Oak, Elm & Birch LLP

Jasmine Pendleton

Non-Equity Partner

Technology Transactions SaaS Licensing Data Privacy AI Regulatory
Jasmine Pendleton is a Non-Equity Partner in the firm's Corporate group. Her practice concentrates on technology transactions, SaaS licensing, and data privacy matters for mid-market companies. She drafts and negotiates master services agreements, SaaS and on-prem license agreements, data processing agreements, and the kind of AI-vendor terms that have become unavoidable over the last eighteen months. She advises Connecticut-based companies on Connecticut Data Privacy Act compliance, breach-response obligations, and the emerging patchwork of state AI governance frameworks. Pendleton earned her J.D. from NYU School of Law in 2012 and her B.A. from Wellesley College in 2009. Before joining Oak, Elm & Birch in 2020, she served as senior counsel at a Boston-based cybersecurity firm, where she handled customer contracting, privacy compliance, and board-facing risk reporting. That in-house stretch gave her the perspective she now brings to the outside-counsel role: she has been the person on the buyer side pushing back on a vendor's proposed DPA terms, and she knows which positions will hold and which will fold under time pressure. She made Non-Equity Partner at the firm in 2024. Within the firm, Pendleton chairs the internal Data Privacy Working Group and regularly advises the firm's IT team on client-data handling, incident-response procedures, and vendor-diligence practice. She works closely with the Litigation group on data-breach response engagements and with the Labor & Employment group on workplace-privacy matters. ## Publications - "The Connecticut Data Privacy Act: One Year of Compliance Lessons," *Connecticut Bar Journal*, Vol. 96 (2023). - "Contracting With AI Vendors: What the Standard SaaS Template Misses," *Hartford Business Journal* Legal Opinion column, September 2024. - "Vendor Due Diligence for the Mid-Market Buyer: A Checklist That Actually Helps," *Connecticut Lawyer* magazine, June 2024. ## Speaking & CLE - Co-presenter, "Practical CDPA Compliance for Mid-Market Clients," CBA Business Law Section CLE, Hartford, April 2024. - Panelist, "AI Governance: What In-House Counsel Are Actually Being Asked to Do," Boston Bar Association, June 2024. - Annual presenter, "Data Privacy Update for Connecticut Employers," CBIA HR Conference, 2022–present. Pendleton is admitted in Connecticut and Massachusetts. She is a Certified Information Privacy Professional (CIPP/US, IAPP) and a member of the International Association of Privacy Professionals.