Skip to main content

GDPR Boot Camp 2018

Speaker(s): Alison Howard, Benjamin Hayes, Brian L. Hengesbaugh, Christina Maria Schwaiger, Harry A. Valetk, Jeanne M. Sheahan, Jonathan D. Avila, Kara Sutton, Scott Hodes
Recorded on: Oct. 11, 2018
PLI Program #: 219245

Alison Howard is an assistant general counsel at Microsoft Corporation in Redmond, Washington.  She supports Microsoft’s efforts around the EU’s General Data Protection Regulation.  She also provides privacy advice for Microsoft’s identity and security services as well as enterprise and developer products and online services.  Previously she was the privacy attorney for such Microsoft consumer products and services as Xbox, Xbox Live, Kinect and OneDrive. 

Before joining Microsoft in 2005, she was an associate at Davis Wright Tremaine LLP in Seattle.  She was a journalist at newspapers in California and Idaho before becoming a lawyer. 

She received her J.D. from Boalt Hall School of Law at the University of California-Berkeley, her M.A. in international journalism from the University of Southern California and her B.A. in journalism from the University of North Carolina-Chapel Hill.  She has CIPP/E and CIPP/US certifications.

Brian Hengesbaugh is Chair of the Firm's Global Data Privacy and Security Business Unit, a Member of the Firm's Global IP Tech Steering Committee. Brian is listed in The Legal 500 Hall of Fame and was recognized as a Regulatory & Compliance Trailblazer by the National Law Journal. He is also listed as a Leading Lawyer for Cyber law (including data protection and privacy) in The Legal 500 and is listed in Chambers. Formerly Special Counsel to the General Counsel of the US Department of Commerce, Brian played a key role in the development and implementation of the US Government’s domestic and international policy in the area of privacy and electronic commerce. In particular, he served on the core team that negotiated the US-EU Safe Harbor Privacy Arrangement (Safe Harbor), and earned a Medal Award from the US Department of Commerce for this service. In addition, Brian participated on behalf of the United States in the development of a draft Council of Europe Treaty on Cyber Crime, and in the negotiation of a draft Hague Convention on Jurisdiction and the Recognition of Foreign Judgments. Brian has been quoted in the Wall Street Journal, New York Times, Forbes, CNET, Slate Magazine, Compliance Weekly, BNA Bloomberg, PCWorld and other news publications on global privacy and security issues.

Practice Focus

Brian provides advice on global data privacy, data protection, cybersecurity, digital media, direct marketing information management, and other legal and regulatory issues. He focuses on these issues in the context of: (i) advisory matters, such as new privacy and security laws and regulations, as well as technology transformations related to IoT, blockchain, mobile, cloud, data monetization, and other initiatives; (ii) transactional matters, such as mergers & acquisitions, sourcing, distributor, business partner, and other third party arrangements; and (iii) crisis matters, such as data security events, regulatory and governmental inquiries related to privacy and security issues, internal investigations, and litigation-related matters.

Brian's practice covers privacy and information management, with emphasis on regulatory and transactional issues, including data security and information technology, privacy and data protection, sourcing, digital and electronic signatures, email and telemarketing, social media, cyber crime, and jurisdiction and the enforcement of foreign judgments.

Professional Honors

  • Legal 500 Hall of Fame 
  • Leading Lawyer in Technology: Cyber law (including data protection and privacy), Legal 500 USA, 2009-2017
  • Regulatory & Compliance Trailblazer, National Law Journal, 2015
  • Recognized in Privacy and Data Security Law, Best Lawyers in America, 2016-2017

Professional Associations and Memberships

  • American Bar Association - International Law Section
  • International Association of Privacy Professionals (IAPP) - Former Advisory Board Member


Illinois~United States (2004)

Indiana~United States (1995)


University of Minnesota Law School (J.D. cum laude) (1995)

Central European University (Budapest) (Certificate) (1993)

Washington University (A.B. Economics) (1991)




Harry A. Valetk is a Partner in Baker McKenzie’s Global Privacy and Security Practice Group based in New York, where he advises global organizations on privacy and data security compliance requirements. He regularly supports companies in the insurance and financial services sector, pharmaceutical/ healthcare, hospitality, cloud technology, and manufacturing industries.  His practice is focused on delivering commercially practical advice on designing security, privacy, and technologically compliant solutions. Harry's practice routinely covers issues that range from supporting M&A transactions that result in cross-border data transfers, to digital marketing, regulatory enforcement defense, and cyber security and data breach incident response. He also helps clients perform privacy risk assessments for highly-regulated entities on numerous data protection topics, including the California Consumer Privacy Act (CCPA), GDPR,HIPAA, GLBA, the Children’s Online Privacy Protection Act (COPPA).  Before joining the Firm in 2014, Harry was Director of MetLife’s Global Privacy Office.  Before MetLife, Harry led the video game publishing industry’s privacy compliance efforts as the Director of Privacy Online for the Entertainment Software Rating Board and its COPPA Safe Harbor Seal Program. Finally, Harry served as a trial attorney for the U.S. Department of Justice, Civil Division.

Jeanne Sheahan is a passionate privacy attorney with expertise in leading privacy compliance programs at public domestic and international organizations. She is the Head of Privacy Compliance at First Republic Bank. Before that, she was the first global privacy lead for Eventbrite, the world's largest event technology platform, and she was the lead privacy attorney at Groupon, an e-commerce marketplace, responsible for leading the design and implementation of Groupon's worldwide privacy compliance program, including for GDPR. She is a Fellow of Information Privacy (FIP, CIPP/US, CIPM) with the International Association of Privacy Professionals.

Jeanne also worked for 8 years as outside counsel, including at Davis Wright Tremaine counseling on privacy and security best practices. She is also a seasoned litigator. While at DWT and for 4 years at Bingham McCutchen, she represented clients from start-ups to Fortune 500 companies in bet-the-company litigation and government investigations.

Jonathan Avila joined Walmart Stores, Inc. as Vice President, Chief Privacy Officer in October 2012.  Mr. Avila is responsible for the worldwide data privacy and records management program for Walmart’s operations involving 11,000 retail locations with more than two million employees in 27 countries, as well as Walmart’s e-commerce websites in ten countries.  Mr. Avila previously served as Vice President -- Counsel, Chief Privacy Officer of The Walt Disney Company.  Mr. Avila initiated the data privacy program at Disney in 2001 and led the development of Disney's enterprise privacy compliance program covering all of Disney's online and offline business activities in the nearly 50 countries in which Disney operates.

Mr. Avila has been active in the international data privacy community, having served for five years on the board of directors of the International Association of Privacy Professionals, including serving as President of the IAPP in 2009.  Mr. Avila has spoken at numerous conferences on data privacy issues, including conferences of the international data privacy commissioners sponsored by the governments of Spain and Mexico.  Mr. Avila is a co-author of Privacy Compliance and Litigation in California (CEB 2014).  Mr. Avila served on the advisory committee to the California Office of Privacy Protection on the development of its guidance on California's "Shine the Light" law relating to business' information sharing practices.  Mr. Avila also has taught on the subject of privacy law as an Adjunct Professor of the School of Law of the University of Arkansas.

Mr. Avila began his career as a law clerk to Judge W. Eugene Davis of the United States Court of Appeals for the Fifth Circuit.  Mr. Avila later was an associate with Latham & Watkins, and Litigation Counsel with the CBS television network.  Before joining Disney, Mr. Avila served as General Counsel Chief Privacy Officer of, Inc., a venture capital funded Internet company.

Mr. Avila graduated with a B.A. from Yale University and a J.D. from Harvard Law School.  Mr. Avila also holds a diploma from the University of Salamanca (Spain) and holds the Certified Information Privacy Professional credential issued by the IAPP.

Kara Sutton is director of the U.S. Chamber of Commerce Center for Global Regulatory Cooperation’s Global Connect Program, where she oversees the Chamber’s international high-tech and digital policy work, with an emphasis on global data privacy and data transfer policies and best practices. Kara works extensively with companies of all sizes and sectors on efforts to preserve cross-border data flows. She leads private sector engagement in multiple international fora and works closely with governments worldwide on developing policies that support innovation.

Before joining the Chamber, Kara was policy director at the Trans-Atlantic Business Council where she advanced the association's transatlantic digital policy agenda. Prior, she was a legislative liaison working on trade and cybersecurity issues at the Bertelsmann Foundation, a German think tank. She started her career working in the U.S. Congress on the House Committee for Ways and Means.

Scott Hodes has over 15 years of in house privacy experience and is currently Associate General Counsel and Director for Privacy at Twitter.  He provides legal advice to help ensure privacy compliance for the company on a global basis by working closely with the product, marketing, human resources, and information security teams.

Prior to Twitter he was the Deputy General Counsel for Privacy and Product at AdRoll, following privacy legal positions at Gap, Visa, PayPal, and UBS providing in house privacy guidance to these financial services, ad tech, e-commerce and retail companies.

Scott has a JD from the University of Arizona College of Law, and undergraduate degrees from Georgetown University (Government) and Rowan University (Computer Science).  He is CIPP/US certified by the IAPP.

Benjamin Hayes, Esq., CIPP/US,G,E,C, CIPM, CIPT, FIP has been a legal advisor in the area of privacy, data governance, and security incident management since 1999, focused primarily on in-house strategic and compliance counseling for multi-national enterprises.  He spent 6 years at Kirkpatrick & Lockhart (now K&L Gates) developing compliance programs with then-new privacy laws like the EU Privacy Directive, HIPAA, COPPA, and Gramm-Leach-Bliley for clients that spanned a range of industries from financial services to entertainment and media to manufacturing and shipping.  Ben developed early privacy programs for DuPont, Deutsche Bank, JP Morgan, and World Wrestling Entertainment.

Ben joined Accenture in 2006 as Americas Privacy Lead—an in-house role developing Accenture’s compliance program.  He led several global initiatives at Accenture, including the development of its incident response program, its client data protection program (a methodology for assessing data risks associated with individual consulting engagements, and right-sizing data security for the engagement, backed up with continuous auditing and program review, and an approach to contracting for cloud services so as to take account of dozens of privacy laws around the globe.

He became Nielsen’s first CPO in 2014 and spent 4 years developing its global privacy program, including the establishment of its first global privacy policy, integration of an acquired data management platform (DMP), and leading ramp-up efforts for compliance with GDPR from 2016 onwards.  

In January, 2019 Ben became the first CPO of Zeta Global, a marketing software, analytics, and data company headquartered in New York City.  In that role he is overseeing Zeta’s privacy compliance program, managing privacy integration of its acquisitions, engaging in hands-on privacy by design, and helping navigate the CCPA and beyond.

Christina Maria Schwaiger is Deputy Head of International Desk at the Austrian Data Protection Authority and member of the Chair Coordination Team of the European Data Protection Board. She studied law and economics at the University of Salzburg, where she also worked as a teaching and research assistant at the Institute of Public Law, European Law and International Law. As part of her research activity, she was focusing on constitutional law, administrative law, data protection law and IT law. After completing her legal clerkship at the District Court of Favoriten and at the Regional Court of Wiener Neustadt, she joined the Austrian Data Protection Authority as a policy officer in 2016. Her areas of expertise at national level include dealing with complaint handling procedures and carrying out legal expert examinations regarding new draft legislations. Since February 2018, when the chairmanship of the European Data Protection Board – EDPB – (former Article 29 Working Party) was taken over by the Head of the Austrian Data Protection Authority, she has additionally performed tasks within the Chair Coordination Team. Further she is member of EDPB’s International Transfer Subgroup, which is dealing with all main aspects of the EU-US Privacy Shield. In May 2018 Ms. Schwaiger became Deputy Head of International Desk at the Austrian Data Protection Authority. Next to her work at the Authority and the EDPB, she has authored several legal articles inter alia on data protection aspects of facial recognition and the data protection officer according to GDPR. She has also contributed to a commentary on the new Austrian Federal Act concerning the Protection of Personal Data and lectures in the field of data protection law at the University of Applied Sciences Burgenland as well as at the Danube University in Krems.