Joelle L. Hupp


Visiting, or interacting with, this website does not constitute an attorney-client relationship. Although we are always interested in hearing from visitors to our website, we cannot accept representation on a new matter from either existing clients or new clients until we know that we do not have a conflict of interest that would prevent us from doing so. Therefore, please do not send us any information about any new matter that may involve a potential legal representation until we have confirmed that a conflict of interest does not exist and we have expressly agreed in writing to the representation. Until there is such an agreement, we will not be deemed to have given you any advice, any information you send may not be deemed privileged and confidential, and we may be able to represent adverse parties.


Joelle Hupp counsels clients on a range of information management issues, including data privacy compliance and information governance. Her practice involves advising on compliance with domestic and international privacy regulations, including the California Consumer Privacy Act (CCPA), the EU’s General Data Protection Regulation (GDPR) and ever-evolving domestic privacy frameworks. Joelle regularly drafts and negotiates data privacy and security contract provisions and analyzes contracts to ensure compliance with local and international privacy laws. Additionally, Joelle routinely assists with enterprise-wide acceptable use policies and network management protocols in the context of data mapping, processing, and migration.

Joelle also has years of experience advising Fortune 50 and Fortune 100 companies across information governance and electronic discovery ecosystems, including managing internal investigations and data target identification strategies, and formalizing strategy in relation to data disposition, retention and disclosures.

Prior to joining Bass, Berry & Sims, Joelle was an associate at Nelson Mullins LLP where she was a part of the firm’s cybersecurity/data privacy and e-discovery practice groups.


International Association of Privacy Professionals (IAPP)

DRI — Cybersecurity and Data Privacy Committee-Publications, Vice-Chair

Nashville Bar Association

Tennessee Bar Association

Tennessee Lawyers’ Association for Women

American Bar Association

Lawyers’ Association for Women

American Health Law Association (AHLA)

Sedona Conference

Women in E-Discovery