Skip to main content

GDPR Boot Camp 2018


Speaker(s): Alison Howard, Ben Hayes, Brian L. Hengesbaugh, Christina Maria Schwaiger, Harry A. Valetk, Jeanne M. Sheahan, Jonathan D. Avila, Kara Sutton, Scott Hodes
Recorded on: Oct. 11, 2018
PLI Program #: 219245

Alison Howard is an assistant general counsel at Microsoft Corporation in Redmond, Washington.  She supports Microsoft’s efforts around the EU’s General Data Protection Regulation.  She also provides privacy advice for Microsoft’s identity and security services as well as enterprise and developer products and online services.  Previously she was the privacy attorney for such Microsoft consumer products and services as Xbox, Xbox Live, Kinect and OneDrive. 

Before joining Microsoft in 2005, she was an associate at Davis Wright Tremaine LLP in Seattle.  She was a journalist at newspapers in California and Idaho before becoming a lawyer. 

She received her J.D. from Boalt Hall School of Law at the University of California-Berkeley, her M.A. in international journalism from the University of Southern California and her B.A. in journalism from the University of North Carolina-Chapel Hill.  She has CIPP/E and CIPP/US certifications.


Brian Hengesbaugh provides advice to a wide range of global online businesses, pharmaceutical companies, health care providers, manufacturers, financial institutions, sourcing providers, retail companies, and other organizations regarding the legal aspects of global privacy and data protection, data security, information technology, and related restrictions on data collection and movement. He focuses on these issues in the context of: data security breach and incident response, global company operations and applications, including websites, mobile, and e-commerce applications; sourcing and corporate transactions; and litigation, internal investigations, and government inquiries.

Brian is Chair of the Firm's Global IT/C Data Security Steering Committee, and a Member of the Firm's Global Privacy Steering Committee. He is listed in The Legal 500 Hall of Fame and was recognized as a Regulatory & Compliance Trailblazer by the National Law Journal. He is also listed as a Leading Lawyer for Cyber law (including data protection and privacy) in The Legal 500, listed in Chambers USA and the Computer World Ranking of Top Privacy Advisors. Formerly Special Counsel to the General Counsel of the US Department of Commerce, Brian played a key role in the development and implementation of the US Government’s domestic and international policy in the area of privacy and electronic commerce. In particular, he served on the core team that negotiated the US-EU Safe Harbor Privacy Arrangement (Safe Harbor), and earned a Medal Award from the US Department of Commerce for this service. In addition, Brian participated on behalf of the United States in the development of a draft Council of Europe Treaty on Cyber Crime, and in the negotiation of a draft Hague Convention on Jurisdiction and the Recognition of Foreign Judgments. Brian has been quoted in the Wall Street Journal, New York Times, Forbes, CNET, Slate Magazine, Compliance Weekly, BNA Bloomberg, PCWorld and other news publications on global privacy and security issues.

Practice Focus

Brian's practice covers privacy and information management, with emphasis on regulatory and transactional issues, including data security and information technology, privacy and data protection, sourcing, digital and electronic signatures, email and telemarketing, social media, cyber crime, and jurisdiction and the enforcement of foreign judgments.

Professional Honors

  • Legal 500 Hall of Fame 
  • Leading Lawyer in Technology: Cyber law (including data protection and privacy), Legal 500 USA, 2009-2017
  • Regulatory & Compliance Trailblazer, National Law Journal, 2015
  • Recognized in Privacy and Data Security Law, Best Lawyers in America, 2016-2017

Professional Associations and Memberships

  • American Bar Association - International Law Section
  • International Association of Privacy Professionals (IAPP) - Former Advisory Board Member

Admissions

Illinois~United States (2004)

Indiana~United States (1995)

Education

University of Minnesota Law School (J.D. cum laude) (1995)

Central European University (Budapest) (Certificate) (1993)

Washington University (A.B. Economics) (1991)

Languages

English

German


Harry A. Valetk is Of Counsel in the International Commercial Practice Group in the New York office, advising global organizations on privacy and data security compliance requirements. He regularly supports companies in the insurance and financial services sector, retail, pharmaceutical/ healthcare, transportation/ logistics, hospitality, defense, social media, cloud technology, and manufacturing industries. His practice is focused on delivering commercially practical advice on designing security, privacy, and technologically compliant solutions. Harry's practice routinely covers issues that range from supporting M&A transactions that result in cross-border data transfers, to digital marketing, regulatory enforcement defense, and cyber security and data breach incident response. He also helps clients perform privacy risk assessments for EU-US Privacy Shield certifications, and works with highly-regulated entities on numerous data protection topics, including HIPAA, GLBA, FERPA, the Children’s Online Privacy Protection Act (COPPA).

Harry puts on an insider’s perspective when advising his clients having worked in-house as Director of MetLife’s Global Privacy Office in New York for almost seven years. In that role, he supported business lines in more than 60 countries to protect the personal data of over 90 million MetLife customers. Additionally, he led numerous strategic efforts to build out a global Privacy Risk Framework, achieve global compliance with applicable data privacy laws, deploy cross-border data transfer solutions, implement global training and awareness initiatives, and manage data and cyber security incidents. Before MetLife, Harry led the video game publishing industry’s privacy compliance efforts as the Director of Privacy Online for the Entertainment Software Rating Board and its COPPA Safe Harbor Seal Program. Finally, Harry served as a trial attorney for the U.S. Department of Justice, Civil Division.


Jeanne Sheahan is the worldwide lead privacy attorney at Eventbrite and is deeply passionate about privacy.  Eventbrite is the world's largest event technology platform that builds the technology to allow anyone to create, share, find and attend new things to do that fuel their passions and enrich their lives. Her privacy strategy focuses on holistically promoting customer and organizer trust while harmonizing business objectives and fostering data stewardship.  

Before Eventbrite, Jeanne was the global lead privacy attorney at Groupon, an e-commerce marketplace, responsible for leading the design and implementation of Groupon's worldwide privacy compliance program.  Jeanne also worked for 4 years at the law firm Davis Wright Tremaine (DWT) counseling businesses on best practices in information privacy and data security, responses to government investigations, and data breach response. She is also a seasoned litigator. While at DWT and for 4 years before that at Bingham McCutchen, she represented numerous clients from start-ups to Fortune 500 companies in bet-the-company litigation and government investigations.

Jeanne is a Fellow of Information Privacy (FIP) with the IAPP and holds both the Certified Information Privacy Professional (CIPP/US) and Certified Privacy Program Manager (CIPM) credentials. She is a frequent speaker on privacy and cybersecurity issues.  Jeanne earned her JD from the University of California-Hastings and her undergraduate degree from the University of Wisconsin-Madison.


Jonathan Avila joined Walmart Stores, Inc. as Vice President, Chief Privacy Officer in October 2012.  Mr. Avila is responsible for the worldwide data privacy and records management program for Walmart’s operations involving 11,000 retail locations with more than two million employees in 27 countries, as well as Walmart’s e-commerce websites in ten countries.  Mr. Avila previously served as Vice President -- Counsel, Chief Privacy Officer of The Walt Disney Company.  Mr. Avila initiated the data privacy program at Disney in 2001 and led the development of Disney's enterprise privacy compliance program covering all of Disney's online and offline business activities in the nearly 50 countries in which Disney operates.

Mr. Avila has been active in the international data privacy community, having served for five years on the board of directors of the International Association of Privacy Professionals, including serving as President of the IAPP in 2009.  Mr. Avila has spoken at numerous conferences on data privacy issues, including conferences of the international data privacy commissioners sponsored by the governments of Spain and Mexico.  Mr. Avila is a co-author of Privacy Compliance and Litigation in California (CEB 2014).  Mr. Avila served on the advisory committee to the California Office of Privacy Protection on the development of its guidance on California's "Shine the Light" law relating to business' information sharing practices.  Mr. Avila also has taught on the subject of privacy law as an Adjunct Professor of the School of Law of the University of Arkansas.

Mr. Avila began his career as a law clerk to Judge W. Eugene Davis of the United States Court of Appeals for the Fifth Circuit.  Mr. Avila later was an associate with Latham & Watkins, and Litigation Counsel with the CBS television network.  Before joining Disney, Mr. Avila served as General Counsel Chief Privacy Officer of MValue.com, Inc., a venture capital funded Internet company.

Mr. Avila graduated with a B.A. from Yale University and a J.D. from Harvard Law School.  Mr. Avila also holds a diploma from the University of Salamanca (Spain) and holds the Certified Information Privacy Professional credential issued by the IAPP.


Kara Sutton is director of the U.S. Chamber of Commerce Center for Global Regulatory Cooperation’s Global Connect Program, where she oversees the Chamber’s international high-tech and digital policy work, with an emphasis on global data privacy and data transfer policies and best practices. Kara works extensively with companies of all sizes and sectors on efforts to preserve cross-border data flows. She leads private sector engagement in multiple international fora and works closely with governments worldwide on developing policies that support innovation.

Before joining the Chamber, Kara was policy director at the Trans-Atlantic Business Council where she advanced the association's transatlantic digital policy agenda. Prior, she was a legislative liaison working on trade and cybersecurity issues at the Bertelsmann Foundation, a German think tank. She started her career working in the U.S. Congress on the House Committee for Ways and Means.


Scott Hodes has over 15 years of in house privacy experience and is currently Associate General Counsel and Director for Privacy at Twitter.  He provides legal advice to help ensure privacy compliance for the company on a global basis by working closely with the product, marketing, human resources, and information security teams.

Prior to Twitter he was the Deputy General Counsel for Privacy and Product at AdRoll, following privacy legal positions at Gap, Visa, PayPal, and UBS providing in house privacy guidance to these financial services, ad tech, e-commerce and retail companies.

Scott has a JD from the University of Arizona College of Law, and undergraduate degrees from Georgetown University (Government) and Rowan University (Computer Science).  He is CIPP/US certified by the IAPP.


Ben Hayes joined Nielsen in 2014 as its first Chief Privacy Officer. He spent 4 years in the role working to establish Nielsen’s privacy compliance program, including its first global privacy policy, training and awareness, and increasing transparency about its practices.  Ben also led Nielsen’s GDPR preparation efforts.  Previously Ben served as Americas Privacy Lead at Accenture, where he developed several global programs including incident response, client data protection, contracting strategies, and internal data loss prevention.  He began his career at K&L Gates (then Kirkpatrick & Lockhart) developing privacy programs and strategies for a diverse set of clients, including DuPont, Deutsche Bank, World Wrestling Entertainment, and J.P Morgan.  Ben obtained his J.D. with honors from the Ohio State University in 1999, and his B.A. in English and Anthropology from the University of Vermont in 1992.  In addition he has studied European Community law during summer programs at Oxford University and the University of Amsterdam, and spent 1990-91 at the University of Kent in Canterbury as a Buckham Scholar.  He lives in Lawrence, Kansas with his partner Laura and their 4 kids. 


Christina Maria Schwaiger is Deputy Head of International Desk at the Austrian Data Protection Authority and member of the Chair Coordination Team of the European Data Protection Board. She studied law and economics at the University of Salzburg, where she also worked as a teaching and research assistant at the Institute of Public Law, European Law and International Law. As part of her research activity, she was focusing on constitutional law, administrative law, data protection law and IT law. After completing her legal clerkship at the District Court of Favoriten and at the Regional Court of Wiener Neustadt, she joined the Austrian Data Protection Authority as a policy officer in 2016. Her areas of expertise at national level include dealing with complaint handling procedures and carrying out legal expert examinations regarding new draft legislations. Since February 2018, when the chairmanship of the European Data Protection Board – EDPB – (former Article 29 Working Party) was taken over by the Head of the Austrian Data Protection Authority, she has additionally performed tasks within the Chair Coordination Team. Further she is member of EDPB’s International Transfer Subgroup, which is dealing with all main aspects of the EU-US Privacy Shield. In May 2018 Ms. Schwaiger became Deputy Head of International Desk at the Austrian Data Protection Authority. Next to her work at the Authority and the EDPB, she has authored several legal articles inter alia on data protection aspects of facial recognition and the data protection officer according to GDPR. She has also contributed to a commentary on the new Austrian Federal Act concerning the Protection of Personal Data and lectures in the field of data protection law at the University of Applied Sciences Burgenland as well as at the Danube University in Krems.