information management issues in the context of vendor/vendee agreements, data and data security issues related to mergers and acquisitions, compliance, business strategy, technology transactions, litigation, incident response preparation, insurance, data breach/incident, and regulatory compliance issues. Jon’s representation in this area includes software/cloud service providers, banks, manufacturers, healthcare systems, restaurant chains, real estate and housing companies, and marketing firms.
A significant part of Jon’s practice includes advising clients in cloud computing and software as a service (SaaS) transactions. His extensive experience in this area includes counseling vendors and vendees in SaaS, PaaS and IaaS transactions involving unique issues related to interstate and cross-border regulatory and statutory compliance, the California Consumer Privacy Act (CCPA), General Data Protection Regulation (GDPR/UK-GDPR), Protection and Electronic Documents Act (PIPEDA), and the Data Protection Act of 2018. Jon also advises clients on navigating the various jurisdictional and compliance requirements concerning the use of data and marketing, as well as all transactions involving software development and client-side software and hardware solutions.
Jon’s practice also includes counseling clients in the areas of artificial intelligence governance and compliance. His AI-related practice includes developing AI governance frameworks for large and small organizations implementing artificial intelligence systems, including comprehensive AI governance structures for healthcare systems, drafting internal AI usage guidelines and restrictions for publicly traded companies and businesses across various sectors, counseling clients on AI-specific data privacy issues in both AI and machine learning environments, and preparing privacy policies, notices, and disclosures for public-facing websites and internal employee privacy disclosures that address AI data practices. Jon advises clients on compliance with the EU AI Act, the NIST AI Risk Management Framework, California’s AI Transparency Act and other transparency and safety laws, Colorado’s AI Act, emerging federal AI standards, state-level AI regulations, and other U.S. and international AI governance requirements. He has presented at panel discussions addressing AI issues in data privacy and data security, surveying evolving legal frameworks and industry approaches to AI data governance.
All Service Areas
All Practices
All Industries
Education
- Washington University School of Law
- James Madison College at Michigan State University
Admissions
- State - Michigan
- Federal - Michigan Eastern District Court
- Federal - Michigan Western District Court
Notable Matters
- Negotiated and drafted the data security agreements for a global defense contractor’s information infrastructure, which included negotiation of terms for the transitioning, implementation, and maintenance of the client’s information infrastructure to a cloud infrastructure.
- Counseled three start-up companies through IPO.
- Representation of major companies, including Groupon (f/k/a The Point), Echo Global Logistics, InnerWorkings, BenchPrep, Sprout Social, Tempus, Uptake, Crestmark Bank, Ambassador, Diversified Chemical Technologies, Road to Status, Belly, United Road, Humantech, Detroit Labs, Lightbank, and Pella Windows and Doors.
Speeches and Publications
- “Cybersecurity for Business Leaders,” Technology Today Briefing, Panelist (March 18, 2025)
- “Cyber-Security: Best Practices for Post Hack,” Michigan Technology Leaders Summit, Panelist (April 11, 2024)
- “Outsmart Chaos” – Cyber Security for Business Panel / Breakfast with Auxiom, Panelist (Jan. 23, 2024)
- Blockchain and Cryptocurrency Confidentiality Issues. Today’s General Counsel, Summer 2018
- The Adoption of Blocchains and Cryptocurrencies by Charities, The Michigan Business Law Journal, Vol. 38, Issue 2 (2018)
- New Ruling by U. S. Supreme Court on Standing to Pursue Litigation – Alleging a “Mere Statutory Violation” Is Not Sufficient to Confer Article III Standing for a Federal Cause of Action, The Michigan Business Law Journal, Vol. 36, Issue 2 (2016)
- Data Privacy in Sports Marketing, Institute of Continuing Legal Education, Seminar Panel Member (2017)
News
Sriro to Speak on Cybersecurity for Business Leaders Panel News
Sriro To Serve on Cybersecurity Panel at Michigan Technology Leaders Summit News
Sriro to Speak on Cyber Security for Business Panel News
The Firm Supports University of Michigan Law School Corporate Counseling Competition
Professional Affiliations
- State Bar of Michigan
Member
Privacy Law Committee Member, IT Law Section
Member, Arts, Communications, Entertainment & Sports Section - Certified Information Privacy Professional (CIPP/US)
Member