Skip to main content

Twenty-First Annual Institute on Privacy and Cybersecurity Law

Speaker(s): Christine E. Lyon, D. Esther Chavez, Dorothy Glancy, Eric Heath, Eric Goldman, Francoise Gilbert, Greg Silberman, Hilary M. Wandall, James G. Snell, James X. Dempsey, Jan Dhont, Jared Ho, Jody Westby, John Bowman, Jonathan Fox, Kathryn J. Fritz, Leonard T. Nuara, Lothar Determann, Margaret A. Keane, Merri A. Baldwin, Michelle Ontiveros Gross, Michelle Visser, Polina Zvyagina, Seth Harrington, Sheila Jambekar, Stacey D. Schesser, Stephen S. Wu, Thomas J. Smedinghoff, Yen P. (TiTi) Nguyen
Recorded on: Sep. 9, 2020
PLI Program #: 273914

Christine Lyon is a partner in Morrison & Foerster’s Privacy + Data Security practice.  Chris helps companies develop privacy and data protection strategies for new products and services, as well as privacy compliance programs for their customer and employee data. A trusted advisor, Chris works collaboratively with her clients to develop practical approaches that leverage data while complying with evolving global privacy and data protection laws.

Based in Silicon Valley, Chris’ clients span various industries for which data are vital to operations or business models, including technology service providers, hardware and software companies, pharmaceutical and biotechnology companies, and consumer product manufacturers.  She has extensive experience navigating privacy risks from design through production and beyond, regularly counseling startups and large multinationals alike throughout the lifespans of their products and services.  Chris has particularly extensive experience advising technology companies on building privacy protections into cutting-edge offerings including connected products and services (Internet of Things), artificial intelligence (AI) and data analytics, and cloud-based services, as well as on managing the related “Big Data” implications.  She also frequently conducts privacy assessments of new products and services and helps clients structure and negotiate the privacy aspects of M&A and other strategic transactions to both achieve compliance and manage data risks.

By addressing emerging data protection laws, including the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), Chris helps clients achieve efficiency and cross-jurisdictional coordination in their privacy programs. Chris also has experience implementing a variety of mechanisms to facilitate international data flows and transfers, including EU Binding Corporate Rules, Privacy Shield certification, and international data transfer agreements. She has coordinated projects spanning privacy law requirements in dozens of countries, consolidating this information into practical, actionable privacy programs for clients.

Legal500 US has recognized Chris as a “rising star” in the area of privacy and data protection, and she has received The Burton Award for Distinguished Legal Writing.  She frequently writes and speaks on U.S. and global data protection laws, particularly on technology-related privacy issues.

D. ESTHER CHAVEZ currently serves as Senior Assistant Attorney General in the Consumer Protection Division of the Office of Texas Attorney General Ken Paxton where her work encompasses a broad range of consumer protection concerns with a focus on civil enforcement cases relating to privacy and data security.

Ms. Chavez’ current professional activities include service as Immediate Past-Chair of the Texas State Bar’s Consumer & Commercial Law Council and as Course Director of the State Bar’s 2018 Advanced Consumer & Commercial Law Conference. 

Ms. Chavez is a frequent speaker at national and state continuing legal education seminars on a variety of privacy and consumer protection topics and most recently has been a presenter at the 22nd Annual Health Care Compliance Institute; the Federal Trade Commission’s 2020 Southeast Region Common Ground Conference and the National Association of Attorneys’ General Consumer Protection Spring and Fall Seminars.

Ms. Chavez obtained her undergraduate and legal education at the University of Texas at Austin and the University of Texas School of Law.

Francoise Gilbert, CEO of DataMinding, is one the world’s top legal experts in the areas of privacy and data security compliance, data governance, and risk management. She is the primary author and editor of the law treatise "Global Privacy and Security Law" (2 volumes, 4, 000 pages; Wolters Kluwer publisher) which covers in depth the privacy and data protection laws of 68 countries on all continents.

Ms. Gilbert received the 2019 Vanguard Award (California Lawyers Association) in recognition of her pioneering work in the area of data privacy and security law.  She has received numerous accolades from her peers acknowledging her thought leadership in identifying and addressing the unique privacy and data security legal issues raised by emerging technologies, including recognitions by the National Law Journal as “Privacy & Cybersecurity Trailblazer”, and by Best Lawyers as a “San Francisco Best Lawyer of the Year” in the area of Data Protection. She currently focuses her research and analysis on the myriad privacy, security and ethical issues raised by the use of Artificial Intelligence (AI) and Internet of Things (IoT) technologies.

In her private practice, she assists clients in anticipating their data security, privacy, and information management obligations, and in addressing these obligations in the context of their business and revenue objectives. Projects include, among others, framing and designing disclosures and compliance programs to meet the most recent legal developments, such as the California Consumer Protection Act (CCPA), or the European General Data Protection Regulation (GDPR); structuring Data Protection by Design and by Default processes in the development of new products; or implementing practical structures to address global operations and cross-border data transfer restrictions.

Greg Silberman is Vice President and Deputy General Counsel at Blackberry Corporation where he oversees the implementation and enforcement of practices that manage data in accordance with the Blackberry’s Privacy Principles with the goal of making Blackberry a leader with respect to employee and customer privacy. As a lawyer, Greg has over 20 years’ experience working with companies to develop solutions to address complex business and legal issues at the intersection of intellectual property, privacy and information security. Prior to joining Blackberry, he was a partner in the Cybersecurity, Privacy and Data Protection practice group in the Silicon Valley office of Jones Day. Earlier in his career, Greg served as Intellectual Property Counsel at Lawrence Berkeley National Laboratory.

Hilary Wandall is General Counsel, Corporate Secretary and Chief Data Governance Officer of TrustArc Inc.  She oversees all legal, regulatory and policy and strategic partnership matters and manages the legal, policy and data governance, regulatory affairs and business development teams.  She also serves as President of the certification subsidiary, TRUSTe LLC.  Hilary joined TrustArc in 2016 after 22 years at the global pharmaceutical company, Merck, where she most recently was AVP, Compliance and Chief Privacy Officer.  Hilary led the global privacy program at Merck since 2004 and the global compliance program for the Merck Animal Health business since 2013.  During her tenure at Merck, Hilary also held positions as corporate attorney, marketing promotion manager and biomedical research scientist.

Hilary is actively engaged in efforts to support the development of the privacy profession, to drive interoperability across privacy and data protection regimes around the world, and to scale and integrate privacy and data governance through technology.  She recently has co-authored multiple articles on cross-jurisdictional privacy interoperability.  She has been involved in various organizations across the privacy and legal communities, including the Executive Committee of the IAPP Board of Directors and 2016 IAPP Board Chairman, Chair of the Board of the International Pharmaceutical Privacy Consortium, member of the OECD Privacy Experts Working Group, Executive Committee of the Board of Trustees of the International Accountability Foundation, Advisory Board of the Future of Privacy Forum, Steering Committee of the Centre for Information Policy Leadership, and the Advisory Board of the Temple Law Center for Compliance and Ethics.

Hilary received her law degree and MBA from Temple University, Master of Bioethics from the University of Pennsylvania, and Bachelor of Science in Biology from Moravian College. She holds the CIPP/US, CIPP/EU and CIPM certifications.  She is also a Fellow of Information Privacy.  She is admitted to practice law in New Jersey and Pennsylvania.  She resides with her family in Pennsylvania.

Jan Dhont is a partner in the Brussels office of Wilson Sonsini Goodrich & Rosati, where his practice focuses on privacy and cybersecurity matters. Jan has been counseling on these matters for more than 20 years. He helps corporate clients identify and resolve privacy and cybersecurity compliance issues in the EU and design and implement their General Data Protection Regulation (GDPR) compliance programs. He has particular experience in guiding companies through the preparation and application process for binding corporate rules (BCRs).

Jan works with global and U.S.-based public and private companies in a wide variety of industries, such as pharmaceuticals and chemicals, software and cloud, internet, logistics and postal, retail, insurance, human resources, automotive, payment, and financial services. He also works with clients on responding to data breaches and other cybersecurity incidents, and he has specific experience in representing them before supervisory authorities and in court. Jan is a frequent speaker on topics relating to privacy and is widely known in data privacy and security circles.

Prior to joining the firm, Jan was a partner in the Brussels office of Alston & Bird from 2015 to end of 2018, where he led the European data privacy practice. From 2007 to 2015, he was the co-founder and a partner at Lorenz Law in Brussels, a boutique law firm which inter-alia focused on privacy and data security issues for U.S.-based public and private companies. Previously, Jan was a senior associate in the Brussels office of Crowell & Moring LLP and an associate at Hunton & Williams LLP. He started his legal career as a legal advisor at the Belgian Data Protection Authority and as a research fellow in privacy and data protection law at the Research Center on IT and Law (CRID) of the University of Namur in Belgium. 

Jim Dempsey is Executive Director of the Berkeley Center for Law & Technology at the UC Berkeley School of Law, where he teaches a course on cybersecurity law in the LL.M. program.  From 2012 to 2017, Jim also served, after Senate confirmation, as a part-time member of the US Privacy and Civil Liberties Oversight Board, an independent agency within the federal government charged with advising senior policymakers and overseeing the nation’s counterterrorism programs.  From 1997 to 2014, Dempsey was at the Center for Democracy & Technology (CDT), a non-profit public policy organization focused on privacy and other issues affecting the internet. He held a number of leadership position at CDT, including Executive Director (2003 to 2005) and head of CDT West (2005 to 2014). Other experience includes Deputy Director of the non-profit Center for National Security Studies, Assistant Counsel to the House Judiciary Committee’s Subcommittee on Civil and Constitutional Rights, associate at Arnold & Porter, and law clerk to the Hon. Robert Braucher, Massachusetts Supreme Judicial Court. Jim’s publications include “Cybersecurity Information Sharing Governance Structures: An Ecosystem of Diversity, Trust, and Tradeoffs” (with Elaine M. Sedenberg), in Rewired: Cybersecurity Governance (2018); “Bulk Collection: Systematic Government Access to Private-Sector Data” (ed., with Fred H. Cate) (Oxford, 2017); and “The Path to ECPA Reform and the Implications of United States v. Jones,” Univ. of San Francisco L. Rev. (2012). He is a graduate of Yale College and Harvard law School.

Jim Snell is a partner in the Privacy & Security Group at Perkins Coie.  He represents clients in a broad range of complex commercial matters, including Internet and privacy issues, security issues, IP, false advertising, and class actions.  Jim’s experience includes, among other things, IoT, unmanned vehicles, wiretap and surveillance matters, AI and machine learning, the Communications Decency Act, biometrics, web scraping, data breach, and the Telephone Consumer Protection Act.

Jim is a Certified Information Privacy Professional (CIPP) as designated by the International Association of Privacy Professionals (IAPP).

John Bowman is a Senior Principal in Promontory's privacy and data protection team based in London. John advises clients on all aspects of compliance with data protection laws and regulations. Prior to joining Promontory, John worked at the U.K. Ministry of Justice where he was the government’s lead negotiator on the EU General Data Protection Regulation (GDPR). This work involved leading the U.K. delegation to the Council of the European Union’s DAPIX expert working group in Brussels, developing the government’s policy position on the GDPR, engaging with a wide range of stakeholders and advocates, and regularly briefing ministers.

John also represented the U.K. at the European Commission's Article 31 Committee, which was responsible for determining the adequacy of non-EU data-protection regimes. He earlier represented the UK government in negotiations on reviewing The Hague Conventions on International Child Abduction and led the government’s outreach to domestic Muslim communities on issues related to family law. John also carried out a comprehensive review of the UK’s claims management regulatory regime for the Ministry of Justice.

John is a regular speaker on privacy matters and has delivered keynote addresses at the Sedona Conference and IAPP Data Protection Intensive. He has also had articles published by Privacy Laws and Business, Practical Law Company, Bloomberg BNA, IAPP and the European Data Protection Law Review. John was appointed to the IAPP European Advisory Board in 2019. He holds the CIPP/E, CIPM and FIP certifications.

Jonathan Fox, Director of Privacy Engineering and Strategy and Planning, is a member of Cisco’s Chief Privacy Office and co-author of THE PRIVACY ENGINEER’S MANIFESTO, Getting from Policy to Code to QA to Value (ApressOpen 2014).

With over 17 years of privacy experience, Jonathan’s principal areas of focus have been product development, government relations, mergers and acquisitions, and training. He is a Certified Information Privacy Professional (CIPP/US), a Certified Information Privacy Manager (CIPM), and was a Certified Information Security Manager (CISM).

Prior to Cisco, Jonathan was a Senior Privacy Engineer at Intel.  His previous roles have included Director of Data Privacy, McAfee; Director of Privacy, eBay; Deputy Chief Privacy Officer for Sun Microsystems, and Editor-in-Chief of        

Jonathan frequently speaks at industry events and is a member of the IEEE P7002 Personal Data Privacy Working Group, part of the IAPP Privacy Engineering Section Forum Advisory Board, and is Chair of the ISO/PC 317 Consumer Protection: Privacy by Design for Consumer Goods and Services US Technical Advisory Group.

Lothar Determann practices and teaches international data privacy, technology, commercial and intellectual property law.

At Baker McKenzie in San Francisco and Palo Alto, he has been counseling companies since 1998 on data privacy law compliance and taking products and business models international. Admitted to practice in California and Germany, he has been recognized as one of the top 10 Copyright At-torneys and Top 25 Intellectual Property Attorneys in California by the San Francisco & Los An-geles Daily Journal and as a leading lawyer by Chambers, Legal 500, IAM and others. For more information see Contact:

Prof. Dr. Determann has been a member of the Association of German Public Law Professors since 1999 and teaches Data Privacy Law, Computer Law and Internet Law at Freie Universität Berlin (since 1994), University of California, Berkeley School of Law (since 2004), Hastings Col-lege of the Law (since 2010), Stanford Law School (2011) and University of San Francisco School of Law (2000-2005). He has authored more than 150 articles and treatise contributions as well as 5 books, including Determann’s Field Guide to Data Privacy Law (4th Edition, 2020, also available in Chinese, German, Hungarian, Japanese, Portuguese, Russian, Spanish and Turkish) and Cali-fornia Privacy Law - Practical Guide and Commentary on U.S. Federal and California Law (4th Ed. 2020).

Recent papers include Healthy Data Protection (, Electronic Form over Substance (, No One Owns Data (

Merri Baldwin is a shareholder at Rogers Joseph O’Donnell, where her practice focuses on attorney liability and commercial litigation.  She handles claims of legal malpractice and breach of fiduciary duty, as well as motions to disqualify and for sanctions.  She regularly counsels lawyers and law firms on legal ethics and law practice management issues.  She represents attorneys in disciplinary matters before the State Bar of California, and has extensive experience handling attorney-client fee disputes.  Ms. Baldwin is a Vice-Chair of the State Bar of California’s Closing the Justice Gap Working Group.  Ms. Baldwin is a former chair of the State Bar of California Committee on Professional Responsibility and Conduct, and is currently a member of the California Lawyers Association Ethics Committee.  She is a co-chair of the Legal Malpractice subcommittee for the American Bar Association Litigation Section Committee on Professional Services Litigation.  Ms. Baldwin served as the President of the Bar Association of San Francisco for 2017.  Ms. Baldwin frequently lectures to attorneys and professional organizations on issues related to litigation, legal malpractice and ethics issues, and she is a lecturer at the University of California at Berkeley School of Law.  Ms. Baldwin co-edited The Law of Lawyers’ Liability (ABA/First Chair Press 2012) and since 2006 she has served as a consulting editor for the Attorney Fee Agreement Forms Manual, published by Continuing Education of the Bar, California.  Prior to law school, Ms. Baldwin was a Fulbright Scholar at the London School of Economics.


J.D., University of California at Berkeley, School of Law (Boalt Hall)

B.A., Smith College, Magna Cum Laude with high honors

Michelle Ontiveros Gross is a partner in Mayer Brown's Technology Transactions and Cybersecurity & Data Privacy practices in Northern California. Her practice includes advising clients on a wide range of technology-related matters, including data, digital services, outsourcing, licensing and M&A transition services and support. She also advises clients on data privacy and security matters, including with respect to cybersecurity, technology and data initiatives, development of privacy and data security policies, and product development.

Michelle has significant experience with intellectual property strategy and commercialization; copyright, patent and trademark matters; and integration of business units and product lines in connection with mergers and acquisitions. She frequently advises clients on large-scale, complex business process and information technology outsourcing transactions across a broad range of business processes, such as finance and accounting, information technology, application development and maintenance, human resources, claims processing, logistics, co-location, and facilities management.

Michelle Visser has extensive experience in defending companies that face the regulatory investigations, class action litigation, and payment card brand claims that frequently follow the announcement of cybersecurity incidents. In addition to litigating privacy and cybersecurity matters, Michelle has navigated numerous companies through their cybersecurity response, including by overseeing technical forensic investigations, advising on notification obligations and coordinating communication strategies.

When faced with an incident, companies call Michelle for crisis response with an eye toward potential litigation. Clients also look to Michelle for privacy and cybersecurity advice before a crisis is at hand. Michelle regularly takes the lessons learned from litigating privacy and cybersecurity matters to provide clients with proactive advice on how to structure their privacy and cybersecurity programs and incident response plans in ways designed to reduce legal exposure.

For her role in representing companies that have faced some of the most high-profile cybersecurity incidents and litigation to date, Michelle was named one of the “40 Under 40” in 2018 by the Global Data Review and a “Rising Star” by Law360 in 2015. She was also recognized as one of the “Women Leaders in Technology Law” by The San Francisco Recorder in 2015.

Michelle is also regularly turned to for defense against other types of class actions and complex litigation with experience in defending companies against securities, antitrust, and other commercial claims.

Professor Dorothy Glancy is nationally known for her extensive work in the area of privacy and transportation law. Under a grant from the Federal Highway Administration of the U.S. Department of Transportation, she directed a legal research project regarding privacy and intelligent transportation systems. She has also been a consultant to the Metropolitan Transportation Commission (MTC) in the San Francisco Bay Area, worked with the United States Department of Transportation regarding privacy policy issues, and served as a consultant regarding legal and regulatory issues for the United States Department of Transportation’s Rural Interstate Corridor Communications Study Report to Congress (2007).

Professor Glancy has taught at Santa Clara University School of Law since 1975, with the exception of brief periods where she served as visiting professor at the University of Arizona and as assistant general counsel at the U.S. Department of Agriculture in Washington, D.C. Prior to joining the Santa Clara faculty, she practiced law in Washington, D.C., and then served as counsel to the U.S. Senate Judiciary Subcommittee on Constitutional Rights during the Watergate Investigations. Upon graduation from law school, Glancy was awarded a Stevens Traveling Fellowship that took her around the world to interview women political leaders.


J.D., Harvard Law School

B.A., Wellesley College

Areas of Specialization

 Property, Intellectual Property, Administrative Law, Natural Resources, Land Use, Seminar in Privacy

Affiliations and Honors

  • Founding Member, Harvard Women’s Law Association
  • Member, California and District of Colombia Bar
  • Member, American Bar Association
  • Chair, Defamation and Privacy Section, Association of American Law Schools
  • Chair, Property Law and Environmental Law Sections, Association of American Law Schools
  • Council Member, ABA Section on Natural Resources, Energy and Environmental Law Section, State Bar of California
  • Life Member, American Law Institute
  • Advisor, Restatement, Third, of Property: Servitudes

Seth Harrington counsels clients through all stages of a privacy or data security incident, navigating the array of legal issues that arise, managing the response and investigation of an incident and defending clients against resulting litigation and regulatory investigations. He is also a trusted advisor of top U.S. companies on cyber risk insurance, leveraging his experience to provide a nuanced understanding when evaluating cyber risk insurance contracts.

Seth collaborates with colleagues firmwide on privacy and cybersecurity compliance and on incident response, applying lessons learned from significant incidents to help clients ensure compliance and effective planning.

Seth also has experience representing clients in connection with claims by credit card brands and financial institutions around payment card-related data breaches. He advises clients on the Payment Card Industry Data Security Standards and negotiation of agreements implicating payment card data.


Sheila Jambekar (CIPP/US and CIPP/E) is Senior Director, Associate General Counsel at Twilio, a high-growth public communications platform as a service company, with over a dozen locations worldwide and global reach.  At Twilio, Ms. Jambekar built and continues to lead the privacy program.  This has included spearheading the operationalization of GDPR throughout the organization as well as obtaining approval for and overseeing the implementation of Twilio’s Binding Corporate Rules.  In addition to overseeing the privacy program, she also oversees the product compliance and law enforcement response operations functions.  Prior to joining Twilio, Ms. Jambekar was Senior Counsel at Zynga where she advised the company regarding privacy and product compliance, including marketing and promotions legal compliance.

Thomas J. Smedinghoff is Of Counsel in the Privacy & Cybersecurity practice group in the Chicago office of Locke Lord LLP.  Named as a Top 50 Intellectual Property Trailblazer and Pioneer by the National ?Law ?Journal, he is internationally recognized for his leadership in addressing emerging legal issues regarding electronic transactions, identity management, information security, and online authentication issues from both a transactional and public policy perspective. He has been retained to structure and implement first-of-their-kind ?e-commerce ?initiatives, electronic transactions, and identity management and ?information ?security legal infrastructures for the federal government and national and ??international businesses including banks, insurance companies, investment ??companies, and certification authorities.  He has also been actively involved in ??developing legislation and public policy in the area of electronic business and identity ?management at the state, ?national, and international levels. ?

He is Chair of the American Bar Association (ABA) Identity Management Legal Task Force, and previously Co-Chair of the ABA Cybersecurity Legal Task Force, and Co-Chair of the Cybersecurity Subcommittee in the ABA Business Law Section. He is also an advisor to the U.S. Delegation to the United Nations Commission on International Trade Law (UNCITRAL), and in that capacity he helped to negotiate the international e-commerce treaty known as the United Nations Convention on the Use of Electronic Communications in International Contracts. He is currently working with UNCITRAL to develop international legal rules to govern electronic identity management issues. He also served as an Advisor to the Uniform Law Commission Study Committee on Identity Management in Electronic Commerce.        

Tom is co-editor and contributing author of the Guide to Cybersecurity Due Diligence in M&A Transactions (ABA, 2017), and a contributing author to the 1st and 2nd editions of The ABA Cybersecurity Handbook - A Resource for Attorneys, Law Firms & Business Professionals (ABA, 2013 and 2018).  He is also the author of the book titled Information Security Law: The Emerging Standard for Corporate Compliance, (2008), and editor and primary author of the e-commerce book titled Online Law: The Legal Guide to Doing Business on the Internet (1996). He can be reached at

Kate is a partner Fenwick’s litigation, intellectual property and privacy groups, and recently completed a 12-year term as the firm’s managing partner.

Kate’s practice concentrates on business and IP litigation, with an emphasis on trademark, right of publicity and copyright, especially as applied to new technology areas. She has successfully litigated cases in federal and state courts throughout the country and through alternative dispute mechanisms. She represents and advises software publishers, computer hardware manufacturers, gaming and digital media companies, entertainment companies, traditional media publishers and consumer products companies on a wide variety of commercial and IP issues, including copyright, defamation, trademark, trade dress, advertising, right of publicity, trade secret and unfair competition matters.

Kate received her B.A., magna cum laude, from the University of California at Santa Barbara, where she was a member of Phi Beta Kappa and a University of California Regents’ Scholar. She received her J.D., cum laude, in from Georgetown University Law Center, where she was research editor of the American Criminal Law Review.

Kate is admitted to practice in New York and California. She is also admitted to practice before the U.S. District Courts for the Southern and Eastern Districts of New York, and the Northern, Eastern, Central and Southern Districts of California, as well as U.S. Courts of Appeal for the Second and Ninth Circuits.

Professional Activities and Recognition

Kate has served on the Board of Trustees of the Santa Clara County Bar Association and the Board of Directors of the Bar Association of San Francisco. She is active in diversity initiatives in the profession, including serving as Chair of the Santa Clara County Bar Association’s Diversity Committee and speaking on diversity issues before numerous organizations and groups including the Minority Corporate Counsel Association, the Project for Attorney Retention, and the Hastings Women’s Leadership Academy.

Kate writes and speaks regularly on IP issues to groups that include the Federal Judicial Center and Practicing Law Institute, and since 1999 has taught an advanced trademark law seminar at UC Berkeley School of Law.

Kate is actively involved in pro bono, both in direct client representation and with pro bono organizations. She has represented documentary filmmakers on IP issues, including David Weissman in connection with his films We Were Here, which was short-listed for an Academy Award, and The Cockettes. For many years she was on the capital defense team for a client on California’s death row, ultimately achieving a reversal of his death sentence, and has assisted clients in obtaining political asylum.  She currently serves as Vice Chair of the board of Equal Justice Works, and is a member of the board of directors of Bay Area Legal Aid. She also served on the Legal Service Corporation’s Pro Bono Task Force and was co-chair of the Subcommittee on Technology Best Practices in Pro Bono. She was recently recognized by OneJustice as a “Champion of Justice.”

Recent Recognitions

Kate has been honored by a number of prominent publications and organizations. Her most recent recognitions include:

  • The National Law Journal’s 75 Outstanding Women Lawyers (2015)
  • The Recorder’s list of Top 50 Women Leaders in Tech Law (multiple years) and, in 2015, was additionally designated as one of 10 “Power Players”
  • Diversity Council, Top 50 Women Lawyers List (2017)
  • “Northern California Super Lawyer” in the area of Intellectual Property Litigation
  • Best Lawyers, recognized for intellectual property litigation (2020)

AV Peer Review Rated as “Preeminent” by LexisNexis Martindale-Hubbell

Lennie is a nationally recognized authority on technology and internet law and co-author of Drafting Internet Agreements, a practical legal treatise with annotated forms on internet and computer law published by the Aspen Publishers division of Wolters Kluwer Law & Business. Lennie formerly was a partner at several prominent law firms and served as the Chair of the Technology & Intellectual Property Practice of Thacher Proffitt & Wood, LLP, and was a partner in the Intellectual Property and Technology Practice at Greenberg Traurig, LLP.

Known for his high energy and unique blend of practice-legal knowledge, technology expertise and skills, Lennie serves as trusted advisor to dozens of multinationals and smaller corporates, hospitals and healthcare providers, financial institutions, startups and venture firms across industries including, E-business, retail, hardware and software, communications and energy, frequently involving the development and deployment of breakthrough and best-of-show technologies. His recognized technology law expertise coupled with his IT education and experience gained while operating technology companies provide unique insights that benefit clients who engage Lennie for strategic guidance and counseling.

Lennie also advises clients on privacy, cyber security and compliance. He offers specialized expertise in the creation of dynamic workflows and incident recovery solutions to manage and mitigate risk exposures. Clients engage Lennie regularly as a special counsel or to manage complex litigation in areas requiring his unique skill set and knowledge.

Lennie gained recognition as a “go to” technology expert and problem solver following the tragic destruction of the World Trade Center on September 11, 2001, home to Thacher Proffitt & Wood’s main office. Miraculously, no employees of the firm perished, but the destruction of the Twin Towers resulted in a complete loss of all of the firm's technology infrastructure and backup systems. On that day, Lennie interrupted his practice of law and became the CIO of the firm for the following six months. He was responsible for all decisions for the interim survival and ultimate rebuilding of the firm's technology infrastructure, including: equipment specification and acquisition, conversion of the firm's applications palette; extensive outsourcing of such IT functions as help desk and infrastructure management. The experience of losing everything, rebuilding everything from scratch, being the buyer instead of “representing the buyer” has given Lennie valuable insights that inform his practice even today. He has published and spoken on the lessons that he learned from this experience at seminars throughout the U.S. and Europe.

Prior to joining Flatiron, Lennie was Chief Operating Officer and General Counsel for ICF Mercantile, a technical textile distributor of medical, aerospace and construction yarn where he managed the transformation from a distribution to manufacturing business in a new state of the art manufacturing, research and development center. While at ICF he was responsible for all aspects of business operations, legal and IT, including creating the financial and production models to support the financing for transition; negotiations of the lease, construction, engineering, and architectural services agreements; and on-site management of construction resulting in an on-time and on budget startup.

Before ICF, he was the co-founder, President and Chief Operating Officer of Tera Group and TeraExchange. Lennie and his co-founder developed and managed the strategic evolution of the first and only multi-asset, Central Limit Order Book and RFQ based Swap Execution Facility and multi-asset execution management system from inception into a Dodd Frank Act - CFTC regulated institutional exchange for cleared derivatives, equities, futures, fixed income and options markets. Derivatives assets include IRS, CDS, NDF, and the first regulated Bitcoin derivative based on the TeraBit Bitcoin Price Index. While at Tera he managed the firm's operation including fundraising, client/investor presentations and relationships, operations, legal, regulatory, financial, marketing, business development and technology development and implementation.

An experienced commercial litigator, Lennie has handled high-stakes disputes in involving IP infringement, engineering and construction, IT systems and Internet businesses, including the successful resolution of several multi-hundred million dollar matters.

With over 250 articles and presentations, Lennie is one of the most sought-after lecturers in the country on Technology, Internet Law, Cybersecurity, Privacy, Cloud Computing, Social Media, Intellectual Property, Licensing, Techno-Entertainment, Negotiations, Identity Theft, Technology and Intellectual Property Litigation, E-Discovery, Online Child Safety and Law Practice Management.

Eric Goldman is Associate Dean for Research, Professor of Law, Co-Director of the High Tech Law Institute, and Supervisor of the Privacy Law Certificate, at Santa Clara University School of Law. His research and teaching focuses on Internet law, and he blogs on that topic at the Technology & Marketing Law Blog [].

Stacey Schesser is the Supervising Deputy Attorney General for the Privacy Unit in the Consumer Protection Section of the Office of the California Attorney General.  Her recent matters include People v. Glow, People v. Equifax, and leading the team that drafted regulations for the California Consumer Privacy Act (CCPA). She began her career at the Attorney General’s Office in 2007 in its Criminal Division and has worked in the Privacy Unit since its inception in 2012.  Stacey was recently recognized as one of the Recorder’s “Women Leader in Tech Law” and was the only public sector recipient of this award.  Stacey received her J.D. at UC Berkeley’s School of Law, where she wrote on privacy law issues for the California Law Review, and received her B.A. at Douglass College, Rutgers University.

Stephen S. Wu is a shareholder with Silicon Valley Law Group in San Jose, California.  He advises clients on transactions, compliance, liability, security, and privacy matters regarding the latest technologies in areas such as artificial intelligence, robotics, automated transportation, the Internet of Things, and Big Data.  He helps clients with domestic and international privacy and security matters in negotiating agreements, incident response, breach notification, litigation, and managing privacy and security policies and programs, certifications, and audits.  He counsels clients concerning cyber-risk insurance policies and coverage and risk management strategies.  In addition, he advises clients on secure electronic commerce using digital signatures, other secure electronic signatures, electronic credentials such as digital certificates, encryption, and public key infrastructure.

From 1997 to 2001, Mr. Wu was VeriSign, Inc.’s second in-house attorney, where he managed the development and deployment of worldwide policies and procedures for VeriSign’s digital certification Internet security services.  Before his work at VeriSign, he practiced with two international law firms in the areas of intellectual property and general litigation, as well as technology transactions.

Mr. Wu served as Chair of the American Bar Association Science and Technology Law Section from 2010 to 2011.  From 2001 to 2004, Mr. Wu was Co-Chair of the Section’s Information Security Committee.  He helped found the Section’s Artificial Intelligence and Robotics, Internet of Things, Big Data, and Homeland Security Committees.  He serves as Chair of the annual American Bar Association Artificial Intelligence and Robotics National Institute, the next version of which is expected to occur in October 2020 in Silicon Valley.

Mr. Wu has written or co-written seven books on information security law, including his most recent publications: A Guide to HIPAA Security and the Law Second Edition (2016) and A Legal Guide to Enterprise Mobile Device Management:  Managing Bring Your Own Device (BYOD) and Employer-Issued Device Programs (2013).  He has written numerous book chapters and articles on data protection, artificial intelligence, and robotics topics.  He is a frequent speaker at industry conferences and continuing legal education programs on information security, the California Consumer Privacy Act, EU’s General Data Protection Regulation, artificial intelligence, robotics, autonomous driving, and other cutting edge technologies.

Mr. Wu received a Bachelor of Arts degree from the University of Pittsburgh in 1985, and graduated from Harvard Law School in 1988 with a Juris Doctor degree.

Polina is a Privacy Lawyer that specialized in Product work. She has worked at Apple, Uber, and Airbnb. She specializes in global scalable approaches to privacy by design, privacy training, product privacy and general privacy risk mitigation.  She’s currently serving in a new policy role at Facebook specializing in building scalable solutions for responsible AI using existing and forthcoming frameworks.

Prior to her legal career, she worked as an investigator at the NYC Civilian Complaint Review Board, where she investigated allegations of police misconduct.

Eric Heath is a Vice President and Chief Privacy Officer at Ancestry, working as part of Ancestry's Legal Team and based in their San Francisco offices. Having started his career seeking to understand both regulated and unregulated networks and their impact on communities and the economy, Eric worked on telecom deregulation and the emergence of wireless networks before moving into the consumer internet.  In as much as networks of pipes, wires, and wireless signals built the foundation of our information economy, Eric's experiences at Yahoo, LinkedIn,  Zenefits, and now at Ancestry have amplified the challenges posed by networks of information -- with personal information being the most valuable, and risky. Eric's path has allowed him to participate in the emergence of privacy and customer trust as one of the most critical factors in the success of online businesses dependent on consumer interaction. He has helped his clients survive data protection audits in Europe, build privacy programs in-house, and worked with industry peers and thought leaders to establish best practices in the face of legislative, regulatory, and press scrutiny.

Jah-Juin “Jared” Ho is an attorney with the Division of Privacy and Identity Protection (DPIP) at the Federal Trade Commission.  This Division of the FTC has responsibility for enforcing federal statutes and regulations that pertain to information security and consumer privacy.  Jared investigates and prosecutes violations of U.S. federal laws governing the privacy and security of consumer information and has worked on FTC enforcement actions under Section 5 of the Federal Trade Commission Act.  Prior to joining DPIP, Jared was an attorney in the FTC’s Office of Technology Research and Investigations.  Jared has also served as a Senior Policy Advisor in the Federal Communications Commission’s Enforcement Bureau where he advised on cases and rulemaking.

In addition to his federal service, Jared was a Deputy Attorney General for the State of New Jersey where he led his office’s privacy and data security efforts. He has also served as a visiting fellow at Princeton University’s Center for Information Technology Policy.

Margaret Keane is a Partner in the employment group at the international firm of DLA Piper LLP.  She is based in San Francisco and works with clients to address the challenges of today’s workplace, including workplace privacy, employee mobility issues, mobile devices, wage and hour compliance, and related workplace issues.

Yen P. (TiTi) Nguyen is a Deputy Attorney General in the Consumer Protection Section – Privacy Unit of the California Attorney General’s Office.  Prior to joining the Privacy Unit in 2013, she spent over seven years as an associate at a large law firm, specializing in patent and intellectual property litigation.  TiTi received her J.D. from UC Berkeley School of Law, where she was the Editor-in-Chief of the Berkeley Technology Law Journal and was also a member of the Berkeley Journal for Gender, Law, & Justice and the Asian American Law Journal.  She has a B.A. in Law & Society and a B.S. in Computer Science from UC Santa Barbara.

Drawing upon a unique combination of more than twenty years of technical, legal, policy, and business experience, Ms. Westby provides consulting and legal services to public and private sector clients around the world in the areas of privacy, security, cyber governance, incident response, and digital asset inventories and data mapping. Her cyber risk assessment methodology has been used by large multinational corporations in nearly every industry sector.  Her team has deep expertise in assessing industrial control and SCADA systems used in manufacturing, electrical grids, and critical infrastructure sectors. She also serves as Adjunct Professor to the Georgia Institute of Technology’s School of Computer Science. Ms. Westby is a professional blogger for Forbes and writes a regular column on cybersecurity for Leader’s Edge magazine, published by the Council of Insurance Agents and Brokers.

Ms. Westby is a member of the bars of the District of Columbia, Pennsylvania, and Colorado. She serves as chair of the American Bar Association’s (ABA) Privacy and Computer Crime Committee (Science & Technology Law Section) and co-chair of the Cybercrime Committee (Criminal Justice Section) and is serving a fourth term on the ABA President’s Cybersecurity Legal Task Force.  She co-chaired the World Federation of Scientists’ (WFS) Permanent Monitoring Panel on Information Security and served on the ITU Secretary-General’s High Level Experts Group on Cybersecurity. 

Ms. Westby led the development of the International Toolkit on Cybercrime Legislation and is an editor and co-author of the 2010 WFS-ITU publication, The Quest for Cyber Peace. Ms. Westby is co-author and editor of four books on privacy, security, cybercrime, and enterprise security programs and author of two books on legal issues associated with cybersecurity research, all published by the ABA.  She speaks globally on these issues.

Previously, she launched In-Q-Tel for the CIA, was senior managing director at PricewaterhouseCoopers, was senior fellow and director of IT Studies for the Progress and Freedom Foundation, and was director of domestic policy for the U.S. Chamber of Commerce. 

Ms. Westby practiced law at Shearman & Sterling and Paul, Weiss, Rifkind, Wharton & Garrison.  B.A., summa cum laude, University of Tulsa; J.D., magna cum laude, Georgetown University Law Center; Order of the Coif.  Ms. Westby is a member of the American Bar Foundation and the Cosmos Club.