Skip to main content

Eighteenth Annual Institute on Privacy and Data Security Law

Speaker(s): Alan Charles Raul, Alfred J. Saikali, Anita L. Allen, Ben Rossen, Christina Peters, David Glockner, Erin H. Creahan, Geff Brown, J. Andrew Heaton, JoAnn Stonier, Keith Enright, Lisa J. Sotto, Margaret A. Keane, Mark Watts, Matthew C. Kelly, Matthew F. Fitzsimmons, Matthew H. Meade, Paul H. Luehr, Paul M. Tiao, Peter M. Lefkowitz, Ryan Gibney, Shannon Coe, Susan M. Shook, Zoe Strickland
Recorded on: May. 30, 2017
PLI Program #: 180960

ALAN RAUL is the founder and leader of Sidley’s highly ranked Privacy and Cybersecurity practice. He represents companies on federal, state and international privacy, cybersecurity and digital technology issues. His practice includes global data protection and compliance programs, data breaches, crisis management, consumer protection issues and internet law. Alan advises companies regarding their cybersecurity preparedness and digital governance. Alan’s practice involves litigation, regulatory defense, internal investigations, counseling and policy advocacy. He handles consumer class actions, enforcement matters, and public policy involving the FTC, State Attorneys General, SEC, FCC, Department of Justice, international data protection authorities and other government agencies.

Alan provides clients with perspective gained from extensive government service. He previously served as Vice Chairman of the White House Privacy and Civil Liberties Oversight Board, General Counsel of the Office of Management and Budget, General Counsel of the U.S. Department of Agriculture, and Associate Counsel to the President.

Alan serves as a member of the Technology Litigation Advisory Committee of the U.S. Chamber Litigation Center (affiliated with the U.S. Chamber of Commerce). He also serves on the American Bar Association’s Cybersecurity Legal Task Force by appointment of the ABA President, and as a member of the Practicing Law Institute’s Privacy Law Advisors Group. He is a member of the governing Board of Directors of the Future of Privacy Forum, and of the Center for Democracy and Technology’s Advisory Committee.

Alan has represented a Special Cybersecurity Review Committee of the Board of Directors of a major tech company in connection with its independent investigation of the company’s handling of major data breaches. The following representative types of matters are also illustrative of the breadth of Alan’s practice:

  • Digital Governance counseling
  • Privacy and cybersecurity litigation, data breach incidents, regulatory investigations and compliance counseling
  • International data protection compliance programs and cross-border transfers
  • FTC, State Attorney General and international DPA investigations involving consumer protection, privacy, data security and unfair or deceptive business practices
  • SEC, DOJ, Congressional and Inspector General investigations 
  • Cybersecurity, government information requests and national security issues 
  • Internet litigation and counseling, and government information requests, under Electronic Communications Privacy Act and the Computer Fraud and Abuse Act
  • Administrative Procedure Act litigation, regulatory advocacy and counseling

In addition to leading a “Privacy and Data Security” practice nationally rated by Chambers Global and Chambers USA, Alan is ranked by Chambers in its top tier of Privacy and Data Security practitioners. Chambers USA has described Alan as a “true ‘ambassador’ for the privacy sector” who “attracts praise for his deep knowledge of the field. Interviewees stress that ‘he gives invaluable advice’ and is known to be a strong litigator. He also earns plaudits for his regulatory compliance and data protection policy expertise.” He has been named as a leading international Internet and E-Commerce Lawyer in Who’s Who Legal. Alan was also named to Ethisphere Institute’s “Attorneys Who Matter” in Data Privacy/Security, which recognizes lawyers with the highest commitment to public service, legal community engagement and academic involvement. The Washingtonian has named Alan one of Washington, D.C.’s Best Lawyers: Cybersecurity, and the National Law Journal named him a “Cyber Security Trailblazer.”

Christina Peters is Associate General Counsel for Corporate and Regulatory Initiatives at IBM, where she leads a team serving corporate functions including CIO, Procurement, and Corporate Social Responsibility.  In addition, she handles emerging regulatory issues, such as data ethics in the context of cognitive computing.  Previously, she served as Chief Privacy Officer at IBM, where she was responsible for information policy and practices affecting IBM employees and thousands of clients, as well as for public policy and industry initiatives on data protection and privacy.  She serves on the advisory board of the Future of Privacy Forum and on the Education Advisory Board of the International Association of Privacy Professionals (IAPP).

As a practicing attorney at IBM since 1996 (first in Germany, later in the US), Christina has handled a wide range of complex transactional, policy, compliance, litigation, and cybersecurity matters in the United States and internationally.  

Christina was educated at Dartmouth College (summa cum laude) and Harvard Law School (magna cum laude), where she was an Executive Editor of the Harvard Law Review. After a D.C. Circuit clerkship, Christina worked at a large Washington, D.C. law firm. Prior to joining IBM, she was a Robert Bosch Fellow in Germany, where she worked at the Federal Cartel Authority and Deutsche Telekom. She speaks German and French in addition to her native English. She is an IAPP Certified Information Privacy Professional, and has been admitted to the bars of New York, Pennsylvania (corporate counsel), Virginia and the District of Columbia.

Erin Creahan is the Director & Managing Counsel, Compliance at The J.M. Smucker Company, where she is responsible for a variety of aspects of the Company’s Ethics & Compliance Program.  She is based in Orrville, OH.

Ms. Creahan received her Juris Doctorate from the University of Pittsburgh, and her Bachelor of Arts degree from Allegheny College.  She holds memberships in the Bar of the Commonwealth of Pennsylvania and the Bar of the State of Ohio.

J. Andrew Heaton serves as overall global privacy lead for the Danaher organization, working with the privacy leads for Danaher's four business segments and the "pivots" at Danaher's operating companies.  He also advises on legal matters pertaining to information security.

Before joining Danahar, Mr. Heaton was a principal in Ernst & Young LLP and served as Global Lead Counsel – Data Privacy and Security for the global EY organization.  In this role, he led EY’s global data protection team, served as global privacy officer for the organization, and advised EY on legal aspects of data protection and information technology worldwide. 

Prior to assuming his global responsibilities in 2014, he served in a similar capacity with EY’s practice in the United States and was also lead counsel for EY’s financial services practice.

Mr. Heaton graduated summa cum laude from Bradley University in Illinois.  He received his law degree with honors from the University of Chicago Law School.  He joined EY in 1994 and was named a principal in 2000.

Mr. Heaton is a Certified Information Privacy Manager, a Certified Information Privacy Professional/US, and a member of the bars of New York, the District of Columbia and Maryland.

JoAnn C. Stonier is EVP/Chief Data Officer for Mastercard.  In this role, she is responsible for enterprise-wide data strategy and management to ensure the organization maximizes the value of its information assets. Ms. Stonier and her team of global professionals identify the opportunities associated with Mastercard’s information assets and assist in the development of the tools, processes, policies and standards necessary to enable their use.

Previously, Ms. Stonier was EVP Chief Information Governance & Privacy Officer for the organization.  In that role she was responsible for worldwide privacy and information governance, leading those teams as well as leading regulatory engagement in this area.  Prior to joining Mastercard in 2008, Ms. Stonier was the Chief Privacy Officer for American Express Company.  She also held various roles of increasing responsibility at American Express, including Chief Operating Officer, American Express Tax & Business Services; Vice President, Acquisition Integration; and Vice President & Assistant to the Chairman.  Ms. Stonier has worked at Waldenbooks, Inc., PepsiCo and started her career as an auditor for PriceWaterhouse Coopers. 

In addition to her work at Mastercard, Ms. Stonier is an adjunct professor at Pratt Institute where she teaches business strategy and international business, in the Design Management Master’s program.

Ms. Stonier received her Juris Doctorate from St. John’s University in Queens, and her Bachelor of Science degree from St. Francis College.  She holds memberships in the Bar of the State of New York and the Bar of the State of New Jersey.  Ms. Stonier has been recognized as a leader in data and privacy by a number of organizations including the Aspen Institute, the United Nations, and the Information Governance Initiative and has served on the board of the International Association of Privacy Professionals, the Center for Information Policy Leadership and the Information Accountability Foundation. She is a well-regarded speaker at industry events and often addresses the need for balancing data innovation and privacy.  JoAnn is based in Purchase, NY.

Mark Watts is a technology specialist with over 20 years’ experience.  He advises companies on technology issues such as cloud computing, machine learning, apps and facial recognition. Much of Mark's experience was gained in-house at IBM where he held various roles, including Global Data Privacy Counsel.

Mark has particular expertise in data privacy. He advises multinational companies on implementing General Data Protection Regulation compliant programs and Binding Corporate Rules. Mark has been involved in many of the most high profile and highest value data privacy litigation in the world and regularly advises companies in relation to incident response and defending regulatory enforcement actions all over the world.

Matthew Kelly is Vice President, Senior Corporate Counsel at ServiceNow.  During his tenure at ServiceNow, Matthew has been responsible for leading the commercial contracts team, supporting the Board of Directors, managing the company’s global equity program, 1934 Exchange Act reporting, and managing litigation and employment-related disputes.  Matthew currently serves as the company’s compliance officer and is principally responsible for leading a team in support of ServiceNow’s global compliance and risk management program, including the company’s global privacy compliance efforts. 

Prior to ServiceNow, Matthew was a sole practitioner advising clients on business formation and commercial transactions.  He started his career with Brown Eassa and McLeod LLP where his practice focused on defense litigation.

Matthew graduated cum laude from the University of Southern California and received his law degree from Santa Clara University.

Matthew is admitted to the State Bar of California and is a Certified Information Privacy Professional US/Europe.

Paul Luehr leads the firm's global privacy and data security practice. He has spent 25 years on the cutting edge of data privacy and cybersecurity. He pioneered many early internet investigations as a federal attorney with the Federal Trade Commission (FTC) and the U.S. Department of Justice (DOJ) between 1992 and 2004. He then spent 13 years in the private sector as an executive and consultant, providing advice on data privacy, cybersecurity and digital investigations to Fortune 500 companies. As data privacy and security concerns galvanized the public, Paul became one of the nation’s “go-to” professionals for clients, and he led investigations into 4 of the top 10 data breaches on record.

Paul has the legal and technical expertise to help organizations stay ahead of the curve. He has overseen forensic teams on data incidents affecting national retailers, financial institutions, hospitals and national health care companies, universities, hotel chains, defense contractors, and online providers. As a trusted thought leader on privacy, cybersecurity and the digital economy, Paul’s insights have been featured on CBS, NBC, CNBC and BBC television, and in The Wall Street Journal, The New York Times and USA Today. He also gives frequent presentations and guest lectures on privacy and data security issues throughout the United States.

Paul began his legal career at the FTC, where he served as a trial attorney and assistant director and became a foundational member of the agency’s internet team. He then joined DOJ as a federal cybercrime prosecutor, where he trained prosecutors and agents on cyber investigations and led cases related to computer intrusions, email threats, internet fraud and identity theft, phishing schemes, software piracy, and criminal trademark infringement. Immediately following September 11, 2001, Paul also oversaw the initial investigation into computer evidence related to the terrorist Zacarias Moussaoui. Meanwhile, he served on the U.S. Internet and Telemarketing Fraud Task Force, DOJ’s Computer Crimes (CTC) Working Group, the U.S.-Canada Cross-Border Fraud Working Group and the U.S. Anti-Spam Task Force.

Drawing on his in-depth regulatory expertise, Paul joined Stroz Friedberg as a consultant and over time served as general counsel, chief privacy officer, and executive managing director as the data risk management firm grew to global prominence with 14 offices and over 500 employees. He assisted boards, CEOs, CISOs, chief privacy and compliance officers, and counsel with many incident response and internal investigations, and presented technical findings to numerous state and federal agencies. He also logged years of experience mining digital evidence related to privacy and security assessments, high-stakes litigation, trade secret disputes, global FCPA investigations, eDiscovery issues, and online advertising.

Personal Interests

Paul stays active outside of work with many hobbies including running, participating in triathlons, singing a capella and reading mysteries.

Services & Industries

  • Privacy & Data Security
    • Data Breach Prevention & Remediation
    • Privacy Compliance & Counseling
    • Privacy & Data Breach Litigation
    • International Data Protection & Privacy
  • Education
  • Health Care
  • Financial Services
  • International
  • Labor & Employment
  • Regulatory
    • Investigations
  • Retail
  • Telecommunications & Information Technology


UCLA School of Law
J.D., Faculty Committee, Student Body Secretary (1992)

Harvard University
B.A., magna cum laude (1986)

Bar Admissions


California (inactive)

District of Columbia (inactive)

Peter Lefkowitz is Chief Digital Risk Officer at Citrix Systems, Inc. (NASDAQ:CTXS), a leader in unified workspace, networking, and analytics solutions that help organizations unlock innovation, engage customers, and boost productivity without sacrificing security.

Lefkowitz oversees legal, regulatory, and governance risk associated with data, products, and systems, as well as policy engagement on digital issues. He was the 2018 Chairman of the Board of the International Association of Privacy Professionals and is a member of the Boston Bar Association Council. Prior to joining Citrix, he served as Chief Privacy Officer at both GE and Oracle.

Named among The National Law Journal’s “100 Most Influential Lawyers,” Lisa Sotto chairs Hunton Andrews Kurth’s top-ranked Global Privacy and Cybersecurity practice and is the managing partner of the firm’s New York office. She also serves on the firm’s Executive Committee. Lisa has received widespread recognition for her work in the areas of privacy and cybersecurity. She was voted the world’s leading privacy advisor in all surveys by Computerworld magazine and has received top rankings for privacy and data security by Chambers and Partners and The Legal 500. Chambers and Partners honored Lisa with the 2021 Outstanding Contribution to the Legal Profession award, noting that a peer called her “a legend.” Lisa serves as the Chairperson of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. 

Nicknamed both the “Priestess of Privacy” and “Queen of Breach,” Lisa assists clients in identifying, evaluating and managing risks associated with privacy and data security practices. She provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness. Since 2005, she has advised clients on more than 2,000 cybersecurity and data breach incidents in the U.S. and abroad, including many of the world’s seminal events. She has handled numerous cyber incidents and data breaches involving industrial control systems, proprietary business information, and virtually every type of personal information. Lisa regularly meets with senior management to discuss cybersecurity legal developments, and has led numerous full board and audit committee discussions on these topics.

Lisa also advises clients on CCPA/CPRA, VCDPA, GLB, HIPAA, COPPA, CAN-SPAM, FCRA, VPPA, security breach notification laws, and other U.S. state and federal privacy and data security requirements (including HR rules), and global data protection laws (including those in the EU, Asia and Latin America). Lisa is the editor and lead author of the legal treatise entitled Privacy and Cybersecurity Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business. 

Lisa is chair of the New York Privacy Officers’ Forum and a former member of the Board of Directors of IAPP. She received her J.D. from the University of Pennsylvania Law School, where she was an editor of the Law Review. She received her B.A. from Cornell University, with Distinction in All Subjects. Lisa is admitted to practice in New York.

Paul is a partner in Hunton & Williams LLP’s Washington office. He co-chairs the firm’s multi-disciplinary Cyber and Physical Security Task Force and its Energy Sector Security Team. He assists clients from a wide range of sectors with security, law enforcement, electronic surveillance and privacy issues. Paul regularly advises companies on risk management, preparedness, cyber incident response, compliance, litigation, policy and legislation.  

Prior to joining Hunton & Williams, Paul served as Special Counsel and then Senior Counselor for Cybersecurity and Technology to the Director of the Federal Bureau of Investigation. In that position, he advised the FBI Director on programmatic, policy and legal issues relating to cyber, counterintelligence and counter-terrorism. He also represented the FBI in senior-level discussions with other agencies, the White House, Congress and industry.

Paul previously served on the US Senate Judiciary Committee as Counsel to the Senate Assistant Majority Leader, where he wrote legislation and provided advice on criminal and national security issues. He is a former Assistant US Attorney in the District of Maryland. At the US Attorney's Office, Paul investigated and prosecuted cyber intrusions, intellectual property violations, white collar fraud, organized crime, drug trafficking, and violent crimes. He also served as the coordinator of computer hacking and intellectual property cases.

Paul began his career as a law clerk for the Honorable Mary Schroeder of the US Court of Appeals for the Ninth Circuit, and then served as a trial lawyer in the honors program of the Department of Justice Civil Rights Division. In between stints in the government, he was in private practice at a large law firm handling civil and criminal litigation matters involving complex technology.

Paul is an adjunct professor of cybersecurity law and policy at George Washington University, a guest lecturer on cybersecurity and privacy at various universities, and an instructor at the National Institute for Trial Advocacy. He is a member of the Virginia Cyber Security Commission, appointed by Governor Terry McAuliffe; a member of the Maryland Cybersecurity Council, appointed by Attorney General Brian Frosh; and Chair of the Montgomery County Criminal Justice Coordinating Commission, appointed by County Executive Ike Leggett.

Al Saikali is a national leader in privacy and data security law according to Chambers and Legal 500.  Al represents companies in matters involving the collection, use, storage, and security of personal information. Al and his team at Shook Hardy & Bacon have represented companies in more than 150 privacy and data security class action lawsuits, including more biometric privacy class actions than any other law firm in the United States. He has represented companies in incident response matters impacting as many as ten million individuals in 120 countries. Al’s dedication to his clients earned him the Lexology Client Service Award two years in a row. 

In addition to chairing Shook Hardy & Bacon’s Privacy and Data Security practice, Al founded and is Chair Emeritus of the Sedona Conference’s Working Group on Privacy and Data Security Liability.  He is one of a small number of data privacy practitioners who hold the Fellow in Privacy designation, accredited by the International Association of Privacy Professionals.  Al is often quoted by the Wall Street Journal, Bloomberg BusinessWeek, and Law360 for his thoughts on cybersecurity and data privacy trends. 

In his spare time, Al maintains a blog (, where he writes about emerging developments in privacy and data security law. 

David Glockner is the Chief Compliance Officer for Citadel, a global hedge fund based in Chicago. From 2013-2017 he served as Regional Director of the SEC’s Chicago Regional Office, overseeing the SEC’s examination and enforcement work in nine Midwestern states. While at the SEC he also served as co-chair of the SEC’s Cybersecurity Working Group and was a leader in the SEC’s efforts to expand its use of data analytics in examination and enforcement work. Prior to joining the SEC, he was a managing director at a global digital risk management firm. He spent nearly 25 years as a prosecutor in the United States Attorney’s Office in Chicago, including 11 years as chief of the office’s criminal division, where he was involved in numerous high-profile matters involving public corruption, financial fraud, and national security. He is an adjunct professor at the University of Illinois College of Law, where he teaches a class on cybersecurity and the legal system.

Keith Enright serves as Google’s Chief Privacy Officer and leads the global privacy legal team.  He joined Google in March 2011. He has more than 20 years of experience in creating and implementing programs for privacy, data stewardship, and information risk management.

Prior to joining Google, Keith served as the senior-most privacy executive at two Fortune 500 online and offline retail enterprises, as senior consultant for a leading global consulting practice, and as General Counsel for a privately held advertising technology company.

Keith has been a featured speaker discussing online privacy and related subjects on NBC Nightly News with Brian Williams, CNN, NPR Talk of the Nation and other major media outlets. He has been a guest speaker at Harvard Law School, Stanford Law School, and the Massachusetts Institute of Technology, and is frequently featured at industry events focusing on technology, privacy and data protection.

Keith serves on the Board of Directors of Zoom Information, Inc., and previously served a 5-year term on the Board of Directors of the International Association of Privacy Professionals. He is NACD Directorship Certified by the National Association of Corporate Directors, is a member of the Maryland Bar, and holds the Certified Information Privacy Professional certification from the International Association of Privacy Professionals.

Matthew H. Meade is co-chair of the firm's Cybersecurity and Data Protection Group where he provides advice regarding data security breaches, information and records management and other areas regarding privacy. He helps clients identify business risks associated with the use and storage of sensitive information. Matt regularly advises clients on security breach notification laws and other U.S. state and federal data security requirements (including laws regarding disposal of records). Matt drafts agreements addressing issues related to data use, privacy and security. He also has prepared document retention and management policies and developed associated training programs.

Matt's recent representations include:

  • Advised numerous entities, including health care providers, manufacturers, retailers, schools, security alarm companies, financial services company, county governments and collection agency on information security breach notification procedures and development of post breach corrective action plans.
  • Coordinated response to multi-state security breaches and hacking with local and federal law enforcement, district attorney and United States Attorney.
  • Performed comprehensive review and subsequent revisions of all security policies for leading hospitality provider and then provided data security training to managers and executives on subjects covered in policies.
  • On behalf of a health care automation solutions provider, obtained dismissal of claims arising from the theft of an employee’s laptop computer containing protected health information, on grounds that court lacked subject matter jurisdiction because plaintiff failed to adequately allege injury-in-fact.
  • Assisted banking client with response to unauthorized customer wire transfer, including developing post-incident policy enhancements.
  • Coordinated internal investigation of health care data breach, subsequent patient notice, communication with the Department of Health & Human Services Office of Civil Rights (“OCR”) and development of corrective steps. OCR closed the case taking no further action and noting the voluntary compliance efforts of the entity.
  • Negotiated with states attorney general office’s on behalf of cloud storage company holding data of health care entity involved in multi-state investigation and multi-jurisdiction litigation.
  • Prepared and reviewed company policies including Written Information Security Programs, document management, social networking and incident response.
  • Conducted internal investigation of processes and procedures of professional sports league, including analysis of discipline by league of teams, coaches and players, and of document management policy.
  • Conducted an internal investigation of a large-scale data leak of personnel information at a Fortune 100 corporation; interviewing relevant employees and preparing a report and recommendations for the Executive Board.
  • Advised clients on proper security measures in connection with employee and customer personal information.

Prior to joining Buchanan, Matt was an associate with the New York office of an international law firm, where, in addition to privacy-related matters, he worked on white-collar internal investigations, federal litigation matters and federal criminal cases, including plea negotiations, participation in proffer sessions, bail proceedings, guilty pleas, pre-sentence reports and negotiations with the United States Attorney's Office.

Matt was selected for inclusion in The Best Lawyers in America® list in  2017 under the Privacy and Data Security Law category.

Matt serves on  the Steering Committee for the Sedona Conference Working Group 11 on  Data Security and Privacy Liability, which brings “together lawyers, judges, policy makers, security experts, technologists and business leaders to identify and develop principles and best practices that will constructively resolve issues surrounding data security and privacy liability.”  Matt speaks and writes regularly on data security and is a co-chair of the ABA’s Second Annual National Institute on Cybersecurity.

Zoe Strickland is a Senior Fellow at the Future of Privacy Forum.  Over a twenty-year period, Zoe has served as head of global privacy and other roles for Fortune 20 companies and agencies, including in healthcare, banking, retail and government.  Zoe’s experience in multiple industry sectors at some of the world’s largest companies has given her a unique perspective in the evolving world of privacy, information protection, and effective compliance structures. 

Roles have included:

  • Vice-President, Global Privacy & US Commercial Compliance for Cigna health and life insurance, where she was responsible for the enterprise privacy program (including managing legal and compliance functions and co-chairing the senior level Cyber & Privacy Council), and for the domestic healthcare compliance programs for Cigna’s commercial businesses.
  • Managing Director, Global Chief Privacy Officer, for JPMorgan Chase, where she led the firm’s privacy compliance program, and was actively involved in other information compliance and risk initiatives such as regarding the firm’s risk taxonomy and risk appetite
  • Vice-President, Chief Privacy Officer for UnitedHealth Group, where she led the firm’s privacy program, co-chaired the senior level Privacy & Security Steering Committee, and led implementation of HITECH privacy requirements.
  • Vice-President, Chief Privacy Officer for Walmart Stores Inc, leading their privacy and records programs and strategy, including integration and management of online and offline practices.
  • Chief Privacy Officer and head of consumer policies for the United States Postal Service, where she developed its privacy program, updated the records program, and headed other consumer functions like claims appeals.

Zoe is an active participant in the privacy community.  She previously served on the IAPP Board of Directors, and led the bank subgroup for the Business Roundtable regarding new approaches to privacy.  Other cross-industry memberships included: GS-1 privacy workgroup (co-chair); privacy/security subcommittee of the Council for Excellence in Government (co-chair); Centre for Information Policy Leadership; AHIP Privacy & Confidentiality Work Group; Confidentiality Coalition of the Healthcare Leadership Council; RIM Council; RILA Privacy and security workgroup; and FPF Advisory Board.

Zoe is a frequent speaker at industry conferences and events, including keynotes at the 2015 IAPP Asia-Pacific conference and the 2016 Executive Women’s Forum.  She has been quoted in several media sources such as The New York Times, USA, and National Public Radio.  She has testified at subcommittees of the House Energy and Commerce Committee, and was interviewed by the Economist on data sovereignty:

Early in her privacy career, Zoe won the 2004 IAPP Privacy Innovations Award for work on privacy impact assessments, and was featured in the 11/04 edition of Government Executive and the 2002 book Privacy Payoff: How Successful Businesses Build Consumer Trust by Ann Cavoukian and Tyler Hamilton.

Anita L. Allen is an expert on privacy law, the philosophy of privacy, bioethics, and contemporary values. She is a graduate of Harvard Law School and received her Ph.D. in Philosophy from the University of Michigan. At Penn she is the Vice Provost for Faculty and the Henry R. Silverman Professor of Law and Professor of Philosophy. She has been a visiting professor at Harvard, Yale, Princeton, Tel Aviv University (Israel) and Waseda University (Tokyo, Japan), among others.  In 2010 she was appointed to the Presidential Commission for the Study of Bioethical Issues. In 2016 she was elected to the National Academy of Medicine. Her books include Unpopular Privacy: What Must We Hide (Oxford, 2011); The New Ethics: A Guided Tour of the 21st Century Moral Landscape (Miramax/Hyperion, 2004); Why Privacy Isn’t Everything: Feminist Reflections on Personal Accountability (Rowman and Littlefield, 2003); and Uneasy Access: Privacy for Women in a Free Society (Rowman and Littlefield, 1988), the first monograph on privacy written by an American philosopher. Her textbooks include: Privacy Law and Society (Thomson/West, 2016, with Marc Rotenberg, President of the electronic Information Privacy Center.), a comprehensive textbook on the US law of privacy and data protection, with chapters on the common law, constitutional law, federal statutory law, surveillance law and international standards. Allen, who has published more than a hundred scholarly articles, book chapters and essays, has also contributed to popular magazines, newspapers and blogs, and has frequently appeared on nationally broadcast television and radio programs. Allen has been active as a member of editorial, advisory, and charity boards, and in professional organizations relating to her expertise in law, philosophy and health care. She is currently on the boards of EPIC, the WCG Foundation, and is a member of the IRB for the Precision Medicine Initiative.

Ben Rossen is a senior attorney in the FTC’s Division of Privacy and Identity Protection, where he represents the Commission in consumer protection matters concerning privacy, data security, and the Internet of Things.  Mr. Rossen also advises on a variety of educational and policy initiatives at the Commission, with a special focus on developing consumer and business guidance on ransomware.  Mr. Rossen regularly speaks about the Commission’s privacy and data security efforts at a wide variety of industry conferences and other events.   Previously, Mr. Rossen practiced at Patterson Belknap Webb & Tyler and at Cravath, Swaine & Moore. He clerked for the Hon. Carol Bagley Amon in the Eastern District of New York and is a graduate of Harvard Law School.

Margaret Keane is a Partner in the employment group at the international firm of DLA Piper LLP.  She is based in San Francisco and works with clients to address the challenges of today’s workplace, including workplace privacy, employee mobility issues, mobile devices, wage and hour compliance, and related workplace issues.

Matthew Fitzsimmons is the Head of Cigna’s Privacy & Information Protection Compliance Office and Lead Privacy & Cybersecurity Counsel. At Cigna, Matt is responsible for leading the privacy and information protection compliance team, handling complex privacy and information protection issues and leading the enterprise’s incident response team, leading investigations, breach notification, and incident management activities. Matt also oversees the review and implementation of privacy related legislation, the conduct environmental scans to identify external privacy issues. 

Prior to joining Cigna, Matt was an Assistant Attorney General in Connecticut, heading that Office’s Privacy and Data Security Department. In that role, Matt served as the lead attorney in the AG’s Office on all matters involving data security and privacy, including co-leading the investigation and negotiating the largest ever multistate data breach settlement with a prominent retailer. Matt also served as co-lead counsel in the first-ever state enforcement action for alleged violations of HIPAA. Throughout his time in the AG’s Office, Matt litigated an array of complex matters in state and federal court.

Matt is a frequent guest speaker and panelist at industry and continuing legal education events on the topic of data privacy and security, and has contributed to panel discussions in the United States and Canada. Recently, he was named one of Law360’s “5 Influential Privacy Regulators That You Should Know,” as well as being named to Connecticut Magazine’s 2014 “Forty under 40” and Connecticut Law Tribune’s “New Leaders in the Law.”

Matt also served as Adjunct Professor at the University of Connecticut School of Law, where he taught oral advocacy and brief writing as part of the school’s Moot Court program.

Ryan Gibney is Vice President at the Northeast Series of Lockton Companies and leads the Northeast Cyber Technology Practice. Mr. Gibney has vast experience designing complex E&O/Cyber insurance programs inclusive of manuscript policy development and program implementation, which he developed while working as a Tech/Cyber underwriter at two leading insurance carriers, CNA and XL, and as the leader of the Cyber Technology Practice at Lockton DC. As a result of this experience, Ryan “thinks like an underwriter,” a mindset that serves his Lockton clients well as the technology and cyber market evolves in the face of new risks and challenges. Mr. Gibney is a frequent speaker at large industry events and participates as a key resource for Lockton globally in communication to our clients on cyber issues.

Shannon Coe is the Team Lead for Data Flows and Privacy at the Department of Commerce’s International Trade Administration (ITA), Office of Digital Services Industries.  In this capacity, she was a key member of the team negotiating the new EU-U.S. Privacy Shield Framework and is leading the team in implementing the Privacy Shield program.  She is also Chair of the APEC Electronic Commerce Steering Group and is working to implement the APEC Cross Border Privacy Rules System.  Prior to joining ITA, Shannon was a legal advisor in the Office of Chief Counsel for International Commerce of the Department of Commerce and worked on a variety of international trade issues, including e-commerce and data flows.

Susan M. Shook serves as the Global Privacy Officer at The Procter & Gamble Company.  She is also Director and Associate General Counsel leading the Global Privacy, Cybersecurity and IT Law team, a group of specialist attorneys operating across countries in North America, Europe, Asia, and Latin America within P&G’s Legal Division.  This team specializes in providing legal and strategic guidance on digital innovation and information technology at the Company. They also design and help deliver privacy and related cybersecurity compliance systems for use across the enterprise’s information and operations management systems.  Ms. Shook’s career at P&G spans 20 years, and she has worked in multiple legal rotations including IP law (trademarks, copyright, rights of publicity), advertising law, corporate and securities law, and antitrust law before specializing this past decade in digital, privacy, and cybersecurity legal issues. Her team works closely with almost all business units and functions within P&G, from Marketing to IT to HR.  She is a graduate of the Indiana University School of Law, summa cum laude.

Geff is an Associate General Counsel in the Regulatory Affairs group of Microsoft Corporation’s Legal and Corporate Affairs Department in Redmond, Washington. Since rejoining Microsoft in 2007, he has counseled Microsoft businesses on privacy and data protection issues, with a current focus on cross-border data flows, cloud privacy, and mobile privacy.   Geff has been responsible for providing privacy advice for several Microsoft products including Office and Windows. Most recently he has provided privacy and data protection advice to Microsoft’s enterprise cloud services, operating systems, and devices.