Skip to main content

Global Data Protection Boot Camp 2019

Speaker(s): Ana Carolina Cagnoni, Benjamin Hayes, Brian L. Hengesbaugh, Cari Benn, Farah Y. Zaman, Hannah Poteat, Harry A. Valetk, Kristie Chon, Natalie LaPorta, Robyn Sterling Eckerling, Stefan Niederer, Tanya L. Forsheit
Recorded on: Oct. 10, 2019
PLI Program #: 247698

Brian Hengesbaugh is Chair of the Firm's Global Data Privacy and Security Business Unit, a Member of the Firm's Global IP Tech Steering Committee. Brian is listed in The Legal 500 Hall of Fame and was recognized as a Regulatory & Compliance Trailblazer by the National Law Journal. He is also listed as a Leading Lawyer for Cyber law (including data protection and privacy) in The Legal 500 and is listed in Chambers. Formerly Special Counsel to the General Counsel of the US Department of Commerce, Brian played a key role in the development and implementation of the US Government’s domestic and international policy in the area of privacy and electronic commerce. In particular, he served on the core team that negotiated the US-EU Safe Harbor Privacy Arrangement (Safe Harbor), and earned a Medal Award from the US Department of Commerce for this service. In addition, Brian participated on behalf of the United States in the development of a draft Council of Europe Treaty on Cyber Crime, and in the negotiation of a draft Hague Convention on Jurisdiction and the Recognition of Foreign Judgments. Brian has been quoted in the Wall Street Journal, New York Times, Forbes, CNET, Slate Magazine, Compliance Weekly, BNA Bloomberg, PCWorld and other news publications on global privacy and security issues.

Practice Focus

Brian provides advice on global data privacy, data protection, cybersecurity, digital media, direct marketing information management, and other legal and regulatory issues. He focuses on these issues in the context of: (i) advisory matters, such as new privacy and security laws and regulations, as well as technology transformations related to IoT, blockchain, mobile, cloud, data monetization, and other initiatives; (ii) transactional matters, such as mergers & acquisitions, sourcing, distributor, business partner, and other third party arrangements; and (iii) crisis matters, such as data security events, regulatory and governmental inquiries related to privacy and security issues, internal investigations, and litigation-related matters.

Brian's practice covers privacy and information management, with emphasis on regulatory and transactional issues, including data security and information technology, privacy and data protection, sourcing, digital and electronic signatures, email and telemarketing, social media, cyber crime, and jurisdiction and the enforcement of foreign judgments.

Professional Honors

  • Legal 500 Hall of Fame 
  • Leading Lawyer in Technology: Cyber law (including data protection and privacy), Legal 500 USA, 2009-2017
  • Regulatory & Compliance Trailblazer, National Law Journal, 2015
  • Recognized in Privacy and Data Security Law, Best Lawyers in America, 2016-2017

Professional Associations and Memberships

  • American Bar Association - International Law Section
  • International Association of Privacy Professionals (IAPP) - Former Advisory Board Member


Illinois~United States (2004)

Indiana~United States (1995)


University of Minnesota Law School (J.D. cum laude) (1995)

Central European University (Budapest) (Certificate) (1993)

Washington University (A.B. Economics) (1991)




Farah Zaman is General Counsel of the NAI, non-profit organization that is the leading self-regulatory association dedicated to responsible data collection and its use for digital advertising. 

Zaman formerly served as the Chief Privacy Officer at Meredith Corporation, responsible for leading Meredith’s privacy and first-party data strategy and establishing its first privacy office to address compliance, education and product development. Previously, Zaman served as Senior Global Data Privacy Counsel for Colgate Palmolive, where she led the global data privacy program addressing employee privacy and supporting business including the development of IoT devices and direct to consumer initiatives. Zaman had previously served as Senior Counsel of Privacy for Nielsen’s global privacy program. Zaman began her career in New York City government, serving as a post-graduate legal fellow in the Mayor's Office for International Affairs and subsequently as an Agency Attorney in the Office of Data Privacy for the Department of Social Services.

Zaman's passion for data privacy extends to her volunteerism. She serves on the advisory boards of the International Association of Privacy Professionals’ Women Leading Privacy and Diversity in Privacy Boards, the Future of Privacy Forum, and start-up Safe Porter. She is also on the advisory board for The Resolution Project, an organization that aims to develop socially responsible young leaders and serves as a member of CHIEF, a private network focused on connecting and supporting women executive leaders.

Zaman serves as a member of the Carnegie Mellon Board of Advisers for the Dietrich College of Humanities and Social Sciences and is an adjunct faculty member of Albany Law School.

She earned a B.S. in decision science and international relations from Carnegie Mellon University and received a J.D. from Brooklyn Law School.

Hannah Poteat is a data privacy and information security attorney with over 20 years of experience in privacy, security, intellectual property, and internet policy, who did data protection before data protection was cool. As Twilio’s Senior Privacy Counsel, Hannah advises on the nexus of international, domestic, and sectoral privacy and telecommunications laws. Hannah handles matters including guidance of corporate policy in line with developing global privacy laws, compliance with GDPR and binding corporate rules, incident response and security policy development, and negotiation of data protection agreements.

Hannah is CIPP/US certified and is a Fellow at the Internet Law and Policy Foundry. Prior to taking on a legal career, Hannah worked in information security for fourteen years.

Harry A. Valetk is a Partner in Baker McKenzie’s Global Privacy and Security Practice Group based in New York, where he advises global organizations on privacy and data security compliance requirements. He regularly supports companies in the insurance and financial services sector, pharmaceutical/ healthcare, hospitality, cloud technology, and manufacturing industries.  His practice is focused on delivering commercially practical advice on designing security, privacy, and technologically compliant solutions. Harry's practice routinely covers issues that range from supporting M&A transactions that result in cross-border data transfers, to digital marketing, regulatory enforcement defense, and cyber security and data breach incident response. He also helps clients perform privacy risk assessments for highly-regulated entities on numerous data protection topics, including the California Consumer Privacy Act (CCPA), GDPR,HIPAA, GLBA, the Children’s Online Privacy Protection Act (COPPA).  Before joining the Firm in 2014, Harry was Director of MetLife’s Global Privacy Office.  Before MetLife, Harry led the video game publishing industry’s privacy compliance efforts as the Director of Privacy Online for the Entertainment Software Rating Board and its COPPA Safe Harbor Seal Program. Finally, Harry served as a trial attorney for the U.S. Department of Justice, Civil Division.

Widely considered one of the country’s top privacy and data security lawyers, Tanya Forsheit has advised on high-profile matters involving confidential data and other sensitive information for over 20 years. Ms. Forsheit is Chair of Frankfurt Kurnit Klein & Selz’s Privacy & Data Security Group and Supervising Partner of the Los Angeles Office. She advises on the protection, processing and monetization of data, including matters related to interest-based advertising, privacy policies, mobile apps, cloud computing, smart devices, and data analytics.

Ms. Forsheit has advised on hundreds of information technology deals and transactions on behalf of both service providers and enterprise purchasers, including multilayered AdTech and cloud computing agreements. She is routinely called upon to help clients respond to time-sensitive security events and has advised on hundreds of such incidents. She has worked with over a hundred clients on the compliance requirements of the California Consumer Privacy Act, as well as dozens of multinational clients on the compliance requirements of the EU General Data Protection Regulation. She is currently representing dozens more in preparing for, and addressing the policy implications of, the California Privacy Rights Act, taking effect in January 2023. 

The Legal 500 praised Ms. Forsheit in the 2020 edition as a “leading expert in CCPA” and “one of the leading authorities in data privacy.” The Los Angeles Business Journal included her as one of Los Angeles’ leading professionals “Thriving in Their 40s” in 2020. The Daily Journal named her as one of the top 20 Cyber attorneys in California in its inaugural 2018 list and again in 2020, and has twice included her in its list of "Top Women Lawyers."

Ms. Forsheit lectures widely on technology law topics and has been quoted on privacy and data security in publications such as the Wall Street Journal, Los Angeles Times, Forbes, ComputerWorld, Venture Beat, and Law360. She is currently an Adjunct Professor at Loyola Law School.

The International Association of Privacy Professionals (IAPP) has certified Ms. Forsheit as both an Information Privacy Professional (CIPP/US) and Privacy Technologist (CIPT). Ms. Forsheit is a past President of the Women Lawyers Association of Los Angeles.

Benjamin Hayes, Esq., CIPP/US,G,E,C, CIPM, CIPT, FIP has been a legal advisor in the area of privacy, data governance, and security incident management since 1999, focused primarily on in-house strategic and compliance counseling for multi-national enterprises.  He spent 6 years at Kirkpatrick & Lockhart (now K&L Gates) developing compliance programs with then-new privacy laws like the EU Privacy Directive, HIPAA, COPPA, and Gramm-Leach-Bliley for clients that spanned a range of industries from financial services to entertainment and media to manufacturing and shipping.  Ben developed early privacy programs for DuPont, Deutsche Bank, JP Morgan, and World Wrestling Entertainment.

Ben joined Accenture in 2006 as Americas Privacy Lead—an in-house role developing Accenture’s compliance program.  He led several global initiatives at Accenture, including the development of its incident response program, its client data protection program (a methodology for assessing data risks associated with individual consulting engagements, and right-sizing data security for the engagement, backed up with continuous auditing and program review, and an approach to contracting for cloud services so as to take account of dozens of privacy laws around the globe.

He became Nielsen’s first CPO in 2014 and spent 4 years developing its global privacy program, including the establishment of its first global privacy policy, integration of an acquired data management platform (DMP), and leading ramp-up efforts for compliance with GDPR from 2016 onwards.  

In January, 2019 Ben became the first CPO of Zeta Global, a marketing software, analytics, and data company headquartered in New York City.  In that role he is overseeing Zeta’s privacy compliance program, managing privacy integration of its acquisitions, engaging in hands-on privacy by design, and helping navigate the CCPA and beyond.

Ana Carolina Cagnoni holds a solid background in technology and privacy regulation in Brazil as well as in intellectual property law, including niche aspects of the field such as entertainment, biodiversity and access to genetic resources. She obtained extensive practice as an in-house and as an associate with law firms in drafting and interpreting agreements within these areas, and providing legal advice for related industries. Certificated with CIPP/E and CIPP/US certificates from International Association of Privacy Professionals. Currently partner at Grinberg Cordovil Advogados, an antitrust boutique firm in Brazil, responsible for the TMT and IP areas of practice.

Cari Benn is Assistant General Counsel in Microsoft's privacy and regulatory affairs group, focusing on international privacy and data law. She advises Microsoft's commercial and consumer businesses on European privacy regulation, including the General Data Protection Regulation (GDPR), U.S. federal and state privacy law, complex contract negotiations, and mergers and acquisitions. Benn previously served as in-house counsel for aQuantive, a digital advertising start-up Microsoft acquired in 2007. She earned her bachelor’s degree in history from the University of Denver and her law degree from Seattle University’s School of Law.

Kristie Chon is responsible for privacy, resiliency, technology risk and compliance at PayPal.  As the VP & Chief Privacy Officer, Kristie is passionate about creating and implementing privacy programs focused on driving customer experience and trust, brand loyalty, and innovation.  Her specialties include data driven approach to privacy risk management and developing a framework approach to operationalizing privacy requirements, including data governance strategy, policies and procedures, training, privacy by design, third party risk assessment, and breach management.  Prior to PayPal, Kristie was the Chief Privacy Officer at HCL Technologies, leading an organization of experienced privacy professionals to develop and operationalize a compliance framework for privacy.  Kristie began her career advising technology outsourcing and consumer protection issues in law firms and regulatory agencies.

Natalie LaPorta is the Director of Privacy for Walgreen Co. focused on a wide range of privacy matters that impact U.S. patient and consumer data privacy including state and federal data privacy compliance, complex contract negotiations, digital privacy, de-identification, AI, analytics, and marketing. Prior to her most recent role at Walgreens, Natalie was an associate attorney at Dentons US LLP where she handled health care regulatory, tax exempt bond finance, and mergers and acquisitions matters. She holds a bachelor’s degree in political science from Benedictine University and a law degree from The John Marshall Law School.

Robyn Sterling Eckerling focuses her practice on data privacy and data security with a concentration in health care privacy. She regularly advises Allscripts on a wide range of privacy matters that include state and federal privacy and data security compliance, data security breach response, privacy and data security policies and procedures. She also advises on areas of international privacy, health care privacy, and social networking. Robyn currently serves as the Chief Privacy & Security Counsel for Allscripts. 

Prior to joining Allscripts, Robyn was Aon's HIPAA specialist and worked on various privacy projects. Prior to Aon, Robyn worked for large international law firms where she worked on transactional matters including representing hospitals, dental management companies, and pharmaceutical, medical device and nutritional supplement companies. She also represented private equity funds and other health care company investors in mergers, acquisitions and other complex health care transactions. In addition to transactional work, she regularly advised clients on regulatory and compliance matters, including data privacy, data breach preparedness, HIPAA, fraud and abuse laws, as well as the promotion of pharmaceutical products and medical devices. Robyn began her career at the United States Department of Health and Human Services, Office of Inspector General. She holds a BA from the University of Illinois, Urbana-Champaign in History and Political Science, a JD from Chicago-Kent College of Law, and a Master of Public Health from Boston University where she served as the Health Law, Bioethics and Human Rights Fellow.

Stefan Niederer is Senior Data Protection Officer at the Department for European and International Affairs of the Office of the Federal Commissioner for Data Protection and Freedom of Information. Located in Bonn, Germany, he has attended frequently meetings of the Cooperation Expert Subgroup in Brussels, which is an entity of the European Data Protection Board and its predecessor, the Article-29-Working-Party, where data protection regulators from EU member states come together to discuss important cases and topics that are of significance for many or all member states. His expertise also covers international bodies, since he regularly contributes to the work of the OECD´s Working Party on Security and Privacy in the Digital Economy (WP SPDE) as well as to the Council of Europe´s Committee on Data Protection (T-PD) or to the Global Privacy Enforcement Network (GPEN). He represents his office at the annual meetings of the International Conference of Data Protection and Privacy Commissioners and in topic-specific working groups of the conference, too. As to his background, he has studied public law, economics and public administration being a graduate of the Federal University of Administrative Sciences. After services at various federal agencies he joined the Federal Commissioner´s Office in 2007, where he first worked in the Department for Police and Intelligence Affairs before moving on to the European and International Department.