Skip to main content

Seventeenth Annual Institute on Privacy and Data Security Law

Speaker(s): Adam Kardash, Alan Charles Raul, Alfred J. Saikali, Austin P. Berglas, Ben Beeson, David Glockner, Ewa M. Abrams, H. Leigh Feldman, J. Andrew Heaton, JoAnn Stonier, Joel R. Reidenberg, Kathleen A. McGee, Keith Enright, Kevin D. Leitão, Laura Juanes Micas, Lauren Shy, Lisa J. Sotto, Maneesha Mithal, Margaret A. Keane, Matthew E. Morningstar, Megan L. Brown, Miriam H. Wugmeister, Mitchell S. Bompey, Peter M. Lefkowitz, Phyllis H. Marcus, Teena Lee, Zoe Strickland
Recorded on: Jun. 6, 2016
PLI Program #: 148909

Professional Activities:

Ewa Abrams is Vice President - Associate General Counsel & Chief Privacy Officer of Tiffany & Co. Her work at Tiffany spans a wide variety of practice areas including corporate transactional; intellectual property and unfair competition; data privacy and security; internet and technology, advertising and media law; and regulatory and compliance matters. She is lead counsel responsible for the company’s commercial trade and technology agreements and further has responsibility over all aspects of the management of Tiffany’s worldwide intellectual property matters, including licensing, internet-related issues, advertising and social media. In her role as Chief Privacy Officer, she is manages worldwide privacy compliance for the company, including implementing compliance programs and identifying, evaluating and managing risks associated with enterprise data privacy and information management.

Ms. Abrams is an Adjunct Professor at Fordham University Law School, where she teaches a Business Law course / internship practicum.

Board Affiliations / Committees: 

Ms. Abrams served on the Board of Directors of the International Anti-Counterfeiting Coalition (c.2010- 2016) and its Executive Committee (c.2014-2016); the Advisory Board of the Center for Anti- Counterfeiting and Product Protection at Michigan State University (c. 2012-present); the New York City Bar Committee on Trademark Infringement & Unfair Competition (2016); the National Retail Federation Committee on Data Privacy & Cybersecurity (c. 2012-present) and the National Retail Federation / EuroCommerce Joint Task Force on the EU General Data Protection Regulation (2016- present).


Ms. Abrams received her Juris Doctor from Brooklyn Law School in New York (2003) and her Bachelor’s of Arts from Bucknell University in Pennsylvania (cum laude (2000)).

Speaking Engagements:

Ms. Abrams has previously presented on numerous intellectual property rights and data privacy issues for the International Trademark Association, Practicing Law Institute, the New York County Lawyers’ Association, New York City Bar, Federal Bar Association, Association of Corporate Counsel, Benjamin N. Cardozo School of Law, Fordham Law School, as well as other anti-counterfeiting, brand protection and data privacy forums (c.2004-present).

Mitchell Bompey is a Managing Director at Morgan Stanley, heading up the Global Technology, Data Protection and Sourcing legal group.  Mitchell is based in New York and oversees lawyers in New York, London, Hong Kong and Singapore.  The group advises Morgan Stanley on legal issues associated with technology solutions and regulatory matters, privacy, information security, intellectual property, outsourcing regulatory requirements and procurement.  Mitchell joined Morgan Stanley in 2000 as an attorney in the Technology and Intellectual Property legal group.  Previously, Mitchell worked as an associate at the law firms of Weil, Gotshal & Manges and Fish & Neave.  Mitchell earned a Juris Doctor degree, graduating in 1994 from the University of Virginia School of Law, and a B.S. in Mechanical Engineering, graduating in 1989 from Tufts University.

ALAN RAUL is the founder and leader of Sidley’s highly ranked Privacy and Cybersecurity practice. He represents companies on federal, state and international privacy, cybersecurity and digital technology issues. His practice includes global data protection and compliance programs, data breaches, crisis management, consumer protection issues and internet law. Alan advises companies regarding their cybersecurity preparedness and digital governance. Alan’s practice involves litigation, regulatory defense, internal investigations, counseling and policy advocacy. He handles consumer class actions, enforcement matters, and public policy involving the FTC, State Attorneys General, SEC, FCC, Department of Justice, international data protection authorities and other government agencies.

Alan provides clients with perspective gained from extensive government service. He previously served as Vice Chairman of the White House Privacy and Civil Liberties Oversight Board, General Counsel of the Office of Management and Budget, General Counsel of the U.S. Department of Agriculture, and Associate Counsel to the President.

Alan serves as a member of the Technology Litigation Advisory Committee of the U.S. Chamber Litigation Center (affiliated with the U.S. Chamber of Commerce). He also serves on the American Bar Association’s Cybersecurity Legal Task Force by appointment of the ABA President, and as a member of the Practicing Law Institute’s Privacy Law Advisors Group. He is a member of the governing Board of Directors of the Future of Privacy Forum, and of the Center for Democracy and Technology’s Advisory Committee.

Alan has represented a Special Cybersecurity Review Committee of the Board of Directors of a major tech company in connection with its independent investigation of the company’s handling of major data breaches. The following representative types of matters are also illustrative of the breadth of Alan’s practice:

  • Digital Governance counseling
  • Privacy and cybersecurity litigation, data breach incidents, regulatory investigations and compliance counseling
  • International data protection compliance programs and cross-border transfers
  • FTC, State Attorney General and international DPA investigations involving consumer protection, privacy, data security and unfair or deceptive business practices
  • SEC, DOJ, Congressional and Inspector General investigations 
  • Cybersecurity, government information requests and national security issues 
  • Internet litigation and counseling, and government information requests, under Electronic Communications Privacy Act and the Computer Fraud and Abuse Act
  • Administrative Procedure Act litigation, regulatory advocacy and counseling

In addition to leading a “Privacy and Data Security” practice nationally rated by Chambers Global and Chambers USA, Alan is ranked by Chambers in its top tier of Privacy and Data Security practitioners. Chambers USA has described Alan as a “true ‘ambassador’ for the privacy sector” who “attracts praise for his deep knowledge of the field. Interviewees stress that ‘he gives invaluable advice’ and is known to be a strong litigator. He also earns plaudits for his regulatory compliance and data protection policy expertise.” He has been named as a leading international Internet and E-Commerce Lawyer in Who’s Who Legal. Alan was also named to Ethisphere Institute’s “Attorneys Who Matter” in Data Privacy/Security, which recognizes lawyers with the highest commitment to public service, legal community engagement and academic involvement. The Washingtonian has named Alan one of Washington, D.C.’s Best Lawyers: Cybersecurity, and the National Law Journal named him a “Cyber Security Trailblazer.”

Ben Beeson is Senior Vice President and Leader of the Cybersecurity Practice at Lockton Companies. Based in Washington, DC, he advises organizations on how best to mitigate emerging cyber risks to mission critical assets that align with the business strategy. As insurance continues to take a greater role in a comprehensive enterprise cyber risk management program, Ben also designs and places customized insurance solutions to fit an organization’s specific needs. Ben’s experience ranges from addressing data privacy issues in the utility, financial, healthcare, retail, and hospitality industries to identifying emerging property damage and bodily injury risks from a cyber attack in energy, transportation, and manufacturing.

Prior to moving to Washington DC, Ben was based in Lockton’s London office for seven years, where he cofounded and built one of the leading cybersecurity teams in the industry.

Ben holds a B.A. (Hons) degree in modern languages from the University of Durham, UK, and a certification in cybersecurity strategy from Georgetown University, Washington DC.

Cybersecurity Policy

  • March 2015 - Testified before the Senate Commerce Committee on the evolving cyber insurance marketplace.
  • 2013-2014 - US federal government engagement in creation of NIST Cybersecurity Framework.
  • December 2013 -Lloyd’s of London Roundtable Chair with Department of Homeland Security.


  • Advisory Board Member – American University’s Kogod Cybersecurity Governance Center.
  • Member – BENS, (Business Executives for National Security).

Selected Speaking Engagements

  • April 2015 – “Cyber insurance, the next big thing or the next requirement?” RSA, San Francisco.
  • March 2014 — International Engagement on Cyber, Georgetown University, Institute for Law, Science and Global Security —Panelist —  “Private-Public Partnerships to Protect Critical Infrastructure.”
  • May 2014 — Business Insurance Cyber Risk Summit, Washington, DC—Panelist “Are You Covered?”

Selected Publications

  • March 2015 – Senate Commerce Committee written testimony - Evolving Cyber Insurance Marketplace.
  • January 2015 – “With New Cybersecurity approach can insurers meet demand?” Law360
  • March 2014: “Why Every Board Should Care about Cybersecurity?”Coauthored with General Michael Hayden for Texas ACG Capital Connection

J. Andrew Heaton serves as overall global privacy lead for the Danaher organization, working with the privacy leads for Danaher's four business segments and the "pivots" at Danaher's operating companies.  He also advises on legal matters pertaining to information security.

Before joining Danahar, Mr. Heaton was a principal in Ernst & Young LLP and served as Global Lead Counsel – Data Privacy and Security for the global EY organization.  In this role, he led EY’s global data protection team, served as global privacy officer for the organization, and advised EY on legal aspects of data protection and information technology worldwide. 

Prior to assuming his global responsibilities in 2014, he served in a similar capacity with EY’s practice in the United States and was also lead counsel for EY’s financial services practice.

Mr. Heaton graduated summa cum laude from Bradley University in Illinois.  He received his law degree with honors from the University of Chicago Law School.  He joined EY in 1994 and was named a principal in 2000.

Mr. Heaton is a Certified Information Privacy Manager, a Certified Information Privacy Professional/US, and a member of the bars of New York, the District of Columbia and Maryland.

JoAnn C. Stonier is EVP/Chief Data Officer for Mastercard.  In this role, she is responsible for enterprise-wide data strategy and management to ensure the organization maximizes the value of its information assets. Ms. Stonier and her team of global professionals identify the opportunities associated with Mastercard’s information assets and assist in the development of the tools, processes, policies and standards necessary to enable their use.

Previously, Ms. Stonier was EVP Chief Information Governance & Privacy Officer for the organization.  In that role she was responsible for worldwide privacy and information governance, leading those teams as well as leading regulatory engagement in this area.  Prior to joining Mastercard in 2008, Ms. Stonier was the Chief Privacy Officer for American Express Company.  She also held various roles of increasing responsibility at American Express, including Chief Operating Officer, American Express Tax & Business Services; Vice President, Acquisition Integration; and Vice President & Assistant to the Chairman.  Ms. Stonier has worked at Waldenbooks, Inc., PepsiCo and started her career as an auditor for PriceWaterhouse Coopers. 

In addition to her work at Mastercard, Ms. Stonier is an adjunct professor at Pratt Institute where she teaches business strategy and international business, in the Design Management Master’s program.

Ms. Stonier received her Juris Doctorate from St. John’s University in Queens, and her Bachelor of Science degree from St. Francis College.  She holds memberships in the Bar of the State of New York and the Bar of the State of New Jersey.  Ms. Stonier has been recognized as a leader in data and privacy by a number of organizations including the Aspen Institute, the United Nations, and the Information Governance Initiative and has served on the board of the International Association of Privacy Professionals, the Center for Information Policy Leadership and the Information Accountability Foundation. She is a well-regarded speaker at industry events and often addresses the need for balancing data innovation and privacy.  JoAnn is based in Purchase, NY.

Kevin Leitão is a seasoned attorney and business executive with more than 15 years of in-house counsel and compliance leadership experience. He has developed and led risk-based compliance, security, privacy, vendor management and BSA/AML programs at several companies, including GE Capital (Consumer Finance and Commercial Finance), Merrill Lynch, TIAA-CREF and Softcard. Since joining Ballard Spahr in 2015, Mr. Leitão has advised clients in a range of industries on digital commerce, data security, privacy, risk management/governance, BSA/AML matters and compliance program development.

Mr. Leitão’s risk assessment and risk management work includes participating in enterprise risk management program development, developing and serving on risk governance committees, selecting and implementing “governance, risk and control” tools and supporting initiatives to foster convergence among control group activities, including compliance, internal audit, information security and operational risk management. He is also a Six Sigma Green Belt.

Kevin began his legal career as a corporate and regulatory lawyer at LeBouef, Lamb, Leiby & MacRae in New York. He is a graduate of Yale Law School, Cambridge University (which he attended as a Marshall Scholar) and Brown University.

Matthew E. Morningstar is an Executive Director and Counsel in Morgan Stanley's US Litigation Department, where he is responsible for managing complex litigation and regulatory matters across the Firm.  His practice focuses on a variety of areas, including securities litigation, credit crisis litigation arising out of the Firm’s structured product businesses, municipal securities litigation and regulatory matters and intellectual property disputes.  Prior to joining Morgan Stanley in 2005, Matthew was an Associate in the Litigation Department in the New York office of Mayer Brown.

Matthew is a member of the Board of Directors of the National Association of Minority and Women Owned Lawyers (NAMWOLF), and the co-chair of NAMWOLF’s Advisory Council, the corporate counsel advisory board.  Matthew is also the Chair of the Supplier Diversity Sub-Committee of Morgan Stanley’s Legal and Compliance Division Diversity and Inclusion Committee.

Matthew was honored to receive the 2013 National LGBT Bar Association Out & Proud Corporate Counsel Award in New York.  Matthew was commended for his commitment to diversity in the profession, particularly his visibility as an out senior lawyer and his work concerning expanded use of minority and women-owned law firms.

Matthew also served as Vice-Chair of the Gay Men’s Health Crisis (GMHC) Board of Directors, where he was also Co-Chair of the Governance Committee.  Matthew is also the past Co-chair of the New York Democratic Lawyers Council, New York's only year-round voting rights and election protection organization.  Matthew was honored to serve on the Democratic National Committee’s Platform Committee in 2008, which called for a fully-inclusive non-discrimination act as well as an end to the discriminatory Don’t Ask Don’t Tell policy.

Matthew is a 1997 graduate of Columbia, and a 2001 graduate of Cornell Law School, where he served as Chancellor of the Moot Court Board.

Peter Lefkowitz is Chief Privacy & Digital Risk Officer at Citrix Systems, Inc. (NASDAQ:CTXS), a leader in unified workspace, networking, and analytics solutions that help organizations unlock innovation, engage customers, and boost productivity without sacrificing security.

Lefkowitz oversees legal, regulatory, and governance risk associated with data, products, and systems, as well as policy engagement on digital issues. He was the 2018 Chairman of the Board of the International Association of Privacy Professionals and is a member of the Boston Bar Association Council. Prior to joining Citrix, he served as Chief Privacy Officer at both GE and Oracle.

Lefkowitz holds a bachelor’s degree in history from Yale University, a J.D. from Harvard Law School, and has taught privacy law at Boston College Law School. He has been published on privacy law, cloud computing, and the Internet of Things (IoT), including an OpEd in the New York Times on proposals for US. Federal privacy legislation. 

Teena Lee is the Senior Vice President, Associate General Counsel, Deputy Chief Privacy Officer, for News Corporation, where she is responsible for data privacy globally for News Corp.  She manages News Corp’s corporate data privacy accountability program, and oversees the data privacy management programs of the various business units under the News Corp umbrella of companies.  Ms. Lee previously held a similar position at The Estee Lauder Companies Inc. as the former Vice President, Privacy and Ecommerce Counsel, and was responsible for the management of the global data privacy program, as well as serving dedicated attorney roles to Estee Lauder’s ecommerce and social/digital media advertising divisions.

Prior to Estee Lauder, Teena was a senior associate at the law firm, Davis Wright Tremaine LLP.  Teena is a graduate of the New York University School of Law.

Austin comes to BlueVoyant after building and leading the Cyber Defense practice at K2 Intelligence. Prior to K2 Intelligence, he served 22 years in the U.S. Government.

Austin was the Assistant Special Agent in charge of the FBI’s New York Office Cyber Branch. There, he oversaw all national security and criminal cyber investigations in the agency’s largest cyber branch, and was awarded the FBI Director’s Award for Excellence in a Cyber Investigation. Prior to the FBI, Austin achieved the rank of captain in the U.S. Army.

Few lawyers in the world have Miriam’s breadth and understanding of privacy and data security laws, obligations, and practices. In the words of her clients, she is “extremely practical and phenomenally smart. Just about one of the best privacy advisers there is” (Chambers USA).

Co-chair of Morrison & Foerster’s preeminent Global Privacy and Data Security Group and ranked among the top in the profession by all major directories, Miriam is regularly called upon by some of the world’s largest and most complex multinational organizations to confront their most difficult U.S. and international privacy challenges. “Tremendous at helping you come up with practical solutions to real problems” (Chambers USA), she develops cutting-edge solutions for clients that marry legal compliance with business realities.

Having helped hundreds of clients respond to data security incidents, Miriam works with companies to develop comprehensive customized incident response plans, training staff, conducting extensive table top exercises, and addressing key issues with Boards of Directors and executive management.

Miriam advises organizations on the planning and execution of complex global compliance efforts, assists in the negotiation of strategic deals, and defends regulatory and litigation matters relating to privacy and data security in the United States and internationally. She serves as an arbitrator for the EU-U.S. Privacy Shield Framework Binding Arbitration Program. Miriam regularly advises on the global collection, use, and sharing of employee, customer, vendor, and consumer personal information and ediscovery and employee monitoring issues, as well as on developing data security policies and procedures and cybersecurity preparedness and response plans. She also counsels clients on cutting-edge consumer privacy issues surrounding emerging technologies such as the Internet of Things (IoT), telematics, and big data. Miriam also serves as a board member of the ADP AI & Data Ethics Committee.

As leader of the Global Privacy Alliance (GPA), Miriam encourages the rational development of privacy laws around the world and monitors privacy practices, laws, and regulations globally. On behalf of the GPA’s members, she takes an active role in anticipating upcoming privacy legislation and educating regulators on the commercial implications of proposed regulations.

Chambers USA and Chambers Global recommend Miriam in the top tier of privacy and data security lawyers worldwide, and Legal 500 US recognizes her as a leading lawyer for her “professionalism and strong international presence.” For her work in data protection and privacy, Miriam is an inaugural inductee into the 2017 Legal 500 Hall of Fame, which is comprised of outstanding U.S. lawyers who have been recommended as Legal 500 “Leading Lawyers” for the last six consecutive years. In 2016, she was named one of Financial Times’ “Top 10 Innovative Lawyers in North America” and a National Law Journal “Cybersecurity and Data Privacy Trailblazer” for her breakthrough work in this space. Miriam was previously designated an Ethisphere “Attorney Who Matters” and a BTI Client Service All-Star, and she is featured in Best Lawyers in America, 2021.

Kathleen is a highly accomplished technology and regulatory lawyer and former prosecutor with more than 17 years’ experience in the public sector. Her practice has a dual focus on compliance and investigations.

As Bureau Chief of the Bureau of Internet & Technology for the New York State Attorney General’s Office, Kathleen was at the forefront of regulation, enforcement initiatives, and public policy involving privacy, data security, and consumer protection, among other issues. Earlier in her career, she served as Director of the Office of Special Enforcement in the New York City Mayor’s Office, where, as lead counsel, she directed litigation on a number of intellectual property and civil nuisance matters and was a policy leader on issues ranging from data analytics to human trafficking. While with the Mayor’s Office, Kathleen also developed the New Business Acceleration Team to streamline regulations and fast-track new business development. Kathleen started her legal career as an Assistant District Attorney for the Bronx County District Attorney’s Office in New York, where she prosecuted domestic violence, child abuse, and sex crimes.

Kathleen's public sector experience gives her an edge in counseling emerging and mature companies on a broad spectrum of regulatory issues concerning technology, data security, and privacy. She has in-depth knowledge of matters involving unfair, deceptive, or abusive acts and practices (UDAAPs), as well as the Children's Online Privacy Protection Rule (COPPA), emerging privacy and data security laws, the Consumer Financial Protection Bureau, the Securities and Exchange Commission, the Federal Communications Commission, and the Federal Trade Commission. In addition, Kathleen's experience in municipal government and her understanding of how the administrative code affects business has given her a unique perspective on the intersection of commerce and the law. Clients appreciate her insights into how to identify unanticipated problems and develop creative, business-focused solutions.

Kathleen also provides counsel to individuals and companies facing investigations. As outside counsel on internal investigations, she is an effective fact-finder on matters such as alleged employee malfeasance and intellectual property claims, among others. She also represents clients in government-facing investigations, including white collar criminal defense. Clients in this area benefit from both her sophisticated grasp of technology-related criminal matters and her on-the-ground experience as a lead prosecutor in both jury and bench trials.

Kathleen is admitted to appear before the U.S. District Court for the Southern and Eastern Districts of New York.

Leigh is currently the Head of Privacy and Information Compliance and the Global Chief Privacy Officer within the Corporate Compliance Group at Citi.  In this role, Leigh leads several related functions that touch on the collection, maintenance, use, sharing and disposition of information, including the Chief Privacy Office, Records Management, Compliance Data Governance and compliance coverage for Information Security, Enterprise Operations and Technology, Export Licensing and Citi Security and Investigative Services.

Prior to joining Citi, Leigh was the Chief Privacy Officer at American Express responsible for leading the Global Privacy Team and the Global Privacy Program across the Company.  Prior to that, Leigh spent four years as the Senior Privacy Executive at Bank of America, where he managed the Privacy, Information and Data Compliance team, and ten years at Merrill Lynch, where he was Chief Privacy Counsel and led the Technology, Privacy and Information Law team.  Prior to joining Merrill Lynch, Leigh worked in private practice in New York specializing in Internet, e-commerce and corporate law. 

Leigh received his law degree from Georgetown University and his undergraduate degree from the State University of New York at Binghamton.  In addition to being a lawyer, Leigh is certified by the International Association of Privacy Professionals as a Certified Information Privacy Manager.

Named among The National Law Journal’s “100 Most Influential Lawyers,” Lisa Sotto chairs Hunton Andrews Kurth’s top-ranked Global Privacy and Cybersecurity practice and is the managing partner of the firm’s New York office. She also serves on the firm’s Executive Committee. Lisa has received widespread recognition for her work in the areas of privacy and cybersecurity. She was voted the world’s leading privacy advisor in all surveys by Computerworld magazine and has received top rankings for privacy and data security by Chambers and Partners and The Legal 500. Chambers and Partners honored Lisa with the 2021 Outstanding Contribution to the Legal Profession award, noting that a peer called her “a legend.” Lisa serves as the Chairperson of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. 

Nicknamed both the “Priestess of Privacy” and “Queen of Breach,” Lisa assists clients in identifying, evaluating and managing risks associated with privacy and data security practices. She provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness. Since 2005, she has advised clients on more than 2,000 cybersecurity and data breach incidents in the U.S. and abroad, including many of the world’s seminal events. She has handled numerous cyber incidents and data breaches involving industrial control systems, proprietary business information, and virtually every type of personal information. Lisa regularly meets with senior management to discuss cybersecurity legal developments, and has led numerous full board and audit committee discussions on these topics.

Lisa also advises clients on CCPA/CPRA, VCDPA, GLB, HIPAA, COPPA, CAN-SPAM, FCRA, VPPA, security breach notification laws, and other U.S. state and federal privacy and data security requirements (including HR rules), and global data protection laws (including those in the EU, Asia and Latin America). Lisa is the editor and lead author of the legal treatise entitled Privacy and Cybersecurity Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business. 

Lisa is chair of the New York Privacy Officers’ Forum and a former member of the Board of Directors of IAPP. She received her J.D. from the University of Pennsylvania Law School, where she was an editor of the Law Review. She received her B.A. from Cornell University, with Distinction in All Subjects. Lisa is admitted to practice in New York.

Phyllis is counsel to Hunton & Williams LLP’s global competition team and has a unique combination of experience in advertising enforcement and privacy law. Her practice focuses on advertising, marketing and consumer protection issues. She also counsels clients on compliance with the Children’s Online Privacy Protection Act (COPPA) Rule and managing related enforcement actions. Phyllis joined Hunton & Williams LLP from the Federal Trade Commission (FTC), where she held numerous leadership positions during her longstanding tenure, handling both advertising and marketing issues, and privacy matters (with a focus on children’s privacy).

With at the FTC, Phyllis served as the Chief of Staff of the Bureau of Consumer Protection’s Division of Advertising Practices. In that role, she oversaw the FTC’s advertising workload, handled congressional matters, wrote high profile speeches and testimony regarding FTC advertising initiatives, and led several FTC investigations involving deceptive health claims, endorsements and disclosures. Phyllis also was awarded the Official Commendation for Distinguished Service by the Chairwoman of the FTC in October 2015.

From 2006 to 2013, Phyllis led the FTC’s children’s online privacy program. In this capacity, Phyllis was responsible for bringing a host of civil penalty actions enforcing the COPPA Rule, including the first $1 million COPPA civil penalty and a subsequent record-setting $3 million penalty. Phyllis also led the 2010-2012 team responsible for overhauling the COPPA Rule, and has a keen understanding of the complexities of the revised regulations.

Phyllis has been interviewed by a number of media outlets, including The New York Times, The Washington Post and NPR Marketplace. She is frequently sought after to speak on consumer protection issues, such as protecting children online, the COPPA Rule and other FTC advertising initiatives and enforcement actions.

Phyllis was a law clerk to Judge John C. Eldridge of the Maryland Court of Appeals. She is admitted to practice in the District of Columbia. She received her JD from University of Michigan Law School, cum laude, and her BA from the University of Pennsylvania, magna cum laude.

Al Saikali is a national leader in privacy and data security law according to Chambers and Legal 500.  Al represents companies in matters involving the collection, use, storage, and security of personal information. Al and his team at Shook Hardy & Bacon have represented companies in more than 150 privacy and data security class action lawsuits, including more biometric privacy class actions than any other law firm in the United States. He has represented companies in incident response matters impacting as many as ten million individuals in 120 countries. Al’s dedication to his clients earned him the Lexology Client Service Award two years in a row. 

In addition to chairing Shook Hardy & Bacon’s Privacy and Data Security practice, Al founded and is Chair Emeritus of the Sedona Conference’s Working Group on Privacy and Data Security Liability.  He is one of a small number of data privacy practitioners who hold the Fellow in Privacy designation, accredited by the International Association of Privacy Professionals.  Al is often quoted by the Wall Street Journal, Bloomberg BusinessWeek, and Law360 for his thoughts on cybersecurity and data privacy trends. 

In his spare time, Al maintains a blog (, where he writes about emerging developments in privacy and data security law. 

Keith Enright serves as Google’s Chief Privacy Officer and leads the global privacy legal team.  He joined Google in March 2011. He has more than 20 years of experience in creating and implementing programs for privacy, data stewardship, and information risk management.

Prior to joining Google, Keith served as the senior-most privacy executive at two Fortune 500 online and offline retail enterprises, as senior consultant for a leading global consulting practice, and as General Counsel for a privately held advertising technology company.

Keith has been a featured speaker discussing online privacy and related subjects on NBC Nightly News with Brian Williams, CNN, NPR Talk of the Nation and other major media outlets. He has been a guest speaker at Harvard Law School, Stanford Law School, and the Massachusetts Institute of Technology, and is frequently featured at industry events focusing on technology, privacy and data protection.

Keith serves on the Board of Directors of Zoom Information, Inc., and previously served a 5-year term on the Board of Directors of the International Association of Privacy Professionals. He is NACD Directorship Certified by the National Association of Corporate Directors, is a member of the Maryland Bar, and holds the Certified Information Privacy Professional certification from the International Association of Privacy Professionals.

Laura Juanes is a multilingual law, policy and privacy expert in the technology industry. She currently serves as Global Director of Privacy Policy Engagement at Facebook Inc. 

Laura is a Spanish qualified lawyer, based in the United States, with more than fifteen years of professional experience in technology and media companies. In her role at Facebook, she leads a global team that regularly engages with regulators, policymakers, experts and advocates in order to inform on key privacy issues that impact how individuals use or relate to Facebook’s technology daily. Prior to joining Facebook, she served as an Assistant General Counsel, Privacy & Human Rights, at Yahoo Inc., where she led the legal and public policy team’s efforts on global privacy matters and the company’s Business and Human Rights Program.

Before assuming her AGC role at Yahoo, Laura held various positions, including as General Counsel at Yahoo Spain and as Director of Product Compliance and Law Enforcement response for the Americas. Laura is a law graduate of the Universidad Auto´noma de Madrid, where she worked as a lawyer before joining Yahoo.

Laura holds U.S. and EU Certifications for International Privacy Professionals (CIPP). She serves on the Advisory Board of the Information Accountability Foundation and chairs the Latin America chapter of the Centre for Information Policy Leadership. She is a mentor of startups and entrepreneurs in South Florida and Latin America and a proud Board and founder Member of Woman in Tech Miami Council, with a mission to connect and empower women with diverse technological backgrounds.

Zoe Strickland is the newly appointed VP, Global Privacy & US Commercial Compliance head for Cigna health and life insurance. She most recently served as the Managing Director, Global Chief Privacy Officer, for JPMorgan Chase, where she was responsible for domestic and global privacy compliance at the company enterprise level, including its privacy policies, procedures, governance, strategy, training, and administration. Previously, Zoe served as the VP, Chief Privacy Officer for UnitedHealth Group and for Walmart Stores Inc. 

Zoe is an active participant in the privacy community.  She serves on the Advisory Board of the Future of Privacy Forum and several other cross-industry organizations. She previously served on the Board of Directors for the International Association of Privacy Professionals (IAPP). Zoe is a frequent speaker at industry conferences and events, has testified before subcommittees of the House Energy and Commerce Committee, and has been quoted in national and trade media sources, including USA Today, the New York Times, and National Public Radio.

David Glockner is the Chief Compliance Officer for Citadel, a global hedge fund based in Chicago. From 2013-2017 he served as Regional Director of the SEC’s Chicago Regional Office, overseeing the SEC’s examination and enforcement work in nine Midwestern states. While at the SEC he also served as co-chair of the SEC’s Cybersecurity Working Group and was a leader in the SEC’s efforts to expand its use of data analytics in examination and enforcement work. Prior to joining the SEC, he was a managing director at a global digital risk management firm. He spent nearly 25 years as a prosecutor in the United States Attorney’s Office in Chicago, including 11 years as chief of the office’s criminal division, where he was involved in numerous high-profile matters involving public corruption, financial fraud, and national security. He is an adjunct professor at the University of Illinois College of Law, where he teaches a class on cybersecurity and the legal system.

Joel R. Reidenberg is the Stanley D. and Nikki Waxberg Chair and Professor of Law at Fordham University where he directs the Center on Law and Information Policy.   He was the inaugural Microsoft Visiting Professor of Information Technology Policy at Princeton teaching in the computer science department and more recently a visiting lecturer teaching cybersecurity policy at Princeton's Woodrow Wilson School.  Reidenberg has also previously taught at the Universite de Paris-Sorbonne and the Institut d'etudes Politques de Paris.   Reidenberg publishes regularly on both information privacy and on information technology law and policy.  He is a member of the American Law Institute and an Advisor to the ALI’s Principles of Law of Data Privacy project.  Reidenberg has served as an expert adviser to the U.S. Congress, the Federal Trade Commission, the European Commission and the World Intellectual Property Organization. At Fordham, Reidenberg previously served as the University’s Associate Vice President for Academic Affairs and, prior to his academic career, he was an associate at the law firm Debevoise & Plimpton.  Reidenberg is a graduate of Dartmouth College, earned a J.D. from Columbia University and a Ph.D. in law from the Université de Paris –Sorbonne.  He is admitted to the Bars of New York and the District of Columbia.

Lauren Shy is Chief Privacy Officer and Senior Legal Director at PepsiCo, Inc.  PepsiCo is one of the world’s leading food and beverage companies with a global portfolio of diverse and beloved brands. PepsiCo’s products are sold in more than 200 countries and territories around the world. Lauren has been in this role since August 2014 and with PepsiCo since February 2012. She is based in PepsiCo’s Purchase, NY headquarters.

A frequent speaker on privacy and legal ethics, Lauren is a Certified Information Privacy Manager (CIPM), a Certified Information Privacy Professional (CIPP/US), and a Certified Compliance and Ethics Professional (CCEP). She is a member of the International Association of Privacy Professionals’ (IAPP) Women Leading Privacy Advisory Board and the Corporate Executive Board’s (CEB) Data Privacy Leadership Council. Lauren is a past member of the NYC Bar Association’s Committees on Information Technology Law (2004-2007); Consumer Affairs (2007-2010); and Professional Responsibility (2011-2014).

Prior to joining PepsiCo, Lauren was the Assistant (Deputy) General Counsel at a global immigration law firm where she handled a range of corporate matters including data privacy.

Lauren graduated from the University of Michigan in Ann Arbor, Michigan and Case Western Reserve University School of Law in Cleveland, Ohio. She is licensed in New York.

Maneesha Mithal is the Associate Director of the Federal Trade Commission’s Division of Privacy and Identity Protection, which focuses on consumer privacy, data security, and credit reporting issues.  In this capacity, she has managed significant initiatives, including reports on Big Data, the data broker industry, the Internet of Things, consumer privacy, facial recognition, and mobile privacy disclosures.  She has testified before Congress on data security, connected cars, facial recognition, and identity theft.  She has also supervised dozens of Commission enforcement actions, including against companies such as Wyndham, Google, Youtube, Equifax, Facebook, Twitter, HTC, Snapchat, Uber, and Lenovo.  She has held numerous positions at the Commission, including Chief of Staff of the Bureau of Consumer Protection, and Assistant Director of the International Division of Consumer Protection.  Prior to joining the Commission 1999, Ms. Mithal was an attorney at the Washington law firm of Covington & Burling.  Ms. Mithal earned her law degree from the Georgetown University Law Center and her undergraduate degree from Georgetown University.

Margaret Keane is a Partner in the employment group at the international firm of DLA Piper LLP.  She is based in San Francisco and works with clients to address the challenges of today’s workplace, including workplace privacy, employee mobility issues, mobile devices, wage and hour compliance, and related workplace issues.

Megan Brown is a partner in the Litigation, Appellate, and Telecom, Media and Technology practices at Wiley Rein in Washington DC.  She leads the firm’s cyber security and data security practices, working for companies and associations on security and privacy, wireless, mobile devices, and encryption.  Recent work has involved the FCC privacy initiatives, helping develop the NIST Cybersecurity Framework, the Internet of Things, and Internet and mobile security.  She represents clients before various government agencies including the FCC, FTC, DOJ, and NIST, to name a few.  She also assists in analyzing federal efforts to enhance national cybersecurity capabilities under the NIST Framework.  Megan also works with the Wiretap Act and Stored Communications Act.  Megan helps clients navigate complex regulatory proceedings and manage state regulation that interferes with national business planning.   This includes litigating challenges to law and regulation, particularly state and local laws that regulate technology and innovation.  Megan files amicus briefs on the First Amendment and other issues in the Supreme Court.   She was named a “Rising Star” for technology law in 2014.  Megan received her law degree from Harvard Law School, and clerked the Honorable E. Grady Jolly on the United States Court of Appeals for the Fifth Circuit.  She served in the Department of Justice as Counsel to United States Attorneys General Michael B. Mukasey and Alberto Gonzales.  Megan is on the Board of the Women’s High Tech Coalition, and serves an appointee of Maryland Governor Hogan on judicial selection for Maryland Trial Courts.

Adam is an acknowledged Canadian legal industry leader in privacy and data management. He is chair of Osler’s national Privacy and Data Management practice, and leads Osler’s AccessPrivacy thought leadership platform. Adam has been lead counsel on many of the most significant privacy matters in Canada, including the largest cyber security incidents and regulatory investigations in Canada to date. He advises Fortune 500 clients in their business critical data-protection issues, compliance initiatives and data governance. Adam has extensive experience in the privacy law area and regularly advises Chief Privacy Officers, in-house counsel and compliance professionals in the private, health public and not-for-profit sectors on managing security incidents, privacy regulatory investigations and broader data governance matters.