Skip to main content

Fundamentals of Privacy Law 2017


Speaker(s): Andy Roth, Cathlin Tully, Danny West, Debra Hampson, Elaine C. Zacharakis, Gary A. Kibel, Jane Levine, Jose Antonio Sesin, Joseph V. DeMarco, Josephine Cicchetti, Ken Mortensen, Kristen K. Hall, Matthew F. Fitzsimmons, Peter F. McLaughlin, Rick Buck, Stephen Y. Chow, Tanya Madison, Todd Ruback, Urvashi Sen
Recorded on: Dec. 20, 2017
PLI Program #: 215525

Joseph V. DeMarco is a partner at DeVore & DeMarco LLP where he specializes in counseling clients on complex issues involving information privacy and security, theft of intellectual property, computer intrusions, on-line fraud, and the lawful use of new technology. His years of experience in private practice and in government handling the most difficult cybercrime investigations handled by the United States Attorney’s Office have made him one of the nation’s leading experts on Internet crime and the law relating to emerging technologies.

From 1997 to 2007, Mr. DeMarco served an Assistant United States Attorney for the Southern District of New York, where he founded and headed the Computer Hacking and Intellectual Property Program, a group of five prosecutors dedicated to investigating and prosecuting violations of federal cybercrime laws and intellectual property offenses. Under his leadership, cybercrime prosecutions grew from a trickle in 1997 to a top priority of the United States Attorney’s Office, encompassing all forms of criminal activity affecting e-commerce and critical infrastructures including computer hacking crimes; transmission of Internet worms and viruses; electronic theft of trade secrets; illegal use of “spyware”; web-based frauds; unlawful Internet gambling; and criminal copyright and trademark infringement offenses. As a recognized expert in the field, Mr. DeMarco was frequently asked to counsel prosecutors and law enforcement agents regarding novel investigative and surveillance techniques and methodologies, and regularly provided advice to the United States Attorney concerning the Office’s most sensitive computer-related investigations. In 2001, Mr. DeMarco also served as a visiting Trial Attorney at the Department of Justice Computer Crimes and Intellectual Property Section in Washington, D.C., where he focused on Internet privacy, gaming, and theft of intellectual property.

Mr DeMarco is on the panel of approved neutrals of the American Arbitration Association (AAA) where he focuses on resolving disputes between businesses involving data privacy, high-technology and commercial law issues.  He speaks frequently on the benefits of ADR in the area of data security and privacy litigation.

Since 2002, Mr. DeMarco has served as an Adjunct Professor at Columbia Law School, where he teaches the upper-class Internet and Computer Crimes seminar. He has spoken throughout the world on cybercrime, e-commerce, and IP enforcement. He has lectured on the subject of cybercrime at Harvard Law School, the Practicing Law Institute, the National Advocacy Center, and at the FBI Academy in Quantico, Virginia, and has served as an instructor on cybercrime to judges attending the New York State Judicial Institute.

Prior to joining the United States Attorney’s Office, Mr. DeMarco was a litigation associate at Cravath, Swaine & Moore in New York City, where he concentrated on intellectual property, antitrust, and securities law issues for various high-technology clients. Prior to that, Mr. DeMarco served as law clerk to the Honorable J. Daniel Mahoney, United States Circuit Judge for the Second Circuit Court of Appeals.

Mr. DeMarco holds a J.D. magna cum laude from New York University School of Law. At NYU he was a member of the NYU Law Review. He received his B.S.F.S. summa cum laude from the Edmund A. Walsh School of Foreign Service at Georgetown University.  Mr. DeMarco is active in numerous professional associations including the:

  • International Bar Association (Technology and Litigation Sections);
  • International Association of Korean Lawyers (Regional Governor, New York Region);
  • New York State Bar Association, ADR Section;
  • New York State Bar Association, Commercial and Federal Litigation Section (Co-chair, Internet and IP Committee, 2009-present);
  • Connecticut Bar Association;
  • Fairfield County (CT) Bar Association;
  • New Haven County (CT) Bar Association;
  • New York City Bar Association (Co-Chair, Information Technology Law Committee; Past
  • Member, Copyright Committee); and
  • The Copyright Society of the U.S.A.

Mr. DeMarco is a Martindale-Hubbell AV-rated lawyer for Computers and Software, Litigation and Internet Law, and is also listed in Chambers USA: America’s Leading Lawyers for Business guide as a leading lawyer nationwide in Privacy and Data Security. He has also been named as a “SuperLawyer” for his expertise and work in the area of Intellectual Property Litigation. He has published numerous articles and appeared on major news programs in his practice areas; is a member of the Professional Editorial Board of the prestigious Computer Law and Security Review (Elsevier); and serves on the Board of Advisors of the Center for Law and Information Policy at Fordham University School of Law.

Mr. DeMarco has received numerous professional awards, including the U.S. Department of Justice Director’s Award for Superior Performance, as well as the Lawyer of Integrity Award from the Institute for Jewish Humanities. In his spare time he enjoys parenting, golf, and listening to classical piano.


Urvashi Sen is a CIPP/US certified attorney with over 13 years of experience in the legal industry, currently specializing in Data Privacy Law and Compliance.  As a Data Privacy attorney, Urvashi has counseled clients on all aspects of business privacy matters, including providing them with compliance and risk advice on legislative and regulatory requirements and developments, developing policies and procedures for implementation, conducting investigations and engaging in notification and remediation efforts for data breaches, and drafting and negotiating contractual agreements.  She is currently the acting Chief Privacy Officer and Privacy Officer for the Americas for HCL Technologies Ltd., a large global IT services company with over 120,000 employees, operating in over 35 countries.  As the CPO, Urvashi is responsible for the creation and implementation of HCL’s global privacy program across the EU, APAC and Americas regions.  Prior to joining HCL, Urvashi was Counsel at the law offices of DeVore & DeMarco, and a litigation associate at Dewey & LeBoeuf LLP.  Urvashi has a J.D. from Columbia University School of Law and a B.A. in English from Yale University.

 


Elaine Zacharakis specializes in technology and privacy law, managed care, corporate health care transactions and health care regulatory matters. Over the course of her career, Ms. Zacharakis has represented the full spectrum of health care entities, including hospitals, pharmaceutical and medical device companies, health technology vendors, health insurance companies, managed care organizations, physicians, home health organizations, ambulatory surgery centers, pharmacy benefit managers and disease management organizations.

Some of Ms. Zacharakis’ representations include:

  • Representation of numerous healthcare entities in:
  • Negotiating their health portal and health care exchange agreements and information technology agreements.
  • Digital/internet matters and information technology matters.
  • IT department personnel and security officers on a variety of technology contracting matters.
  • Represented a Fortune 500 health care company on privacy compliance matters.

  • Represented a Fortune 500 pharmaceutical and medical device company in the establishment of their HIPAA compliance program.

  • Served as privacy counsel to establish policies and procedures, data use agreements and HIPAA business associate agreement templates for a business associate.

  • Represented a pharmaceutical and medical device company in the draft of their fraud and abuse policies.

Prior to joining Garfunkel Wild, Ms. Zacharakis maintained her own health, technology and privacy law firm, served as in house counsel with Baxter Healthcare Corporation and consulted and programmed management information systems with Accenture.

Ms. Zacharakis is the current chair of the ABA Health Law Section’s eHealth, Privacy & Security Interest Group and member of the legal task force at Healthcare Information and Management Systems Society (HIMSS). From 2004 to 2016, Elaine was an adjunct professor at the Beazley Institute for Health Law at Loyola Law School and the Center for Information Technology and Privacy Law at the John Marshall Law School. She is a prolific writer and speaker.

Ms. Zacharakis graduated from Columbia University’s School of Engineering & Applied Science in 1988 and Notre Dame Law School in 1994.


After several years in-house, I now counsel clients with respect to a broad range of technology transactions, privacy and security issues. These predominantly touch:

  1. Technology licensing and services, especially with health applications and mobile solutions;
  2. Innovative uses of information and technology, particularly digital health and life sciences, wearables, and big data analytics;
  3. The international movement of personal data, especially with respect to the EU, GDPR preparedness, and Privacy Shield compliance; and
  4. Information security programs, security reviews, and post-incident responses with management of forensic teams.

These scenarios range from privacy compliance assessments and product development to venture/M&A deals and extensive commercial and technology transactions.

I have presented at: RSA Conference; mHIMSS; IAPP; HIPAA Summit; PLI; World IP Forum; and other organizations.


Deb Hampson is Cigna's Chief Privacy Officer, Chief Ethics Officer and Managing Counsel. In these roles, Deb is responsible for Cigna's domestic privacy program and ethics program. In addition, she is Cigna's lead cybersecurity counsel.

Prior to joining Cigna four years ago, Deb spent 28 years at The Hartford where she held several business and legal roles before retiring in 2013. While in The Hartford’s legal department Deb assumed roles with increasing responsibility and supported various business areas and legal issues including: group benefits, corporate owned life insurance, reinsurance and anti-trust. At one point in her career, Deb was the Chief Compliance Officer of The Hartford’s Life Company. Deb’s final role at The Hartford was the head of its Privacy Office where she implemented The Harford’s privacy program.

Deb is a frequent guest speaker and panelist at industry and continuing legal education events on the topic of data privacy and security. She is also a 200 hour registered yoga teacher and a level one certified medicinal aroma therapist. Deb received both her BA and JD from the University of Connecticut, but since her youngest daughter began attending The University of Alabama it is no longer Go Huskies, but rather it is Roll Tide.


Andy Roth specializes in cutting edge technology and the complex legal and operational issues they raise. A former chief privacy officer at American Express, his unique background in law and technology helps him design client-focused strategies for accelerating new products and services to market.

Andy regularly advises clients on a range of issues, including:

  • Data breach, crisis management and business • continuity planning
  • Privacy notices, online privacy statements and privacy choices
  • Data lifecycle management and data leakage prevention
  • Compliance and operational risk management
  • Privacy and security contractual requirements
  • Privacy and security policies and training
  • E-Commerce and online transactions
  • Privacy audits and risk assessments
  • Privacy and security litigation
  • Cross-border data transfers
  • Secure data architecture
Andy also has extensive experience dealing with regulators at all levels, including the Federal Reserve Bank and the Federal Trade Commission in the United States as well as European and Asian data protection authorities abroad.

He is a prominent thought leader on digital payments, virtual currencies and cybersecurity, providing insight into the unique regulatory challenges surrounding next generation financial services.

Andy maintains close relationships with thought leaders in Silicon Valley, Washington, DC, and around the world, and he has gained a reputation as both a privacy advocate and a technology evangelist.

Before joining Cooley, he was the co-chair of Dentons' global Privacy and Cybersecurity group.

Prior to Dentons, Andy was the chief privacy officer at American Express. Under his leadership, American Express was ranked "The #1 Most Trusted Company for Privacy" four years in a row by the Ponemon Institute, while launching bold new digital partnerships and initiatives. During his tenure, he was responsible for ensuring the privacy of more than 100 million customers and 60,000 employees worldwide. Andy built a progressive global program based on the principles of Privacy by Design, where
policies, capabilities and stakeholders were fully integrated within the risk management framework of the bank.

Selected Publications
  • Hot Topics for Global Financial Institutions: Global Privacy and Cyber-• Security (June 2015)
  • Critical Employment Issues Facing Multi-National Employers (December 2014)
  • Dailydooh Media Conference (October 2014)
  • DC Office CLE Data Breach and Crisis Management (October 2014)
  • Bitcoin CLE with Marco Santori NYSBA (October 2014)
  • 2014 Media Law Conference, Privacy Breakout Sessions (September 2014)
Speaking Engagements
  • Speaker, "Blockchain: Bitcoin and Beyond," Cooley Fintech Workshop, September 2016
Education
University of Michigan
BA

Fordham University School of Law
JD

Bar Admissions
New York

Memberships
The Center on Law and Information Policy - Advisory Board member
The Responsible Information Management Council - Former Advisory Board member
The Centre for Information Policy Leadership - Former Advisory Board member
The Future of Privacy Forum - Former Advisory Board member


Cathlin Tully is a staff attorney in the FTC’s Division of Privacy and Identity Protection, where she investigates companies’ privacy and data security practices. Previously, Ms. Tully worked in the FTC’s Mergers III Division of the Bureau of Competition.


Danny West serves as counsel for Two Sigma Investments, LP, a quantitative hedge fund in New York, where he advises on how to appropriately leverage big data and technology in the financial markets while minimizing the associated risk profile. Prior to working at Two Sigma, he worked at American International Group, Inc. (AIG) as assistant general counsel. In this role, he represented AIG’s big data and science team and was a member of AIG’s Digital Business Services and E-Commerce Legal Group, providing counsel to corporate communications, HR, finance, and various other internal business units regarding compliance with domestic and international privacy laws, as well as intellectual property and cybersecurity regulations.


Gary A. Kibel is a partner in the Digital Media, Technology & Privacy Practice Group of Davis & Gilbert. Mr. Kibel regularly counsels clients with respect to new media/advertising law; privacy and data security; and information technology matters. He advises interactive companies, advertising agencies, media providers and other commercial entities regarding transactions for interactive advertising, behavioral advertising, social media, programmatic media buying, mobile marketing, affiliate marketing, data collection and usage, and other emerging products and services. Mr. Kibel also serves as General Counsel to the Performance Marketing Association.

Mr. Kibel is a Certified Information Privacy Professional (CIPP) and advises clients in many industries regarding privacy and data security issues, including, internal information security policies, contractual obligations and requirements, security breaches and incident responses, audits, cross-border data transfers and other matters in connection with an organization’s collection, storage and use of data in all aspects of its business. He is a former co-chair of the International Association of Privacy Professionals’ (IAPP) New York City KnowledgeNet group. Mr. Kibel has been identified as a “Recognised Practitioner” in the Privacy & Data Security – Nationwide category by Chambers USA: America’s Leading Lawyers for Business (2015-2017). In addition, Mr. Kibel has been recognized by The Legal 500 United States in the area of privacy and data protection for six consecutive years (2012-2017).


Jane A. Levine is EVP, Chief Global Compliance Counsel and Head of Government and Regulatory Affairs for Sotheby’s. Prior to joining Sotheby’s in 2006, Ms. Levine was an Assistant United States Attorney for the Southern District of New York, where she prosecuted criminal and civil matters involving money laundering, theft, fraud and forgery in the art and antiquities market. She teaches Art and Cultural Heritage Law at Columbia Law School and has written and lectured on art law subjects, including international trafficking in stolen art and artifacts. Ms. Levine is also a frequent speaker on compliance topics including information security and anti-money laundering. In 2011, President Obama named Ms. Levine to be a member of the Cultural Property Advisory Committee. Ms. Levine also serves on the Board of Trustees for YAI, a non-profit organization which serves people of all ages with developmental, learning and physical disabilities or delays throughout the greater New York metropolitan area. Ms. Levine received a B.A. from Brown University and her J.D. from New York University School of Law.


Jose Antonio Sesin is senior counsel at Agero, Inc. where he practices in the areas of corporate law, privacy, data security and compliance. He also leads Agero’s Security, Standards and Compliance team. Previously, he worked at Iron Mountain and Brodeur Worldwide. Mr. Sesin is a graduate of Northeastern University School of Law and the University of Massachusetts at Amherst. He is admitted to practice in New York and Massachusetts.


Josephine Cicchetti’s practice is centered on the Life Insurance Industry, with an emphasis on emerging securities and regulatory issues, as well as privacy, e-commerce and cybersecurity counseling. She is the Co-chair of her firm’s Privacy and Cybersecurity Task Force, and the Executive Editor of EXPECT FOCUS, a quarterly review of developments in the insurance and financial services industry published by Carlton Fields. She can be reached at jcicchetti@carltonfields.com.


Ken Mortensen, Esq., is the InterSystems’ Data Protection Officer promoting and leading Global Trust and Privacy for the company. He is based in their Cambridge headquarters and has global responsibility across the company to enhance information privacy, governance, and cyber risk processes not only in the development and deployment of InterSystems technology, but also in the management of operations and services. Ken focuses on enhancing global trust and privacy throughout InterSystems demonstrating to customers, clients, and stakeholders our commitment to investing and growing the capabilities of InterSystems in order to stay in front of emerging risks for privacy and cybersecurity.

Prior to joining InterSystems, Ken was a Senior Managing Director over at PwC specializing in data protection, privacy, and cybersecurity and led the expansion of PwC’s healthcare privacy offerings. Before that, Ken was the Vice President, Assistant General Counsel & Chief Privacy Officer at CVS Health, where he created the Information Governance Department and was responsible for overseeing enterprise information governance to deliver privacy compliance as well as leading the information security risk management organization to address cyber risks. While at CVS, he oversaw compliance with CVS’s FTC Consent Decree, OCR Corrective Action plan, and PCI program, including securing the first-ever closure letter from OCR. He was also the first Chief Privacy Officer for Boston Scientific responsible for implementing a global privacy and security program and introducing a governance emphasis for risk. 

Prior to that, Ken served in the Administration of President George W. Bush as the Associate Deputy Attorney General for the U.S. Department of Justice, where he was the primary counsel and policy advisor to the Attorney General and Deputy Attorney General on privacy and civil liberties matters. While at Justice, he led the U.S. delegation to negotiate privacy and cybersecurity terms with the European Union as well as oversaw the privacy and civil liberties processes for numerous national security and foreign intelligence programs, including work with the National Security Council related to FISA and EO 12333. Prior to going to Justice, Ken served at the U.S. Dep’t of Homeland Security as part of the team that stood up the Privacy Office at the beginning of the agency eventually as Deputy Chief Privacy Officer.

Before his government service, Ken was a partner in his own law firm as one of the early practitioners of privacy and security law, during which he served as Special Counsel to the Pennsylvania Attorney General. He taught computer law and information policy at Villanova Law School and was an electrical engineer at Burroughs in Large System Design focusing on information assurance and system test.

Ken is a former member of the board of directors for the International Association of Privacy Professionals (IAPP), including serving as Secretary for one year. He currently serves on the IAPP Research Advisory Board and the board of Shared Assessments, an organization focused on addressing third party information risks. Previously, Ken served on the board of the Health Information Trust Alliance (HITRUST) and participated in the development of the privacy control category of the HITRUST CSF. 

Ken currently teaches privacy law at Boston University Law School and cybersecurity law at the University of Maine School of Law. Ken is co-author with Andy Serwin of the West Publishing book, Healthcare Security and Privacy Law, and has authored chapters and sections for other privacy, cybersecurity, and governance risk books and publications. He is an internationally recognized expert on these topics and speaks globally on privacy, cybersecurity, and the governance of information.

Ken is admitted to the bars of Pennsylvania and New Jersey as well as the Supreme Court of the United States. He received his Juris Doctorate from Villanova University School of Law, his MBA from the Villanova University College of Finance, and his Bachelor’s of Science in Engineering degree in Electrical and Computer Engineering from Drexel University. He has a Certificate in Foreign Intelligence Law from the Judge Advocate General's School of Law. He has CIPP/US, CIPP/G, and CIPM certifications from IAPP.


Kristen (Kris) Hall is currently Vice President, Head of Privacy, at Shire, a multi-national pharmaceutical company, where she is responsible for developing, driving and maturing Shire’s Global Privacy Program.  

Prior to joining Shire, Kris spent a decade at Philips, where she built and grew the Privacy Program in both the Healthcare Sector, Globally and the U.S. regional organization. Kris has served as Chair of the Medical Device Privacy Consortium (2013), and also served as Chair of the COCIR Data Protection Task Force (European Trade Association representing the medical imaging, radiotherapy, health ICT and electro-medical industries) for over two years (2012-2015).  

Kris earned her JD from Florida State University College of Law and is a Certified Information Privacy Professional.


Matthew Fitzsimmons is the Head of Cigna’s Privacy & Information Protection Compliance Office and Lead Privacy & Cybersecurity Counsel. At Cigna, Matt is responsible for leading the privacy and information protection compliance team, handling complex privacy and information protection issues and leading the enterprise’s incident response team, leading investigations, breach notification, and incident management activities. Matt also oversees the review and implementation of privacy related legislation, the conduct environmental scans to identify external privacy issues. 

Prior to joining Cigna, Matt was an Assistant Attorney General in Connecticut, heading that Office’s Privacy and Data Security Department. In that role, Matt served as the lead attorney in the AG’s Office on all matters involving data security and privacy, including co-leading the investigation and negotiating the largest ever multistate data breach settlement with a prominent retailer. Matt also served as co-lead counsel in the first-ever state enforcement action for alleged violations of HIPAA. Throughout his time in the AG’s Office, Matt litigated an array of complex matters in state and federal court.

Matt is a frequent guest speaker and panelist at industry and continuing legal education events on the topic of data privacy and security, and has contributed to panel discussions in the United States and Canada. Recently, he was named one of Law360’s “5 Influential Privacy Regulators That You Should Know,” as well as being named to Connecticut Magazine’s 2014 “Forty under 40” and Connecticut Law Tribune’s “New Leaders in the Law.”

Matt also served as Adjunct Professor at the University of Connecticut School of Law, where he taught oral advocacy and brief writing as part of the school’s Moot Court program.


Rick Buck is the Senior Vice President, Privacy of Zeta Global a data-driven marketing technology company that helps brands acquire, retain and grow customer relationships through actionable data, advanced analytics and machine learning. Rick works with clients and privacy organizations to promote best practices in responsible digital marketing. He is an established global privacy compliance expert with in-depth knowledge of privacy laws and an extensive understanding of Omni-channel marketing including: OBA, mobile marketing, SMS, email and attribution. Prior to joining Zeta, Rick held positions as Head of Privacy at eBay responsible for eBay Enterprise and StubHub US, and Vice President of Privacy at GSI Commerce/e-Dialog. He is a regular speaker at industry events, currently sits on the DMA’s Ethics Operating Committee, a board member of the Email Sender & Provider Coalition, and actively involved in the International Association of Privacy Professionals, Messaging Malware and Mobile Anti-Abuse Working Group, and other related organizations focused on betterment of the digital marketing.


Stephen Y. Chow is a partner of the Boston law firm, Burns & Levinson LLP, practicing in its business, business litigation and intellectual property departments. Mr. Chow graduated from Harvard University with an A.B. in Physics and Philosophy cum laude and an S.M. in Applied Physics and from Columbia University with a J.D. as a Stone Scholar. He is admitted to practice and practices in Massachusetts, New York and the U.S. Patent and Trademark Office.

With a command of the full spectrum of proprietary, including privacy, rights in information and trade in contexts involving competition and entity governance law, for nearly forty years, Mr. Chow has counseled and litigated for technology enterprises from start-up to multi-national in expanding their businesses and resolving their disputes. He has developed wining technological, business and political solutions in situations ranging from the early international battles over cellular telephony to work-outs of stressed technology start-ups to the current administrative review of patents. 

Mr. Chow served twenty years ago on the influential drafting committees of the National Conference of Commissioners on Uniform State Laws on the proposed UCC Article 2B (Licenses) and the nearly universally adopted Uniform Electronic Transactions Act and remains active in developing legislation involving the convergence of commercial and intellectual property law. Among his recent projects are the Uniform Fiduciary Access to Digital Assets, the Uniform Employee and Student Online Protection Act, Civil Remedies for Unauthorized Disclosure of Intimate Images and Tort Law Related to Drones. He serves on the Conference’s Technology [Legislation Editorial] Committee, its current Study Committee on Identity Management in Electronic Commerce, as well as its Standby Committee on U.N. Convention on E-Commerce. He was a member of the U.S. delegation to the U.N. Commission on International Trade Law (UNCITRAL) Working Group VI (Secured Transactions – Intellectual Property Supplement), is currently a member of the American Bar Association’s Cybersecurity Task Force and co-chairs its Intellectual Property Law Section’s Committee on Trade Secrets.

Mr. Chow is an elected and active member of the American Law Institute, consulting on the “principles” projects on data privacy, international intellectual property law and software licensing and the “restatement” projects on conflict of laws, consumer contracts, copyright, employment, and international commercial arbitration law. He wrote the Matthew Bender/LexisNexis is legal treatise, E-Commerce and Communications and has revised and updated its treatises, International Computer Law and Law of the Internet. Mr. Chow taught from 1995-2013 the Suffolk Law School courses, “Litigating Technology Disputes” and “Counseling Technology-Leading Emerging Enterprises” and currently  teaches the Boston University School of Law course, “Intellectual Property Rights and Commerce in the Global ‘Cloud’.”


Tanya Madison joined TD Bank, NA in October 2016 as its first ever Chief Privacy and Cybersecurity Counsel. With over 17 years of in-house counsel experience, Tanya's practice focuses on the lawful collection, use and sharing of personally identifiable information of clients and employees with special focus on financial services and FINTECH companies. Tanya and her colleagues focus on developing a principled and holistic approach to privacy legal analysis and engagement worldwide.

Prior to her current role, Tanya was Vice President and Chief Privacy Counsel for American Express starting in June 2014. While there, Tanya spearheaded legal analysis around issues related to TCPA, HIPAA, GLBA, CAN-SPAM, RFPA and CASL and worked closely with the teams analyzing issues around big data, ethical data usage, new product development and third party data sharing. 

Prior to joining American Express, Tanya spent 18 months at eBay inc. as the Privacy Leader and Privacy Counsel for its PayPal subsidiary. There she worked closely with the product development teams on issues related to emerging technologies, mobile commerce, geolocation, ecommerce, biometrics, data aggregation and anonymization and cross-border data transfer. She also aligned with internal partners, regulators, other key stakeholders to expand and manage PayPal's privacy program in more than 193 markets worldwide. In addition she worked on privacy issues around acquisitions and investments, notably on PayPal's acquisitions of Braintree and Venmo.

Before joining eBay, Tanya was with First Data Corporation for 13 years, most recently as Vice President and Senior Counsel for Privacy, Regulatory Compliance and Technology. While at First Data, Tanya led the program to develop the company's Binding Corporate Rules and shepherded them through the approval process working closely with the U.K. ICO. She advised on cross-border data issues for North America, the European Union and Asian-Pacific regions for First Data locations in more than 50 countries. In addition, she established the company's GLBA Safeguards Program and Privacy Task Force.

Tanya holds CIPP/US and CIPT certifications from the International Association of Privacy Professionals. She received her J.D. from the University of Idaho College of Law and earned her undergraduate degrees from the University of Idaho in Journalism and Communications. She is a frequent speaker on privacy issues, most recently at events for the IAPP, the Rocky Mt. Intellectual Property & Technology Institute and the U.S. Chamber of Commerce Institute for Legal Reform.


Todd Ruback is the Chief Privacy Officer & VP of Legal Affairs at Evidon, Inc. where his responsibilities include overseeing the company’s privacy practices, engaging with the privacy community, and managing the legal department. He holds privacy certifications as a CIPP-US/E and CIPT through the International Association of Privacy Professionals. Prior to Evidon, he was head of the privacy and technology practice at the law firm of DiFrancesco, Bateman, Coley in Warren, New Jersey and was also President of the Privacy Special Section of the New Jersey State Bar Association. Todd attended the University of Denver where he received both his BA and his JD.