New feature: Customize your PLUS research experience with My Preferences. Learn more.
Skip to main content

Fundamentals of Privacy Law 2019


Speaker(s): Andrew N. Siegel, Christopher J. Bender, Elaine C. Zacharakis, Jean C. Liu, Jeffrey H. Wechselblatt, Jo Ann Davaris, Joseph V. DeMarco, Justin Herring, Kelly A. Harris, Ken Mortensen, Kristen Ahearn, Marshall L. Miller, Meredith K. Grauer, Peter F. McLaughlin, Peter J. Guffin, Ronald E. Plesco , Sandra Maliszewski, Virginia Lee
Recorded on: Dec. 16, 2019
PLI Program #: 247740

Background

Ron is an internationally known information security and privacy attorney with over 18 years’ experience in cyber investigations, information assurance, privacy, identity management, computer crime and emerging cyber threats and technology solutions. Ron is a Principal in KPMG’s Cyber Response Services practice. Ron joined KPMG in 2012 after a distinguished career in the private and public sectors and is a frequent speaker nationally. Prior to joining KPMG, Ron was the CEO of the National Cyber Forensics and Training Alliance (NCFTA), where he managed the development of intelligence that led to over 400 worldwide cyber crime arrests in four years and prevented over $2 billion in fraud. Notable NCFTA intelligence-led arrests include Ghost Click, Anonymous, Coreflood and multiple online frauds.

 Professional and Industry Experience

 Ron is a seasoned professional and recognized leader with experience in:

  • Cyber Incident response and investigation
  • Cyber Threat Intelligence
  • Cyber Crime Threats
  • Credit Card Fraud
  • Identity and Information Theft
  • Identity Management
  • Information Assurance
  • Risk and Compliance
  • Project Management
  • Brand Development/Management
  • Privacy

Publications and Speeches 2016-2017

  • Global Information Security Workshops
  • Why the age of related automobiles presents a 'very actual menace' in cybersecurity Cloud Computing and Help Desk
  • Why the age of connected cars presents a ‘very real threat’ in cybersecurity TechRepublic
  • Debt Buyers Association International Conference
  • Debt Buyers Association Annual Security Conference Cyber Security Roundtable
  • Detroit Auto Show speaker, Co-author Paper
  • Your Connected Car is Talking. Who’s Listening? KPMG
  • 5 Insights Into Venture Capital Entrepreneurs Need to Know Now Entrepreneur
  • ICBA (DC) Breaking Barriers Symposium
  • Fraud and Security Seminar hosted by FL West Coast Chapter of the Institute of
  • Internal Auditors
  • Understanding Cyber Security speaker
  • KPMG Real Estate CFO Roundtable (and Emerging Accounting Issues) speaker
  • ECCI Board of Advisors
  • Commonwealth of PA Innovation Showcase panel
  • Global Cyber Alliance Strategic Advisory Committee
  • LA Auto Show keynote speaker
  • Sutherland/KPMG FinTech Program on the Risk of Cyber Fraud in the Payments Industry
  • NASPP Data Jargon Workshop

Notable Media Appearances

  • CBS Evening News
  • CNBC
  • 60 Minutes
  • ARD Germany
  • Canadian Broadcasting Company

Honors and Awards

  • Winner, Most Influential People in Security, Security Magazine, December 2010
  • Winner, Editors’ Choice Award, Secure Computing Magazine, 2010


Christopher J. Bender is a systems security and integration professional with 30 years of experience in the public and private sector.  Mr. Bender has worked with national and international clients in the financial services, healthcare, energy, defense, aerospace, and transportation sectors accomplish change and taking on new initiatives securely and effectively.

Mr. Bender has developed approaches and methods for working with diverse programs and systems that leverage risk management and business value processes to execute and deliver results that cross technical, legal, and operational domains.  Mr. Bender has led initiatives that have transformed organizations such as introducing systemic risk management to oversight and governance programs; implementing enterprise level security programs that span disparate systems and operating units while influencing the corporate culture for security; and transforming decades old development and infrastructure groups at banks to embrace DevOps and Continuous Integration/ Continuous Deployment (CI/CD).

Mr. Bender is currently the President of the Northcross Group (NCG).  NCG provides professional consulting and program services for mergers and acquisitions, program development, platform migrations, system conversions, and incident response.

Prior to NCG, Mr. Bender was the Vice President of Technology for Millennium Information Systems (MIS), a systems engineering firm supporting the FAA and DOD, as well commercial aerospace.  Mr. Bender was the Lead Architect for the FAA’s Air Transportation Oversight System (ATOS), which implemented a system safety approach for risk management to the oversight program of commercial air carriers.  Mr. Bender was an acting ISSO for the FAA’s Flight Standards Division immediately after 9/11 and led data classification efforts and control assessments for the Division. 

Mr. Bender is a Certified Information Systems Security Professional, CISSP.  Mr. Bender holds a Masters of Science in Information Systems and a Bachelors of Arts in Economics from GW University.  Mr. Bender was adjunct faculty at GW from 1994-1995 in the Columbia College of Arts & Science, and Graduate Program instructor for the Engineering School’s Risk Management program from 2012-2017.  Mr. Bender has a graduate certificate from the University of Virginia in organizational development.


Jean C. Liu is the Vice President & Chief Privacy Officer of Nuance Communications, a global voice recognition AI-powered solution provider with deep domain expertise across healthcare, financial services, telecommunications and retail sectors. Prior to joining Nuance Jean served as the Chief Privacy Officer & Assistant Vice President of Regulatory Compliance for Multiplan, Inc. Jean has also held privacy and compliance leadership roles at R1 RCM, U.S. Foods and she originated the role of Global Deputy Privacy officer for Aon Corporation. 


Jo Davaris recently joined Booking Holdings, a world leader in online travel and related services, as its first Global Privacy Officer.  She will be responsible for building and aligning a consistent privacy program across their brands (Booking.com, Kayak, Priceline, OpenTable, agoda and rentalcars.com).

Prior to joining Booking Holdings, Jo was the first Global Chief Privacy Officer for Mercer, a world leading consulting firm, where she was responsible for developing and overseeing a global privacy program for that provided appropriate controls and risk mitigation around the use of data across the diverse lines of business, while enabling growth, innovation and opportunity. 
 
Prior to joining Mercer, Jo was the Global Head of Privacy Policy and Program Development and Privacy Leader for the Institutional & Network businesses at American Express.  During her 15+ year tenure there, she held a variety of roles spanning a spectrum of pure legal (negotiating contracts with merchants and vendors) and compliance (policy creation and engagement with external sales organizations and banks) to business development (managing oil business relationships and EMV Chip marketing, communications and technical specification membership teams).  Her career path eventually led her to a focus on developing policies that enabled innovation around data analytics products while maintaining customer trust which developed into a specialization in global data protection, privacy policies and privacy program management.
 
Prior to American Express, Jo was an attorney for the Administration for Children’s Services in NYC, where she prosecuted parents that abused and neglected their children.
 
Jo is currently serving on the Education Advisory Board of the International Association of Privacy Professionals, as well as the Advisory Board of the Women, Influence and Power in Law Event.  She recently served on the Board of Directors of Rising Ground, a NYC social services non-profit organization.  She is also a frequent speaker at conferences and panels around Data Protection, Privacy Program Management, Information Governance and Regulatory Change Management.

She received both her JD and her BA from Fordham University.


Joseph V. DeMarco is a partner at DeVore & DeMarco LLP where he specializes in counseling clients on complex issues involving information privacy and security, theft of intellectual property, computer intrusions, on-line fraud, and the lawful use of new technology. His years of experience in private practice and in government handling the most difficult cybercrime investigations handled by the United States Attorney’s Office have made him one of the nation’s leading experts on Internet crime and the law relating to emerging technologies.

From 1997 to 2007, Mr. DeMarco served an Assistant United States Attorney for the Southern District of New York, where he founded and headed the Computer Hacking and Intellectual Property Program, a group of five prosecutors dedicated to investigating and prosecuting violations of federal cybercrime laws and intellectual property offenses. Under his leadership, cybercrime prosecutions grew from a trickle in 1997 to a top priority of the United States Attorney’s Office, encompassing all forms of criminal activity affecting e-commerce and critical infrastructures including computer hacking crimes; transmission of Internet worms and viruses; electronic theft of trade secrets; illegal use of “spyware”; web-based frauds; unlawful Internet gambling; and criminal copyright and trademark infringement offenses. As a recognized expert in the field, Mr. DeMarco was frequently asked to counsel prosecutors and law enforcement agents regarding novel investigative and surveillance techniques and methodologies, and regularly provided advice to the United States Attorney concerning the Office’s most sensitive computer-related investigations. In 2001, Mr. DeMarco also served as a visiting Trial Attorney at the Department of Justice Computer Crimes and Intellectual Property Section in Washington, D.C., where he focused on Internet privacy, gaming, and theft of intellectual property.

Mr DeMarco is on the panel of approved neutrals of the American Arbitration Association (AAA) where he focuses on resolving disputes between businesses involving data privacy, high-technology and commercial law issues.  He speaks frequently on the benefits of ADR in the area of data security and privacy litigation.

Since 2002, Mr. DeMarco has served as an Adjunct Professor at Columbia Law School, where he teaches the upper-class Internet and Computer Crimes seminar. He has spoken throughout the world on cybercrime, e-commerce, and IP enforcement. He has lectured on the subject of cybercrime at Harvard Law School, the Practicing Law Institute, the National Advocacy Center, and at the FBI Academy in Quantico, Virginia, and has served as an instructor on cybercrime to judges attending the New York State Judicial Institute.

Prior to joining the United States Attorney’s Office, Mr. DeMarco was a litigation associate at Cravath, Swaine & Moore in New York City, where he concentrated on intellectual property, antitrust, and securities law issues for various high-technology clients. Prior to that, Mr. DeMarco served as law clerk to the Honorable J. Daniel Mahoney, United States Circuit Judge for the Second Circuit Court of Appeals.

Mr. DeMarco holds a J.D. magna cum laude from New York University School of Law. At NYU he was a member of the NYU Law Review. He received his B.S.F.S. summa cum laude from the Edmund A. Walsh School of Foreign Service at Georgetown University.  Mr. DeMarco is active in numerous professional associations including the:

  • International Bar Association (Technology and Litigation Sections);
  • International Association of Korean Lawyers (Regional Governor, New York Region);
  • New York State Bar Association, ADR Section;
  • New York State Bar Association, Commercial and Federal Litigation Section (Co-chair, Internet and IP Committee, 2009-present);
  • Connecticut Bar Association;
  • Fairfield County (CT) Bar Association;
  • New Haven County (CT) Bar Association;
  • New York City Bar Association (Co-Chair, Information Technology Law Committee; Past
  • Member, Copyright Committee); and
  • The Copyright Society of the U.S.A.

Mr. DeMarco is a Martindale-Hubbell AV-rated lawyer for Computers and Software, Litigation and Internet Law, and is also listed in Chambers USA: America’s Leading Lawyers for Business guide as a leading lawyer nationwide in Privacy and Data Security. He has also been named as a “SuperLawyer” for his expertise and work in the area of Intellectual Property Litigation. He has published numerous articles and appeared on major news programs in his practice areas; is a member of the Professional Editorial Board of the prestigious Computer Law and Security Review (Elsevier); and serves on the Board of Advisors of the Center for Law and Information Policy at Fordham University School of Law.

Mr. DeMarco has received numerous professional awards, including the U.S. Department of Justice Director’s Award for Superior Performance, as well as the Lawyer of Integrity Award from the Institute for Jewish Humanities. In his spare time he enjoys parenting, golf, and listening to classical piano.


Justin Shibayama Herring is an Executive Deputy Superintendent at the New York Department of Financial Services (DFS), where he leads the newly created Cybersecurity Division.  The Cybersecurity Division focuses on protecting consumers and industry from cyber threats, and is the first of its kind to be established at a banking or insurance regulator.  The Division oversees DFS’s cybersecurity examinations, issues guidance on DFS’s cybersecurity regulations, and conducts cyber-related investigations with the Consumer Protection and Financial Enforcement Division.  The Division also helps the industry protect itself by disseminating trends and threat information about cyber-attacks.

Mr. Herring joined DFS from the U.S. Attorney’s Office of New Jersey, where he was Chief of the office’s first Cyber Crimes Unit, supervising the prosecution of crimes such as national security threats, ransomware, hacks targeting corporations, financial institutions, accounting firms and government networks, and cyber-enabled frauds such as business email compromises and account takeovers.  He also prosecuted and supervised white-collar cases involving investment fraud, stock manipulation, money laundering, insider trading, and corporate embezzlement.

Mr. Herring graduated from the University of Chicago Law School, and received a B.A. from Swarthmore College.  After law school, he clerked for Chief Judge Danny J. Boggs on the U.S. Court of Appeals for the Sixth Circuit.


Marshall L. Miller is Of Counsel in the Litigation Department at Wachtell, Lipton, Rosen & Katz.  His practice concentrates on advising corporations, board members, and senior executives with respect to internal investigations, regulatory compliance, cybersecurity, data privacy, criminal defense, and related civil litigation.

Before joining the firm, Mr. Miller served as the Principal Deputy Assistant Attorney General and Chief of Staff of the Criminal Division of the Department of Justice, where he supervised over 600 federal prosecutors and oversaw DOJ’s most significant prosecutions.  In that position, Mr. Miller supervised, among other programs, the Foreign Corrupt Practices Act program, the Kleptocracy Asset Recovery Initiative, the Office of International Affairs, and the Computer Crimes & Intellectual Property Section, DOJ’s flagship unit that combats cybercrime.  He testified on Capitol Hill, briefed Congressional staff, and advised executive branch officials on initiatives ranging from improving cybersecurity to combating foreign corruption and kleptocracy.  Mr. Miller personally managed and coordinated the successful Senate confirmation process for the Attorney General of the United States.

Mr. Miller joined DOJ’s Criminal Division from the United States Attorney’s Office for the Eastern District of New York (EDNY), where he worked as an Assistant United States Attorney for approximately 12 years.  At the EDNY, Mr. Miller served in a number of leadership positions, ultimately as the Chief of the Criminal Division, overseeing all of its criminal prosecutions, including the groundbreaking FIFA case, and spearheading the launch of the Office’s National Security & Cybercrime section.

Mr. Miller taught at NYU Law School and Fordham University Law School as an adjunct professor from 2006 to 2012 and full-time from 2003 to 2005.  Mr. Miller clerked for the Honorable Allyne R. Ross, United States District Judge for the Eastern District of New York.  He earned both his J.D. and B.A. from Yale.


Peter J. Guffin is a partner at Pierce Atwood LLP and heads the firm’s Privacy & Data Security practice.  He regularly advises clients with respect to compliance with state, federal, and international laws and regulations relating to privacy and data protection, as well as with respect to data security incidents, ranging from internal investigations, incident response, breach notification obligations, communications with regulators, risk mitigation, and litigation strategies.

Guffin also is a Visiting Professor of Practice and Co-Director of the Information Privacy Law Program at the University of Maine School of Law (teaching information privacy and cybersecurity law).

Guffin is a graduate of University of Pennsylvania Law School and Rutgers College (magna cum laude; Phi Beta Kappa).  He has been listed since 2014 in the Best Lawyers in America for Copyright Law, Trademark Law, and Litigation-Intellectual Property.  In 2017, he was among a distinguished group of leading privacy law scholars and practitioners selected to serve as an independent arbitrator for EU-US Privacy Shield Program by the US Department of Commerce and EU Commission.  He is a Certified Information Privacy Professional (CIPP/US, CIPP/E), International Association of Privacy Professionals.

His publications include: Author, Why Study Privacy Law?, Maine Bar Journal, Volume 33, Winter/Spring 2018; author, Chapter titled “The Electronic Communications Privacy Act” in “Data Security and Privacy in Massachusetts, book published by MCLE Press (2018); co-author, PLC Intellectual Property and Technology, State Q&A, Right of Publicity Laws; Maine (last updated 2017); co-author, Foreword, 66 ME. L. REV. 369 (2014) (Maine Law Review Symposium, Who’s Governing Privacy? Regulation and Protection in a Digital Era (2014)); founder and author of the blog, Privacy Law Perspectives, www.privacylawperspectives.com.

His recent presentations include:

  • “Why Privacy Matters,” Maine State Bar Association Annual Bar Conference (June 2018)
  • “Transparency and Privacy: Court Records and E-Filing in Maine,” Maine State Bar Association Annual Bar Conference (June 2018)
  • “The EU General Data Protection Regulation: What Researchers Need to Know,” presentation at Research Integrity Symposium (May 2018)
  • “The NAIC Insurance Data Security Model Law: What Insurers Need to Know,” presentation at education session of Members Participation Council meeting of the National Organization of Life and Health Guaranty Associations (April 2018)
  • “Beyond Ethics – Privacy, Cybersecurity and Data Breach Notification Laws Affecting Lawyers,” CLE presentation sponsored by the Maine State Bar Association and the Maine Board of Overseers of the Bar (November 2017)


Mr. Siegel is General Counsel and Chief Compliance Officer of Galaxy Digital LP, a diversified financial services firm dedicated to the digital currency and blockchain sectors

Prior to Galaxy Digital, Mr. Siegel served in a variety of legal and compliance roles for Perella Weinberg Partners, a financial services firm providing advisory and asset management services to a global client base.  Prior to joining Perella Weinberg, Mr. Siegel was General Counsel and Chief Compliance Officer of Stanfield Capital Partners LLC, an alternative asset manager based in New York. Prior to joining Stanfield, Mr. Siegel served in the law division of Morgan Stanley, initially advising the Mergers and Acquisitions Department. Ultimately, Mr. Siegel was the senior attorney responsible for advising Morgan Stanley Investment Management’s alternative investment funds, including its private equity funds, venture capital funds, hedge funds and fund of funds. Previously in his career, Mr. Siegel was a corporate attorney at Shearman & Sterling where he focused on public and private mergers and acquisitions, private equity transactions and join ventures.

Mr. Siegel is admitted to the Bar of the State of New York and has been designated a Certified Regulatory and Compliance Professional by FINRA.

Mr. Siegel received a Bachelor of Arts in Political Science, magna cum laude, from Tufts University and a Juris Doctor, summa cum laude, from Washington College of Law at American University where he was an editor of The American University Law Review.


Peter McLaughlin is a partner in the Boston office of Womble Bond Dickinson and a member of the firm’s Privacy & Data Security practice. He has nearly 20 years of experience advising U.S. and international clients on their handling of corporate and personal information and complying with cybersecurity, privacy, and data protection standards.

After having been Assistant GC (Privacy & Security) and global privacy officer for Cardinal Health as far back as 2005, with a total 7 years of in-house experience, McLaughlin appreciates the importance of practical guidance to clients. McLaughlin advises clients with respect to a broad range of technology transactions, privacy and security issues. These predominantly touch: 1) the domestic and global handling of personal data, including the CCPA, EU GDPR preparedness, and Privacy Shield compliance; 2) information security programs (across industries), Internet of Things, US and multinational security reviews, and post-incident responses with management of forensic teams; and 3) innovative uses of information and technology, such as digital health and life sciences, advertising and consumer marketing, Internet of Things, autonomous vehicles, facial recognition, and analytics.

Mr. McLaughlin is a regular contributor to blogs, magazines, and journals, and he has presented at events by: PLI; Privacy Xchange Forum; RSA Conference; mHIMSS; IAPP; HIPAA Summit; World IP Forum; and others.

McLaughlin received his J.D. from Georgetown Law in 1993 and his B.A. from Columbia in 1986.


Elaine Zacharakis Loumbas is an experienced attorney who focuses her practice on corporate and regulatory health law, privacy, and information technology matters.  Over the course of her career, Elaine has represented the full spectrum of health care entities, including, but not limited to hospitals, pharmaceutical companies, medical device companies, pharmacies, retail health clinics, health insurance companies, pharmacy benefit managers, and physicians. In addition, she has a technology background with an engineering degree from Columbia University and work experience as a management information systems consultant. This background enables her to consult with her clients and interact with their privacy, cybersecurity and information technology teams in a valuable way. Since 1999 (when the HIPAA regulations were first introduced), Elaine has counseled clients extensively on privacy compliance matters. She also has worked on a panoply of health information technology agreements. Elaine’s experience also extends to medical devices, pharma and the biotech industries where she advises on regulatory and intellectual property licensing matters and has negotiated a variety of contracts.

Some representative projects include: negotiating numerous health information technology agreements for hospital clients, preparing privacy policies for a medical device company, negotiating telemedicine agreements, establishing a pharmacy benefit management program for an on-line pharmacy, drafting HIPAA policies and consulting for the privacy office of a global pharmaceutical company, serving as privacy counsel to an association that develops quality tools and data analysis for hospital systems, negotiating provider agreements with over 140 health plans on behalf of a national provider system, preparing HIPAA compliance documents and negotiating business associate agreements for a business associate of health plans, incorporating start-up health care businesses, and analyzing regulatory issues for a start-up telemedicine company.

Elaine’s earlier work experience includes: in-house counsel with Baxter Healthcare Corporation. attorney with the law firm of Gardner, Carton & Douglas (now Drinker, Biddle & Reath) and a management information systems consultant with Andersen Consulting (now Accenture). At Baxter she established their HIPAA compliance program and served on the global privacy team.

Elaine recently accepted an adjunct professorship at Yeshiva University for the Katz School of Science and Health for their Biotechnology Management and Entrepreneurship Program in Manhattan. She also served as an adjunct professor in Chicago at the Beazley Institute for Health Law at Loyola Law School and the Center for Information Technology and Privacy at the John Marshall Law School from 2004 to 2016.  Elaine is the former Chair of the ABA Health Law Section’s e-health, privacy and security interest group.

Elaine received her law degree from Notre Dame Law School and her undergraduate from Columbia University’s School of Engineering & Applied Science. She is admitted to practice law in New York and Illinois. She lives in the New York City metropolitan area.


Jeffrey H. Wechselblatt is the General Counsel of Lone Pine Capital LLC.  Jeff joined Lone Pine in 2007.  Lone Pine is an investment adviser that advises several long/short and long only private investment funds that invest primarily in publicly traded equities.  Prior to joining Lone Pine, Jeff was an associate at Schulte Roth & Zabel LLP, Friedman Kaplan Seiler & Adelman LLP, and Simpson Thacher & Bartlett LLP.  Jeff is a 1998 graduate of Columbia Law School.


Kelly Harris is Vice President, Corporate Counsel, Privacy & Cybersecurity at Prudential Insurance Company of America, based in Newark, NJ.   In her role, Kelly provides specialized legal advice and counsel regarding information security and privacy laws/regulations, data usage and governance, and legal issues related to information protection, cybersecurity, and emerging technologies to all of Prudential’s complex and federated businesses and groups.  Before joining Prudential 2.5 years ago, Kelly spent 7 years helping to build the Privacy and Information Security programs at Wyndham Worldwide.  She started her legal career as an associate with Kirkpatrick & Lockhart (now K&L Gates) and then Gibbons, PC before going in-house to Japanese pharmaceutical companies Daiichi Sankyo and Otsuka.


Ken Mortensen, Esq., is the InterSystems’ Data Protection Officer promoting and leading Global Trust and Privacy for the company. He is based in their Cambridge headquarters and has global responsibility across the company to enhance information privacy, governance, and cyber risk processes not only in the development and deployment of InterSystems technology, but also in the management of operations and services. Ken focuses on enhancing global trust and privacy throughout InterSystems demonstrating to customers, clients, and stakeholders our commitment to investing and growing the capabilities of InterSystems in order to stay in front of emerging risks for privacy and cybersecurity.

Prior to joining InterSystems, Ken was a Senior Managing Director over at PwC specializing in data protection, privacy, and cybersecurity and led the expansion of PwC’s healthcare privacy offerings. Before that, Ken was the Vice President, Assistant General Counsel & Chief Privacy Officer at CVS Health, where he created the Information Governance Department and was responsible for overseeing enterprise information governance to deliver privacy compliance as well as leading the information security risk management organization to address cyber risks. While at CVS, he oversaw compliance with CVS’s FTC Consent Decree, OCR Corrective Action plan, and PCI program, including securing the first-ever closure letter from OCR. He was also the first Chief Privacy Officer for Boston Scientific responsible for implementing a global privacy and security program and introducing a governance emphasis for risk. 

Prior to that, Ken served in the Administration of President George W. Bush as the Associate Deputy Attorney General for the U.S. Department of Justice, where he was the primary counsel and policy advisor to the Attorney General and Deputy Attorney General on privacy and civil liberties matters. While at Justice, he led the U.S. delegation to negotiate privacy and cybersecurity terms with the European Union as well as oversaw the privacy and civil liberties processes for numerous national security and foreign intelligence programs, including work with the National Security Council related to FISA and EO 12333. Prior to going to Justice, Ken served at the U.S. Dep’t of Homeland Security as part of the team that stood up the Privacy Office at the beginning of the agency eventually as Deputy Chief Privacy Officer.

Before his government service, Ken was a partner in his own law firm as one of the early practitioners of privacy and security law, during which he served as Special Counsel to the Pennsylvania Attorney General. He taught computer law and information policy at Villanova Law School and was an electrical engineer at Burroughs in Large System Design focusing on information assurance and system test.

Ken is a former member of the board of directors for the International Association of Privacy Professionals (IAPP), including serving as Secretary for one year. He currently serves on the IAPP Research Advisory Board and the board of Shared Assessments, an organization focused on addressing third party information risks. Previously, Ken served on the board of the Health Information Trust Alliance (HITRUST) and participated in the development of the privacy control category of the HITRUST CSF. 

Ken currently teaches privacy law at Boston University Law School and cybersecurity law at the University of Maine School of Law. Ken is co-author with Andy Serwin of the West Publishing book, Healthcare Security and Privacy Law, and has authored chapters and sections for other privacy, cybersecurity, and governance risk books and publications. He is an internationally recognized expert on these topics and speaks globally on privacy, cybersecurity, and the governance of information.

Ken is admitted to the bars of Pennsylvania and New Jersey as well as the Supreme Court of the United States. He received his Juris Doctorate from Villanova University School of Law, his MBA from the Villanova University College of Finance, and his Bachelor’s of Science in Engineering degree in Electrical and Computer Engineering from Drexel University. He has a Certificate in Foreign Intelligence Law from the Judge Advocate General's School of Law. He has CIPP/US, CIPP/G, and CIPM certifications from IAPP.


Kristen Ahearn is Associate General Counsel, Director, Compliance Office and Privacy Officer at Memorial Sloan Kettering Cancer Center (MSK).  She works closely with MSK’s Information Security and Information Systems partners on key institutional projects involving patient information.  In collaboration with Office of General Counsel, Health Information Management, and the clinical and administrative teams, Kristen advises staff on operational practices to ensure compliance with Federal and state privacy regulations.  The Privacy Office also assists patients and their families with questions or concerns regarding privacy and confidentiality.  Kristen’s work experience includes more than 25 years at MSK in various roles in the outpatient areas and hospital administration.  She graduated from the University of Scranton with a BS in Health Administration, minor in Business. She received my Juris Doctor from New York Law School.  Kristen is admitted to the New York State bar.


Meredith K. Grauer is responsible for the strategy, development and execution of Nielsen’s Global Privacy Program, including advice, compliance oversight, support for commercial transactions, and reporting to the Board and senior leadership. She has in-depth experience counseling businesses on privacy, data security and IT matters, and guiding the implementation of new technologies and data-related initiatives.

Meredith has advised on all aspects of data protection legal and regulatory compliance (including advice related to US and global laws, such as GLBA, GDPR, CCPA, PIPEDA, as well as industry self-regulatory standards, such as DAA, NAI). She has responded to regulatory inquiries and examinations, developed privacy-related policies and procedures, advised on data breaches and security incidents, and created and implemented privacy/data protection risk assessments.


Sandra Maliszewski is currently Vice President, Chief Compliance Officer at Maimonides Medical Center. Previously, she was the Privacy Officer/Research Institutional Officer at AdvantageCare Physicians, PC, one of the largest multispecialty physician practices in the New York metropolitan area. Ms. Maliszewski has more than 25 years of health care experience, having practiced as a family nurse practitioner and licensed midwife in hospital and private practices. Upon graduating from law school, she was an associate at a law firm where she was a member of its health law department and the senior housing, white-collar crime and investigations, HIPAA compliance and health care professionals practice groups. Subsequently, she was Deputy General Counsel, Chief Compliance, Privacy and Research Compliance Officer for the NuHealth System followed by working with a health IT start-up where she developed a mobile app certification program.


Virginia “Ginny” Lee is the Founder, Managing Partner of a boutique law firm specializing in privacy law. Previously, she was Head of Global Data Privacy and Director, Senior Corporate Counsel at ServiceNow and before that, Director – Global Privacy at Starbucks At both companies, she was responsible for the establishment of global privacy programs. She was also Sr. Attorney – Privacy/Security at Intel Corporation, responsible for providing legal guidance on privacy and security matters, especially as they relate to “Privacy By Design”. Prior to Intel, Ginny was the Director of Platform and Product Privacy at Yahoo! where she was responsible for the policy direction of Yahoo!’s varied products and platforms. Ginny has worked on policy, regulatory and compliance issues for the Network Advertising Initiative, a self-regulatory association for the third-party advertising industry. In addition to her legal experience, Ginny has held positions in engineering, product management and technical support. She holds a BA in Applied Mathematics from the University of Maine, a MBA from the University of New Hampshire, and a JD from the University of Maine School of Law. Ginny is also a Fellow of Information Privacy (FIP), Certified Information Privacy Professional (CIPP/US, /G, IT) and Manager (CIPM) and is admitted to practice in Maine, Washington and Oregon, as well as being a registered patent attorney. She is currently an adjunct professor at the University of Maine School of Law and serves on the IAPP Privacy Bar Section Advisory Board.