Skip to main content

Twentieth Annual Institute on Privacy and Data Security Law


Speaker(s): Aaron P. Simpson, Adam J. Rivera, Alan Charles Raul, Alejandro Mosquera, Alfred J. Saikali, Clark Russell, Dave Wong, Deborah Hirschorn, Eric M. Friedberg, Erika Brown Lee, J. Andrew Heaton, Keith Enright, Kerry L. Childe, Kirk J. Nahra, Kumneger Emiru, Laura Juanes Micas, Lesley Matty, Lisa J. Sotto, Maneesha Mithal, Margaret A. Keane, Marianne Fogarty, Michael La Marca, Michele S. Lucan, Miriam H. Wugmeister, Patrice S. Ettinger, Prashanth Mekala, Robert Lord, Ryan Vinelli, Stephanie Driggers , William E. Min
Recorded on: May. 20, 2019
PLI Program #: 251431

Aaron Simpson is a partner with Hunton Andrews Kurth and head of the firm’s EU data protection and privacy practice.  He advises clients on a broad range of complex privacy, data protection and cybersecurity matters, including international and U.S. federal and state privacy and data security requirements.  Aaron’s work ranges from advising clients on large-scale cybersecurity incidents to the development of cross-border data transfer solutions, compliance with existing and emerging data protection requirements in Europe, and negotiating data-driven commercial agreements.  He has advised numerous clients on the EU General Data Protection Regulation (GDPR).  He also prepares proactive, data breach-readiness solutions for clients, including through the creation of incident response plans and conducting board-level tabletop exercises.

Aaron is well known as a top privacy professional and has been recognized by Chambers and Partners, Computerworld and The Legal 500 for his work on behalf of clients.  Aaron is the only lawyer listed in both The Legal 500 United Kingdom and The Legal 500 United States guides, providing clients with a broad and unique transatlantic perspective on privacy, data protection and cybersecurity matters.

In addition, Aaron is a sought-after media resource on privacy issues and has been quoted in such publications as Bloomberg BNA, Businessweek Magazine, Computer Weekly, Corporate Secretary, DataGuidance, Law360, SC Magazine, The Times and TIME Magazine.  He regularly speaks before industry groups, legal organizations, government agencies and educational institutions at conferences, seminars, roundtables and webinars.  He has written and co-written numerous articles, book chapters and handbooks on privacy and information security issues.

Aaron received his JD from the University of Virginia School of Law and his BA from the University of Texas, High Honors.  He is admitted to practice in New York, and is a Registered Foreign Lawyer of England and Wales.


Adam Rivera leads the privacy team for the Americas region at Refinitiv, formerly the Financial & Risk business of Thomson Reuters. Adam is also the primary attorney at Refinitiv that supports the company’s cybersecurity program. Adam was heavily involved in the company’s GDPR readiness program. Adam is also leading compliance and advocacy efforts related to the newly enacted data privacy laws in California and Brazil. Prior to his current role, Adam held various positions at Thomson Reuters, Louis Vuitton and practiced at Schulte Roth & Zabel LLP.


ALAN RAUL is the founder and leader of Sidley's highly ranked Privacy and Cybersecurity practice. He represents companies on federal, state and international privacy and cybersecurity issues, including digital governance, global data protection and compliance programs, data breaches, consumer protection issues and Internet law. Alan advises companies regarding their cybersecurity preparedness and helps them manage data security incidents. His practice involves litigation and counseling regarding consumer class actions and investigations, enforcement actions and policy development by the FTC, State Attorneys General, SEC, Department of Justice, financial regulators, EU Data Protection Authorities, and other government agencies.

He regularly represents leading tech, telecom, media, financial services and other companies with respect to their digital governance, compliance and crisis management. Alan has recently represented a special cybersecurity review committee of the Board of Directors of a major tech company in connection with its independent investigation of the company's handling of significant data breaches.

Alan provides clients with perspective gained from extensive government service. He previously served as Vice Chairman of the White House Privacy and Civil Liberties Oversight Board, General Counsel of the Office of Management and Budget, General Counsel of the U.S. Department of Agriculture, and Associate Counsel to the President.

Alan serves as a member of the Technology Litigation Advisory Committee of the U.S. Chamber Litigation Center (affiliated with the U.S. Chamber of Commerce). He also serves as a member of the American Bar Association's Cybersecurity Legal Task Force by appointment of the ABA President, and as a member of the Practicing Law lnstitute's (PLI) Privacy Law Advisors Group.

Alan is a member of the governing Board of Directors of the Future of Privacy Forum. He is a member of the Center for Democracy and Technology's Advisory Committee. Alan also serves on the Executive Committee of the Federalist Society's Administrative Law Practice Group. Alan is a frequent author and speaker on privacy, cybersecurity and related issues. He is overall editor arid a contributing author of The Privacy, Data Protection and Cybersecurity Law Review (Law Business Research Ltd, 5th ed. 2018).

Alan holds degrees from Harvard College (AB magna cum /aude),  Harvard Kennedy School of Government (MPA), and Yale Law School (JD).  He clerked for Judge Malcolm R. Wilkey of the U.S. Court of Appeals for the D.C. Circuit.


Bill Min is Deputy General Counsel & Chief Privacy and Data Governance Officer for Western Union where he leads the company’s global privacy and information governance organization. 

Prior to Western Union, Bill was Senior Vice President, Legal and Chief Privacy Officer at Live Nation Entertainment, Inc.  He also worked for 16+ years at Starwood Hotels & Resorts Worldwide, Inc. where he led several global functions, including privacy, enterprise risk management, and operational compliance.  Among his accomplishments, Bill is acknowledged as an expert in the area of data privacy, and established the global privacy function at both Live Nation and Starwood.  Earlier in his career, Bill held in-house legal positions at Sara Lee Corporation and at Sunkyong America, Inc., the US subsidiary of one of the largest Korean conglomerates.  Prior to working as in-house counsel, Bill was a mergers and acquisitions attorney at two New York City law firms.  

Bill earned his Bachelor of Arts degree from the University of Pennsylvania, his Master of Arts degree from the State University of New York at Stony Brook, and his Juris Doctor degree from Fordham University School of Law. 


Clark Russell is the Deputy Bureau Chief of the Bureau of Internet and Technology at the New York State Attorney General’s Office.  The Bureau is committed to protecting consumers from online threats and has brought a number of ground-breaking cases involving internet and technology issues, including privacy, online fraud and data security.  Clark’s investigations included Secure Our Smartphones, where the office convinced smartphone manufacturers to install a “kill switch” in their smartphones; and Operation Clean Turf, the largest investigation into companies flooding the Internet with fake positive reviews; Operation Child Tracker, the largest state AG investigation of violations of the Children’s Online Privacy Protection Act (“COPPA”) by major child brand websites, and a well-known ad network.  Clark oversees the office’s data breach notification program, and secured numerous record-setting results in data breach cases.  He is also the principal draftsperson of the office’s proposed overhaul of New York State’s data security law to require new and unprecedented safeguards of personal data.


Dave Wong is a Managing Director at FireEye Mandiant. Mr. Wong manages the FireEye Mandiant cybersecurity consulting practice in North America. In this capacity, he leads and oversees projects to help organizations respond to cybersecurity incidents and make them more resilient to attack.

Mr. Wong has extensive experience in cybersecurity and investigating cybercrime. Over the past 10 years, he has investigated some of the largest cybersecurity incidents and provided evidence to help law enforcement arrest cybercriminals. Dave brings true front-line experience as he has visibility in the effectiveness of cybersecurity programs across many industries, and specifically what went wrong when companies suffer a cyber security incident. He uses this experience to help guide companies to secure their systems, data, and intellectual property.

Prior to joining FireEye, Mr. Wong was the Chief Operating Officer of the Intrepidus Group, a boutique cybersecurity firm that focused on mobile application and device security. Dave also worked at Bridgewater Associates, the world’s largest hedge fund, as head of cybersecurity for the trading floor. He firmly believes that “it takes a thief to catch a thief”, and started his career in cybersecurity conducting penetration testing to help companies identify computer security vulnerabilities.

Mr. Wong is a Certified Information Systems Security Professional (CISSP) and holds a degree in Engineering from the Cooper Union for the Advancement of Science and Art.

 


Eric Friedberg is a seasoned executive with 30 years of public and private sector experience in law, cyber-crime response, IT security, forensics, investigations and e-discovery. His expertise is sought by boards, audit committees, law firms, and the courts. He has helped many Fortune 500 companies improve their governance and technology initiatives and their cyber regulatory compliance. He has led Stroz Friedberg over 16 years from a start-up into a $150m, 550-person consulting and technical services firm with nine U.S. and four foreign offices. While always a principal business developer and leader of major client assignments, he has overseen geographic and service line growth, M&A, infusions of $150m in private equity capital, board interactions and, in late 2016, the sale of the company to Aon plc. Before the sale, Mr. Friedberg was an officer and director of Stroz Friedberg, and a member of the compensation committee.

Before building Stroz Friedberg, Mr. Friedberg was for 11 years a federal prosecutor in Brooklyn, where he led the Computer Crime and Narcotics Units. He began his career as an intellectual property and securities litigator at Skadden, Arps.

Mr. Friedberg is national leader in all forms of computer crime, including attacks by state-sponsored agents, organized crime, hacktivists, and malicious insiders. He has led responses to some of the most serious attacks on the nation’s companies and has conducted enterprise security risk assessments in many sectors, including financial, media and entertainment, Internet, sports, health care, law, consulting, oil and gas, and engineering. He is an expert in incident response governance, technologies, policies, and procedures. He has been quoted extensively on cyber-crime and IT security issues in print, digital and television media, including the Wall Street Journal, the Financial Times, The New York Times, cnbc.com, and Fox Business News.

Mr. Friedberg is also a leader in the fields of e-discovery, forensics and privacy, having managed hundreds of high-profile assignments in those areas, testified as an expert, been appointed by courts as a Special Master, and led the development of methodologies for forensic and privacy investigations. He has lectured extensively and has published book chapters and articles on managing risk and conducting investigations in e-discovery and forensics. He is a member of the advisory board of the privacy think tank, The Future of Privacy Forum, and a member of the International Association of Privacy Professionals. He is a former member of the Sedona Conference’s Working Group 6, which develops e-discovery standards.

At the U.S. Attorney’s Office, Mr. Friedberg was a cybercrime, white collar crime, and narcotics prosecutor and worked extensively with the D.E.A., F.B.I., and U.S. Secret Service. He was also a member of the New York Electronic Crimes Task Force. His most prominent case was the investigation, prosecution and conviction of six accomplices who assassinated a former editor of the New York City Spanish daily newspaper El Diario on orders of the Cali Cartel in retaliation for unfavorable news coverage. For his leadership of the case, Mr. Friedberg received the 1994 Department of Justice Award for Superior Performance. In the cyber arena, Mr. Friedberg investigated and prosecuted cases involving hacking, denial of service attacks, propagation of malicious viruses, illegal data wiretapping, and cyber-extortion.

Mr. Friedberg holds a J.D. from Brooklyn Law School and a B.A. from Brandeis University.


J. Andrew Heaton is a principal in Ernst & Young LLP and serves as Global Lead Counsel – Data Privacy and Security for the global EY organization.  In this role, he leads EY’s global data protection team, serves as global privacy officer for the organization, and advises EY on legal aspects of data protection and information technology worldwide.  Prior to assuming his global responsibilities in 2014, he served in a similar capacity with EY’s practice in the United States, and was also lead counsel for EY’s financial services practice.

Mr. Heaton graduated summa cum laude from Bradley University in Illinois.  He received his law degree with honors from the University of Chicago Law School.  He joined EY in 1994 and was named a principal in 2000.

Mr. Heaton is a Certified Information Privacy Manager, a Certified Information Privacy Professional/US, and a member of the bars of New York, the District of Columbia and Maryland.


Kerry Childe was the Senior Corporate Counsel for Privacy and Information Policy at Best Buy in Richfield, Minnesota, leading the Enterprise Privacy team as well as the Information and Records Management and Electronic Discovery teams.  Prior to Best Buy, Kerry was the Senior Privacy and Regulatory Counsel for a nonprofit financial services company in Austin, Texas, focused on privacy matters, corporate governance, information technology, and business operations.  Kerry received her JD from Baylor Law School in Waco, Texas, and her bachelor’s degree from the University of Nebraska-Lincoln.  She is currently on sabbatical, speaking at and attending conferences and working to discover her next adventure in privacy.


Lesley Matty is Senior Counsel - Intellectual Property & Global Data Privacy for Tiffany & Co., responsible for intellectual property, data privacy, advertising, media and PR matters, as well as related retail and corporate matters worldwide.  Prior to joining Tiffany, Lesley was Legal Counsel at Richemont North America, Inc., which owns several of the world’s leading luxury watch and jewelry brands.  At Richemont, Lesley managed domestic intellectual property enforcement for all brands and a wide variety of transactional matters.  Before moving in-house, Lesley was an associate at two boutique intellectual property firms where her practice focused on domestic and international trademark and copyright clearance, prosecution, portfolio maintenance, enforcement and litigation.  She is a graduate of Emory University and Yeshiva University’s Benjamin N. Cardozo School of Law.


Marianne Fogarty is the Senior Legal Director for Compliance at Twitter Inc. She is responsible for providing and executing the strategic vision for Twitter’s Global Ethics and Compliance Program, leading efforts to identify and mitigate compliance risk and further embed the company’s values. The Global Ethics and Compliance Program includes Ethics, Anti-Corruption, Trade Compliance and internal investigations of employee fraud and misconduct arising out of alleged violation of law and policy.

Prior to joining Twitter, Marianne was Senior Managing Counsel in MasterCard’s Global Compliance group, and had responsibility for the development and day-to-day management of MasterCard’s Code of Conduct and global ethics awareness and training, the global anti-corruption program and the regional compliance program.  She also managed and conducted internal investigations of employee fraud and misconduct related to violations of the law, financial regulations and company policies.

Before going in-house, Marianne worked in private practice at Boies, Schiller & Flexner and Davis Polk & Wardwell on a variety of matters including, government and internal investigations, FCPA and anti-money laundering program development, complex commercial litigations and arbitrations, corporate criminal defense and representation of clients in a variety of legal and regulatory matters. 

Ms. Fogarty is a graduate of Fordham Law School and the Wharton School of the University of Pennsylvania.


Michele S. Lucan is an Assistant Attorney General at the Connecticut Attorney General's Office in its Privacy and Data Security Department. In this role, Michele handles all matters involving consumer privacy and information security. Most notably, Michele is currently leading and/or co-leading multistate investigations of several massive data breaches involving sensitive personal information.

Michele joined the Attorney General's Office in 2008 and first served in its Consumer Protection Division, where she investigated and pursued enforcement actions against a variety of unfair and deceptive business practices under the Connecticut Unfair Trade Practices Act. In 2013, Michele was appointed to a multidisciplinary Privacy Task Force that was created to focus the Office's response to privacy concerns and data breaches, and educate the public and Connecticut businesses about data protection responsibilities under state and federal law. In early 2015, a dedicated Privacy and Data Security Department was formed and Michele was assigned full-time to the Department from its inception. Michele has spent the past several years working exclusively on privacy-related matters.

Michele is a Certified Information Privacy Professional (CIPP)/ U.S.  She received her B.A. from Loyola University in Maryland and her J.D. from the Quinnipiac University School of Law. Michele speaks regularly on privacy-related topics to government, bar and industry groups.


Robert Lord is the Chief Security Officer for the Democratic National Committee and leads the committee’s cybersecurity operations.  Mr. Lord works with the organization’s own internal security team as well as in the field to support state parties, including efforts to update their “information security strategies” and improve practices to “change the economics” for would be cyber-attackers.


Stephanie Driggers is an Attorney with United Parcel Service, a global transportation and logistics company with operations in 220 countries and territories.  She is responsible for managing complex commercial litigation both internationally and domestically across all business units.  Ms. Driggers formerly had responsibility for global privacy, addressing tactical and strategic privacy and cybersecurity matters around the world. 

Prior to joining UPS, Ms. Driggers was a partner at an Am Law 100 law firm, where she concentrated her practice on class action defense and data privacy litigation. 

Ms. Driggers is a graduate of Vanderbilt University Law School and received her undergraduate degree from Stetson University.  She clerked for Judge Thomas A. Wiseman, Jr. of the United Stated District Court in the Middle District of Tennessee.  She is a Fellow of Information Privacy (FIP), a Certified Information Privacy Professional (CIPP-US), and a Certified Privacy Manager (CIPM).  

Ms. Driggers focuses her pro bono and volunteer work on human trafficking.


Few lawyers in the world have Miriam Wugmeister's breadth and understanding of privacy and data security laws, obligations, and practices. In the words of her clients, she is “extremely practical and phenomenally smart. Just about one of the best privacy advisers there is” (Chambers USA). Co-chair of Morrison & Foerster’s market-leading Global Privacy and Data Security Group and ranked among the top in the profession by all major directories, Ms. Wugmeister is regularly called upon by some of the world’s largest and most complex multinational organizations to confront their most difficult U.S. and international privacy challenges. “Tremendous at helping you come up with practical solutions to real problems” (Chambers USA), she develops cutting-edge solutions for clients that marry legal compliance with business realities.

Having helped hundreds of clients respond to data security incidents, Ms. Wugmeister has worked on several of the most noteworthy and largest data security incidents over the past few years. She has been praised as “clearly operating at the top of her profession; distinguished by her passion, ability to relate to clients, and practical business-minded advice” by Legal 500, which recently named Morrison & Foerster as the 2015 Cyber Crime Firm of the Year. Ms. Wugmeister also works with dozens of companies to develop comprehensive customized incident response plans, training staff, conducting extensive table top exercises, and addressing key issues with Boards of Directors and executive management.

Ms. Wugmeister advises organizations on the planning and execution of complex global compliance efforts, assists in the negotiation of strategic deals, and defends regulatory and litigation matters relating to privacy and data security in the U.S. and internationally. She serves as an arbitrator for the EU-US Privacy Shield Framework Binding Arbitration Program. Ms. Wugmeister regularly advises on data security breach issues; the global collection, use, sharing of employee, customer, vendor, and consumer personal information; ediscovery and monitoring conflicts; social media issues; and cloud computing deals, as well as on developing data security policies and procedures and cybersecurity preparedness and response plans. She also counsels clients on cutting-edge consumer privacy issues surrounding emerging technologies such as the Internet of Things (IoT), telematics, and big data.

As leader of the Global Privacy Alliance (GPA), Ms. Wugmeister encourages the rational development of privacy laws around the world and monitors privacy practices, laws, and regulations globally. On behalf of the GPA’s members, she takes an active role in anticipating upcoming privacy legislation and educating regulators on the commercial implications of proposed regulations. Ms. Wugmeister developed the firm’s Privacy Library and the MoFoNotes subscription database so that organizations can keep apprised of privacy and data security compliance requirements in jurisdictions around the world. She is also co-editor of Global Employee Privacy and Data Security Law, Second Edition (BNA Books, 2011).

Chambers USA and Chambers Global recommend Ms. Wugmeister in the top tier of privacy and data security lawyers worldwide, and Legal 500 US recognizes her as a leading lawyer for her “professionalism and strong international presence.” For her work in data protection and privacy, Ms. Wugmeister is an inaugural inductee into the 2017 Legal 500 Hall of Fame, which is comprised of outstanding U.S. lawyers who have been recommended as Legal 500 “Leading Lawyers” for the last six consecutive years. In 2016, she was named one of Financial Times’ “Top 10 Innovative Lawyers in North America” and a National Law Journal “Cybersecurity and Data Privacy Trailblazer” for her cutting-edge work in this space.  Ms. Wugmeister was previously designated an Ethisphere “Attorney Who Matters,” and a BTI Client Service All-Star, and has been featured in Best Lawyers in America every year since 2008.


Mike’s practice focuses on privacy and cybersecurity issues. Mike advises multinational clients on compliance with all federal, state and international privacy and data security laws, and managing privacy and cybersecurity risks and policy issues. He also regularly assists companies with developing and implementing their information security programs and addressing related governance issues. Mike has managed several large-scale cybersecurity incidents, including advising on data breach response and notification obligations. He also regularly assist clients with negotiating and drafting privacy and data security terms in commercial contracts and M&A transactions. Mike is a certified information privacy professional (CIPP/US) by the International Association of Privacy Professionals (IAPP).

In addition, Mike maintains an active pro bono practice. He has represented pro bono clients in criminal appeals and special education matters and has advised a variety of issues, including trademark, copyright and cybersquatting disputes; privacy and cybersecurity obligations; and US national security policies and regulations.

Relevant Experience

  • Advising numerous clients on compliance with the California Consumer Privacy Act of 2018 (CCPA), including conducting due diligence, preparing gap analyses, developing remediation plans, and undertaking compliance projects.
  • Represents a large financial services and communications company on global privacy and data security matters, including providing privacy compliance advice, advising on the New York State Department of Financial Services cybersecurity regulations, assisting with building a GDPR compliance program, and assisting with a large data security incident.
  • Assists a global retail and technology company with a recent cybersecurity incident affecting approximately 150 million user accounts, handling response efforts including notification, follow-up investigations by regulators and data protection authorities, and resulting litigation.
  • Advises multinational financial services companies on privacy and cybersecurity due diligence issues.
  • Advises a large manufacturing company on myriad privacy and cybersecurity issues, including certification to the EU-US Privacy Shield.
  • Advises technology companies, retailers, consumer goods companies and financial institutions on data breach and cybersecurity incident response, including preparation of required notifications pursuant to state breach notification laws, call center training and development of media strategies.
  • Provides advice on cybersecurity risks, including proactive breach readiness activities such as developing data breach toolkits, reviewing incident response plans and preparing tabletop exercises.
  • Drafts comprehensive data security policies, standards and procedures in connection with corporate information security programs.
  • Advises clients on their international data transfer strategies, including certification to the EU-US Privacy Shield.


Named among The National Law Journal’s “100 Most Influential Lawyers,” Lisa Sotto chairs Hunton Andrews Kurth’s top-ranked Global Privacy and Cybersecurity practice and is the managing partner of the firm’s New York office.  She also serves on the firm’s Executive Committee.  Lisa has received widespread recognition for her work in the areas of privacy and cybersecurity.  She was voted the world’s leading privacy advisor in all surveys by Computerworld magazine and has received top rankings for privacy and data security by Chambers and Partners and The Legal 500.  Lisa serves as the Chairperson of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. 

Lisa assists clients in identifying, evaluating and managing risks associated with privacy and data security practices.  She advises clients on GLB, HIPAA, COPPA, CAN-SPAM, FCRA, VPPA, security breach notification laws, and other U.S. state and federal privacy and data security requirements (including HR rules), and global data protection laws (including those in the EU, Asia and Latin America).  More recently, Lisa’s work includes assisting dozens of clients in developing strategies for complying with the California Consumer Privacy Act of 2018.

Featured as “The Queen of Breach” in an article by New York Super Lawyers Magazine, Lisa provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness.  Since 2005, she has advised clients on more than 1,600 cybersecurity and data breach incidents in the U.S. and abroad, including many of the seminal events.  Lisa is the editor and lead author of the legal treatise entitled Privacy and Cybersecurity Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business. 

Lisa is chair of the New York Privacy Officers’ Forum and a former member of the Board of Directors of IAPP.  She received her J.D. from the University of Pennsylvania Law School, where she was an editor of the Law Review.  She received her B.A. from Cornell University, with Distinction in All Subjects.  Lisa is admitted to practice in New York.


 


Supervisory Special Agent (SSA) Prashanth Mekala has been a Special Agent with the FBI for 15 years. He spent the first eight years of his career working on complex counterintelligence and espionage cases.  From 2012 to 2014 he worked in FBI Headquarters as a Program Manager in the Counterintelligence Division - Economic Espionage Unit and the Cyber Division - Middle East/Africa Unit.  For over the past four years SSA Mekala has managed teams in the FBI New York Field Office focused on sophisticated nation state and criminal actors that leverage computer intrusions.  SSA Mekala has a Bachelors degree from Carnegie Mellon in Chemical Engineering, specializing in Biomedical Engineering.  He graduated from Columbia University’s School of International and Public Affairs (SIPA) with a Masters Degree in Policy and Administration, specializing in International Economic Policy Management. SSA Mekala graduated with distinction from Carnegie Mellon with a Masters Degree in Information Technology, specializing in Information Security and Assurance.


Al Saikali is a Chambers-ranked lawyer specializing in privacy and data security law.  He represents companies in minimizing the risks associated with the collection, use, storage, and security of personal information.  In addition to chairing Shook, Hardy & Bacon’s Privacy and Data Security practice, he founded and chairs the Sedona Conference’s Working Group on Privacy and Data Security, and co-chairs the American Bar Association’s Cybersecurity Law Institute.  He has won the Lexology Client Choice award in technology law the last two years in a row and was named a “Trailblazer in Cybersecurity” by the National Law Journal in 2015.  In his spare time, Al is an Adjunct Professor at Saint Thomas University where he teaches Cybersecurity Law, and he maintains a blog (Data Security Law Journal) where he writes about emerging trends and issues in privacy and data security law.  Al has been quoted by the Wall Street Journal, Bloomberg BusinessWeek, and Law360 for his thoughts on privacy and data security legal trends. 


Keith Enright serves as Google’s Chief Privacy Officer and leads the global privacy legal team. He joined Google in March 2011.  He has nearly 20 years of experience in creating and implementing programs for privacy, data stewardship, and information risk management.

Prior to joining Google, Keith served as the senior-most privacy executive at two Fortune 500 online and offline retail enterprises, as senior consultant for a leading global consulting practice, and as General Counsel for a successful advertising technology company.

Keith served a 5-year term on the Board of Directors of the International Association of Privacy Professionals. He has been a guest speaker at Harvard Law School, Stanford Law School, and the Massachusetts Institute of Technology, and is frequently a featured speaker at industry events focusing on technology, privacy and data protection. He is a member of the Maryland Bar and holds the Certified Information Privacy Professional, U.S., and Government (CIPP/US, CIPP/G) certifications.


Kumneger Emiru is a Senior Manager, Corporate Counsel at ServiceNow, where she focuses on global privacy compliance and manages ServiceNow’s AMS privacy team. Kumneger serves as the lead negotiator on commercial transactions related to privacy for both inbound and outbound agreements. Her responsibilities also include product counseling and support and drafting privacy policies and procedures. During her tenure at ServiceNow, Kumneger also provided contract support to regional sales teams.

Kumneger previously worked at MongoDb supporting sales teams with commercial contracts, and at Workday, where her work included conducting privacy audits and trainings. She began her career at the Department of Health and Human Services, Office for Civil Rights, where she investigated alleged HIPAA violations.

Kumneger is a Certified Information Privacy Professional US/Europe. She received her law degree from the University of Iowa, College of Law and holds an A.B. from the University of Chicago with honors in dual concentrations of Public Policy and African and African American Studies.

Kumneger is admitted to practice in Illinois and is a registered in-house counsel in California.


Laura Juanes Micas is a multilingual law, policy and privacy expert in the technology industry. She currently serves as Global Director of Privacy Policy Engagement at Facebook Inc. 

Laura is a Spanish qualified lawyer, based in the United States, with more than fifteen years of professional experience in technology and media companies. In her role at Facebook, she leads a global team that regularly engages with regulators, policymakers, experts and advocates in order to inform on key privacy issues that impact how individuals use or relate to Facebook’s technology daily. Prior to joining Facebook, she served as an Assistant General Counsel, Privacy & Human Rights, at Yahoo Inc., where she led the legal and public policy team’s efforts on global privacy matters and the company’s Business and Human Rights Program.

Before assuming her AGC role at Yahoo, Laura held various positions, including as General Counsel at Yahoo Spain and as Director of Product Compliance and Law Enforcement response for the Americas. Laura is a law graduate of the Universidad Auto´noma de Madrid, where she worked as a lawyer before joining Yahoo.

Laura holds U.S. and EU Certifications for International Privacy Professionals (CIPP). She serves on the Advisory Board of the Information Accountability Foundation and chairs the Latin America chapter of the Centre for Information Policy Leadership. She is a mentor of startups and entrepreneurs in South Florida and Latin America and a proud Board and founder Member of Woman in Tech Miami Council, with a mission to connect and empower women with diverse technological backgrounds.


Patrice Ettinger is the Chief Privacy Officer at Pfizer, one of the world's premier innovative biopharmaceutical companies with a global reach in over 125 countries.  In this role, Patrice leads Pfizer’s privacy program with responsibility for privacy and data protection strategy worldwide. Before joining Pfizer, Patrice was Chief Privacy Officer at Avon Products Inc., where she created Avon’s first global privacy program.  Prior to her role at Avon, Patrice held positions of increasing responsibility at Dow Jones & Company, including as Assistant General Counsel in charge of the company’s intellectual property and privacy matters.

Patrice serves as Treasurer on the Board of Directors of the International Association of Privacy Professionals (IAPP).  In addition, Patrice is Chairperson of the International Pharmaceutical & Medical Device Privacy Consortium, an organization focused on privacy best practices for the pharmaceutical industry and public policy for privacy and healthcare. 

Patrice is the 2019 recipient of the Women in Compliance (WICA) Award for Privacy Officer of the Year.  She is a Certified Information Privacy Professional (CIPP/US) and received her JD from Fordham Law School.


Ryan Vinelli is a Vice President, Privacy and Technology counsel at Western Union. Western Union is a global leader in cross-border, cross-currency money movement. His work focuses on data protection, information security and ensuring a global-approach to securing data.

Prior to joining Western Union, Ryan was Global Cybersecurity Counsel for Verizon Media supporting brands including Yahoo, Aol, Tumblr, Huffington Post, Techcrunch and Engagdet. Ryan was also a Vice President handling global legal and privacy matters for Starwood Hotels & Resorts Worldwide, Inc. and after its acquisition at Marriott Hotels International. Ryan began his career in data protection as privacy counsel for General Electric.

Ryan is a graduate of the Benjamin N. Cardozo School of Law and holds undergraduate and graduate degrees in computer science from Tufts University. Ryan is licensed to practice law in multiple states and is a registered Patent attorney.


Kirk Nahra has been a leading authority on privacy and cybersecurity matters for more than two decades. Indeed, he is one of the few lawyers in the world ranked in Band 1 by Chambers in privacy and data security. Mr. Nahra counsels clients across industries, from Fortune 500 companies to startups, on implementing the requirements of privacy and data security laws across the country and internationally. He also advocates for clients experiencing privacy and security breaches, and represents clients in contract and deal matters, enforcement actions, regulatory investigations and related litigation.

Mr. Nahra is best known for his work with health insurers, hospitals, service providers, pharmaceutical manufacturers and other health care industry participants. He has a deep understanding of the privacy and security issues healthcare companies face relating to HIPAA rules, state and federal legislation, enforcement activities, internal investigations, international principles, due diligence in transactions, data breach risk assessments, and the key lines between regulated and unregulated data. During his decades of experience, Mr. Nahra has developed compliance programs, drafted privacy and information security policies, negotiated agreements involving health data, responded to health incidents and defended clients against government investigations.

Mr. Nahra also has substantial experience working with clients in the financial services and insurance industries on privacy and data security matters relating to the Gramm-Leach-Bliley Act, Fair Credit Reporting Act, Fair and Accurate Credit Transactions Act, data aggregation and sharing practices, and privacy and data security compliance under a wide range of state and federal laws. He also has a breadth of experience drafting and evaluating data security practices and policies across varying industry standards; has investigated and litigated   potential fraud against insurers, and has assisted with the development and oversight of corporate compliance programs.

Professional Activities

A leader in the privacy bar, Mr. Nahra has been involved in developing the privacy legal field for 20 years. As a founding member and current board member of the International Association of Privacy Professionals, he helped establish the organization’s Privacy Bar Section and their first and most popular certification for Certified Information Privacy Professionals. He has taught privacy issues at several law schools, including serving as an adjunct professor at the Washington College of Law at American University and at Case Western Reserve University. In addition, he currently serves as a fellow with the Cordell Institute for Policy in Medicine & Law at Washington University in St. Louis and as a fellow with the Institute for Critical Infrastructure Technology. He actively shares his privacy insights through numerous speeches and articles, and on social media.

Solutions

Cybersecurity and Privacy

Credentials

EDUCATION

JD, Harvard Law School, 1987
cum laude

Articles Editor, Harvard Journal on Legislation

BA, Georgetown University, 1984
magna cum laude Phi Beta Kapp

ADMISSIONS

District of Columbia


Alejandro Mosquera is data attorney at MUFG and is based in New York. He is responsible for providing legal advice in connection with data processing activities (including data privacy and data protection) affecting MUFG’s global operations. Alejandro holds a J.D. from the Universidad de los Andes, an M.I.A. in International Finance and Management from Columbia University, an L.L.M. from The University of Chicago Law School and a one-year course diploma on International, Comparative and European Law from the Université Robert Schuman. Alejandro is admitted to practice law in New York and Colombia and is a Certified Information Privacy Professional (US) and Certified Information Privacy Manager. He is fluent in Spanish, English, Portuguese, Italian and French. 


Deborah Hirschorn is an experienced Complex Director with a demonstrated history of working in the insurance industry.  She is skilled in Professional Liability, Property & Casualty Insurance, Litigation Management, Arbitration, and Reinsurance.  Deborah is a strong media and communication professional and graduated from Suffolk University Law School.


Erika Brown Lee is a Senior Vice President and Assistant General Counsel at Mastercard.  Ms. Brown Lee leads the team that develops policies, provides guidance, and ensures compliance with privacy and data protection laws across the company’s products and services, including payment processing, data analytics, and fraud-related activities.  Ms. Brown Lee also works closely with the company’s cybersecurity teams to develop policies and manage regulatory interactions.  Ms. Brown Lee is the former Chief Privacy and Civil Liberties Officer of the U.S. Department of Justice, where she served as the principal advisor to the Attorney General on privacy and civil liberties matters.  Ms. Brown Lee co-chaired the DOJ breach response team, played a leadership role among agencies working to develop privacy-related legislation, and provided regular briefings to Capitol Hill.  She received an Attorney General Award for Exceptional Contributions in Negotiating a Data Protection and Privacy Agreement with the E.U.  Ms. Brown Lee also served in the Division of Privacy & Identity Protection at the Federal Trade Commission, and chaired the ABA’s Privacy & Information Security Committee.  Ms. Brown Lee is a Certified Information Privacy Professional (CIPP) for Europe and the U.S.


Maneesha Mithal is the Associate Director of the Federal Trade Commission’s Division of Privacy and Identity Protection, which focuses on consumer privacy, data security, and credit reporting issues.  In this capacity, she has managed significant initiatives, including reports on Big Data, the data broker industry, the Internet of Things, consumer privacy, facial recognition, and mobile privacy disclosures.  She has testified before Congress on data security, connected cars, facial recognition, and identity theft.  She has also supervised Commission investigations that resulted in consent orders, including against companies such as Wyndham, Google, Facebook, Twitter, Lifelock, HTC, Snapchat, Uber, and Lenovo.  She has held numerous positions at the Commission, including Chief of Staff of the Bureau of Consumer Protection, and Assistant Director of the International Division of Consumer Protection.  Prior to joining the Commission in 1999, Ms. Mithal was an attorney at the Washington law firm of Covington & Burling.  Ms. Mithal earned her law degree from the Georgetown University Law Center and her undergraduate degree from Georgetown University.


Margaret Keane is a Partner in the employment group at the international firm of DLA Piper LLP.  She is based in San Francisco and works with clients to address the challenges of today’s workplace, including workplace privacy, employee mobility issues, mobile devices, wage and hour compliance, and related workplace issues.