John C. Babione


John’s practice focuses on data security, privacy, and litigation. He is a Certified Information Privacy Professional for U.S. law (CIPP/US). The CIPP designation is the leading certification for privacy professionals around the world, signifying knowledge surrounding privacy regulations, data breach prevention, and response. He is also a Certified Information Privacy Manager (CIPM), indicating knowledge of how to implement privacy programs to address both legal and business concerns.  

He advises clients on state privacy laws, including the California Consumer Privacy Act (CCPA), and he helps clients comply with a range of federal and international privacy regulations, such as the European Union's General Data Protection Regulation (GDPR).

John drafts agreements and contracts to address privacy and cybersecurity issues related to sharing and processing information. He counsels clients on implementing programs, policies, and procedures to protect their confidential information from both inside and outside threats. John also helps clients respond to cybersecurity and privacy incidents.

Additionally, he is an experienced litigator and handles a wide range of matters, including injury claims, data theft by employees, and government investigations. He has defended medical device and other product manufacturers in multi-district federal and state court litigation involving product liability and warranty claims. John has managed a variety of mass and toxic torts claims, including suits alleging injury from coal tar, mold, PCBs, and silica. His work includes defending clients in asbestos and talc exposure litigation. 

As part of defending clients, John advises them on the discovery process for electronically stored information (ESI). This includes instituting proper legal holds, preventing evidence loss, identifying and culling relevant data, and advising clients on cross-border data transfers. 

In addition to litigating matters, John helps clients resolve legal disputes through alternative dispute resolution (ADR), including mediation and arbitration.


  • Indiana University Robert H. McKinney School of Law  (J.D.)
  • Indiana University  (B.S.)

Bar Admissions

  • Indiana
  • Georgia

Court Admissions

  • U.S. District Court for the Northern District of Indiana
  • U.S. District Court for the Southern District of Indiana
  • State Courts of Indiana
  • State Courts of Georgia


  • Indiana Executive Council on Cybersecurity (IECC)
    • Advisory member
    • Personally Identifiable Information Working Group (2019 - 2022)
  • Association of Certified Electronic Discovery Specialists (ACEDS)
  • International Association of Privacy Professionals (IAPP)
    • Indianapolis KnowledgeNet Chapter co-chair (2020-2021)
  • Defense Research Institute (DRI)
    • Cybersecurity and Data Privacy Steering Committee
    • Privacy SLG, vice chair (2019)
    • Data Management and E-Discovery SLG
    • Toxic Tort and Environmental Law Committee
  • EDRM (organization devoted to e-discovery and Information Governance issues)
  • Indiana Security & Privacy Network (INSPN)
  • InfraGard 
  • Indianapolis Bar Association
    • E-Discovery, Information Governance & Cybersecurity Steering Committee (2021-present)
    • Ask a lawyer and Legal Line volunteer (2006 - 2012)
  • Indiana State Bar Association
  • Georgia Bar Association
    • E-Discovery section 
    • Privacy & Technology section
  • St. Mark’s United Methodist Church
    • Trustees Committee (2020-2022)
  • Stafford Place Board of Directors (2016 - present)
  • Joy’s House, a non-profit adult daycare organization in Indianapolis
    • Board of Directors (2013 - 2016)
    • Board adviser and chair of the Governance Committee (2009 - 2016)
  • Heartland Pro Bono Council, pro bono attorney (2003 - 2005)


  • Indianapolis Bar Foundation Distinguished Fellow (2019)
  • Certified Electronic Discovery Specialist (CEDS) (2017)
  • International Association of Privacy Professionals
    • Certified Information Privacy Professional for U.S. law (CIPP/US) (2017)
    • Certified Information Privacy Manager (CIPM) (2017)