Skip to main content

Eighteenth Annual Institute on Privacy and Data Security Law


Speaker(s): Alan Charles Raul, Alfred J. Saikali, Anita L. Allen, Ben Rossen, Christina Peters, David Glockner, Erin H. Creahan, Geff Brown, J. Andrew Heaton, JoAnn Stonier, Keith Enright, Lisa J. Sotto, Margaret A. Keane, Mark Watts, Matthew C. Kelly, Matthew F. Fitzsimmons, Matthew H. Meade, Paul H. Luehr, Paul M. Tiao, Peter M. Lefkowitz, Ryan Gibney, Shannon Coe, Susan M. Shook, Zoe Strickland
Recorded on: May. 30, 2017
PLI Program #: 180960

ALAN RAUL is the founder and leader of Sidley's highly ranked Privacy and Cybersecurity practice. He represents companies on federal, state and international privacy and cybersecurity issues, including digital governance, global data protection and compliance programs, data breaches, consumer protection issues and Internet law. Alan advises companies regarding their cybersecurity preparedness and helps them manage data security incidents. His practice involves litigation and counseling regarding consumer class actions and investigations, enforcement actions and policy development by the FTC, State Attorneys General, SEC, Department of Justice, financial regulators, EU Data Protection Authorities, and other government agencies.

He regularly represents leading tech, telecom, media, financial services and other companies with respect to their digital governance, compliance and crisis management. Alan has recently represented a special cybersecurity review committee of the Board of Directors of a major tech company in connection with its independent investigation of the company's handling of significant data breaches.

Alan provides clients with perspective gained from extensive government service. He previously served as Vice Chairman of the White House Privacy and Civil Liberties Oversight Board, General Counsel of the Office of Management and Budget, General Counsel of the U.S. Department of Agriculture, and Associate Counsel to the President.

Alan serves as a member of the Technology Litigation Advisory Committee of the U.S. Chamber Litigation Center (affiliated with the U.S. Chamber of Commerce). He also serves as a member of the American Bar Association's Cybersecurity Legal Task Force by appointment of the ABA President, and as a member of the Practicing Law lnstitute's (PLI) Privacy Law Advisors Group.

Alan is a member of the governing Board of Directors of the Future of Privacy Forum. He is a member of the Center for Democracy and Technology's Advisory Committee. Alan also serves on the Executive Committee of the Federalist Society's Administrative Law Practice Group. Alan is a frequent author and speaker on privacy, cybersecurity and related issues. He is overall editor arid a contributing author of The Privacy, Data Protection and Cybersecurity Law Review (Law Business Research Ltd, 5th ed. 2018).

Alan holds degrees from Harvard College (AB magna cum /aude),  Harvard Kennedy School of Government (MPA), and Yale Law School (JD).  He clerked for Judge Malcolm R. Wilkey of the U.S. Court of Appeals for the D.C. Circuit.


Christina Peters is Associate General Counsel for Corporate and Regulatory Initiatives at IBM, where she leads a team serving corporate functions including CIO, Procurement, and Corporate Social Responsibility.  In addition, she handles emerging regulatory issues, such as data ethics in the context of cognitive computing.  Previously, she served as Chief Privacy Officer at IBM, where she was responsible for information policy and practices affecting IBM employees and thousands of clients, as well as for public policy and industry initiatives on data protection and privacy.  She serves on the advisory board of the Future of Privacy Forum and on the Education Advisory Board of the International Association of Privacy Professionals (IAPP).

As a practicing attorney at IBM since 1996 (first in Germany, later in the US), Christina has handled a wide range of complex transactional, policy, compliance, litigation, and cybersecurity matters in the United States and internationally.  

Christina was educated at Dartmouth College (summa cum laude) and Harvard Law School (magna cum laude), where she was an Executive Editor of the Harvard Law Review. After a D.C. Circuit clerkship, Christina worked at a large Washington, D.C. law firm. Prior to joining IBM, she was a Robert Bosch Fellow in Germany, where she worked at the Federal Cartel Authority and Deutsche Telekom. She speaks German and French in addition to her native English. She is an IAPP Certified Information Privacy Professional, and has been admitted to the bars of New York, Pennsylvania (corporate counsel), Virginia and the District of Columbia.


Erin Creahan is the Director & Managing Counsel, Compliance at The J.M. Smucker Company, where she is responsible for a variety of aspects of the Company’s Ethics & Compliance Program.  She is based in Orrville, OH.

Ms. Creahan received her Juris Doctorate from the University of Pittsburgh, and her Bachelor of Arts degree from Allegheny College.  She holds memberships in the Bar of the Commonwealth of Pennsylvania and the Bar of the State of Ohio.


J. Andrew Heaton is a principal in Ernst & Young LLP and serves as Global Lead Counsel – Data Privacy and Security for the global EY organization.  In this role, he leads EY’s global data protection team, serves as global privacy officer for the organization, and advises EY on legal aspects of data protection and information technology worldwide.  Prior to assuming his global responsibilities in 2014, he served in a similar capacity with EY’s practice in the United States, and was also lead counsel for EY’s financial services practice.

Mr. Heaton graduated summa cum laude from Bradley University in Illinois.  He received his law degree with honors from the University of Chicago Law School.  He joined EY in 1994 and was named a principal in 2000.

Mr. Heaton is a Certified Information Privacy Manager, a Certified Information Privacy Professional/US, and a member of the bars of New York, the District of Columbia and Maryland.


JoAnn C. Stonier is EVP/Chief Data Officer for Mastercard.  In this role, she is responsible for enterprise-wide data strategy and management to ensure the organization maximizes the value of its information assets. Ms. Stonier and her team of global professionals identify the opportunities associated with Mastercard’s information assets and assist in the development of the tools, processes, policies and standards necessary to enable their use.

Previously, Ms. Stonier was EVP Chief Information Governance & Privacy Officer for the organization.  In that role she was responsible for worldwide privacy and information governance, leading those teams as well as leading regulatory engagement in this area.  Prior to joining Mastercard in 2008, Ms. Stonier was the Chief Privacy Officer for American Express Company.  She also held various roles of increasing responsibility at American Express, including Chief Operating Officer, American Express Tax & Business Services; Vice President, Acquisition Integration; and Vice President & Assistant to the Chairman.  Ms. Stonier has worked at Waldenbooks, Inc., PepsiCo and started her career as an auditor for PriceWaterhouse Coopers. 

In addition to her work at Mastercard, Ms. Stonier is an adjunct professor at Pratt Institute where she teaches business strategy and international business, in the Design Management Master’s program.

Ms. Stonier received her Juris Doctorate from St. John’s University in Queens, and her Bachelor of Science degree from St. Francis College.  She holds memberships in the Bar of the State of New York and the Bar of the State of New Jersey.  Ms. Stonier has been recognized as a leader in data and privacy by a number of organizations including the Aspen Institute, the United Nations, and the Information Governance Initiative and has served on the board of the International Association of Privacy Professionals, the Center for Information Policy Leadership and the Information Accountability Foundation. She is a well-regarded speaker at industry events and often addresses the need for balancing data innovation and privacy.  JoAnn is based in Purchase, NY.


Matthew Kelly is Vice President, Senior Corporate Counsel at ServiceNow.  During his tenure at ServiceNow, Matthew has been responsible for leading the commercial contracts team, supporting the Board of Directors, managing the company’s global equity program, 1934 Exchange Act reporting, and managing litigation and employment-related disputes.  Matthew currently serves as the company’s compliance officer and is principally responsible for leading a team in support of ServiceNow’s global compliance and risk management program, including the company’s global privacy compliance efforts. 

Prior to ServiceNow, Matthew was a sole practitioner advising clients on business formation and commercial transactions.  He started his career with Brown Eassa and McLeod LLP where his practice focused on defense litigation.

Matthew graduated cum laude from the University of Southern California and received his law degree from Santa Clara University.

Matthew is admitted to the State Bar of California and is a Certified Information Privacy Professional US/Europe.


Paul Luehr leads the firm's global privacy and data security practice. He has spent 25 years on the cutting edge of data privacy and cybersecurity. He pioneered many early internet investigations as a federal attorney with the Federal Trade Commission (FTC) and the U.S. Department of Justice (DOJ) between 1992 and 2004. He then spent 13 years in the private sector as an executive and consultant, providing advice on data privacy, cybersecurity and digital investigations to Fortune 500 companies. As data privacy and security concerns galvanized the public, Paul became one of the nation’s “go-to” professionals for clients, and he led investigations into 4 of the top 10 data breaches on record.

Paul has the legal and technical expertise to help organizations stay ahead of the curve. He has overseen forensic teams on data incidents affecting national retailers, financial institutions, hospitals and national health care companies, universities, hotel chains, defense contractors, and online providers. As a trusted thought leader on privacy, cybersecurity and the digital economy, Paul’s insights have been featured on CBS, NBC, CNBC and BBC television, and in The Wall Street Journal, The New York Times and USA Today. He also gives frequent presentations and guest lectures on privacy and data security issues throughout the United States.

Paul began his legal career at the FTC, where he served as a trial attorney and assistant director and became a foundational member of the agency’s internet team. He then joined DOJ as a federal cybercrime prosecutor, where he trained prosecutors and agents on cyber investigations and led cases related to computer intrusions, email threats, internet fraud and identity theft, phishing schemes, software piracy, and criminal trademark infringement. Immediately following September 11, 2001, Paul also oversaw the initial investigation into computer evidence related to the terrorist Zacarias Moussaoui. Meanwhile, he served on the U.S. Internet and Telemarketing Fraud Task Force, DOJ’s Computer Crimes (CTC) Working Group, the U.S.-Canada Cross-Border Fraud Working Group and the U.S. Anti-Spam Task Force.

Drawing on his in-depth regulatory expertise, Paul joined Stroz Friedberg as a consultant and over time served as general counsel, chief privacy officer, and executive managing director as the data risk management firm grew to global prominence with 14 offices and over 500 employees. He assisted boards, CEOs, CISOs, chief privacy and compliance officers, and counsel with many incident response and internal investigations, and presented technical findings to numerous state and federal agencies. He also logged years of experience mining digital evidence related to privacy and security assessments, high-stakes litigation, trade secret disputes, global FCPA investigations, eDiscovery issues, and online advertising.

Personal Interests

Paul stays active outside of work with many hobbies including running, participating in triathlons, singing a capella and reading mysteries.

Services & Industries

  • Privacy & Data Security
    • Data Breach Prevention & Remediation
    • Privacy Compliance & Counseling
    • Privacy & Data Breach Litigation
    • International Data Protection & Privacy
  • Education
  • Health Care
  • Financial Services
  • International
  • Labor & Employment
  • Regulatory
    • Investigations
  • Retail
  • Telecommunications & Information Technology

Education

UCLA School of Law
J.D., Faculty Committee, Student Body Secretary (1992)

Harvard University
B.A., magna cum laude (1986)

Bar Admissions

Minnesota

California (inactive)

District of Columbia (inactive)


Peter Lefkowitz is Chief Privacy & Digital Risk Officer at Citrix Systems.  Peter oversees legal and regulatory risk associated with data, products and systems, as well as policy engagement on digital issues.  Prior to joining Citrix, Peter worked at GE, where he served as Chief Privacy Officer (Corporate) and then as Senior Data Rights Management Counsel (Digital) and at Oracle, where he was Vice President of Privacy and Security Legal and Chief Privacy Officer.  Peter is Chairman of the Board of the International Association of Privacy Professionals and a member of the Boston Bar Association Council.  Peter holds a Bachelor of Arts in History, magna cum laude, from Yale College and a law degree from Harvard Law School.


Mark is an IT specialist with over 20 years experience.  He advises companies on IT legal issues such as software development, system deployment, outsourcing, E-Commerce and data protection.  Much of Mark's experience was gained in-house at IBM where he held various roles. 

Mark has advised on many high-profile private and public sector outsourcing transactions.  He advises companies deploying business critical IT platforms and applications, as well as advising on the creation of social networking websites, cloud computing, mobile apps and online trading websites.  Mark has particular expertise in data protection; he was Global Privacy Counsel at IBM for many years.  He advises many multinationals companies on general international data protection compliance issues, particularly on international data transfers matters, such as Binding Corporate Rules.

Mark has particular expertise in advising companies how to respond to data protection enforcement actions, including Monetary Penalty Notices.

Mark is on the correspondent panel of Computer Law & Security and is a member of the editorial board of Privacy & Data Protection. 

Credentials

  • BSc (Hons) Physics, University of Wales
  • D. Phil Semiconductor Physics, University of Oxford
  • Qualified 1995
  • Partner 2003
  • Joint Managing Partner 2010

Recommended for

  • Data Protectionand Information Technology (key individual) - Chambers and Partners (2017/2016/2015)
  • Outsourcing (key individual) - Chambers and Partners (2017/2016/2015)
  • Data Protection (leading Individual) - Legal 500 (2016/2015/2014)
  • IT and Telecoms (leading Individual) - Legal 500 (2016/2015/2014)
  • Media and Entertainment - Legal 500 (2015)
  • Information Technology: Data Protection - Best Lawyers UK (2015)
  • Telecommunications Media & Technology (most highly regarded individual) - Who's Who Legal (2016/2015)
  • Technology, Media and Communications - Super Lawyers UK (2014)


Named among The National Law Journal’s “100 Most Influential Lawyers,” Lisa Sotto chairs Hunton Andrews Kurth’s top-ranked Global Privacy and Cybersecurity practice and is the managing partner of the firm’s New York office.  She also serves on the firm’s Executive Committee.  Lisa has received widespread recognition for her work in the areas of privacy and cybersecurity.  She was voted the world’s leading privacy advisor in all surveys by Computerworld magazine and has received top rankings for privacy and data security by Chambers and Partners and The Legal 500.  Lisa serves as the Chairperson of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. 

Featured as “The Queen of Breach” in an article by New York Super Lawyers Magazine, Lisa provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness.  Since 2005, she has advised clients on more than 1,600 cybersecurity and data breach incidents in the U.S. and abroad, including many of the seminal events.  Lisa is the editor and lead author of the legal treatise entitled Privacy and Cybersecurity Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business. 

Lisa assists clients in identifying, evaluating and managing risks associated with privacy and data security practices.  She advises clients on GLB, HIPAA, COPPA, CAN-SPAM, FCRA, VPPA, security breach notification laws, and other U.S. state and federal privacy and data security requirements (including HR rules), and global data protection laws (including those in the EU, Asia and Latin America).  More recently, Lisa’s work includes assisting dozens of clients in developing strategies for complying with the California Consumer Privacy Act of 2018.

Lisa is chair of the New York Privacy Officers’ Forum and a former member of the Board of Directors of IAPP.  She received her J.D. from the University of Pennsylvania Law School, where she was an editor of the Law Review.  She received her B.A. from Cornell University, with Distinction in All Subjects.  Lisa is admitted to practice in New York.


 


Paul is a partner in Hunton & Williams LLP’s Washington office. He co-chairs the firm’s multi-disciplinary Cyber and Physical Security Task Force and its Energy Sector Security Team. He assists clients from a wide range of sectors with security, law enforcement, electronic surveillance and privacy issues. Paul regularly advises companies on risk management, preparedness, cyber incident response, compliance, litigation, policy and legislation.  

Prior to joining Hunton & Williams, Paul served as Special Counsel and then Senior Counselor for Cybersecurity and Technology to the Director of the Federal Bureau of Investigation. In that position, he advised the FBI Director on programmatic, policy and legal issues relating to cyber, counterintelligence and counter-terrorism. He also represented the FBI in senior-level discussions with other agencies, the White House, Congress and industry.

Paul previously served on the US Senate Judiciary Committee as Counsel to the Senate Assistant Majority Leader, where he wrote legislation and provided advice on criminal and national security issues. He is a former Assistant US Attorney in the District of Maryland. At the US Attorney's Office, Paul investigated and prosecuted cyber intrusions, intellectual property violations, white collar fraud, organized crime, drug trafficking, and violent crimes. He also served as the coordinator of computer hacking and intellectual property cases.

Paul began his career as a law clerk for the Honorable Mary Schroeder of the US Court of Appeals for the Ninth Circuit, and then served as a trial lawyer in the honors program of the Department of Justice Civil Rights Division. In between stints in the government, he was in private practice at a large law firm handling civil and criminal litigation matters involving complex technology.

Paul is an adjunct professor of cybersecurity law and policy at George Washington University, a guest lecturer on cybersecurity and privacy at various universities, and an instructor at the National Institute for Trial Advocacy. He is a member of the Virginia Cyber Security Commission, appointed by Governor Terry McAuliffe; a member of the Maryland Cybersecurity Council, appointed by Attorney General Brian Frosh; and Chair of the Montgomery County Criminal Justice Coordinating Commission, appointed by County Executive Ike Leggett.


Al Saikali is a Chambers-ranked lawyer specializing in privacy and data security law.  He represents companies in minimizing the risks associated with the collection, use, storage, and security of personal information.  In addition to chairing Shook, Hardy & Bacon’s Privacy and Data Security practice, he founded and chairs the Sedona Conference’s Working Group on Privacy and Data Security, and co-chairs the American Bar Association’s Cybersecurity Law Institute.  He has won the Lexology Client Choice award in technology law the last two years in a row and was named a “Trailblazer in Cybersecurity” by the National Law Journal in 2015.  In his spare time, Al is an Adjunct Professor at Saint Thomas University where he teaches Cybersecurity Law, and he maintains a blog (Data Security Law Journal) where he writes about emerging trends and issues in privacy and data security law.  Al has been quoted by the Wall Street Journal, Bloomberg BusinessWeek, and Law360 for his thoughts on privacy and data security legal trends. 


Keith Enright serves as Google’s Chief Privacy Officer and leads the global privacy legal team. He joined Google in March 2011.  He has nearly 20 years of experience in creating and implementing programs for privacy, data stewardship, and information risk management.

Prior to joining Google, Keith served as the senior-most privacy executive at two Fortune 500 online and offline retail enterprises, as senior consultant for a leading global consulting practice, and as General Counsel for a successful advertising technology company.

Keith served a 5-year term on the Board of Directors of the International Association of Privacy Professionals. He has been a guest speaker at Harvard Law School, Stanford Law School, and the Massachusetts Institute of Technology, and is frequently a featured speaker at industry events focusing on technology, privacy and data protection. He is a member of the Maryland Bar and holds the Certified Information Privacy Professional, U.S., and Government (CIPP/US, CIPP/G) certifications.


Matthew H. Meade is co-chair of the firm's Cybersecurity and Data Protection Group where he provides advice regarding data security breaches, information and records management and other areas regarding privacy. He helps clients identify business risks associated with the use and storage of sensitive information. Matt regularly advises clients on security breach notification laws and other U.S. state and federal data security requirements (including laws regarding disposal of records). Matt drafts agreements addressing issues related to data use, privacy and security. He also has prepared document retention and management policies and developed associated training programs.

Matt's recent representations include:

  • Advised numerous entities, including health care providers, manufacturers, retailers, schools, security alarm companies, financial services company, county governments and collection agency on information security breach notification procedures and development of post breach corrective action plans.
  • Coordinated response to multi-state security breaches and hacking with local and federal law enforcement, district attorney and United States Attorney.
  • Performed comprehensive review and subsequent revisions of all security policies for leading hospitality provider and then provided data security training to managers and executives on subjects covered in policies.
  • On behalf of a health care automation solutions provider, obtained dismissal of claims arising from the theft of an employee’s laptop computer containing protected health information, on grounds that court lacked subject matter jurisdiction because plaintiff failed to adequately allege injury-in-fact.
  • Assisted banking client with response to unauthorized customer wire transfer, including developing post-incident policy enhancements.
  • Coordinated internal investigation of health care data breach, subsequent patient notice, communication with the Department of Health & Human Services Office of Civil Rights (“OCR”) and development of corrective steps. OCR closed the case taking no further action and noting the voluntary compliance efforts of the entity.
  • Negotiated with states attorney general office’s on behalf of cloud storage company holding data of health care entity involved in multi-state investigation and multi-jurisdiction litigation.
  • Prepared and reviewed company policies including Written Information Security Programs, document management, social networking and incident response.
  • Conducted internal investigation of processes and procedures of professional sports league, including analysis of discipline by league of teams, coaches and players, and of document management policy.
  • Conducted an internal investigation of a large-scale data leak of personnel information at a Fortune 100 corporation; interviewing relevant employees and preparing a report and recommendations for the Executive Board.
  • Advised clients on proper security measures in connection with employee and customer personal information.

Prior to joining Buchanan, Matt was an associate with the New York office of an international law firm, where, in addition to privacy-related matters, he worked on white-collar internal investigations, federal litigation matters and federal criminal cases, including plea negotiations, participation in proffer sessions, bail proceedings, guilty pleas, pre-sentence reports and negotiations with the United States Attorney's Office.

Matt was selected for inclusion in The Best Lawyers in America® list in  2017 under the Privacy and Data Security Law category.

Matt serves on  the Steering Committee for the Sedona Conference Working Group 11 on  Data Security and Privacy Liability, which brings “together lawyers, judges, policy makers, security experts, technologists and business leaders to identify and develop principles and best practices that will constructively resolve issues surrounding data security and privacy liability.”  Matt speaks and writes regularly on data security and is a co-chair of the ABA’s Second Annual National Institute on Cybersecurity.
 


Zoe Strickland is the newly appointed VP, Global Privacy & US Commercial Compliance head for Cigna health and life insurance. She most recently served as the Managing Director, Global Chief Privacy Officer, for JPMorgan Chase, where she was responsible for domestic and global privacy compliance at the company enterprise level, including its privacy policies, procedures, governance, strategy, training, and administration. Previously, Zoe served as the VP, Chief Privacy Officer for UnitedHealth Group and for Walmart Stores Inc. 

Zoe is an active participant in the privacy community.  She serves on the Advisory Board of the Future of Privacy Forum and several other cross-industry organizations. She previously served on the Board of Directors for the International Association of Privacy Professionals (IAPP). Zoe is a frequent speaker at industry conferences and events, has testified before subcommittees of the House Energy and Commerce Committee, and has been quoted in national and trade media sources, including USA Today, the New York Times, and National Public Radio.


David Glockner is the Chief Compliance Officer for Citadel, a global hedge fund based in Chicago. From 2013-2017 he served as Regional Director of the SEC’s Chicago Regional Office, overseeing the SEC’s examination and enforcement work in nine Midwestern states. While at the SEC he also served as co-chair of the SEC’s Cybersecurity Working Group and was a leader in the SEC’s efforts to expand its use of data analytics in examination and enforcement work. Prior to joining the SEC, he was a managing director at a global digital risk management firm. He spent nearly 25 years as a prosecutor in the United States Attorney’s Office in Chicago, including 11 years as chief of the office’s criminal division, where he was involved in numerous high-profile matters involving public corruption, financial fraud, and national security. He is an adjunct professor at the University of Illinois College of Law, where he teaches a class on cybersecurity and the legal system.


Anita L. Allen is an expert on privacy law, the philosophy of privacy, bioethics, and contemporary values. She is a graduate of Harvard Law School and received her Ph.D. in Philosophy from the University of Michigan. At Penn she is the Vice Provost for Faculty and the Henry R. Silverman Professor of Law and Professor of Philosophy. She has been a visiting professor at Harvard, Yale, Princeton, Tel Aviv University (Israel) and Waseda University (Tokyo, Japan), among others.  In 2010 she was appointed to the Presidential Commission for the Study of Bioethical Issues. In 2016 she was elected to the National Academy of Medicine. Her books include Unpopular Privacy: What Must We Hide (Oxford, 2011); The New Ethics: A Guided Tour of the 21st Century Moral Landscape (Miramax/Hyperion, 2004); Why Privacy Isn’t Everything: Feminist Reflections on Personal Accountability (Rowman and Littlefield, 2003); and Uneasy Access: Privacy for Women in a Free Society (Rowman and Littlefield, 1988), the first monograph on privacy written by an American philosopher. Her textbooks include: Privacy Law and Society (Thomson/West, 2016, with Marc Rotenberg, President of the electronic Information Privacy Center.), a comprehensive textbook on the US law of privacy and data protection, with chapters on the common law, constitutional law, federal statutory law, surveillance law and international standards. Allen, who has published more than a hundred scholarly articles, book chapters and essays, has also contributed to popular magazines, newspapers and blogs, and has frequently appeared on nationally broadcast television and radio programs. Allen has been active as a member of editorial, advisory, and charity boards, and in professional organizations relating to her expertise in law, philosophy and health care. She is currently on the boards of EPIC, the WCG Foundation, and is a member of the IRB for the Precision Medicine Initiative.


Ben Rossen is a senior attorney in the FTC’s Division of Privacy and Identity Protection, where he represents the Commission in consumer protection matters concerning privacy, data security, and the Internet of Things.  Mr. Rossen also advises on a variety of educational and policy initiatives at the Commission, with a special focus on developing consumer and business guidance on ransomware.  Mr. Rossen regularly speaks about the Commission’s privacy and data security efforts at a wide variety of industry conferences and other events.   Previously, Mr. Rossen practiced at Patterson Belknap Webb & Tyler and at Cravath, Swaine & Moore. He clerked for the Hon. Carol Bagley Amon in the Eastern District of New York and is a graduate of Harvard Law School.


Margaret Keane is a Partner in the employment group at the international firm of DLA Piper LLP.  She is based in San Francisco and works with clients to address the challenges of today’s workplace, including workplace privacy, employee mobility issues, mobile devices, wage and hour compliance, and related workplace issues.  


Matthew Fitzsimmons is the Head of Cigna’s Privacy & Information Protection Compliance Office and Lead Privacy & Cybersecurity Counsel. At Cigna, Matt is responsible for leading the privacy and information protection compliance team, handling complex privacy and information protection issues and leading the enterprise’s incident response team, leading investigations, breach notification, and incident management activities. Matt also oversees the review and implementation of privacy related legislation, the conduct environmental scans to identify external privacy issues. 

Prior to joining Cigna, Matt was an Assistant Attorney General in Connecticut, heading that Office’s Privacy and Data Security Department. In that role, Matt served as the lead attorney in the AG’s Office on all matters involving data security and privacy, including co-leading the investigation and negotiating the largest ever multistate data breach settlement with a prominent retailer. Matt also served as co-lead counsel in the first-ever state enforcement action for alleged violations of HIPAA. Throughout his time in the AG’s Office, Matt litigated an array of complex matters in state and federal court.

Matt is a frequent guest speaker and panelist at industry and continuing legal education events on the topic of data privacy and security, and has contributed to panel discussions in the United States and Canada. Recently, he was named one of Law360’s “5 Influential Privacy Regulators That You Should Know,” as well as being named to Connecticut Magazine’s 2014 “Forty under 40” and Connecticut Law Tribune’s “New Leaders in the Law.”

Matt also served as Adjunct Professor at the University of Connecticut School of Law, where he taught oral advocacy and brief writing as part of the school’s Moot Court program.


Ryan Gibney is Vice President at the Northeast Series of Lockton Companies and leads the Northeast Cyber Technology Practice. Mr. Gibney has vast experience designing complex E&O/Cyber insurance programs inclusive of manuscript policy development and program implementation, which he developed while working as a Tech/Cyber underwriter at two leading insurance carriers, CNA and XL, and as the leader of the Cyber Technology Practice at Lockton DC. As a result of this experience, Ryan “thinks like an underwriter,” a mindset that serves his Lockton clients well as the technology and cyber market evolves in the face of new risks and challenges. Mr. Gibney is a frequent speaker at large industry events and participates as a key resource for Lockton globally in communication to our clients on cyber issues.


Shannon Coe is the Team Lead for Data Flows and Privacy at the Department of Commerce’s International Trade Administration (ITA), Office of Digital Services Industries.  In this capacity, she was a key member of the team negotiating the new EU-U.S. Privacy Shield Framework and is leading the team in implementing the Privacy Shield program.  She is also Chair of the APEC Electronic Commerce Steering Group and is working to implement the APEC Cross Border Privacy Rules System.  Prior to joining ITA, Shannon was a legal advisor in the Office of Chief Counsel for International Commerce of the Department of Commerce and worked on a variety of international trade issues, including e-commerce and data flows.


Susan M. Shook serves as the Global Privacy Officer at The Procter & Gamble Company.  She is also Director and Associate General Counsel leading the Global Privacy, Cybersecurity and IT Law team, a group of specialist attorneys operating across countries in North America, Europe, Asia, and Latin America within P&G’s Legal Division.  This team specializes in providing legal and strategic guidance on digital innovation and information technology at the Company. They also design and help deliver privacy and related cybersecurity compliance systems for use across the enterprise’s information and operations management systems.  Ms. Shook’s career at P&G spans 20 years, and she has worked in multiple legal rotations including IP law (trademarks, copyright, rights of publicity), advertising law, corporate and securities law, and antitrust law before specializing this past decade in digital, privacy, and cybersecurity legal issues. Her team works closely with almost all business units and functions within P&G, from Marketing to IT to HR.  She is a graduate of the Indiana University School of Law, summa cum laude.


Geff is an Associate General Counsel in the Regulatory Affairs group of Microsoft Corporation’s Legal and Corporate Affairs Department in Redmond, Washington. Since rejoining Microsoft in 2007, he has counseled Microsoft businesses on privacy and data protection issues, with a current focus on cross-border data flows, cloud privacy, and mobile privacy.   Geff has been responsible for providing privacy advice for several Microsoft products including Office and Windows. Most recently he has provided privacy and data protection advice to Microsoft’s enterprise cloud services, operating systems, and devices.