Ken Mortensen, Esq., is the InterSystems’ Data Protection Officer promoting and leading Global Trust and Privacy for the company. He is based in their Cambridge headquarters and has global responsibility across the company to enhance information privacy, governance, and cyber risk processes not only in the development and deployment of InterSystems technology, but also in the management of operations and services. Ken focuses on enhancing global trust and privacy throughout InterSystems demonstrating to customers, clients, and stakeholders our commitment to investing and growing the capabilities of InterSystems in order to stay in front of emerging risks for privacy and cybersecurity.
Prior to joining InterSystems, Ken was a Senior Managing Director over at PwC specializing in data protection, privacy, and cybersecurity and led the expansion of PwC’s healthcare privacy offerings. Before that, Ken was the Vice President, Assistant General Counsel & Chief Privacy Officer at CVS Health, where he created the Information Governance Department and was responsible for overseeing enterprise information governance to deliver privacy compliance as well as leading the information security risk management organization to address cyber risks. While at CVS, he oversaw compliance with CVS’s FTC Consent Decree, OCR Corrective Action plan, and PCI program, including securing the first-ever closure letter from OCR. He was also the first Chief Privacy Officer for Boston Scientific responsible for implementing a global privacy and security program and introducing a governance emphasis for risk.
Prior to that, Ken served in the Administration of President George W. Bush as the Associate Deputy Attorney General for the U.S. Department of Justice, where he was the primary counsel and policy advisor to the Attorney General and Deputy Attorney General on privacy and civil liberties matters. While at Justice, he led the U.S. delegation to negotiate privacy and cybersecurity terms with the European Union as well as oversaw the privacy and civil liberties processes for numerous national security and foreign intelligence programs, including work with the National Security Council related to FISA and EO 12333. Prior to going to Justice, Ken served at the U.S. Dep’t of Homeland Security as part of the team that stood up the Privacy Office at the beginning of the agency eventually as Deputy Chief Privacy Officer.
Before his government service, Ken was a partner in his own law firm as one of the early practitioners of privacy and security law, during which he served as Special Counsel to the Pennsylvania Attorney General. He taught computer law and information policy at Villanova Law School and was an electrical engineer at Burroughs in Large System Design focusing on information assurance and system test.
Ken is a former member of the board of directors for the International Association of Privacy Professionals (IAPP), including serving as Secretary for one year. He currently serves on the IAPP Research Advisory Board and the board of Shared Assessments, an organization focused on addressing third party information risks. Previously, Ken served on the board of the Health Information Trust Alliance (HITRUST) and participated in the development of the privacy control category of the HITRUST CSF.
Ken currently teaches privacy law at Boston University Law School and cybersecurity law at the University of Maine School of Law. Ken is co-author with Andy Serwin of the West Publishing book, Healthcare Security and Privacy Law, and has authored chapters and sections for other privacy, cybersecurity, and governance risk books and publications. He is an internationally recognized expert on these topics and speaks globally on privacy, cybersecurity, and the governance of information.
Ken is admitted to the bars of Pennsylvania and New Jersey as well as the Supreme Court of the United States. He received his Juris Doctorate from Villanova University School of Law, his MBA from the Villanova University College of Finance, and his Bachelor’s of Science in Engineering degree in Electrical and Computer Engineering from Drexel University. He has a Certificate in Foreign Intelligence Law from the Judge Advocate General's School of Law. He has CIPP/US, CIPP/G, and CIPM certifications from IAPP.