Skip to main content

Privacy and Data Security Law Institute (Thirteenth Annual)

Speaker(s): Alexandra Ross, Beth Givens, Cathy Bump, Christine E. Lyon, Dominique R. Shelton, Felix S. Sterling, Francoise Gilbert, Geff Brown, Holly K. Towle, Ian C. Ballon, Jeanette Fitzgerald, Jishnu Menon, Joanne McNabb, Jonathan D. Avila, Kathryn J. Fritz, Laura D. Berger, Liisa M. Thomas, Lindsey Finch, Marc S. Crandall, Matthew F. Fitzsimmons, MeMe Jacobs Rasmussen, Merri A. Baldwin, Paola Zeni, Paula Selis, Rebecca Matthias, Rosanne Model, Rudy Guyon, Sharon A. Anolik, Stephen S. Wu, W. Reece Hirsch, Winston Krone
Recorded on: May. 21, 2012
PLI Program #: 34384

Jishnu Menon contributes to Mozilla's mission of keeping the web open by working on the legal and policy side of its products, including Firefox, Boot to Gecko, Persona, Open Badges and Marketplace. Prior to joining Mozilla, Jishnu had worked at Adobe Systems, Wilson Sonsini Goodrich & Rosati and a social networking start-up. Jishnu's practice has included representing clients from large public companies to nascent start ups on a wide range of issues, including privacy/data issues, technology and content licensing, commercial agreements, open source, counseling and strategy around intellectual property/internet law, and business model and deal strategy.

Lindsey Finch is's Senior Global Privacy Counsel. In this role, Lindsey leads's global privacy program, including developing and implementing's privacy policies and practices, training employees on their privacy responsibilities, working directly with's customers on their privacy and data protection concerns, and partnering with's technology team to build privacy into's service architecture.  A practicing attorney and Certified Information Privacy Professional (CIPP), Lindsey reports directly to's General Counsel. Prior to joining, Lindsey was Privacy Counsel at General Electric. Before and during law school, Lindsey worked on privacy-related issues at the U.S. Federal Trade Commission and the U.S. Department of Homeland Security. Lindsey received her Juris Doctor from American University, Washington College of Law and her Bachelor of Arts in Communication and Political Science from the University of California, San Diego. Lindsey is a member of the California Bar. 

Cathy Bump serves as Senior Privacy Counsel for Expedia, Inc. She oversees global compliance with privacy and data security laws across Expedia's subsidiary brands, including Expedia,, Hotwire, and Egencia. Cathy is responsible for Expedia's implementation and maintenance of best practices in connection with privacy, works closely with Expedia's Information Security Team to implement both internal and third party data safeguards, and also guides the shaping of Expedia's positions on privacy issues and legislation.

She also serves as Co-Chair of the Bay Area Association of Corporate Counsel (ACC) Privacy & eCommerce Committee. 

Prior to joining Expedia, she held the position of Vice President of Policy & Legal for TRUSTe, the leading online privacy standard-setting and seal organization. An attorney with diverse experience - encompassing business, litigation, and policy issues -- she initially began specializing in privacy and data security while serving as in-house privacy counsel for Intuit Inc. 

Cathy holds a J.D. from Hastings College of the Law and a B.A. in political science from Stanford University. She has been a Certified Information Privacy Professional (CIPP) since 2004.

Felix Sterling

As senior vice president and general counsel of Trend Micro's global legal department, Felix leads a team with legal oversight responsibility for corporate governance, compliance, product development, channels, sales, human resources, business operations, and all other legal matters for Trend Micro and its global subsidiaries. In addition, he serves as Chairman of Trend's Global Policy Committee, and as Site Executive for Trend's North America headquarters. Felix also enjoys working on strategic and operational challenges, and leads various cross-functional initiatives to optimize business processes and support the SaaS business model.   

Prior to joining Trend Micro, Felix was a vice president and AGC at VeriSign.  He had previously been a member of the Yahoo! legal team, after starting his legal career in the litigation and technology transaction groups of Wilson, Sonsini, Goodrich & Rosati, a premier technology law firm.  Before law school, he studied cognitive science and human factors engineering in graduate school and worked in the Flight Human Factors Division at the NASA-Ames Research Center.
Felix holds a juris doctor degree from the University of California at Davis, where he was Editor-in-Chief of the King Hall Advocate and the Western U.S. A.B.A. moot court champion. He also holds a bachelor's degree (with honors) from the University of California at Santa Cruz.

Paula Selis is Senior Counsel for the Consumer Protection Division of the Washington State Attorney General's Office. Her responsibilities include litigation, legislation, and business and consumer education.  She has been with the office since 1982.

 Ms. Selis' areas of focus have included telemarketing, auto dealers, credit reporting and advertising. She has been responsible for heading the Office's Telemarketing Focus Group. On a national level, she has worked with the National Association of Attorneys General on a variety of issues, including cross-border telemarketing fraud, Internet fraud, and privacy. Since 1999, she has been the head of the Attorney General's Office Consumer Protection High Tech Unit, where her cases have centered on such issues as online privacy, Internet auction fraud, junk email, business opportunity scams and health care fraud.  She has co-authored articles on Internet Auction Fraud and Privacy Policy Best Practices with the Shidler Center for Law, Commerce and Technology at the University of Washington Law School. Ms. Selis is an adjunct professor at Seattle University Law School where she teaches consumer protection law and privacy law.

 In addition to litigation, Ms. Selis has also worked on numerous bills sponsored by the Attorney General, including legislation regulating telemarketing, 900-numbers, credit reporting, auto brokering, going-out-of-business sales, unsolicited electronic mail, the promotional advertising of prizes, identity theft and consumer financial privacy.

 Ms. Selis is a graduate of Dartmouth College and the Seattle University Law School.

Rudy Guyon advises global information technology businesses on commercial contracts and complex licensing transactions; international privacy and regulatory compliance; and technology products development and marketing. Previously Rudy has practiced as in-house counsel for Fujitsu America and its affiliates, at the Silicon Valley Law Group, and at Matsubara Muraki International Patent Law Office.  Rudy has lived and worked abroad in Japan and Europe, and speaks pretty good Japanese. Rudy graduated from the UCLA School of Law and U.C. Berkeley, is a Certified Information Privacy Professional (CIPP/US), and currently co-chairs the Privacy, E-Commerce and Social Media Committee of the Bay Area Chapter of the Association of Corporate Counsel. He has taught law at universities in Tokyo, Japan and Bucharest, Romania.  Rudy has broad experience with developing and marketing software, hardware and Internet products. He is interested in the outdoors, international business, and leading edge technology developments, such as the growth of the Cloud and smart grids. 

Alexandra Ross is Director, Global Privacy and Data Security Counsel at Autodesk, Inc., a leader in 3D design, engineering and entertainment software. Previously she was Senior Counsel at Paragon Legal and Associate General Counsel for Wal-Mart Stores. She is a certified information privacy professional (CIPP/US, CIPP/E, CIPM, CIPT and FIP) and practices in San Francisco, California. She holds a law degree from Hastings College of Law and a B.S. in theater from Northwestern University. Alexandra is a recipient of the 2019 Bay Area Corporate Counsel Award – Privacy.

Alexandra launched The Privacy Guru blog in January of 2014 and has published an ebook Privacy for Humans (available on Amazon and iTunes).

Beth Givens is founder and executive director of the Privacy Rights Clearinghouse (PRC), established in 1992. The PRC is a nonprofit consumer education and advocacy organization, based in San Diego, California. Its mission is to engage, educate and empower individuals to protect their privacy. Givens and her organization represent the interests of consumers in public policy proceedings at the state and federal levels. She and her colleagues are often interviewed by the media on consumer privacy issues.

The PRC’s many consumer guides cover a broad range of informational privacy topics, including: credit reporting, identity theft, data breaches, online privacy, medical records, workplace issues, online data brokers, employment background checks, computer security, debt collection, education, telemarketing, and smartphones.

Givens has participated in numerous task forces and commissions including: California Attorney General Do-Not-Track Working Group, Consumer Federation of America Identity Theft Services Best Practices Task Force, Consumer Federation of America Cloud Computing Working Group, California Judicial Council Working Group on Personal Information and Court Outsourcing, California Real ID Act Privacy and Security Work Group, and California Radio Frequency ID Advisory Committee.

Givens co-authored a chapter on identity theft in Protection, Security and Safeguards (2nd ed,, 2013). She contributed a chapter on consumer and privacy rights to the 2006 book, RFID: Applications, Security and Privacy.  She authored the encyclopedia entries on identity theft for Encyclopedia of Privacy (2007), World Book Encyclopedia (2004) and Encyclopedia of Crime and Punishment (2002). Givens is author of an early book on informational privacy, The Privacy Rights Handbook (Avon, 1997), and is co-author of another early guide, Privacy Piracy: A Guide to Protecting Yourself from Identity Theft (1999), with Mari Frank, Esq.

Prior to her work as a consumer advocate, Givens was a librarian specializing in library network development and resource sharing.  Givens has a master’s degree in Communications Management from the University of Southern California Annenberg School for Communication, and a master’s degree in Library and Information Services from the University of Denver. She is a member of the International Association of Privacy Professionals.

Christine Lyon is a partner in Morrison & Foerster’s Privacy + Data Security practice.  Chris helps companies develop privacy and data protection strategies for new products and services, as well as privacy compliance programs for their customer and employee data. A trusted advisor, Chris works collaboratively with her clients to develop practical approaches that leverage data while complying with evolving global privacy and data protection laws.

Based in Silicon Valley, Chris’ clients span various industries for which data are vital to operations or business models, including technology service providers, hardware and software companies, pharmaceutical and biotechnology companies, and consumer product manufacturers.  She has extensive experience navigating privacy risks from design through production and beyond, regularly counseling startups and large multinationals alike throughout the lifespans of their products and services.  Chris has particularly extensive experience advising technology companies on building privacy protections into cutting-edge offerings including connected products and services (Internet of Things), artificial intelligence (AI) and data analytics, and cloud-based services, as well as on managing the related “Big Data” implications.  She also frequently conducts privacy assessments of new products and services and helps clients structure and negotiate the privacy aspects of M&A and other strategic transactions to both achieve compliance and manage data risks.

By addressing emerging data protection laws, including the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), Chris helps clients achieve efficiency and cross-jurisdictional coordination in their privacy programs. Chris also has experience implementing a variety of mechanisms to facilitate international data flows and transfers, including EU Binding Corporate Rules, Privacy Shield certification, and international data transfer agreements. She has coordinated projects spanning privacy law requirements in dozens of countries, consolidating this information into practical, actionable privacy programs for clients.

Legal500 US has recognized Chris as a “rising star” in the area of privacy and data protection, and she has received The Burton Award for Distinguished Legal Writing.  She frequently writes and speaks on U.S. and global data protection laws, particularly on technology-related privacy issues.

Dominique Shelton is a litigation partner in Alston & Bird's Los Angeles office. She focuses her practice on complex commercial litigation, with particular attention to intellectual property and privacy litigation, as well as unfair competition and antitrust matters. Dominique also provides strategic compliance counseling in digital marketing and data privacy on cutting edge issues, such as mobile privacy, Big Data, Do Not Track and behavioral advertising, among others. In 2012, she was named Intellectual Property Lawyer of the Year by the Century City Bar Association.

She has litigated matters involving various state and federal laws, such as  the Fair Credit Reporting Act, Telephone Consumer Protection Act, Federal Trade Commission Act, Electronic Communications Privacy Act, Computer Fraud & Abuse Act, California False Advertising Law (Business & Professions Code §17500), California Unfair Competition Law (Business & Professions Code §17200) and California Penal Code § 502. She has also negotiated with the CA AG and FTC.

Dominique's clients are Fortune 500 companies, start-up ventures and privately held companies across a broad spectrum of industries that include media and entertainment, technology, broadcasting, digital sales and marketing, advertising, wireless/mobile, Internet, lead generation, manufacturing and electrical, software, telecommunications, legal services, automotive parts and services, dietary supplement, food and health/beauty.


  • Member, International Association of Privacy Professionals
  • Board of Directors, Federal Bar Association of Los Angeles
  • Member, Magistrate Judge Merit Selection Panel for the United States District Court, Central District of California (December 2011-present)
  • Member 2007, Chair 2011-2012, Entertainment & Intellectual Property Law Section (ELIPS), LA County Bar Association
  • Lawyer Representative to the Ninth Circuit Judicial Conference
  • Board Member 2007-2010, Big Brothers Big Sisters of Greater Los Angeles
  • President 2005-2006, Women Lawyers Association of Los Angeles
  • Life member, National Bar Association Black Women Lawyers
  • Board member 2004-2006, California Women Lawyers Association


Georgetown University (J.D., 1991)

Brown University (B.A., 1988)

Admitted to Practice 



Francoise Gilbert, CEO of DataMinding, is one the world’s top legal experts in the areas of privacy and data security compliance, data governance, and risk management. She is the primary author and editor of the law treatise "Global Privacy and Security Law" (2 volumes, 4, 000 pages; Wolters Kluwer publisher) which covers in depth the privacy and data protection laws of 68 countries on all continents.

Ms. Gilbert received the 2019 Vanguard Award (California Lawyers Association) in recognition of her pioneering work in the area of data privacy and security law.  She has received numerous accolades from her peers acknowledging her thought leadership in identifying and addressing the unique privacy and data security legal issues raised by emerging technologies, including recognitions by the National Law Journal as “Privacy & Cybersecurity Trailblazer”, and by Best Lawyers as a “San Francisco Best Lawyer of the Year” in the area of Data Protection. She currently focuses her research and analysis on the myriad privacy, security and ethical issues raised by the use of Artificial Intelligence (AI) and Internet of Things (IoT) technologies.

In her private practice, she assists clients in anticipating their data security, privacy, and information management obligations, and in addressing these obligations in the context of their business and revenue objectives. Projects include, among others, framing and designing disclosures and compliance programs to meet the most recent legal developments, such as the California Consumer Protection Act (CCPA), or the European General Data Protection Regulation (GDPR); structuring Data Protection by Design and by Default processes in the development of new products; or implementing practical structures to address global operations and cross-border data transfer restrictions.

Jeanette Fitzgerald is Executive Vice President, General Counsel and Chief Privacy Officer for Epsilon, a global data-driven marketing firm recognized by Ad Age as the #1 U.S. agency from all disciplines and the #1 global direct marketing network.

As Chief Privacy Officer, Jeanette leads Epsilon’s government affairs, legislative and regulatory initiatives related to data protection and privacy. With her extensive knowledge of data privacy issues, she has spoken before domestic and international industry associations about the implications of data privacy for businesses and consumers, and has provided testimony before U.S. Congressional committees.

In addition, Jeanette leads and manages all legal strategy for Epsilon, including counsel related to mergers and acquisitions activity for the company.

Prior to joining Epsilon, Jeanette served as Vice President and Assistant General Counsel for five years at Alliance Data, the parent company of Epsilon, and was pivotal in Alliance Data’s acquisition of Epsilon. At Alliance Data, Jeanette provided strategic counsel on issues ranging from intellectual property to M&A activity.

Jonathan Avila joined Walmart Stores, Inc. as Vice President, Chief Privacy Officer in October 2012.  Mr. Avila is responsible for the worldwide data privacy and records management program for Walmart’s operations involving 11,000 retail locations with more than two million employees in 27 countries, as well as Walmart’s e-commerce websites in ten countries.  Mr. Avila previously served as Vice President -- Counsel, Chief Privacy Officer of The Walt Disney Company.  Mr. Avila initiated the data privacy program at Disney in 2001 and led the development of Disney's enterprise privacy compliance program covering all of Disney's online and offline business activities in the nearly 50 countries in which Disney operates.

Mr. Avila has been active in the international data privacy community, having served for five years on the board of directors of the International Association of Privacy Professionals, including serving as President of the IAPP in 2009.  Mr. Avila has spoken at numerous conferences on data privacy issues, including conferences of the international data privacy commissioners sponsored by the governments of Spain and Mexico.  Mr. Avila is a co-author of Privacy Compliance and Litigation in California (CEB 2014).  Mr. Avila served on the advisory committee to the California Office of Privacy Protection on the development of its guidance on California's "Shine the Light" law relating to business' information sharing practices.  Mr. Avila also has taught on the subject of privacy law as an Adjunct Professor of the School of Law of the University of Arkansas.

Mr. Avila began his career as a law clerk to Judge W. Eugene Davis of the United States Court of Appeals for the Fifth Circuit.  Mr. Avila later was an associate with Latham & Watkins, and Litigation Counsel with the CBS television network.  Before joining Disney, Mr. Avila served as General Counsel Chief Privacy Officer of, Inc., a venture capital funded Internet company.

Mr. Avila graduated with a B.A. from Yale University and a J.D. from Harvard Law School.  Mr. Avila also holds a diploma from the University of Salamanca (Spain) and holds the Certified Information Privacy Professional credential issued by the IAPP.

Liisa Thomas is a Partner in Sheppard Mullin’s Chicago and London offices, and Practice Group Leader of its Privacy and Cybersecurity Team.  Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.”  Ms. Thomas is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and external practitioners alike.”  She is known as an industry leader in the privacy and data security space and is consistently recognized by Leading Lawyers Network, Chambers and The Legal 500.  Ms. Thomas was named to Cybersecurity Docket's "Incident Response 30," honoring 30 incident response professionals critical to managing data breaches (in both 2016 and 2018).  Ms. Thomas was recognized as the 2017 Data Protection Lawyer of the Year – USA by Global 100, the 2017 U.S. Data Protection Lawyer of the Year by Finance Monthly, and the “Best in Data Security Law Services” at Corporate LiveWire’s 2017 Global Awards.  She received her J.D. from the University of Chicago in 1996 and is admitted in Illinois and the District of Columbia.

MeMe Jacobs Rasmussen is chief privacy officer, vice president, and associate general counsel at Adobe. In her role, Jacobs Rasmussen oversees Adobe’s privacy strategy and policy. She also leads a team of attorneys and paralegals with responsibility for providing legal services to Adobe’s cloud teams.

Prior to joining Adobe in 1997, Jacobs Rasmussen served as general counsel and later chief operating officer at Rocket Science Games. Previously, she practiced law at Gray Cary Ware & Freidenrich in Palo Alto, California, and at Foley, Hoag & Eliot in Boston. Jacobs Rasmussen started her career in the early 80s as a technical instructor at Prime Computer near Boston before joining the company’s in-house legal department.

Jacobs Rasmussen is a member of the California bar. She holds a law degree from Suffolk University and a bachelor’s of science degree in computer science from the University of Vermont.

Adobe is changing the world through digital experiences. For more information, visit

Merri Baldwin is a shareholder at Rogers Joseph O’Donnell, where her practice focuses on attorney liability and commercial litigation.  She handles claims of legal malpractice and breach of fiduciary duty, as well as motions to disqualify and for sanctions.  She regularly counsels lawyers and law firms on legal ethics and law practice management issues.  She represents attorneys in disciplinary matters before the State Bar of California, and has extensive experience handling attorney-client fee disputes.  Ms. Baldwin is a Vice-Chair of the State Bar of California’s Closing the Justice Gap Working Group.  Ms. Baldwin is a former chair of the State Bar of California Committee on Professional Responsibility and Conduct, and is currently a member of the California Lawyers Association Ethics Committee.  She is a co-chair of the Legal Malpractice subcommittee for the American Bar Association Litigation Section Committee on Professional Services Litigation.  Ms. Baldwin served as the President of the Bar Association of San Francisco for 2017.  Ms. Baldwin frequently lectures to attorneys and professional organizations on issues related to litigation, legal malpractice and ethics issues, and she is a lecturer at the University of California at Berkeley School of Law.  Ms. Baldwin co-edited The Law of Lawyers’ Liability (ABA/First Chair Press 2012) and since 2006 she has served as a consulting editor for the Attorney Fee Agreement Forms Manual, published by Continuing Education of the Bar, California.  Prior to law school, Ms. Baldwin was a Fulbright Scholar at the London School of Economics.


J.D., University of California at Berkeley, School of Law (Boalt Hall)

B.A., Smith College, Magna Cum Laude with high honors

Paola Zeni is a member of the Legal Department at Palo Alto Networks, the next-generation security company. As Senior Director of Global Privacy, her mission is to ensure that privacy is incorporated in the security fabric provided by Palo Alto Networks, by working cross-functionally with all teams at the company. Paola is a veteran of the information security industry, having worked for years at Symantec, where she led the Privacy Program Office, and has been working on privacy issues for more than 15 years, first in Europe for HP and Agilent Technologies, and later in the US as Global Privacy Lead for Agilent. She has a Law Degree from the Catholic University of Milan and a LLM in US Law from the University of Santa Clara. She is member of the IAPP, has practiced in Italy, and is a member of the California Bar.

Rebecca Matthias is the Assistant General Counsel and Director of Privacy at VMware (the global leader in virtualization and cloud infrastructure, delivering solutions to over 99% of Fortune 1000 and 97% of Fortune Global 500 companies).  Rebecca leads VMware’s global privacy team and is responsible for developing and administering VMware’s privacy program and practices.  Recent initiatives have involved supporting VMware’s cloud offerings for US and EU rollout.  Prior to joining VMware, Rebecca handled compliance matters, including privacy, for VeriSign, Inc.  She also worked for VeriSign as a product attorney for both the SSL and Registry divisions, advising on marketing and product development.  Before moving in-house, Rebecca was a senior associate for Coudert Brothers in Kazakhstan, Russia, London and Washington, D.C.  At Coudert Brothers she provided advice on international corporate transactional, IP, compliance and telecoms matters. 

Rebecca received her J.D. from the University of Virginia School of Law, where she was on the Editorial Board of the Virginia Journal of International Law.  She earned her B.A. in Russian Studies from the University of Virginia, and was awarded Phi Beta Kappa.

Rebecca has been CIPP/US certified since 2006, and has also earned the CIPP/IT and CIPP/E certifications.  She regularly speaks on privacy and related security matters, most recently at the 2014 RSA Conference.

Reece Hirsch is a partner in the San Francisco office of Morgan Lewis specializing in privacy and security law. Reece has particular expertise with regard to healthcare privacy, and he advises clients from every sector of the healthcare industry on compliance with HIPAA, the HITECH Act and state medical privacy laws.  He also advises non-healthcare industry clients on a wide range of privacy and security issues, including security breach response, Internet privacy, compliance program development, and financial and insurance privacy regulation. Reece has served on advisory committees to the California Office of Privacy Protection on security breach notification and medical identity theft best practices, and is a member of the editorial advisory boards of BNA's Health Law Reporter and Healthcare Informatics. He also serves on the board of directors of 826 National, a San-Francisco based non-profit organization that provides writing programs for young people in underserved communities.


Rosanne Model is the Corporate Compliance Officer for Bio-Rad Laboratories, Inc. (NYSE: BIO and BIOb), a multinational manufacturer and distributor of life science research and clinical diagnostic products. Rosanne joined the company in December 2011. She reports to the President and CEO of Bio-Rad. Rosanne is responsible for the Company's efforts to maintain effective best practices compliance programs. She currently focuses on the U.S. FCPA and other countries' anti-bribery laws as well as the US Open Payments Program (Sunshine). Prior to joining Bio-Rad, Rosanne was the lead international operations and compliance lawyer at Hyatt's headquarters in Chicago. She provided advice on a diverse range of commercial matters as well as ethics/compliance and corporate social responsibility for Hyatt's International Operations Management Team and Hyatt's Divisional Offices and hotels in more than 45 countries. Rosanne was the co-leader of Hyatt's Data Privacy Task Force and the co-author of Hyatt's Global Privacy Program. Prior to Hyatt, Rosanne was senior international counsel for Chevron and its predecessors, Texaco and Caltex, and was based both in the US and in Singapore. At Chevron, she was the lead lawyer for international divisions and foreign subsidiaries with complex operations in West Africa and the Caribbean and she provided daily advice on transactions and US compliance in Latin America, Asia, and the Middle East. She is a fluent French speaker and is conversant in Spanish. Rosanne has a keen interest in issues at the intersection of public policy, business, and the law. Rosanne received her M.P.A. from Harvard's Kennedy School of Government and her J.D., cum laude, from the University of Miami School of Law, where she was a member of the Law Review, and earned her B.A., from Mount Holyoke College, which included studies at l'Institut d'Études Politiques in Paris.


Sharon Anolik is Vice President, Global Privacy Risk & Strategy Leader for McKesson, a leading healthcare services and information technology company. 

Previously, she was Chief Privacy Official and Director of Corporate Compliance & Ethics for Blue Shield of California, overseeing award-winning programs in privacy, corporate compliance, records management and legislative implementation.

Sharon has also served as Chief Privacy Officer & Associate General Counsel for Ask Jeeves; Deputy City Attorney for the city of San Francisco; in-house counsel for several technology companies; a Privacy specialist for Deloitte; and a judicial clerk to the California Supreme Court.  A frequent industry speaker, Sharon sits on the Corporate Compliance, Privacy and Audit Committee of the El Camino Hospital Board, several privacy advisory boards and teaches Cyberlaw and Privacy at Golden Gate University Law School.

Sharon can be reached at

Stephen S. Wu is a shareholder with Silicon Valley Law Group in San Jose, California.  He advises clients on transactions, compliance, liability, security, and privacy matters regarding the latest technologies in areas such as robotics, artificial intelligence, automated transportation, the Internet of Things, and Big Data.  He helps clients with domestic and international privacy and security matters in negotiating agreements, incident response, breach notification, litigation, and managing privacy and security programs, certifications, and audits.  He counsels clients concerning cyber-risk insurance policies and coverage and risk management strategies.  In addition, he advises clients on secure electronic commerce using digital signatures, other secure electronic signatures, electronic credentials such as digital certificates, encryption, and public key infrastructure.

From 1997 to 2001, Mr. Wu was VeriSign, Inc.’s second in-house attorney, where he managed the development and deployment of worldwide policies and procedures for VeriSign’s digital certification Internet security services.  Before his work at VeriSign, he practiced with two international law firms in the areas of intellectual property and general litigation, as well as technology transactions.

Mr. Wu served as Chair of the American Bar Association Section of Science and Technology Law from 2010 to 2011.  From 2001 to 2004, Mr. Wu was Co-Chair of the Section’s Information Security Committee.  He helped found the Section’s Artificial Intelligence and Robotics, Internet of Things, Big Data, and Homeland Security Committees.

Mr. Wu has written or co-written seven books on information security law, including his most recent publications: A Guide to HIPAA Security and the Law Second Edition (2016) and A Legal Guide to Enterprise Mobile Device Management:  Managing Bring Your Own Device (BYOD) and Employer-Issued Device Programs (2013).  He has written numerous book chapters and articles on data protection, artificial intelligence, and robotics topics.  He is a frequent speaker at industry conferences and continuing legal education programs on information security, EU’s General Data Protection Regulation, artificial intelligence, robotics, autonomous driving, and other cutting edge technologies.

Mr. Wu received a Bachelor of Arts degree from the University of Pittsburgh in 1985, and graduated from Harvard Law School in 1988 with a Juris Doctor degree..

Ian C. Ballon is Co-Chair of Greenberg Traurig LLP’s Global Intellectual Property & Technology Practice Group and represents internet, mobile, entertainment and technology companies in defending data privacy, security breach and TCPA class action suits and in other intellectual property and technology litigation. A list of recent cases may be found at

He is also the author of the leading treatise on internet and mobile law, E-Commerce and Internet Law: Treatise with Forms 2d edition, the 5-volume set published by West (, which includes extensive coverage of security breach and data privacy issues. In addition, he is the author of The Complete CAN-SPAM Act Handbook (West 2008) and The Complete State Security Breach Notification Compliance Handbook (West 2009). He also serves as Executive Director of Stanford University Law School’s Center for E-Commerce, which hosts the annual Best Practices Conference where lawyers, scholars and judges are regularly featured and interact.

Ian was named the Lawyer of the Year for Information Technology Law in the 2019, 2018, 2016 and 2013 editions of Best Lawyers in America and was recognized as the 2012 New Media Lawyer of the Year by the Century City Bar Association. In both 2018 and 2019 he was recognized as one of the Top 1,000 trademark attorneys in the world for his litigation practice by World Trademark Review. In addition, in 2019 he was named one of the top 20 Cybersecurity lawyers in California and in 2018 one of the Top Cybersecurity/Artificial Intelligence lawyers in California by the Los Angeles and San Francisco Daily Journal. He received the “Trailblazer” Award, Intellectual Property, 2017 from The National Law Journal and he has been recognized as a “Groundbreaker” in The Recorder’s 2017 Litigation Departments of the Year Awards. In 2010, he was the recipient of the California State Bar Intellectual Property Law section's Vanguard Award for significant contributions to the development of intellectual property law (

Mr. Ballon was listed in Variety's "Legal Impact Report: 50 Game-Changing Attorneys" and has been named by the LA Daily Journal as one of the Top 75 intellectual property litigators in California in every year that the list has been published (2009 through 2018) and as one of the top 100 lawyers in California. He is also listed in Legal 500 U.S., The Best Lawyers in America (in the areas of information technology and intellectual property) and Chambers and Partners USA Guide in the areas of privacy and data security and information technology. Mr. Ballon also holds the CIPP/US certification from the International Association of Privacy Professionals (IAPP).

Ian can be reached at:, 310-586-6575 or via leading social media platforms (IanBallon).

Kate is a partner Fenwick’s litigation, intellectual property and privacy groups, and recently completed a 12-year term as the firm’s managing partner.

Kate’s practice concentrates on business and IP litigation, with an emphasis on trademark, right of publicity and copyright, especially as applied to new technology areas. She has successfully litigated cases in federal and state courts throughout the country and through alternative dispute mechanisms. She represents and advises software publishers, computer hardware manufacturers, gaming and digital media companies, entertainment companies, traditional media publishers and consumer products companies on a wide variety of commercial and IP issues, including copyright, defamation, trademark, trade dress, advertising, right of publicity, trade secret and unfair competition matters.

Kate received her B.A., magna cum laude, from the University of California at Santa Barbara, where she was a member of Phi Beta Kappa and a University of California Regents’ Scholar. She received her J.D., cum laude, in from Georgetown University Law Center, where she was research editor of the American Criminal Law Review.

Kate is admitted to practice in New York and California. She is also admitted to practice before the U.S. District Courts for the Southern and Eastern Districts of New York, and the Northern, Eastern, Central and Southern Districts of California, as well as U.S. Courts of Appeal for the Second and Ninth Circuits.

Professional Activities and Recognition

Kate has served on the Board of Trustees of the Santa Clara County Bar Association and the Board of Directors of the Bar Association of San Francisco. She is active in diversity initiatives in the profession, including serving as Chair of the Santa Clara County Bar Association’s Diversity Committee and speaking on diversity issues before numerous organizations and groups including the Minority Corporate Counsel Association, the Project for Attorney Retention, and the Hastings Women’s Leadership Academy.

Kate writes and speaks regularly on IP issues to groups that include the Federal Judicial Center and Practicing Law Institute, and since 1999 has taught an advanced trademark law seminar at UC Berkeley School of Law.

Kate is actively involved in pro bono, both in direct client representation and with pro bono organizations. She has represented documentary filmmakers on IP issues, including David Weissman in connection with his films We Were Here, which was short-listed for an Academy Award, and The Cockettes. For many years she was on the capital defense team for a client on California’s death row, ultimately achieving a reversal of his death sentence, and has assisted clients in obtaining political asylum.  She currently serves as Vice Chair of the board of Equal Justice Works, and is a member of the board of directors of Bay Area Legal Aid. She also served on the Legal Service Corporation’s Pro Bono Task Force and was co-chair of the Subcommittee on Technology Best Practices in Pro Bono. She was recently recognized by OneJustice as a “Champion of Justice.”

Recent Recognitions

Kate has been honored by a number of prominent publications and organizations. Her most recent recognitions include:

  • The National Law Journal’s 75 Outstanding Women Lawyers (2015)
  • The Recorder’s list of Top 50 Women Leaders in Tech Law (multiple years) and, in 2015, was additionally designated as one of 10 “Power Players”
  • Diversity Council, Top 50 Women Lawyers List (2017)
  • “Northern California Super Lawyer” in the area of Intellectual Property Litigation
  • Best Lawyers, recognized for intellectual property litigation (2020)

AV Peer Review Rated as “Preeminent” by LexisNexis Martindale-Hubbell

Laura D. Berger is an attorney in the Division of Privacy and Identity Protection at the Federal Trade Commission. She enforces federal laws that protect consumer privacy. Recently, her law enforcement work has focused on the privacy and security standards applicable to social media and to the Internet of Things. She also has worked on the agency's efforts to educate app developers about privacy, including the recent guide “Marketing Your Mobile App: Get it Right from the Start.” In addition, she was author of the Commission's Safeguards Rule. She received a B.A. from Tulane University and a J.D. from the University of Michigan Law School. She works from the FTC's Regional Office in San Francisco.

Marc S. Crandall is Director and Global Head of Privacy for Google Cloud. He provides leadership in driving proactive privacy design, product, and engineering excellence.  He identifies, tracks, and mitigates privacy risk, helping keep data safe.  He also predicts, prioritizes, and operationalizes privacy regulatory requirements, addressing user needs.  He supports sales priorities, helping communicate Google privacy capabilities and soliciting feedback from the market.  Marc has also served as product counsel for Google, where he addressed legal issues concerning the development and deployment of Google technology. While at Google, Marc has served as a member of the advisory counsel of the non-profit organization American Registry for Internet Numbers, addressing policy matters associated with the dissemination of all Internet protocol addresses for North America.

Prior to joining Google in 2006, Marc served as assistant general counsel with the science and technology law unit of the United States Federal Bureau of Investigation (FBI). As principal legal adviser to the cyber division at FBI headquarters in Washington, DC, he provided legal counsel and policy advice concerning issues involving Internet forensics, computer intrusions, crimes against children, counterterrorism and counterintelligence operations, intellectual property enforcement, privacy and white collar crime. He also served as a lecturer at the FBI Academy. In 2004, he was appointed by the White House National Security Council office to serve as liaison to private industry for matters relating to Internet forensics and infrastructure security. He also regularly served as a member of the United States delegation to the Internet Corporation for Assigned Names and Numbers (ICANN) governmental advisory committee and on the United Nations working group on Internet governance and world summit on the information society.

Before joining the FBI, Marc served as corporations counsel and lead counsel of Internet compliance and enforcement in what is now the California Department of Financial Protection and Innovation, California's investment and finance authority. There, he developed policy and executed legal duties in the field of Internet forensics, undercover operations, evidence collection, litigation, and the application of evidentiary, privacy and transactional laws to the Internet. He also created and led the State's first team dedicated to combating Internet-based investment fraud. During this time, Marc was appointed as a special assistant U.S. attorney with the United States Department of Justice, investigating and prosecuting violations of federal law.

Marc earned a bachelor of arts degree from the University of California, Los Angeles and a juris doctor from Pepperdine University School of Law. He also holds a certification with the International Association of Privacy Professionals.

McNabb is the Director of Privacy Education and Policy in the Privacy Enforcement and Protection Unit of the California Attorney General’s Office. In that role, she is responsible for developing resources for consumers on a wide range of privacy topics and for businesses on their privacy obligations and best practices.  Her responsibilities also include analyzing and reporting on the data breaches submitted to the Attorney General’s Office, speaking at privacy seminars and workshops, analyzing privacy legislation, and advising the Attorney General on privacy issues.

McNabb is a Certified Information Privacy Professional, with specializations in Government and Information Technology. She serves on the Privacy Advisory Committee to the U.S. Department of Homeland Security and the ANSI Consumer Interest Forum, and is a Fellow of the Ponemon Institute, a research center on privacy, data protection and information security policy. From 2001 until 2012, McNabb directed the California Office of Privacy Protection, a resource and advocate on privacy issues. Before that she worked in public affairs and marketing, in both the public and private sectors.  She attended Occidental College and holds a master’s degree in Medieval Literature from the University of California, Davis.

Holly K. Towle is a partner with K&L Gates LLP, an international law firm. Ms. Towle's practice focuses on payment systems, privacy and data security, electronic business issues such as e-contracting structures for consumers customers and for business processes, and software licensing and other issues relating to information assets as distinguishable from “goods” or “services”. She is the author of two treatises, The Law of Electronic Commercial Transactions (2003-2015 LexisNexis), an information rich treatise explaining the legal landscape of commercial law when electronics or electronic settings are used, and also of Data Privacy, Protection, and Security Law (LexisNexis).

Matthew Fitzsimmons is the Head of Cigna’s Privacy & Information Protection Compliance Office and Lead Privacy & Cybersecurity Counsel. At Cigna, Matt is responsible for leading the privacy and information protection compliance team, handling complex privacy and information protection issues and leading the enterprise’s incident response team, leading investigations, breach notification, and incident management activities. Matt also oversees the review and implementation of privacy related legislation, the conduct environmental scans to identify external privacy issues. 

Prior to joining Cigna, Matt was an Assistant Attorney General in Connecticut, heading that Office’s Privacy and Data Security Department. In that role, Matt served as the lead attorney in the AG’s Office on all matters involving data security and privacy, including co-leading the investigation and negotiating the largest ever multistate data breach settlement with a prominent retailer. Matt also served as co-lead counsel in the first-ever state enforcement action for alleged violations of HIPAA. Throughout his time in the AG’s Office, Matt litigated an array of complex matters in state and federal court.

Matt is a frequent guest speaker and panelist at industry and continuing legal education events on the topic of data privacy and security, and has contributed to panel discussions in the United States and Canada. Recently, he was named one of Law360’s “5 Influential Privacy Regulators That You Should Know,” as well as being named to Connecticut Magazine’s 2014 “Forty under 40” and Connecticut Law Tribune’s “New Leaders in the Law.”

Matt also served as Adjunct Professor at the University of Connecticut School of Law, where he taught oral advocacy and brief writing as part of the school’s Moot Court program.

Winston Krone, Esq. is the Managing Director of Kivu, a nationwide technology firm specializing in the forensic response to data breaches and proactive privacy and IT security compliance.   Winston has handled the technical response and remediation on numerous privacy incidents, data breaches, and computer network intrusions in a wide range of sectors including education, healthcare, professional services, and financial institutions.  He has frequently testified as a cyber expert before US regulators, in post-breach litigation, and in state and Federal courts regarding computer forensic issues.  Winston is also an English solicitor and California attorney, experienced in privacy and cyber issues.  He has represented clients at both civil and criminal cases in California state courts, the English High Court, the European Court of Justice, and the European Court of Human Rights.  Winston received his law degree from Oxford University, UK.

Geff is an Associate General Counsel in the Regulatory Affairs group of Microsoft Corporation’s Legal and Corporate Affairs Department in Redmond, Washington. Since rejoining Microsoft in 2007, he has counseled Microsoft businesses on privacy and data protection issues, with a current focus on cross-border data flows, cloud privacy, and mobile privacy.   Geff has been responsible for providing privacy advice for several Microsoft products including Office and Windows. Most recently he has provided privacy and data protection advice to Microsoft’s enterprise cloud services, operating systems, and devices.