Skip to main content

Sixteenth Annual Institute on Privacy and Data Security Law

Speaker(s): Aaron Burstein, Aaron P. Simpson, Adam Kardash, Alan Charles Raul, Alfred J. Saikali, Carolina Lessa, David Glockner, H. Leigh Feldman, Harry A. Valetk, Jay Leek, JoAnn Stonier, Julia Horwitz, Keith Enright, Lisa J. Sotto, Margaret A. Keane, Matthew F. Fitzsimmons, Matthew H. Meade, Miriam H. Wugmeister, Monique Altheim, Noga Rosenthal, Ron Bushar, Sarvesh Mahajan, Scott D. Schafer, Travis LeBlanc, Victoria King, Vincent Liu, Zoe Strickland
Recorded on: Jun. 8, 2015
PLI Program #: 57194

Aaron Simpson is a partner with Hunton Andrews Kurth. He advises clients on a broad range of complex privacy, data protection and cybersecurity matters, including international and U.S. federal and state privacy and data security requirements. Aaron’s work ranges from advising clients on large-scale cybersecurity incidents to the development of cross-border data transfer solutions, compliance with existing and emerging data protection requirements in Europe, and negotiating data-driven commercial agreements. He frequently assists clients with due diligence and negotiation of privacy and data security issues in corporate transactions. Aaron also prepares proactive, data breach-readiness solutions for clients, including through the creation of incident response plans and conducting board-level tabletop exercises. 

Additionally, Aaron has substantial experience advising clients on global privacy compliance programs, and his work includes developing strategies for compliance with the California Consumer Privacy Act of 2018 and California Privacy Rights Act of 2020. He also has advised numerous clients on the EU General Data Protection Regulation.

Aaron is well known as a top privacy professional and has been recognized by Chambers and Partners, Computerworld and The Legal 500 for his work on behalf of clients. Aaron is the only lawyer listed in both The Legal 500 United States and The Legal 500 United Kingdom guides, providing clients with a broad and unique transatlantic perspective on privacy, data protection and cybersecurity matters.

In addition, Aaron is a sought-after media resource on privacy issues and has been quoted in such publications as Bloomberg BNA, Businessweek Magazine, Computer Weekly, Corporate Secretary, DataGuidance, Law360, SC Magazine, The Times and TIME Magazine. He regularly speaks before industry groups, legal organizations, government agencies and educational institutions at conferences, seminars, roundtables and webinars. He has written and co-written numerous articles, book chapters and handbooks on privacy and information security issues.

Aaron received his JD from the University of Virginia School of Law and his BA from the University of Texas, High Honors. He is admitted to practice in New York, and is a Registered Foreign Lawyer of England and Wales.

ALAN RAUL is the founder and leader of Sidley’s highly ranked Privacy and Cybersecurity practice. He represents companies on federal, state and international privacy, cybersecurity and digital technology issues. His practice includes global data protection and compliance programs, data breaches, crisis management, consumer protection issues and internet law. Alan advises companies regarding their cybersecurity preparedness and digital governance. Alan’s practice involves litigation, regulatory defense, internal investigations, counseling and policy advocacy. He handles consumer class actions, enforcement matters, and public policy involving the FTC, State Attorneys General, SEC, FCC, Department of Justice, international data protection authorities and other government agencies.

Alan provides clients with perspective gained from extensive government service. He previously served as Vice Chairman of the White House Privacy and Civil Liberties Oversight Board, General Counsel of the Office of Management and Budget, General Counsel of the U.S. Department of Agriculture, and Associate Counsel to the President.

Alan serves as a member of the Technology Litigation Advisory Committee of the U.S. Chamber Litigation Center (affiliated with the U.S. Chamber of Commerce). He also serves on the American Bar Association’s Cybersecurity Legal Task Force by appointment of the ABA President, and as a member of the Practicing Law Institute’s Privacy Law Advisors Group. He is a member of the governing Board of Directors of the Future of Privacy Forum, and of the Center for Democracy and Technology’s Advisory Committee.

Alan has represented a Special Cybersecurity Review Committee of the Board of Directors of a major tech company in connection with its independent investigation of the company’s handling of major data breaches. The following representative types of matters are also illustrative of the breadth of Alan’s practice:

  • Digital Governance counseling
  • Privacy and cybersecurity litigation, data breach incidents, regulatory investigations and compliance counseling
  • International data protection compliance programs and cross-border transfers
  • FTC, State Attorney General and international DPA investigations involving consumer protection, privacy, data security and unfair or deceptive business practices
  • SEC, DOJ, Congressional and Inspector General investigations 
  • Cybersecurity, government information requests and national security issues 
  • Internet litigation and counseling, and government information requests, under Electronic Communications Privacy Act and the Computer Fraud and Abuse Act
  • Administrative Procedure Act litigation, regulatory advocacy and counseling

In addition to leading a “Privacy and Data Security” practice nationally rated by Chambers Global and Chambers USA, Alan is ranked by Chambers in its top tier of Privacy and Data Security practitioners. Chambers USA has described Alan as a “true ‘ambassador’ for the privacy sector” who “attracts praise for his deep knowledge of the field. Interviewees stress that ‘he gives invaluable advice’ and is known to be a strong litigator. He also earns plaudits for his regulatory compliance and data protection policy expertise.” He has been named as a leading international Internet and E-Commerce Lawyer in Who’s Who Legal. Alan was also named to Ethisphere Institute’s “Attorneys Who Matter” in Data Privacy/Security, which recognizes lawyers with the highest commitment to public service, legal community engagement and academic involvement. The Washingtonian has named Alan one of Washington, D.C.’s Best Lawyers: Cybersecurity, and the National Law Journal named him a “Cyber Security Trailblazer.”

Carolina Lessa acts as the government affairs liaison for the Latin American region. She works closely with local business units to identify potential business opportunities and legislative and regulatory threats. Carolina manages key relationships with external firms and government bodies. She actively participates in industry coalitions and trade associations to promote public policy objectives in the region.

Prior to joining RELX Group, she headed the Washington, DC office of the largest Brazilian public affairs consulting firm, PATRI, and previously worked for the Brazilian Sugarcane Industry Association (UNICA) advocating for the removal of the ethanol import tariff. Carolina also worked at the American Chamber of Commerce (Amcham), where she led several key issues of the Brazil-US agenda, such as the renewal of a U.S. tariff exemption program, the Generalized System of Preferences. She also worked at the U.S. Consulate in São Paulo, at the Department of Agriculture (USDA) and interned at BioAlliance International, a global NGO dedicated to humanitarian aid for refugees in Africa.

Carolina has a B.A. in International Relations from Fundação Armando Alvares Penteado (FAAP - Brazil), a specialization in Communications from Pontifícia Universidade Católica (PUC - Brazil) and a M.A. in International Trade and Investment Policy from the George Washington University.

Harry A. Valetk is a Partner in Baker McKenzie’s Global Privacy and Security Practice Group based in New York, where he advises global organizations on privacy and data security compliance requirements. He regularly supports companies in the insurance and financial services sector, pharmaceutical/ healthcare, hospitality, cloud technology, and manufacturing industries.  His practice is focused on delivering commercially practical advice on designing security, privacy, and technologically compliant solutions. Harry's practice routinely covers issues that range from supporting M&A transactions that result in cross-border data transfers, to digital marketing, regulatory enforcement defense, and cyber security and data breach incident response. He also helps clients perform privacy risk assessments for highly-regulated entities on numerous data protection topics, including the California Consumer Privacy Act (CCPA), GDPR,HIPAA, GLBA, the Children’s Online Privacy Protection Act (COPPA).  Before joining the Firm in 2014, Harry was Director of MetLife’s Global Privacy Office.  Before MetLife, Harry led the video game publishing industry’s privacy compliance efforts as the Director of Privacy Online for the Entertainment Software Rating Board and its COPPA Safe Harbor Seal Program. Finally, Harry served as a trial attorney for the U.S. Department of Justice, Civil Division.

JoAnn C. Stonier is EVP/Chief Data Officer for Mastercard.  In this role, she is responsible for enterprise-wide data strategy and management to ensure the organization maximizes the value of its information assets. Ms. Stonier and her team of global professionals identify the opportunities associated with Mastercard’s information assets and assist in the development of the tools, processes, policies and standards necessary to enable their use.

Previously, Ms. Stonier was EVP Chief Information Governance & Privacy Officer for the organization.  In that role she was responsible for worldwide privacy and information governance, leading those teams as well as leading regulatory engagement in this area.  Prior to joining Mastercard in 2008, Ms. Stonier was the Chief Privacy Officer for American Express Company.  She also held various roles of increasing responsibility at American Express, including Chief Operating Officer, American Express Tax & Business Services; Vice President, Acquisition Integration; and Vice President & Assistant to the Chairman.  Ms. Stonier has worked at Waldenbooks, Inc., PepsiCo and started her career as an auditor for PriceWaterhouse Coopers. 

In addition to her work at Mastercard, Ms. Stonier is an adjunct professor at Pratt Institute where she teaches business strategy and international business, in the Design Management Master’s program.

Ms. Stonier received her Juris Doctorate from St. John’s University in Queens, and her Bachelor of Science degree from St. Francis College.  She holds memberships in the Bar of the State of New York and the Bar of the State of New Jersey.  Ms. Stonier has been recognized as a leader in data and privacy by a number of organizations including the Aspen Institute, the United Nations, and the Information Governance Initiative and has served on the board of the International Association of Privacy Professionals, the Center for Information Policy Leadership and the Information Accountability Foundation. She is a well-regarded speaker at industry events and often addresses the need for balancing data innovation and privacy.  JoAnn is based in Purchase, NY.

Monique Altheim is global data privacy consultant for IBM Security Services.  Ms. Altheim assists multinational companies in solving their data privacy challenges. 

Prior to joining IBM, Ms. Altheim had more than 13 years experience as an attorney, both in Belgium and in the U.S. She has advised clients on an array of international legal issues such as international maritime law, cross-border e-discovery and global privacy and security.

Ms. Altheim is also a member of the International Association of Privacy Professionals’ (IAPP) teaching faculty, where she trains candidates for the Certified Information Privacy Professional certificates (CIPP). Ms. Altheim is herself a CIPP/US and CIPP/EU.

Ms. Altheim has previously presented on numerous data privacy issues for the IAPP Europe Congress and the CPDP Conference in Brussels, LawTech Europe Congress in Prague, The International Conference of Data Protection and Privacy Commissioners, CEIC, International Law Weekend, Fordham School of Law, Georgetown Law Continuing Legal Education, LegalTech NY and NYCLA (c.2011-2015).

Victoria King served as UPS’s first Global Privacy Officer from 2010 until early 2015 when she was promoted to Group Vice President of UPS Public Affairs. As the Global Privacy Officer, she established the company’s global privacy program which encompassed activities in over 220 countries and involved more than 39 million daily tracking requests and over 4 billion annual deliveries.  She worked closely with both US and international colleagues to implement privacy governance, training and compliance programs. She was responsible for the strategic as well as tactical structure of the program. She also lead the company’s Information Security Council, a cross-functional management group that focused on information security and privacy strategies for the company. In her new Public Affairs role, she will continue her privacy and cybersecurity focus with greater emphasis on the global policies and regulatory developments.    

Victoria has been with UPS for 16 years working with the company’s Legal Department.  Prior to joining UPS, she was a law partner with the large regional law firm in Southern California and also worked with PriceWaterhouseCoopers in their Los Angeles, St. Louis and Frankfurt, Germany offices.   

Victoria joined the IAPP’s Educational Advisory Board in 2014. She continues to co-chair the Atlanta KnowledgeNet and has her CIPP-US and IT certifications.     

Vincent Liu (CISSP) is a Partner at Bishop Fox, a cyber security consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups. In this role, he oversees firm management, client matters, and strategy consulting.

Vincent is a recognized expert, having presented at Black Hat and Microsoft BlueHat. He is regularly cited by the press, and has been interviewed by media outlets like Al Jazeera and NPR. Vincent has also co-authored seven books including several industry best-sellers, such as: Hacking Exposed Wireless 1st and 2nd Edition; Hacking Exposed Web Applications 3rd Edition, and most recently Web Application Security: A Beginner’s Guide. He serves as returning faculty at the Practicing Law Institute, and sits on the advisory boards for the University of Advancing Technology and the cyber security accelerator, Mod N Labs.

Prior to founding Bishop Fox, Vincent led the Attack & Penetration team for the Global Security unit at Honeywell International. Before that, he was a consultant with the Ernst & Young Advanced Security Centers and an analyst at the National Security Agency.

As Ampersand’s Chief Privacy Officer and General Counsel, Noga Rosenthal is responsible for guiding the company's privacy and legal initiatives; she holds deep expertise in the development and implementation of comprehensive privacy programs. 

Noga previously served as Chief Privacy Officer at Epsilon where she led the company’s worldwide privacy, compliance and regulatory activities. Prior to Epsilon, she served as General Counsel and Vice President for Compliance and Policy for the Network Advertising Initiative (NAI), helping craft industry standards around the responsible collection and use of data for digital advertising and managing its compliance program to help ensure that member companies delivered on the promise of self-regulation for interest-based advertising. Furthermore, she also led global legal affairs for WPP’s Xaxis, a pioneering programmatic digital media business, as SVP and General Counsel. 

Noga is also a member of the International Associations of Privacy Professional (IAPP)’s Privacy Bar Section Advisory Board and was formerly a member of IAPP’s Women Leading Privacy Advisory Board and Education Advisory Board.

She is currently a member of the Interactive Advertising Bureau’s Public Policy Group, State Privacy and Federal Privacy Working Group and Legal Affairs Committee as well as the ANA’s Government Relations Committee.  Noga is an active member of the UK Data Protection Network, which provides guidance on the General Data Protection Regulation (GDPR). 

She also sat on the Advisory Board of the Digital Advertising Alliance and the Data Standards Committee of the Data and Marketing Association. Bureau. She also served as co-chair of the Privacy Committee of the Mobile Marketing Association.  Noga was a board member of the Network Advertising Initiative for eight years.

Noga received her bachelor’s degree in English and Political Science from Rutgers and a J.D. from Fordham Law School.


Few lawyers in the world have Miriam’s breadth and understanding of privacy and data security laws, obligations, and practices. In the words of her clients, she is “extremely practical and phenomenally smart. Just about one of the best privacy advisers there is” (Chambers USA).

Co-chair of Morrison & Foerster’s preeminent Global Privacy and Data Security Group and ranked among the top in the profession by all major directories, Miriam is regularly called upon by some of the world’s largest and most complex multinational organizations to confront their most difficult U.S. and international privacy challenges. “Tremendous at helping you come up with practical solutions to real problems” (Chambers USA), she develops cutting-edge solutions for clients that marry legal compliance with business realities.

Having helped hundreds of clients respond to data security incidents, Miriam works with companies to develop comprehensive customized incident response plans, training staff, conducting extensive table top exercises, and addressing key issues with Boards of Directors and executive management.

Miriam advises organizations on the planning and execution of complex global compliance efforts, assists in the negotiation of strategic deals, and defends regulatory and litigation matters relating to privacy and data security in the United States and internationally. She serves as an arbitrator for the EU-U.S. Privacy Shield Framework Binding Arbitration Program. Miriam regularly advises on the global collection, use, and sharing of employee, customer, vendor, and consumer personal information and ediscovery and employee monitoring issues, as well as on developing data security policies and procedures and cybersecurity preparedness and response plans. She also counsels clients on cutting-edge consumer privacy issues surrounding emerging technologies such as the Internet of Things (IoT), telematics, and big data. Miriam also serves as a board member of the ADP AI & Data Ethics Committee.

As leader of the Global Privacy Alliance (GPA), Miriam encourages the rational development of privacy laws around the world and monitors privacy practices, laws, and regulations globally. On behalf of the GPA’s members, she takes an active role in anticipating upcoming privacy legislation and educating regulators on the commercial implications of proposed regulations.

Chambers USA and Chambers Global recommend Miriam in the top tier of privacy and data security lawyers worldwide, and Legal 500 US recognizes her as a leading lawyer for her “professionalism and strong international presence.” For her work in data protection and privacy, Miriam is an inaugural inductee into the 2017 Legal 500 Hall of Fame, which is comprised of outstanding U.S. lawyers who have been recommended as Legal 500 “Leading Lawyers” for the last six consecutive years. In 2016, she was named one of Financial Times’ “Top 10 Innovative Lawyers in North America” and a National Law Journal “Cybersecurity and Data Privacy Trailblazer” for her breakthrough work in this space. Miriam was previously designated an Ethisphere “Attorney Who Matters” and a BTI Client Service All-Star, and she is featured in Best Lawyers in America, 2021.

Leigh is currently the Head of Privacy and Information Compliance and the Global Chief Privacy Officer within the Corporate Compliance Group at Citi.  In this role, Leigh leads several related functions that touch on the collection, maintenance, use, sharing and disposition of information, including the Chief Privacy Office, Records Management, Compliance Data Governance and compliance coverage for Information Security, Enterprise Operations and Technology, Export Licensing and Citi Security and Investigative Services.

Prior to joining Citi, Leigh was the Chief Privacy Officer at American Express responsible for leading the Global Privacy Team and the Global Privacy Program across the Company.  Prior to that, Leigh spent four years as the Senior Privacy Executive at Bank of America, where he managed the Privacy, Information and Data Compliance team, and ten years at Merrill Lynch, where he was Chief Privacy Counsel and led the Technology, Privacy and Information Law team.  Prior to joining Merrill Lynch, Leigh worked in private practice in New York specializing in Internet, e-commerce and corporate law. 

Leigh received his law degree from Georgetown University and his undergraduate degree from the State University of New York at Binghamton.  In addition to being a lawyer, Leigh is certified by the International Association of Privacy Professionals as a Certified Information Privacy Manager.

Mr. Bushar is a seasoned, highly effective, and innovative cyber security leader with extensive Federal Government, Cyber Security, Risk Management, and Network Operations experience. Mr. Bushar has a dynamic track record of building teams and strategic solutions that drive mission performance, ensure organizational security, and minimize risk. Mr. Bushar has over 17 years of experience in the areas of information assurance, information security, cyber operations, and incident response services. Currently, Mr. Bushar is serving as the Global Director for Mandiant’s Security Program Services, where he is developing innovative security programs and solutions and services for commercial and government clients worldwide.

Prior to his work at Mandiant, Mr. Bushar served as the Director of the Department of Justice Security Operations Center (JSOC) where he led transformative efforts to redefine and restructure key information security and JSOC operations and capabilities. Ron conducted critical Department wide security assessments and served as the project manager for major network security procurements and architecture upgrades. He   served as the Department’s Program Manager for insider threat program related issues and liaison to the National Insider Threat Task Force (NITTF). Ron developed and drafted Department cyber security policies and procedures. He established and nurtured cyber defense innovations within the JSOC with a concept of operations that focus on rapid research, development, and testing of innovative cyber defense solutions for the JSOC and the Department. Ron led cyber incident response activities for major security incidents throughout the Department and its 42 federated components. In November 2011, he received the Justice Management Division Special Commendation Award for his development management of the Department’s Information Security Assessment and Insider Threat Program.

Mr. Bushar has also led the Vulnerability Assessment and Penetration Team at the National Geospatial-­-Intelligence Agency (NGA), and spent eight years in various cyber operation project management and support roles at ManTech International Corporation. Mr. Bushar began his career in the United States Air Force serving in the Information Warfare Aggressor Squadron at Lackland AFB.

Mr. Bushar holds a Master of Science in Management of Information Systems and a Bachelor of Science in Electrical Engineering. He is a certified Project Management Professional (PMP), a Certified Information System Security Professional (CISSP), a Certified Information System Security Architecture Professional (ISSAP), and maintains a professional membership with the Institute of Electrical and Electronic Engineers (IEEE).

Mr. Schafer is currently Senior Counsel at The Vanguard Group, Inc., where he leads the Global Privacy and Data Protection team within the Legal & Compliance Division.  Mr. Schafer and his team advise on privacy, data security, and risk for Vanguard and its global affiliates.   Prior to joining Vanguard, Mr. Schafer was Chief of the Consumer Protection Division for the Office of the Massachusetts Attorney General.  Mr. Schafer led a division that investigated and prosecuted persons and entities for violations of federal and state law relating to predatory lending and foreclosure, Internet safety and security, electronic commerce, consumer privacy and data security, and data breach notification.   Mr. Schafer has been a faculty member for the American Bar Association, Boston Bar Association, Practising Law Institute, and Massachusetts Continuing Legal Education on issues relating to consumer privacy and information security, and he has been a featured speaker on privacy issues for the International Association of Privacy Professionals and various data security consortiums.

Mr. Schafer was also in private practice for ten years with the law firms of Sullivan & Worcester LLP and Zelle Hofmann LLP where he represented clients in a wide variety of commercial civil litigation matters involving computer technology, software licensing, trademark, copyright, misappropriation of trade secrets, unfair competition, and insurance coverage.

Named among The National Law Journal’s “100 Most Influential Lawyers,” Lisa Sotto chairs Hunton Andrews Kurth’s top-ranked Global Privacy and Cybersecurity practice and is the managing partner of the firm’s New York office. She also serves on the firm’s Executive Committee. Lisa has received widespread recognition for her work in the areas of privacy and cybersecurity. She was voted the world’s leading privacy advisor in all surveys by Computerworld magazine and has received top rankings for privacy and data security by Chambers and Partners and The Legal 500. Chambers and Partners honored Lisa with the 2021 Outstanding Contribution to the Legal Profession award, noting that a peer called her “a legend.” Lisa serves as the Chairperson of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. 

Nicknamed both the “Priestess of Privacy” and “Queen of Breach,” Lisa assists clients in identifying, evaluating and managing risks associated with privacy and data security practices. She provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness. Since 2005, she has advised clients on more than 2,000 cybersecurity and data breach incidents in the U.S. and abroad, including many of the world’s seminal events. She has handled numerous cyber incidents and data breaches involving industrial control systems, proprietary business information, and virtually every type of personal information. Lisa regularly meets with senior management to discuss cybersecurity legal developments, and has led numerous full board and audit committee discussions on these topics.

Lisa also advises clients on CCPA/CPRA, VCDPA, GLB, HIPAA, COPPA, CAN-SPAM, FCRA, VPPA, security breach notification laws, and other U.S. state and federal privacy and data security requirements (including HR rules), and global data protection laws (including those in the EU, Asia and Latin America). Lisa is the editor and lead author of the legal treatise entitled Privacy and Cybersecurity Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business. 

Lisa is chair of the New York Privacy Officers’ Forum and a former member of the Board of Directors of IAPP. She received her J.D. from the University of Pennsylvania Law School, where she was an editor of the Law Review. She received her B.A. from Cornell University, with Distinction in All Subjects. Lisa is admitted to practice in New York.

Travis is a leading authority on cybersecurity, data privacy, telecommunications and the regulation of emerging and disruptive technologies. Drawing on his broad experience in federal and state government, he helps clients manage litigation and regulatory risk, as well as strategically respond to data breaches, cyberattacks, nation-state attacks, dissemination of stolen data, misinformation campaigns and government enforcement efforts, including those by state attorneys general. In addition to overseeing crisis management, internal investigations and national security matters, Travis advises and counsels clients on complex commercial, antitrust and intellectual property litigation. The respect and skills Travis has earned during his career have translated into appointments and recommendations across political spectrums, including his selection by the US Department of Commerce and the European Commission as an arbitrator for the EU-US Privacy Shield Framework in 2017 and his presidential nomination to the Privacy and Civil Liberties Oversight Board in 2018.

Travis was chief of the Federal Communications Commission’s (FCC) Enforcement Bureau during the Obama administration, where he spearheaded hundreds of enforcement actions involving consumer issues such as false advertising and the Telephone Consumer Protection Act (TCPA), unfair competition, regulatory compliance and fraud, waste and abuse of government programs. He has also worked closely with senior officials at other federal, state and international agencies, including the Federal Trade Commission (FTC), Securities and Exchange Commission (SEC), Consumer Financial Protection Bureau (CFPB), Department of Justice (DOJ), all 50 state attorneys general and data protection authorities across the globe.

Travis previously served as a senior adviser to former California Attorney General Kamala D. Harris and as special assistant attorney general of California, where he oversaw California’s complex litigation and policy in areas such as technology regulation, high-tech crime, cybersecurity, privacy, intellectual property, antitrust, healthcare, telecommunications and human trafficking. Prior to this high-profile California role, he served during the Obama administration as an attorney-adviser in the US Department of Justice’s Office of Legal Counsel, which advises the president, attorney general and executive branch agencies on the constitutionality and legality of the programs and activities of the US government.

With his broad understanding of technology, media and telecommunications, as well as his senior government experience at the national and California levels, Travis is uniquely positioned to advise clients on a wide range of privacy, cybersecurity and information management issues, including cases involving data breaches, class actions and government enforcement actions. As former chief of the FCC’s Enforcement Bureau, Travis has assisted clients with federal and state telecommunications needs, including FCC proceedings and regulations, merger reviews, working with Congress and other regulatory agencies on behalf of clients and advocating for emerging and leading technology companies before regulatory bodies. A deep understanding of real-world issues and legal hurdles and solutions helps Travis respond to and favorably resolve governmental inquiries and fact-finding investigations.

His background and leadership roles, as well as his practice at leading law firms in Washington, DC, and San Francisco, have translated into advising global clients with ties both in California and nationally, as well as responding to and finding solutions for novel local, state and federal legal issues. He has also represented companies, boards and individuals on a diverse array of complex and bet-the-company civil litigation, government investigations and white collar matters involving false claims, bid-rigging, patent infringement, trade secrets, bribery, foreign corrupt practices, RICO, off-label advertising, legal malpractice and material support of terrorism.

Al Saikali is a national leader in privacy and data security law according to Chambers and Legal 500.  Al represents companies in matters involving the collection, use, storage, and security of personal information. Al and his team at Shook Hardy & Bacon have represented companies in more than 150 privacy and data security class action lawsuits, including more biometric privacy class actions than any other law firm in the United States. He has represented companies in incident response matters impacting as many as ten million individuals in 120 countries. Al’s dedication to his clients earned him the Lexology Client Service Award two years in a row. 

In addition to chairing Shook Hardy & Bacon’s Privacy and Data Security practice, Al founded and is Chair Emeritus of the Sedona Conference’s Working Group on Privacy and Data Security Liability.  He is one of a small number of data privacy practitioners who hold the Fellow in Privacy designation, accredited by the International Association of Privacy Professionals.  Al is often quoted by the Wall Street Journal, Bloomberg BusinessWeek, and Law360 for his thoughts on cybersecurity and data privacy trends. 

In his spare time, Al maintains a blog (, where he writes about emerging developments in privacy and data security law. 

David Glockner is the Chief Compliance Officer for Citadel, a global hedge fund based in Chicago. From 2013-2017 he served as Regional Director of the SEC’s Chicago Regional Office, overseeing the SEC’s examination and enforcement work in nine Midwestern states. While at the SEC he also served as co-chair of the SEC’s Cybersecurity Working Group and was a leader in the SEC’s efforts to expand its use of data analytics in examination and enforcement work. Prior to joining the SEC, he was a managing director at a global digital risk management firm. He spent nearly 25 years as a prosecutor in the United States Attorney’s Office in Chicago, including 11 years as chief of the office’s criminal division, where he was involved in numerous high-profile matters involving public corruption, financial fraud, and national security. He is an adjunct professor at the University of Illinois College of Law, where he teaches a class on cybersecurity and the legal system.

Keith Enright serves as Google’s Chief Privacy Officer and leads the global privacy legal team.  He joined Google in March 2011. He has more than 20 years of experience in creating and implementing programs for privacy, data stewardship, and information risk management.

Prior to joining Google, Keith served as the senior-most privacy executive at two Fortune 500 online and offline retail enterprises, as senior consultant for a leading global consulting practice, and as General Counsel for a privately held advertising technology company.

Keith has been a featured speaker discussing online privacy and related subjects on NBC Nightly News with Brian Williams, CNN, NPR Talk of the Nation and other major media outlets. He has been a guest speaker at Harvard Law School, Stanford Law School, and the Massachusetts Institute of Technology, and is frequently featured at industry events focusing on technology, privacy and data protection.

Keith serves on the Board of Directors of Zoom Information, Inc., and previously served a 5-year term on the Board of Directors of the International Association of Privacy Professionals. He is NACD Directorship Certified by the National Association of Corporate Directors, is a member of the Maryland Bar, and holds the Certified Information Privacy Professional certification from the International Association of Privacy Professionals.

Matthew H. Meade is co-chair of the firm's Cybersecurity and Data Protection Group where he provides advice regarding data security breaches, information and records management and other areas regarding privacy. He helps clients identify business risks associated with the use and storage of sensitive information. Matt regularly advises clients on security breach notification laws and other U.S. state and federal data security requirements (including laws regarding disposal of records). Matt drafts agreements addressing issues related to data use, privacy and security. He also has prepared document retention and management policies and developed associated training programs.

Matt's recent representations include:

  • Advised numerous entities, including health care providers, manufacturers, retailers, schools, security alarm companies, financial services company, county governments and collection agency on information security breach notification procedures and development of post breach corrective action plans.
  • Coordinated response to multi-state security breaches and hacking with local and federal law enforcement, district attorney and United States Attorney.
  • Performed comprehensive review and subsequent revisions of all security policies for leading hospitality provider and then provided data security training to managers and executives on subjects covered in policies.
  • On behalf of a health care automation solutions provider, obtained dismissal of claims arising from the theft of an employee’s laptop computer containing protected health information, on grounds that court lacked subject matter jurisdiction because plaintiff failed to adequately allege injury-in-fact.
  • Assisted banking client with response to unauthorized customer wire transfer, including developing post-incident policy enhancements.
  • Coordinated internal investigation of health care data breach, subsequent patient notice, communication with the Department of Health & Human Services Office of Civil Rights (“OCR”) and development of corrective steps. OCR closed the case taking no further action and noting the voluntary compliance efforts of the entity.
  • Negotiated with states attorney general office’s on behalf of cloud storage company holding data of health care entity involved in multi-state investigation and multi-jurisdiction litigation.
  • Prepared and reviewed company policies including Written Information Security Programs, document management, social networking and incident response.
  • Conducted internal investigation of processes and procedures of professional sports league, including analysis of discipline by league of teams, coaches and players, and of document management policy.
  • Conducted an internal investigation of a large-scale data leak of personnel information at a Fortune 100 corporation; interviewing relevant employees and preparing a report and recommendations for the Executive Board.
  • Advised clients on proper security measures in connection with employee and customer personal information.

Prior to joining Buchanan, Matt was an associate with the New York office of an international law firm, where, in addition to privacy-related matters, he worked on white-collar internal investigations, federal litigation matters and federal criminal cases, including plea negotiations, participation in proffer sessions, bail proceedings, guilty pleas, pre-sentence reports and negotiations with the United States Attorney's Office.

Matt was selected for inclusion in The Best Lawyers in America® list in  2017 under the Privacy and Data Security Law category.

Matt serves on  the Steering Committee for the Sedona Conference Working Group 11 on  Data Security and Privacy Liability, which brings “together lawyers, judges, policy makers, security experts, technologists and business leaders to identify and develop principles and best practices that will constructively resolve issues surrounding data security and privacy liability.”  Matt speaks and writes regularly on data security and is a co-chair of the ABA’s Second Annual National Institute on Cybersecurity.

Sarvesh Mahajan (suhr-VAYsh muh-HA-jen)

Sarvesh is a partner in the Outsourcing and Technology Practice of Wiggin and Dana. Sarvesh helps clients negotiate and implement technology agreements and commercial agreements. He has significant experience across all stages of IT and business process outsourcing transactions, allowing him to help clients structure or respond to RFPs, negotiate contracts, and manage and implement complex, global outsourcing arrangements. Sarvesh has been recognized as a leading lawyer nationally for Outsourcing in Chambers and Legal 500.

Zoe Strickland is a Senior Fellow at the Future of Privacy Forum.  Over a twenty-year period, Zoe has served as head of global privacy and other roles for Fortune 20 companies and agencies, including in healthcare, banking, retail and government.  Zoe’s experience in multiple industry sectors at some of the world’s largest companies has given her a unique perspective in the evolving world of privacy, information protection, and effective compliance structures. 

Roles have included:

  • Vice-President, Global Privacy & US Commercial Compliance for Cigna health and life insurance, where she was responsible for the enterprise privacy program (including managing legal and compliance functions and co-chairing the senior level Cyber & Privacy Council), and for the domestic healthcare compliance programs for Cigna’s commercial businesses.
  • Managing Director, Global Chief Privacy Officer, for JPMorgan Chase, where she led the firm’s privacy compliance program, and was actively involved in other information compliance and risk initiatives such as regarding the firm’s risk taxonomy and risk appetite
  • Vice-President, Chief Privacy Officer for UnitedHealth Group, where she led the firm’s privacy program, co-chaired the senior level Privacy & Security Steering Committee, and led implementation of HITECH privacy requirements.
  • Vice-President, Chief Privacy Officer for Walmart Stores Inc, leading their privacy and records programs and strategy, including integration and management of online and offline practices.
  • Chief Privacy Officer and head of consumer policies for the United States Postal Service, where she developed its privacy program, updated the records program, and headed other consumer functions like claims appeals.

Zoe is an active participant in the privacy community.  She previously served on the IAPP Board of Directors, and led the bank subgroup for the Business Roundtable regarding new approaches to privacy.  Other cross-industry memberships included: GS-1 privacy workgroup (co-chair); privacy/security subcommittee of the Council for Excellence in Government (co-chair); Centre for Information Policy Leadership; AHIP Privacy & Confidentiality Work Group; Confidentiality Coalition of the Healthcare Leadership Council; RIM Council; RILA Privacy and security workgroup; and FPF Advisory Board.

Zoe is a frequent speaker at industry conferences and events, including keynotes at the 2015 IAPP Asia-Pacific conference and the 2016 Executive Women’s Forum.  She has been quoted in several media sources such as The New York Times, USA, and National Public Radio.  She has testified at subcommittees of the House Energy and Commerce Committee, and was interviewed by the Economist on data sovereignty:

Early in her privacy career, Zoe won the 2004 IAPP Privacy Innovations Award for work on privacy impact assessments, and was featured in the 11/04 edition of Government Executive and the 2002 book Privacy Payoff: How Successful Businesses Build Consumer Trust by Ann Cavoukian and Tyler Hamilton.

Aaron Burstein has been an attorney advisor to Commissioner Julie Brill at the Federal Trade Commission (FTC) since August 2013 and is responsible for advising Commissioner Brill on enforcement and policy matters concerning privacy, data security, financial practices, and a range of other consumer protection issues.  Before joining the FTC, Aaron was a policy advisor at the National Telecommunications and Information Administration (NTIA) at the Department of Commerce.  At NTIA, Aaron played a central role in drafting Commerce’s privacy “green paper” and the Obama Administration’s Privacy Blueprint.  Aaron was detailed to the National Security Council at the White House, where he served as Director for Privacy and Civil Liberties in the Cybersecurity Directorate.  Before joining NTIA, Aaron was a research fellow at the University of California, Berkeley, School of Law and School of Information and a trial attorney in the Department of Justice’s Antitrust Division.  Aaron earned his law degree from Berkeley and his undergraduate degree from Brown University. 

Jay Leek, CISM, CISA, CISSP, is a Managing Partner and Co-founder of ClearSky Security, and leading venture fund focused on investing in early- and growth-stage security companies.  He also consults with Blackstone on various areas of cyber security strategy and investing, and he is currently co-leading Blackstone’s portfolio company CISO community. Prior to joining ClearSky, Leek was the Chief Information Security Officer for Blackstone, where he also worked with their information security investments and portfolio companies.  Over the past 20 years, Leek built and headed up global information risk and security programs for Equifax and Nokia and also worked as a Product Manager as well as a Consultant to telecom companies, government agencies and financial institutions assisting them with strategic planning and architectural design required to meet their information risk and security objectives. Leek currently serves as a member of the board of directors for AppOmni, BigID, BlueLava, Capsule8, CloudKnox, CyberGRX, IntSights, SecZetta and Respond, and the NY Metro ISSA Chapter. He was also formerly a member of the board of directors for Carbon Black, Cylance, Demisto, Optiv, Phantom, ProtectWise, RedOwl and Verodin, and a former member of the advisory boards for Accuvant, iSIGHT Partners and Risk IO.

Julia Horwitz is the Coordinator of EPIC's Open Government Program and was the 2012-2013 EPIC Open Government Fellow. She is a graduate of the University of Chicago Law School and graduated magna cum laude from Brown University with a B.A. in American Literature. Ms. Horwitz was a recipient of the 2011 Charles H. March Fellowship at the Federal Trade Commission and the International Association of Privacy Professionals 2012 Summit scholarship. While studying at Chicago Law, Ms. Horwitz was the Intellectual Property Law Society's Vice President for Online and Media, and competed in the 2011 International Trademark Association's Saul Lefkowitz Moot Court.

Margaret Keane is a Partner in the employment group at the international firm of DLA Piper LLP.  She is based in San Francisco and works with clients to address the challenges of today’s workplace, including workplace privacy, employee mobility issues, mobile devices, wage and hour compliance, and related workplace issues.

Matthew Fitzsimmons is the Head of Cigna’s Privacy & Information Protection Compliance Office and Lead Privacy & Cybersecurity Counsel. At Cigna, Matt is responsible for leading the privacy and information protection compliance team, handling complex privacy and information protection issues and leading the enterprise’s incident response team, leading investigations, breach notification, and incident management activities. Matt also oversees the review and implementation of privacy related legislation, the conduct environmental scans to identify external privacy issues. 

Prior to joining Cigna, Matt was an Assistant Attorney General in Connecticut, heading that Office’s Privacy and Data Security Department. In that role, Matt served as the lead attorney in the AG’s Office on all matters involving data security and privacy, including co-leading the investigation and negotiating the largest ever multistate data breach settlement with a prominent retailer. Matt also served as co-lead counsel in the first-ever state enforcement action for alleged violations of HIPAA. Throughout his time in the AG’s Office, Matt litigated an array of complex matters in state and federal court.

Matt is a frequent guest speaker and panelist at industry and continuing legal education events on the topic of data privacy and security, and has contributed to panel discussions in the United States and Canada. Recently, he was named one of Law360’s “5 Influential Privacy Regulators That You Should Know,” as well as being named to Connecticut Magazine’s 2014 “Forty under 40” and Connecticut Law Tribune’s “New Leaders in the Law.”

Matt also served as Adjunct Professor at the University of Connecticut School of Law, where he taught oral advocacy and brief writing as part of the school’s Moot Court program.

Adam is an acknowledged Canadian legal industry leader in privacy and data management. He is chair of Osler’s national Privacy and Data Management practice, and leads Osler’s AccessPrivacy thought leadership platform. Adam has been lead counsel on many of the most significant privacy matters in Canada, including the largest cyber security incidents and regulatory investigations in Canada to date. He advises Fortune 500 clients in their business critical data-protection issues, compliance initiatives and data governance. Adam has extensive experience in the privacy law area and regularly advises Chief Privacy Officers, in-house counsel and compliance professionals in the private, health public and not-for-profit sectors on managing security incidents, privacy regulatory investigations and broader data governance matters.