Skip to main content

Twentieth Annual Institute on Privacy and Data Security Law


Speaker(s): Aaron P. Simpson, Adam J. Rivera, Alan Charles Raul, Alejandro Mosquera, Alfred J. Saikali, Clark Russell, David Wong, Deborah Hirschorn, Eric M. Friedberg, Erika Brown Lee, J. Andrew Heaton, Keith Enright, Kerry L. Childe, Kirk J. Nahra, Kumneger Emiru, Laura Juanes Micas, Lesley Matty, Lisa J. Sotto, Maneesha Mithal, Margaret A. Keane, Marianne Fogarty, Michael La Marca, Michele S. Lucan, Miriam H. Wugmeister, Patrice S. Ettinger, Prashanth Mekala, Robert Lord, Stephanie Driggers , William E. Min
Recorded on: May. 20, 2019
PLI Program #: 251431

Aaron Simpson is a partner with Hunton Andrews Kurth. He advises clients on a broad range of complex privacy, data protection and cybersecurity matters, including international and U.S. federal and state privacy and data security requirements. Aaron’s work ranges from advising clients on large-scale cybersecurity incidents to the development of cross-border data transfer solutions, compliance with existing and emerging data protection requirements in Europe, and negotiating data-driven commercial agreements. He frequently assists clients with due diligence and negotiation of privacy and data security issues in corporate transactions. Aaron also prepares proactive, data breach-readiness solutions for clients, including through the creation of incident response plans and conducting board-level tabletop exercises. 

Additionally, Aaron has substantial experience advising clients on global privacy compliance programs, and his work includes developing strategies for compliance with the California Consumer Privacy Act of 2018 and California Privacy Rights Act of 2020. He also has advised numerous clients on the EU General Data Protection Regulation.

Aaron is well known as a top privacy professional and has been recognized by Chambers and Partners, Computerworld and The Legal 500 for his work on behalf of clients. Aaron is the only lawyer listed in both The Legal 500 United States and The Legal 500 United Kingdom guides, providing clients with a broad and unique transatlantic perspective on privacy, data protection and cybersecurity matters.

In addition, Aaron is a sought-after media resource on privacy issues and has been quoted in such publications as Bloomberg BNA, Businessweek Magazine, Computer Weekly, Corporate Secretary, DataGuidance, Law360, SC Magazine, The Times and TIME Magazine. He regularly speaks before industry groups, legal organizations, government agencies and educational institutions at conferences, seminars, roundtables and webinars. He has written and co-written numerous articles, book chapters and handbooks on privacy and information security issues.

Aaron received his JD from the University of Virginia School of Law and his BA from the University of Texas, High Honors. He is admitted to practice in New York, and is a Registered Foreign Lawyer of England and Wales.


Adam Rivera leads the privacy team for the Americas region at LSEG. Adam also supports and provides counsel to LSEG’s cybersecurity program. Adam has led compliance programs in relation to GDPR, CCPA and the LGPD and regularly engages in advocacy in connection with proposed privacy legislation. Adam is an active IAPP member and former Co-Chair of the Connecticut IAPP KnowledgeNet chapter. Prior to his current role, Adam held various positions at Refinitiv, Thomson Reuters, Louis Vuitton and practiced law at Schulte Roth & Zabel LLP in New York City.


ALAN RAUL is the founder and leader of Sidley’s highly ranked Privacy and Cybersecurity practice. He represents companies on federal, state and international privacy, cybersecurity and digital technology issues. His practice includes global data protection and compliance programs, data breaches, crisis management, consumer protection issues and internet law. Alan advises companies regarding their cybersecurity preparedness and digital governance. Alan’s practice involves litigation, regulatory defense, internal investigations, counseling and policy advocacy. He handles consumer class actions, enforcement matters, and public policy involving the FTC, State Attorneys General, SEC, FCC, Department of Justice, international data protection authorities and other government agencies.

Alan provides clients with perspective gained from extensive government service. He previously served as Vice Chairman of the White House Privacy and Civil Liberties Oversight Board, General Counsel of the Office of Management and Budget, General Counsel of the U.S. Department of Agriculture, and Associate Counsel to the President.

Alan serves as a member of the Technology Litigation Advisory Committee of the U.S. Chamber Litigation Center (affiliated with the U.S. Chamber of Commerce). He also serves on the American Bar Association’s Cybersecurity Legal Task Force by appointment of the ABA President, and as a member of the Practicing Law Institute’s Privacy Law Advisors Group. He is a member of the governing Board of Directors of the Future of Privacy Forum, and of the Center for Democracy and Technology’s Advisory Committee.

Alan has represented a Special Cybersecurity Review Committee of the Board of Directors of a major tech company in connection with its independent investigation of the company’s handling of major data breaches. The following representative types of matters are also illustrative of the breadth of Alan’s practice:

  • Digital Governance counseling
  • Privacy and cybersecurity litigation, data breach incidents, regulatory investigations and compliance counseling
  • International data protection compliance programs and cross-border transfers
  • FTC, State Attorney General and international DPA investigations involving consumer protection, privacy, data security and unfair or deceptive business practices
  • SEC, DOJ, Congressional and Inspector General investigations 
  • Cybersecurity, government information requests and national security issues 
  • Internet litigation and counseling, and government information requests, under Electronic Communications Privacy Act and the Computer Fraud and Abuse Act
  • Administrative Procedure Act litigation, regulatory advocacy and counseling

In addition to leading a “Privacy and Data Security” practice nationally rated by Chambers Global and Chambers USA, Alan is ranked by Chambers in its top tier of Privacy and Data Security practitioners. Chambers USA has described Alan as a “true ‘ambassador’ for the privacy sector” who “attracts praise for his deep knowledge of the field. Interviewees stress that ‘he gives invaluable advice’ and is known to be a strong litigator. He also earns plaudits for his regulatory compliance and data protection policy expertise.” He has been named as a leading international Internet and E-Commerce Lawyer in Who’s Who Legal. Alan was also named to Ethisphere Institute’s “Attorneys Who Matter” in Data Privacy/Security, which recognizes lawyers with the highest commitment to public service, legal community engagement and academic involvement. The Washingtonian has named Alan one of Washington, D.C.’s Best Lawyers: Cybersecurity, and the National Law Journal named him a “Cyber Security Trailblazer.”


Bob Lord most recently served as the first Chief Security Officer at the Democratic National Committee. In that role he worked to secure the Committee, as well as helping state parties and campaigns. Previous roles include CISO at Yahoo, CISO in Residence at Rapid 7, and before that he headed up Twitter’s information security program as its first security hire. You can see some of his hobbies at https://www.ilord.com


Clark Russell is the Deputy Bureau Chief of the Bureau of Internet and Technology at the New York State Attorney General’s Office. The Bureau is committed to protecting consumers and families from new and developing online threats. As a pioneer in this field, the office has brought cutting edge cases and entered important settlements related to a wide range of online issues, including child safety, privacy, deceptive or illegal trade practices, consumer fraud, spyware, spam, discrimination, and free speech. Clark’s investigations included Secure Our Smartphones, where the office convinced smartphone manufacturers to install a “kill switch” in their smartphones; Operation Clean Turf, the largest investigation into companies flooding the Internet with fake positive reviews; and Operation Child Tracker, the largest state AG investigation of violations of the Children’s Online Privacy Protection Act (“COPPA”) by major child brand websites, and a well-known ad network. Clark oversees the office’s data breach notification program and secured numerous record-setting settlements in data breach cases. He is also the principal draftsperson of the Stop Hacks and Improve Electronic Data Security Act, the office’s overhaul of New York State’s data security law to require new and unprecedented safeguards of personal data.


Dave Wong is a Vice President at FireEye Mandiant. Mr. Wong manages the FireEye Mandiant cybersecurity consulting practice in North America. In this capacity, he leads a team of cybersecurity experts to help organizations respond to cybersecurity attacks and make them more resilient to future cybersecurity attacks.

Mr. Wong has extensive experience in cybersecurity and investigating cybercrime. Over the past 10 years, he has investigated some of the largest cybersecurity incidents, including ransomware attacks and intellectual property theft from nation states. Dave brings true front-line experience of real world cyberattacks. Through the investigations, Mandiant learns how attackers circumvent security controls. He uses this experience to help guide companies to secure their networks, data, and intellectual property.

Prior to joining FireEye, Mr. Wong was the Chief Operating Officer of the Intrepidus Group, a boutique cybersecurity firm that focused on mobile application and device security. Dave also has experience working in the financial industry at hedge funds and investment firms.

Mr. Wong is a Certified Information Systems Security Professional (CISSP) and holds a degree in Engineering from the Cooper Union for the Advancement of Science and Art.


Eric M. Friedberg is co-founder and Co-President of Stroz Friedberg, LLC, a cyber consultancy and technical services firm acquired by Aon plc in 2016. Mr. Friedberg has 30 years of public and private sector experience in law, cyber-crime response, cyber-governance, IT security, forensics, investigations and e-discovery. His expertise is sought by boards, audit committees, C-suites, law firms and the courts. Mr. Friedberg has led responses to some of the most serious cyber-attacks on the nation’s companies, including attacks by state-sponsored agents, organized crime, hacktivists and malicious insiders. He is an expert in incident response governance, technologies and policies. He has also conducted enterprise-wide cyber security risk assessments in many business sectors. He has been quoted extensively on cyber-crime and IT security issues in print, digital and television media.

In 2019, Mr. Friedberg was appointed by Governor Andrew Cuomo to the New York State Cyber Advisory Board.

Mr. Friedberg is also a leader in the fields of e-discovery, forensics and privacy, having managed many high-profile assignments in those areas, testified as an expert, been appointed by courts as a Special Master and led the development of new investigative methodologies. He has lectured and published book chapters and articles on e-discovery and forensics. He was previously a member of the Sedona Conference’s Working Group 6, the International Association of Privacy Professionals, and the advisory board of The Future of Privacy Forum.

For the 16 years before Stroz Friedberg was acquired by Aon, Mr. Friedberg co-led that firm from a start-up to a 550+ person firm with nine U.S. and four foreign offices. While always a principal business developer and leader of major client assignments, Mr. Friedberg oversaw geographic and service line growth, M&A, infusions of private equity capital, board interactions, and many of the firm’s divisions. Mr. Friedberg was an officer and director of the firm, and a member of the compensation committee.

Before building Stroz Friedberg, Mr. Friedberg was for 11 years a federal prosecutor at the U.S. Attorney’s Office in Brooklyn, New York.

Mr. Friedberg began his career as an intellectual property and securities litigator at Skadden, Arps.


J. Andrew Heaton serves as overall global privacy lead for the Danaher organization, working with the privacy leads for Danaher's four business segments and the "pivots" at Danaher's operating companies.  He also advises on legal matters pertaining to information security.

Before joining Danahar, Mr. Heaton was a principal in Ernst & Young LLP and served as Global Lead Counsel – Data Privacy and Security for the global EY organization.  In this role, he led EY’s global data protection team, served as global privacy officer for the organization, and advised EY on legal aspects of data protection and information technology worldwide. 

Prior to assuming his global responsibilities in 2014, he served in a similar capacity with EY’s practice in the United States and was also lead counsel for EY’s financial services practice.

Mr. Heaton graduated summa cum laude from Bradley University in Illinois.  He received his law degree with honors from the University of Chicago Law School.  He joined EY in 1994 and was named a principal in 2000.

Mr. Heaton is a Certified Information Privacy Manager, a Certified Information Privacy Professional/US, and a member of the bars of New York, the District of Columbia and Maryland.


Kerry Childe was the Senior Corporate Counsel for Privacy and Information Policy at Best Buy in Richfield, Minnesota, leading the Enterprise Privacy team as well as the Information and Records Management and Electronic Discovery teams.  Prior to Best Buy, Kerry was the Senior Privacy and Regulatory Counsel for a nonprofit financial services company in Austin, Texas, focused on privacy matters, corporate governance, information technology, and business operations.  Kerry received her JD from Baylor Law School in Waco, Texas, and her bachelor’s degree from the University of Nebraska-Lincoln.  She is currently on sabbatical, speaking at and attending conferences and working to discover her next adventure in privacy.


Lesley Matty is Senior Counsel - Intellectual Property & Global Data Privacy for Tiffany & Co., responsible for intellectual property, data privacy, advertising, media and PR matters, as well as related retail and corporate matters worldwide.  Prior to joining Tiffany, Lesley was Legal Counsel at Richemont North America, Inc., which owns several of the world’s leading luxury watch and jewelry brands.  At Richemont, Lesley managed domestic intellectual property enforcement for all brands and a wide variety of transactional matters.  Before moving in-house, Lesley was an associate at two boutique intellectual property firms where her practice focused on domestic and international trademark and copyright clearance, prosecution, portfolio maintenance, enforcement and litigation.  She is a graduate of Emory University and Yeshiva University’s Benjamin N. Cardozo School of Law.


Marianne Fogarty is the Senior Legal Director for Compliance at Twitter Inc. She is responsible for providing and executing the strategic vision for Twitter’s Global Ethics and Compliance Program, leading efforts to identify and mitigate compliance risk and further embed the company’s values. The Global Ethics and Compliance Program includes Ethics, Anti-Corruption, Trade Compliance and internal investigations of employee fraud and misconduct arising out of alleged violation of law and policy.

Prior to joining Twitter, Marianne was Senior Managing Counsel in MasterCard’s Global Compliance group, and had responsibility for the development and day-to-day management of MasterCard’s Code of Conduct and global ethics awareness and training, the global anti-corruption program and the regional compliance program.  She also managed and conducted internal investigations of employee fraud and misconduct related to violations of the law, financial regulations and company policies.

Before going in-house, Marianne worked in private practice at Boies, Schiller & Flexner and Davis Polk & Wardwell on a variety of matters including, government and internal investigations, FCPA and anti-money laundering program development, complex commercial litigations and arbitrations, corporate criminal defense and representation of clients in a variety of legal and regulatory matters. 

Ms. Fogarty is a graduate of Fordham Law School and the Wharton School of the University of Pennsylvania.


Michele Lucan is a Deputy Associate Attorney General at the Connecticut Attorney General's Office and Chief of its Privacy Section. In this role, Michele oversees all matters involving consumer privacy and information security. Most notably, the Section is currently leading and/or co-leading multistate investigations of several massive data breaches involving sensitive personal information.

Michele joined the Attorney General's Office in 2008 and first served in its Consumer Protection Division, where she investigated and pursued enforcement actions against a variety of unfair and deceptive business practices under the Connecticut Unfair Trade Practices Act. In 2013, Michele was appointed to a multidisciplinary Privacy Task Force that was created to focus the Office's response to privacy concerns and data breaches, and educate the public and Connecticut businesses about data protection responsibilities under state and federal law. In early 2015, a dedicated Privacy Section was formed and Michele was assigned full-time to the Section from its inception. Michele has spent the past several years working exclusively on privacy-related matters.

Michele is a Certified Information Privacy Professional (CIPP)/ U.S.  She received her B.A. from Loyola University in Maryland and her J.D. from the Quinnipiac University School of Law. Michele speaks regularly on privacy-related topics to government, bar and industry groups.


Stephanie Driggers is an Attorney with United Parcel Service, a global transportation and logistics company with operations in 220 countries and territories.  She is responsible for managing complex commercial litigation both internationally and domestically across all business units.  Ms. Driggers formerly had responsibility for global privacy, addressing tactical and strategic privacy and cybersecurity matters around the world. 

Prior to joining UPS, Ms. Driggers was a partner at an Am Law 100 law firm, where she concentrated her practice on class action defense and data privacy litigation. 

Ms. Driggers is a graduate of Vanderbilt University Law School and received her undergraduate degree from Stetson University.  She clerked for Judge Thomas A. Wiseman, Jr. of the United Stated District Court in the Middle District of Tennessee.  She is a Fellow of Information Privacy (FIP), a Certified Information Privacy Professional (CIPP-US), and a Certified Privacy Manager (CIPM).  

Ms. Driggers focuses her pro bono and volunteer work on human trafficking.


William (Bill) Min is Executive Vice President and General Counsel for the LexisNexis® Risk Solutions Group (RSG). In this role, he is responsible for all legal, compliance and regulatory matters across the global organization. RSG has more than 8,700 employees serving customers in over 180 countries. RSG is part of RELX (LSE: REL/AMS: REN/NYSE: RELX), a global provider of information and analytics.

RSG is a portfolio of brands that provides its customers with innovative technologies, information-based analytics and decision tools and data services that help solve problems, make better decisions, stay compliant, reduce risk, improve their operations and benefit people around the globe across multiple industries, including aviation, agriculture, chemical and energy, financial services, collections and payments, commercial property, corporations and non-profits, government and law enforcement agencies, healthcare, human resources, insurance and tax. RSG is headquartered in metro Atlanta, Georgia.

Prior to joining LexisNexis® Risk Solutions Group, Bill served as Deputy General Counsel and Chief Privacy & Data Governance Officer at Western Union. He also held in-house legal positions at Live Nation Entertainment, Inc., Starwood Hotels & Resorts, Sara Lee Corporation and Sunkyong America, Inc. Prior to working as in-house counsel, Bill was a mergers and acquisitions attorney at two New York City law firms.

Among his accomplishments, Bill is acknowledged as an expert in the area of data privacy, and he structured and led the global privacy function at Western Union, Live Nation and Starwood.

Bill holds a BA in the Biological Basis of Behavior from the University of Pennsylvania, a MA in Liberal Studies from State University of New York at Stony Brook, and a JD from Fordham University School of Law.


Few lawyers in the world have Miriam’s breadth and understanding of privacy and data security laws, obligations, and practices. In the words of her clients, she is “extremely practical and phenomenally smart. Just about one of the best privacy advisers there is” (Chambers USA).

Co-chair of Morrison & Foerster’s preeminent Global Privacy and Data Security Group and ranked among the top in the profession by all major directories, Miriam is regularly called upon by some of the world’s largest and most complex multinational organizations to confront their most difficult U.S. and international privacy challenges. “Tremendous at helping you come up with practical solutions to real problems” (Chambers USA), she develops cutting-edge solutions for clients that marry legal compliance with business realities.

Having helped hundreds of clients respond to data security incidents, Miriam works with companies to develop comprehensive customized incident response plans, training staff, conducting extensive table top exercises, and addressing key issues with Boards of Directors and executive management.

Miriam advises organizations on the planning and execution of complex global compliance efforts, assists in the negotiation of strategic deals, and defends regulatory and litigation matters relating to privacy and data security in the United States and internationally. She serves as an arbitrator for the EU-U.S. Privacy Shield Framework Binding Arbitration Program. Miriam regularly advises on the global collection, use, and sharing of employee, customer, vendor, and consumer personal information and ediscovery and employee monitoring issues, as well as on developing data security policies and procedures and cybersecurity preparedness and response plans. She also counsels clients on cutting-edge consumer privacy issues surrounding emerging technologies such as the Internet of Things (IoT), telematics, and big data. Miriam also serves as a board member of the ADP AI & Data Ethics Committee.

As leader of the Global Privacy Alliance (GPA), Miriam encourages the rational development of privacy laws around the world and monitors privacy practices, laws, and regulations globally. On behalf of the GPA’s members, she takes an active role in anticipating upcoming privacy legislation and educating regulators on the commercial implications of proposed regulations.

Chambers USA and Chambers Global recommend Miriam in the top tier of privacy and data security lawyers worldwide, and Legal 500 US recognizes her as a leading lawyer for her “professionalism and strong international presence.” For her work in data protection and privacy, Miriam is an inaugural inductee into the 2017 Legal 500 Hall of Fame, which is comprised of outstanding U.S. lawyers who have been recommended as Legal 500 “Leading Lawyers” for the last six consecutive years. In 2016, she was named one of Financial Times’ “Top 10 Innovative Lawyers in North America” and a National Law Journal “Cybersecurity and Data Privacy Trailblazer” for her breakthrough work in this space. Miriam was previously designated an Ethisphere “Attorney Who Matters” and a BTI Client Service All-Star, and she is featured in Best Lawyers in America, 2021.


Mike’s practice focuses on privacy and cybersecurity issues. Mike advises multinational clients on compliance with all federal, state and international privacy and data security laws, and managing privacy and cybersecurity risks and policy issues. He also regularly assists companies with developing and implementing their information security programs and addressing related governance issues. Mike has managed several large-scale cybersecurity incidents, including advising on data breach response and notification obligations. He also regularly assist clients with negotiating and drafting privacy and data security terms in commercial contracts and M&A transactions. Mike is a certified information privacy professional (CIPP/US) by the International Association of Privacy Professionals (IAPP).

In addition, Mike maintains an active pro bono practice. He has represented pro bono clients in criminal appeals and special education matters and has advised a variety of issues, including trademark, copyright and cybersquatting disputes; privacy and cybersecurity obligations; and US national security policies and regulations.

Relevant Experience

  • Advising numerous clients on compliance with the California Consumer Privacy Act of 2018 (CCPA), including conducting due diligence, preparing gap analyses, developing remediation plans, and undertaking compliance projects.
  • Represents a large financial services and communications company on global privacy and data security matters, including providing privacy compliance advice, advising on the New York State Department of Financial Services cybersecurity regulations, assisting with building a GDPR compliance program, and assisting with a large data security incident.
  • Assists a global retail and technology company with a recent cybersecurity incident affecting approximately 150 million user accounts, handling response efforts including notification, follow-up investigations by regulators and data protection authorities, and resulting litigation.
  • Advises multinational financial services companies on privacy and cybersecurity due diligence issues.
  • Advises a large manufacturing company on myriad privacy and cybersecurity issues, including certification to the EU-US Privacy Shield.
  • Advises technology companies, retailers, consumer goods companies and financial institutions on data breach and cybersecurity incident response, including preparation of required notifications pursuant to state breach notification laws, call center training and development of media strategies.
  • Provides advice on cybersecurity risks, including proactive breach readiness activities such as developing data breach toolkits, reviewing incident response plans and preparing tabletop exercises.
  • Drafts comprehensive data security policies, standards and procedures in connection with corporate information security programs.
  • Advises clients on their international data transfer strategies, including certification to the EU-US Privacy Shield.


Named among The National Law Journal’s “100 Most Influential Lawyers,” Lisa Sotto chairs Hunton Andrews Kurth’s top-ranked Global Privacy and Cybersecurity practice and is the managing partner of the firm’s New York office. She also serves on the firm’s Executive Committee. Lisa has received widespread recognition for her work in the areas of privacy and cybersecurity. She was voted the world’s leading privacy advisor in all surveys by Computerworld magazine and has received top rankings for privacy and data security by Chambers and Partners and The Legal 500. Chambers and Partners honored Lisa with the 2021 Outstanding Contribution to the Legal Profession award, noting that a peer called her “a legend.” Lisa serves as the Chairperson of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. 

Nicknamed both the “Priestess of Privacy” and “Queen of Breach,” Lisa assists clients in identifying, evaluating and managing risks associated with privacy and data security practices. She provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness. Since 2005, she has advised clients on more than 2,000 cybersecurity and data breach incidents in the U.S. and abroad, including many of the world’s seminal events. She has handled numerous cyber incidents and data breaches involving industrial control systems, proprietary business information, and virtually every type of personal information. Lisa regularly meets with senior management to discuss cybersecurity legal developments, and has led numerous full board and audit committee discussions on these topics.

Lisa also advises clients on CCPA/CPRA, VCDPA, GLB, HIPAA, COPPA, CAN-SPAM, FCRA, VPPA, security breach notification laws, and other U.S. state and federal privacy and data security requirements (including HR rules), and global data protection laws (including those in the EU, Asia and Latin America). Lisa is the editor and lead author of the legal treatise entitled Privacy and Cybersecurity Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business. 

Lisa is chair of the New York Privacy Officers’ Forum and a former member of the Board of Directors of IAPP. She received her J.D. from the University of Pennsylvania Law School, where she was an editor of the Law Review. She received her B.A. from Cornell University, with Distinction in All Subjects. Lisa is admitted to practice in New York.


Supervisory Special Agent (SSA) Prashanth Mekala has been a Special Agent with the FBI for 15 years. He spent the first eight years of his career working on complex counterintelligence and espionage cases.  From 2012 to 2014 he worked in FBI Headquarters as a Program Manager in the Counterintelligence Division - Economic Espionage Unit and the Cyber Division - Middle East/Africa Unit.  For over the past four years SSA Mekala has managed teams in the FBI New York Field Office focused on sophisticated nation state and criminal actors that leverage computer intrusions.  SSA Mekala has a Bachelors degree from Carnegie Mellon in Chemical Engineering, specializing in Biomedical Engineering.  He graduated from Columbia University’s School of International and Public Affairs (SIPA) with a Masters Degree in Policy and Administration, specializing in International Economic Policy Management. SSA Mekala graduated with distinction from Carnegie Mellon with a Masters Degree in Information Technology, specializing in Information Security and Assurance.


Al Saikali is a national leader in privacy and data security law according to Chambers and Legal 500.  Al represents companies in matters involving the collection, use, storage, and security of personal information. Al and his team at Shook Hardy & Bacon have represented companies in more than 150 privacy and data security class action lawsuits, including more biometric privacy class actions than any other law firm in the United States. He has represented companies in incident response matters impacting as many as ten million individuals in 120 countries. Al’s dedication to his clients earned him the Lexology Client Service Award two years in a row. 

In addition to chairing Shook Hardy & Bacon’s Privacy and Data Security practice, Al founded and is Chair Emeritus of the Sedona Conference’s Working Group on Privacy and Data Security Liability.  He is one of a small number of data privacy practitioners who hold the Fellow in Privacy designation, accredited by the International Association of Privacy Professionals.  Al is often quoted by the Wall Street Journal, Bloomberg BusinessWeek, and Law360 for his thoughts on cybersecurity and data privacy trends. 

In his spare time, Al maintains a blog (DataSecurityLawJournal.com), where he writes about emerging developments in privacy and data security law. 


Alejandro Mosquera is data attorney at MUFG and is based in New York. He is responsible for providing legal advice in connection with data processing activities (including data privacy and data protection) affecting MUFG’s global operations. Alejandro holds a J.D. from the Universidad de los Andes, an M.I.A. in International Finance and Management from Columbia University, an L.L.M. from The University of Chicago Law School and a one-year course diploma on International, Comparative and European Law from the Université Robert Schuman. Alejandro is admitted to practice law in New York and Colombia and has been certified by the IAPP as Privacy Law Specialist, Certified Information Privacy Professional (US) and Certified Information Privacy Manager. He is fluent in Spanish, English, Portuguese, Italian and French. 


Keith Enright serves as Google’s Chief Privacy Officer and leads the global privacy legal team.  He joined Google in March 2011. He has more than 20 years of experience in creating and implementing programs for privacy, data stewardship, and information risk management.

Prior to joining Google, Keith served as the senior-most privacy executive at two Fortune 500 online and offline retail enterprises, as senior consultant for a leading global consulting practice, and as General Counsel for a privately held advertising technology company.

Keith has been a featured speaker discussing online privacy and related subjects on NBC Nightly News with Brian Williams, CNN, NPR Talk of the Nation and other major media outlets. He has been a guest speaker at Harvard Law School, Stanford Law School, and the Massachusetts Institute of Technology, and is frequently featured at industry events focusing on technology, privacy and data protection.

Keith serves on the Board of Directors of Zoom Information, Inc., and previously served a 5-year term on the Board of Directors of the International Association of Privacy Professionals. He is NACD Directorship Certified by the National Association of Corporate Directors, is a member of the Maryland Bar, and holds the Certified Information Privacy Professional certification from the International Association of Privacy Professionals.


Kumneger Emiru is a Senior Manager, Corporate Counsel at ServiceNow, where she focuses on global privacy compliance and manages ServiceNow’s AMS privacy team. Kumneger serves as the lead negotiator on commercial transactions related to privacy for both inbound and outbound agreements. Her responsibilities also include product counseling and support and drafting privacy policies and procedures. During her tenure at ServiceNow, Kumneger also provided contract support to regional sales teams.

Kumneger previously worked at MongoDb supporting sales teams with commercial contracts, and at Workday, where her work included conducting privacy audits and trainings. She began her career at the Department of Health and Human Services, Office for Civil Rights, where she investigated alleged HIPAA violations.

Kumneger is a Certified Information Privacy Professional US/Europe. She received her law degree from the University of Iowa, College of Law and holds an A.B. from the University of Chicago with honors in dual concentrations of Public Policy and African and African American Studies.

Kumneger is admitted to practice in Illinois and is a registered in-house counsel in California.


Laura Juanes is a multilingual law, policy and privacy expert in the technology industry. She currently serves as Global Director of Privacy Policy Engagement at Facebook Inc. 

Laura is a Spanish qualified lawyer, based in the United States, with more than fifteen years of professional experience in technology and media companies. In her role at Facebook, she leads a global team that regularly engages with regulators, policymakers, experts and advocates in order to inform on key privacy issues that impact how individuals use or relate to Facebook’s technology daily. Prior to joining Facebook, she served as an Assistant General Counsel, Privacy & Human Rights, at Yahoo Inc., where she led the legal and public policy team’s efforts on global privacy matters and the company’s Business and Human Rights Program.

Before assuming her AGC role at Yahoo, Laura held various positions, including as General Counsel at Yahoo Spain and as Director of Product Compliance and Law Enforcement response for the Americas. Laura is a law graduate of the Universidad Auto´noma de Madrid, where she worked as a lawyer before joining Yahoo.

Laura holds U.S. and EU Certifications for International Privacy Professionals (CIPP). She serves on the Advisory Board of the Information Accountability Foundation and chairs the Latin America chapter of the Centre for Information Policy Leadership. She is a mentor of startups and entrepreneurs in South Florida and Latin America and a proud Board and founder Member of Woman in Tech Miami Council, with a mission to connect and empower women with diverse technological backgrounds.


Patrice Ettinger is the Chief Privacy Officer at Pfizer, one of the world's premier innovative biopharmaceutical companies with a global reach in over 125 countries.  In this role, Patrice leads Pfizer’s privacy program with responsibility for privacy and data protection strategy worldwide. Before joining Pfizer, Patrice was Chief Privacy Officer at Avon Products Inc., where she created Avon’s first global privacy program.  Prior to her role at Avon, Patrice held positions of increasing responsibility at Dow Jones & Company, including as Assistant General Counsel in charge of the company’s intellectual property and privacy matters.

Patrice serves as Treasurer on the Board of Directors of the International Association of Privacy Professionals (IAPP).  In addition, Patrice is Chairperson of the International Pharmaceutical & Medical Device Privacy Consortium, an organization focused on privacy best practices for the pharmaceutical industry and public policy for privacy and healthcare. 

Patrice is the 2019 recipient of the Women in Compliance (WICA) Award for Privacy Officer of the Year.  She is a Certified Information Privacy Professional (CIPP/US) and received her JD from Fordham Law School.


Kirk Nahra has been a leading authority on privacy and cybersecurity matters for more than two decades. Indeed, he is one of the few lawyers in the world ranked in Band 1 by Chambers in privacy and data security. Mr. Nahra counsels clients across industries, from Fortune 500 companies to startups, on implementing the requirements of privacy and data security laws across the country and internationally. He also advocates for clients experiencing privacy and security breaches, and represents clients in contract and deal matters, enforcement actions, regulatory investigations and related litigation.

Mr. Nahra is best known for his work with health insurers, hospitals, service providers, pharmaceutical manufacturers and other health care industry participants. He has a deep understanding of the privacy and security issues healthcare companies face relating to HIPAA rules, state and federal legislation, enforcement activities, internal investigations, international principles, due diligence in transactions, data breach risk assessments, and the key lines between regulated and unregulated data. During his decades of experience, Mr. Nahra has developed compliance programs, drafted privacy and information security policies, negotiated agreements involving health data, responded to health incidents and defended clients against government investigations.

Mr. Nahra also has substantial experience working with clients in the financial services and insurance industries on privacy and data security matters relating to the Gramm-Leach-Bliley Act, Fair Credit Reporting Act, Fair and Accurate Credit Transactions Act, data aggregation and sharing practices, and privacy and data security compliance under a wide range of state and federal laws. He also has a breadth of experience drafting and evaluating data security practices and policies across varying industry standards; has investigated and litigated   potential fraud against insurers, and has assisted with the development and oversight of corporate compliance programs.

Professional Activities

A leader in the privacy bar, Mr. Nahra has been involved in developing the privacy legal field for 20 years. As a founding member and current board member of the International Association of Privacy Professionals, he helped establish the organization’s Privacy Bar Section and their first and most popular certification for Certified Information Privacy Professionals. He has taught privacy issues at several law schools, including serving as an adjunct professor at the Washington College of Law at American University and at Case Western Reserve University. In addition, he currently serves as a fellow with the Cordell Institute for Policy in Medicine & Law at Washington University in St. Louis and as a fellow with the Institute for Critical Infrastructure Technology. He actively shares his privacy insights through numerous speeches and articles, and on social media.

Solutions

Cybersecurity and Privacy

Credentials

EDUCATION

JD, Harvard Law School, 1987
cum laude

Articles Editor, Harvard Journal on Legislation

BA, Georgetown University, 1984
magna cum laude Phi Beta Kapp

ADMISSIONS

District of Columbia


Deborah Hirschorn is an experienced Complex Director with a demonstrated history of working in the insurance industry.  She is skilled in Professional Liability, Property & Casualty Insurance, Litigation Management, Arbitration, and Reinsurance.  Deborah is a strong media and communication professional and graduated from Suffolk University Law School.


Erika Brown Lee is a Senior Vice President and Assistant General Counsel at Mastercard.  Ms. Brown Lee leads the team that develops policies, provides guidance, and ensures compliance with privacy and data protection laws across the company’s products and services, including payment processing, data analytics, and fraud-related activities.  Ms. Brown Lee also works closely with the company’s cybersecurity teams to develop policies and manage regulatory interactions.  Ms. Brown Lee is the former Chief Privacy and Civil Liberties Officer of the U.S. Department of Justice, where she served as the principal advisor to the Attorney General on privacy and civil liberties matters.  Ms. Brown Lee co-chaired the DOJ breach response team, played a leadership role among agencies working to develop privacy-related legislation, and provided regular briefings to Capitol Hill.  She received an Attorney General Award for Exceptional Contributions in Negotiating a Data Protection and Privacy Agreement with the E.U.  Ms. Brown Lee also served in the Division of Privacy & Identity Protection at the Federal Trade Commission, and chaired the ABA’s Privacy & Information Security Committee.  Ms. Brown Lee is a Certified Information Privacy Professional (CIPP) for Europe and the U.S.


Maneesha Mithal is the Associate Director of the Federal Trade Commission’s Division of Privacy and Identity Protection, which focuses on consumer privacy, data security, and credit reporting issues.  In this capacity, she has managed significant initiatives, including reports on Big Data, the data broker industry, the Internet of Things, consumer privacy, facial recognition, and mobile privacy disclosures.  She has testified before Congress on data security, connected cars, facial recognition, and identity theft.  She has also supervised dozens of Commission enforcement actions, including against companies such as Wyndham, Google, Youtube, Equifax, Facebook, Twitter, HTC, Snapchat, Uber, and Lenovo.  She has held numerous positions at the Commission, including Chief of Staff of the Bureau of Consumer Protection, and Assistant Director of the International Division of Consumer Protection.  Prior to joining the Commission 1999, Ms. Mithal was an attorney at the Washington law firm of Covington & Burling.  Ms. Mithal earned her law degree from the Georgetown University Law Center and her undergraduate degree from Georgetown University.


Margaret Keane is a Partner in the employment group at the international firm of DLA Piper LLP.  She is based in San Francisco and works with clients to address the challenges of today’s workplace, including workplace privacy, employee mobility issues, mobile devices, wage and hour compliance, and related workplace issues.