Pooja Kohli

For a Fortune 25 technology company in more than 190 countries

• Developed and operationalized a best-in-class global privacy incident management program.
• Responding to global data breaches, including conducting privileged investigations and making multijurisdictional regulatory and individual breach notifications.
• Responding to regulatory inquiries and defending against regulatory enforcement action.
• Providing product counselling on advanced new technologies, including Web3, augmented and virtual reality products, blockchain, and the launch of new crypto currencies and implementing privacy preserving technologies.
• Advising on privacy for the development of advanced new technology, under global laws such as the CCPA/CPRA, GLBA, GDPR, PIPEDA, and LGPD, to ensure that new products/features are built with privacy by design. 

For a global beverage company in more than 200 countries

• Built risk assessment frameworks to ensure that data collection, use and retention practices, including those involving sensitive data, privacy enhancing technologies (PETs) and artificial intelligence, comply with global laws and industry standards.
• Advised strategic enhancements in consumer data collection and analytics for a Fortune 100 global beverage manufacturer, including adapting a global cookie consent framework for local markets, reactivating Google Analytics, clarifying marketing re-consent policies, and revising the Global Consumer Privacy Policy to comply with global laws and support new data applications.
• Drafted template AI contract provisions, supported AI-related commercial negotiations and contributed to the development of Responsible AI training as part of an AI Legal Risk Task Force—advancing innovation while upholding privacy and minimizing legal risk.
• Led efforts to operationalize Responsible AI to enhance consumer marketing strategies to drive growth through innovation.
• Advised a Fortune 100 global beverage manufacturer in connection with the collection and use of teen data, ensuring alignment with existing and emerging legal requirements for safeguards and controls in support of the company’s Gen Z Growth Strategy.
• Built a data governance program to support the responsible adoption of data clean rooms and privacy-enhancing technologies to generate consumer insights while maintaining strong privacy protections.

For a professional basketball league

• Developed Responsible AI Guiding Principles and an AI Risk Assessment framework, policy and procedures for a HR team at a global sporting association.
• Developed and launched internal privacy guidelines, including designing and documenting a Privacy Impact Assessment (PIA), questionnaire and playbook. Identify and support completion of Foundational PIAs to capture and assess common strategic processing activities.
• Advised on compliance requirements for advanced marketing practices, including audience segmentation, retargeting strategies, profiling, and lookalike modeling.

For one of the largest hedge funds by AUM and alternative investment manager

• Developed and implemented a Global Standard for Cybersecurity Incident Notification, that covers incident reporting obligations across 13 jurisdictions, under 25 regulatory reporting regimes to mitigate against the growing risk of a cyberattack on financial entities and businesses designated as critical infrastructures.
• Developed and presented wargame to simulate a real-life cyberattack on client systems and networks to prepare key stakeholders and executive leadership teams to effectively respond to a cyber event.

Other

• Conducting cyber, privacy and AI due diligence for mergers and acquisitions.

• Named to the “Ones to Watch” list by Best Lawyers in the area of Litigation-Securities (2026) and Securities Regulation (2026)