Your Client Just Asked for an AI Governance Policy: A Practical Framework for Building One That Holds Up

Michelle Ramsden, Special Counsel | Jones Walker LLP

Michelle Ramsden is Special Counsel at Jones Walker LLP in the firm’s Atlanta office, where she is a member of the Corporate Practice Group and the commercial transactions and privacy, data strategy, and artificial intelligence teams. Michelle is a strategic privacy and technology attorney with more than a decade of experience leading comprehensive privacy, cybersecurity, and artificial intelligence (AI) programs for complex organizations. She advises clients on data protection, cybersecurity resilience and incident response, AI governance and risk management, technology procurement and implementation, and regulatory compliance matters.

• Education & Credentials

Michelle earned her J.D. from Emory University School of Law (2014) and her B.S. from Shorter College (2010). She is admitted to practice in Georgia. She is a Certified Information Privacy Professional, United States (CIPP/US, 2019), a Certified Information Privacy Professional, Europe (CIPP/E, 2022), and a Certified Privacy Program Manager (CIPM, 2023) through the International Association of Privacy Professionals.

• Recognition & Leadership

Michelle completed the Advanced AI Lab at Meridian International Center (2026), the National Security Law Certificate at the University of Virginia (2019), and the Accelerator Series Certificate at the Center for Strategic International Studies (2021). She was selected as a Presidential Management Fellow under the U.S. government’s premier leadership development program (2015–2018).

• Professional Involvement

Michelle serves on the Board of Directors of the Atlanta Bar Association’s Privacy and Cybersecurity Section and is a member of the Georgia Association of Women Lawyers, the International Association of Privacy Professionals (IAPP), and the State Bar of Georgia’s Corporate Counsel Section and Privacy & Technology Law Section. She has authored publications including “Applying Privacy Law and Policy in Unique Victim and Witness Contexts” in the DOJ Journal of Federal Law and Practice (2024) and the Overview of the Privacy Act of 1974 (2nd ed. 2020), and has presented at the Privacy + Security Forum, IAPP AI Governance Global, the Privacy Symposium in Venice, and RightsCon Taipei.

• Experience

Before joining Jones Walker, Michelle served for eight years as Senior Counsel in the Office of Privacy and Civil Liberties at the U.S. Department of Justice, where she managed privacy and AI compliance for department leadership, developed the department’s first AI governance frameworks, and served on its inaugural Emerging Technology board. She led multiple department and government-wide working groups, including the department’s Facial Recognition Technology Working Group, and represented the department in diplomatic delegations and international negotiations including the Belgrade Ministerial Declaration on Artificial Intelligence. Earlier in her career, she served as a Presidential Management Fellow with the U.S. Department of Homeland Security, advising federal law enforcement and intelligence teams on the lawful use of emerging investigative tools.

Jason M. Loring, Partner | Jones Walker LLP

Jason Loring is a Partner at Jones Walker LLP in the firm’s Atlanta office, where he is a member of the Corporate Practice Group and the commercial transactions team. Jason co-leads the firm’s Privacy, Data Strategy, and Artificial Intelligence team. He advises clients on data privacy and protection, cybersecurity, data governance, breach response, data strategy, and artificial intelligence and machine learning, as well as strategic technology transactions and related commercial matters.

• Education & Credentials

Jason earned his J.D. from Wake Forest University School of Law in 2006, where he served on the editorial staff of the Wake Forest Law Review, and his B.A. in History from the College of Charleston in 2003. He is admitted to practice in Georgia. He is a Fellow of Information Privacy (FIP), a Certified Information Privacy Manager (CIPM), and a Certified Information Privacy Professional, United States (CIPP/US) through the International Association of Privacy Professionals.

• Recognition & Leadership

Jason has been bestowed the prestigious honor of Fellow of Information Privacy by the IAPP. He serves on the Board of Directors of the Atlanta Bar Association’s Privacy and Cybersecurity Section, the Executive Committee of the State Bar of Georgia’s Privacy & Technology Law Section, and the State Bar of Georgia’s Special Committee on Artificial Intelligence and Technology.

• Professional Involvement

Jason is a frequent author and speaker on privacy, AI, and cybersecurity matters. He authored chapters in Chambers Global Practice Guide on Healthcare AI – USA (2025), “Generative Artificial Intelligence in Banking: Assessing and Managing Risk from External Vendors” in Bloomberg Law (January 2025), and “Anthropic Settlement Resets Balance of Power for Content Creators” in Bloomberg Law (October 2025). He has presented at the IAPP KnowledgeNet on “Governing AI In Practice: Risk, Responsibility, and Workforce Readiness” (February 2026), the State Bar of Georgia Privacy & Technology Law Section on “Implementing and Establishing an Effective AI Governance Program” (December 2024), and Practising Law Institute’s Twenty-Second Annual Institute on Privacy and Cybersecurity Law (May 2021).

• Experience

Prior to joining Jones Walker, Jason served as Senior Vice President, Deputy Chief Legal Officer, and Global Head of Privacy and Data Protection for Vialto Partners, a strategic global consulting and business services firm. Previously, he served as Chief Privacy and Security Counsel, Americas, for EY, as Assistant General Counsel, Corporate Services, for E*TRADE Financial Corporation, and as Counsel, Global Enterprise Solutions, for ADP. He began his career in private practice in Atlanta and represents a broad spectrum of international and domestic businesses, publicly traded corporations, privately held companies, government entities, not-for-profits, and other enterprises.

SESSION 1 – Core Components of an AI Governance Framework | 1:00pm – 1:30pm

Establish the core components of an effective AI governance framework, including structure, accountability, and scalable oversight, and how the enterprise can map AI governance concepts to better-known risk, privacy, and compliance workflows.

SESSION 2 – Defining Roles, Responsibilities, and Oversight Structures | 1:30pm – 2:00pm

Define roles, responsibilities, and oversight structures within an enterprise-wide AI governance framework, with a focus on accountability and scalable oversight across the organization and alignment with existing risk, privacy, and compliance workflows.

BREAK | 2:00pm – 2:10pm

SESSION 3 – Integrating Law and Standards into Corporate Policies | 2:10pm – 2:40pm

Integrate evolving law and AI governance standards into existing corporate policies and workflows, including how the enterprise can navigate evolving regulatory requirements and map AI governance concepts to existing risk, privacy, and compliance workflows.

SESSION 4 – Monitoring, Auditing, and Continuous Improvement | 2:40pm – 3:10pm

Establish monitoring, auditing, and continuous improvement processes within an enterprise-wide AI governance framework to support effective oversight and accountability.