Skip to main content

Twenty-First Annual Institute on Privacy and Data Security Law


Speaker(s): Aaron P. Simpson, Adam J. Rivera, Akinyemi T. Akiwowo, Alan Charles Raul, Alejandro Mosquera, Brandon Kerstens, Bridget McIlveen, Clark Russell, Colman McCarthy, Damien Kieran, David Wong, Deborah Lynne Adleman, Douglas Bloom, Joanie Dillett, Keith Enright, Laura Juanes Micas, Lisa J. Sotto, Maneesha Mithal, Margaret A. Keane, Michele S. Lucan, Michelle Perez, Miriam H. Wugmeister, Peter M. Lefkowitz, Richard T. Jacobs, Risha Jamison, Robert Lord, Sára G. Hoffman, Thomas J. Smedinghoff, Tokë Vandervoort
Recorded on: Aug. 17, 2020
PLI Program #: 273918

Doug is an Executive Director and Co-Head of Cybersecurity & Privacy for Morgan Stanley's Legal & Compliance Division. In that role, he is responsible for the Firm's legal response to cybersecurity matters—including incident response, regulatory affairs and new legislation affecting the Firm. Doug is also responsible for privacy matters affecting the Firm’s personnel and client base.  Doug has over 20 years’ experience investigating all aspect of financial and computer crimes—having served as a federal prosecutor, criminal defense lawyer and software developer.

Prior to joining Morgan Stanley, Doug was a Director in PwC’s Cybercrime and Breach Response practice, the leader of the Firm’s Cybersecurity Risk & Regulatory Practice, and a member of the Firm’s Financial Crimes Unit.  At PwC, Doug assisted clients across the globe, responding to regulatory changes, conducting cybercrime, fraud and economic espionage investigations, corporate internal investigations and handling breaches of PwC’s clients’ computer networks.  In addition, as a leader of the Firm’s cybersecurity Board governance program, Doug regularly advised clients and their Boards on proper governance of cybersecurity programs and assisted clients in the development of their cybersecurity Board reporting programs.

Prior to joining the PwC, Doug was a federal prosecutor in the United States Attorney’s Office for the Southern District of New York, where he investigated and prosecuted national security cyber offenses, including economic espionage, hacking of national defense and government systems, and the theft of trade secrets.  In addition to his cyber work, Doug investigated and prosecuted several high profile public corruption and accounting fraud cases, and convicted the former majority leader of the New York State Senate and acting Lieutenant Governor of New York State of bribery and extortion.  Doug is a 2015 recipient of the Attorney General’s John Marshal Award, the highest attorney honor granted by the Department of Justice, and a 2013 recipient of the Federal Law Enforcement Foundation’s Prosecutor of the Year award.  Prior to joining the U.S. Attorney’s Office, Doug was an associate in Covington & Burling’s white collar criminal defense and intellectual property practices where he investigated and litigated criminal and civil accounting fraud, tax fraud, and patent infringement cases.

Doug brings deep technical expertise to his legal role, having served as a software engineer and program manager for Xerox’s Palo Alto Research Center, Microsoft and Hewlett Packard.  In those roles, Doug designed and developed artificial intelligence algorithms for natural language processing software and drivers for network management systems. 

Doug is an Adjunct Professor of Law at Fordham University, where he teaches a course on computer crimes.  He is also a published author—whose articles on cybercrime and insider threats regularly appear in the New York Law Journal—and frequent speaker on cybersecurity, fraud, and information management.  He has presented to and taught courses for the Department of Justice, FINRA, the Association of Corporate Counsel, the National Association of Corporate Directors and various universities, businesses and industry participants. 

He received a Bachelor’s degree in Symbolic Systems and a Master’s degree in Linguistics from Stanford University.  He received a Juris Doctor, cum laude, from Harvard Law School.  He is admitted to the New York bar, the U.S. District Courts for the Southern and Eastern Districts of New York, and the U.S. Court of Appeals for the Second Circuit, and is an active member of the Federal Bar Council where he serves on both the Criminal Practice and Westchester County Committees.



Aaron Simpson is a partner with Hunton Andrews Kurth. He advises clients on a broad range of complex privacy, data protection and cybersecurity matters, including international and U.S. federal and state privacy and data security requirements. Aaron’s work ranges from advising clients on large-scale cybersecurity incidents to the development of cross-border data transfer solutions, compliance with existing and emerging data protection requirements in Europe, and negotiating data-driven commercial agreements. He frequently assists clients with due diligence and negotiation of privacy and data security issues in corporate transactions. Aaron also prepares proactive, data breach-readiness solutions for clients, including through the creation of incident response plans and conducting board-level tabletop exercises. 

Additionally, Aaron has substantial experience advising clients on global privacy compliance programs, and his work includes developing strategies for compliance with the California Consumer Privacy Act of 2018 and California Privacy Rights Act of 2020. He also has advised numerous clients on the EU General Data Protection Regulation.

Aaron is well known as a top privacy professional and has been recognized by Chambers and Partners, Computerworld and The Legal 500 for his work on behalf of clients. Aaron is the only lawyer listed in both The Legal 500 United States and The Legal 500 United Kingdom guides, providing clients with a broad and unique transatlantic perspective on privacy, data protection and cybersecurity matters.

In addition, Aaron is a sought-after media resource on privacy issues and has been quoted in such publications as Bloomberg BNA, Businessweek Magazine, Computer Weekly, Corporate Secretary, DataGuidance, Law360, SC Magazine, The Times and TIME Magazine. He regularly speaks before industry groups, legal organizations, government agencies and educational institutions at conferences, seminars, roundtables and webinars. He has written and co-written numerous articles, book chapters and handbooks on privacy and information security issues.

Aaron received his JD from the University of Virginia School of Law and his BA from the University of Texas, High Honors. He is admitted to practice in New York, and is a Registered Foreign Lawyer of England and Wales.


Adam Rivera leads the privacy team for the Americas region at LSEG. Adam also supports and provides counsel to LSEG’s cybersecurity program. Adam has led compliance programs in relation to GDPR, CCPA and the LGPD and regularly engages in advocacy in connection with proposed privacy legislation. Adam is an active IAPP member and former Co-Chair of the Connecticut IAPP KnowledgeNet chapter. Prior to his current role, Adam held various positions at Refinitiv, Thomson Reuters, Louis Vuitton and practiced law at Schulte Roth & Zabel LLP in New York City.


Akinyemi T. Akiwowo is an Executive Director in the Firm’s Global Litigation Group, Aki oversees the conduct of active domestic and international institutional (sales, trading, investment banking, capital markets, data privacy, private equity, and investment management) civil litigation, regulatory enforcement actions, and internal investigations.  His diverse experience includes defending the Firm in class action and antitrust litigation matters, as well as investigations by the Department of Justice, Commodities and Futures Trading Commission, and the Securities and Exchange Commission.  

Aki currently co-chairs Morgan Stanley’s Legal and Compliance Division Diversity and Inclusion Network, and is also a member of the Council of Urban Professionals Fellows Board.   

Prior to Morgan Stanley, Aki was Principal Counsel in the Department of Enforcement of the Financial Industry Regulatory Organization (FINRA) where he managed a complex case load, as lead counsel, handling all aspects of investigations of member firms and associated individuals for violations of FINRA, NASD and NYSE rules and federal securities laws.  Prior to FINRA Aki was in private practice in New Jersey, focusing on commercial and securities litigation.  

Aki is a 2002 graduate of Loyola University in Maryland and a 2005 graduate of Seton Hall University School of Law. 


ALAN RAUL is the founder and leader of Sidley’s highly ranked Privacy and Cybersecurity practice. He represents companies on federal, state and international privacy, cybersecurity and digital technology issues. His practice includes global data protection and compliance programs, data breaches, crisis management, consumer protection issues and internet law. Alan advises companies regarding their cybersecurity preparedness and digital governance. Alan’s practice involves litigation, regulatory defense, internal investigations, counseling and policy advocacy. He handles consumer class actions, enforcement matters, and public policy involving the FTC, State Attorneys General, SEC, FCC, Department of Justice, international data protection authorities and other government agencies.

Alan provides clients with perspective gained from extensive government service. He previously served as Vice Chairman of the White House Privacy and Civil Liberties Oversight Board, General Counsel of the Office of Management and Budget, General Counsel of the U.S. Department of Agriculture, and Associate Counsel to the President.

Alan serves as a member of the Technology Litigation Advisory Committee of the U.S. Chamber Litigation Center (affiliated with the U.S. Chamber of Commerce). He also serves on the American Bar Association’s Cybersecurity Legal Task Force by appointment of the ABA President, and as a member of the Practicing Law Institute’s Privacy Law Advisors Group. He is a member of the governing Board of Directors of the Future of Privacy Forum, and of the Center for Democracy and Technology’s Advisory Committee.

Alan has represented a Special Cybersecurity Review Committee of the Board of Directors of a major tech company in connection with its independent investigation of the company’s handling of major data breaches. The following representative types of matters are also illustrative of the breadth of Alan’s practice:

  • Digital Governance counseling
  • Privacy and cybersecurity litigation, data breach incidents, regulatory investigations and compliance counseling
  • International data protection compliance programs and cross-border transfers
  • FTC, State Attorney General and international DPA investigations involving consumer protection, privacy, data security and unfair or deceptive business practices
  • SEC, DOJ, Congressional and Inspector General investigations 
  • Cybersecurity, government information requests and national security issues 
  • Internet litigation and counseling, and government information requests, under Electronic Communications Privacy Act and the Computer Fraud and Abuse Act
  • Administrative Procedure Act litigation, regulatory advocacy and counseling

In addition to leading a “Privacy and Data Security” practice nationally rated by Chambers Global and Chambers USA, Alan is ranked by Chambers in its top tier of Privacy and Data Security practitioners. Chambers USA has described Alan as a “true ‘ambassador’ for the privacy sector” who “attracts praise for his deep knowledge of the field. Interviewees stress that ‘he gives invaluable advice’ and is known to be a strong litigator. He also earns plaudits for his regulatory compliance and data protection policy expertise.” He has been named as a leading international Internet and E-Commerce Lawyer in Who’s Who Legal. Alan was also named to Ethisphere Institute’s “Attorneys Who Matter” in Data Privacy/Security, which recognizes lawyers with the highest commitment to public service, legal community engagement and academic involvement. The Washingtonian has named Alan one of Washington, D.C.’s Best Lawyers: Cybersecurity, and the National Law Journal named him a “Cyber Security Trailblazer.”


Bob Lord most recently served as the first Chief Security Officer at the Democratic National Committee. In that role he worked to secure the Committee, as well as helping state parties and campaigns. Previous roles include CISO at Yahoo, CISO in Residence at Rapid 7, and before that he headed up Twitter’s information security program as its first security hire. You can see some of his hobbies at https://www.ilord.com


Brandon Kerstens is Director, Privacy Counsel for Match Group, and the Data Protection Officer for Tinder, OkCupid, Plenty of Fish and Hinge.

In these roles he works on a broad range of privacy matters, including the development and implementation of large-scale compliance initiatives, such as GDPR and CCPA/CPRA, and the ongoing monitoring of compliance based on evolving market practice and regulatory guidance. Additional responsibilities include conducting product/feature Privacy-by-Design reviews and DPIAs, contractual negotiations of data processing agreements, responding to regulatory inquiries from data protection authorities, employee privacy training, and assisting with global incident response management and data governance policy development, including guidelines on retention, access, privacy-by-design, data transfers, vendor management, customer care, public relations, and global privacy policies.

Prior to Match Group, Brandon was in private practice at Osler, Hoskin & Harcourt LLP. His practiced focused on privacy and data security, and was the Firm’s national Privacy Officer. At Osler, he provided tailored, risk-based advice to a wide range of clients, from multi-nationals to start-ups, regarding privacy law compliance, anti-spam, incident management and regulatory investigations.


Bridget McIlveen is the Chief Privacy Officer of The Estée Lauder Companies responsible for the company’s privacy compliance program and strategy.  Bridget has over 10 years of experience operationalizing and advising on global privacy related matters in both a law firm and in-house setting.

Prior to joining The Estée Lauder Companies, Bridget practiced at two large national firms in Canada.  She advised clients on a broad range of privacy matters, including drafting privacy policies and procedures, responding to security incidents and investigations by privacy regulatory authorities, conducting privacy and security reviews, drafting outsourcing and service provider agreements, and conducting privacy impact assessments.  She also advised clients on consumer-protection issues associated with carrying on business over the Internet, including anti-spam legislation. 

Bridget is licensed as a Foreign Legal Consultant in New York.


C.M. Tokë Vandervoort is Chief Legal Officer at the non-profit Environmental Defense Fund, with leadership responsibility for the operational legal support areas, including privacy for operations around the world.  Tokë has enjoyed a distinguished career in the law as a strategic partner advising corporate business operations in the technology, privacy/cyber and data, consumer products, retail, manufacturing and telecom sectors.  She has served as the SVP, Deputy General Counsel at Under Armour where she lead a global interdisciplinary team providing Commercial, Digital, Privacy, Litigation, Consumer Protection, Intellectual Property and Employment expertise to advance the mission of UA’s performance sports footwear, apparel and equipment business, as well as its suite of digital health/fitness/wellness mobile apps (MyFitnessPalMapMyFitness, etc  with nearly 300M accounts worldwide). She lead the nascent UA Privacy program to receive international recognition for program innovation and the companies response to a major global data breach in the same year. Prior to that, Ms. Vandervoort served as VP, Asst. General Counsel for technology, privacy/security and the Chief Privacy Officer to a major US telecom/internet solutions company, where she also developed its inaugural privacy program.  She has extensive experience in Technology innovation; Privacy program development, compliance and breach response; Litigation, regulatory enforcement and investigations; Consumer protection, marketing/advertising and social media; Intellectual Property portfolio management; Government relations engagement; and Board, Audit Committee and senior executive briefings in these areas. Ms. Vandervoort is also an active member of the Georgetown Cyber Security Law Institute Advisory Board, and Women in Cyber. She has also served as an advisor to the Center for Democracy & Technology; an HHS-initiated steering committee advising on the creation of non-HIPAA health data rules; and as a Co-founder of the Association of Corporate Counsel Data Privacy & Security Forum.


Clark Russell is the Deputy Bureau Chief of the Bureau of Internet and Technology at the New York State Attorney General’s Office. The Bureau is committed to protecting consumers and families from new and developing online threats. As a pioneer in this field, the office has brought cutting edge cases and entered important settlements related to a wide range of online issues, including child safety, privacy, deceptive or illegal trade practices, consumer fraud, spyware, spam, discrimination, and free speech. Clark’s investigations included Secure Our Smartphones, where the office convinced smartphone manufacturers to install a “kill switch” in their smartphones; Operation Clean Turf, the largest investigation into companies flooding the Internet with fake positive reviews; and Operation Child Tracker, the largest state AG investigation of violations of the Children’s Online Privacy Protection Act (“COPPA”) by major child brand websites, and a well-known ad network. Clark oversees the office’s data breach notification program and secured numerous record-setting settlements in data breach cases. He is also the principal draftsperson of the Stop Hacks and Improve Electronic Data Security Act, the office’s overhaul of New York State’s data security law to require new and unprecedented safeguards of personal data.


Damien Kieran serves as Twitter’s Global Data Protection Officer and is a Legal Director and Associate General Counsel.  Damien leads Twitter’s data protection team responsible for the company’s compliance with global data protection laws.  Prior to becoming Twitter’s first Data Protection Officer, he was Global Litigation Counsel for Twitter and was responsible for managing non-U.S. litigation and regulatory matters for the company. He has testified before the U.S. Senate on Consumer Data Privacy and the European Commission on consumer protection.
 
Before joining Twitter, Damien worked at the New York offices of Paul, Weiss, Rifkind, Wharton & Garrison, LLP, and Weil, Gotshal, & Manges LLP.  His practice focused on complex contentious matters in the high-tech space.  Prior to moving to the United States, Damien worked at Google, and a leading Irish law firm in Dublin.
 
Damien received a Juris Doctorate, magna cum laude, from Northwestern University School of Law; a Master of Laws, summa cum laude, from University College Dublin; and a Bachelor of Laws, magna cum laude, from Nottingham Trent University.  He served as Editor in Chief of the University College Dublin Law Review.


Dave Wong is a Vice President at FireEye Mandiant. Mr. Wong manages the FireEye Mandiant cybersecurity consulting practice in North America. In this capacity, he leads a team of cybersecurity experts to help organizations respond to cybersecurity attacks and make them more resilient to future cybersecurity attacks.

Mr. Wong has extensive experience in cybersecurity and investigating cybercrime. Over the past 10 years, he has investigated some of the largest cybersecurity incidents, including ransomware attacks and intellectual property theft from nation states. Dave brings true front-line experience of real world cyberattacks. Through the investigations, Mandiant learns how attackers circumvent security controls. He uses this experience to help guide companies to secure their networks, data, and intellectual property.

Prior to joining FireEye, Mr. Wong was the Chief Operating Officer of the Intrepidus Group, a boutique cybersecurity firm that focused on mobile application and device security. Dave also has experience working in the financial industry at hedge funds and investment firms.

Mr. Wong is a Certified Information Systems Security Professional (CISSP) and holds a degree in Engineering from the Cooper Union for the Advancement of Science and Art.


Deborah Lynne Adleman is a Director with Ernst & Young LLP (EY) serving as the US andAmericas Data Protection Leader. Deborah provides strategic oversight for the operation of the Americas Regional Data Protection Program as well as the Global Data Protection function, in her role as a core team member of the Global Data ProtectionLeadership team. Data protection key responsibilities include policy developmentand guidance, data protection impact assessment (PIA), Pri-vacy Shield, CCPA, HIPAA,GDPR and Binding Corporate Rules (BCR) compliance, learning and awarenessprograms, incident response and accountability processes and management.

Leveraging her 20 years’ experience in ethics and compliance, Deborah isalso an executive leader within the EY Americas Risk Management, Ethics andCompliance functions where she provides directional guidance for the program.

Previous to her current position, Deborah was a leader in EY’s nationalcompliance advisory services practice where she helped clients assess,implement, improve and monitor the effectiveness of their ethics, compliance anddata protection programs. Her clients included a variety of industries includinghealthcare, financial services, and government agencies. Deborah’s clientwork included conducting corporate ethics and regulatory risk assessments,including enterprise risk management (ERM) and then implementing ethicsand governance compliance programs including learning and awareness, andregulatory compliance data analytics program monitoring including eGRC(enterprise governance, risk and compliance) solutions.

Deborah received her Bachelors of Arts from the University of Pennsylvania.  She is a certified ethics and compliance professional (CCEP) through the Societyof Corporate Compliance and Ethics as well as a certified information privacyprofessional (with CIPP, CIPM, and FIP designations) through the InternationalAssociation of Privacy Professionals.

Deborah is the author of “Compliance Program Effectiveness” Published byAspen Publications, “What You Should Know About Screening for ExcludedIndividuals and Entities”, published by Commerce Clearing House, “Look forCompliance Risks Hiding in the Registration Form” published by the PhysicianPractice Compliance Report, “Evidencing Effectiveness of Your ComplianceProgram” published by The Compliance Officer and “Broken Windows inCompliance” published by the Society for Corporate Compliance and Ethics.Deborah speaks regularly at various conferences. In her spare time, Deborah is anavid baker and writer and volunteers in the community and her church.


Joanie Dillett is Privacy Counsel at Nutanix, Inc. a leading cloud computing IT infrastructure company with more than 6,000 employees across 45+ jurisdictions worldwide. She holds CIPP(E) status and is a member of the International Association of Privacy Professionals.

Before Joanie joined Nutanix, she led the employment and privacy functions for a multinational cloud data integration software service platform where she led legal in the build out of their GDPR compliance program. Before that, she held leadership roles at other multinational technology companies where she led both the employment law, compliance and privacy legal functions.

Joanie earned her law degree summa cum laude from Southwestern University School of Law and her baccalaureate in History from the University of California Los Angeles. In addition to pursuing a passion for researching, learning and writing on all things data privacy these days, she is a contributing editor of Advising California Employers and Employees published by the California Continuing Education of the Bar.


Michele Lucan is a Deputy Associate Attorney General at the Connecticut Attorney General's Office and Chief of its Privacy Section. In this role, Michele oversees all matters involving consumer privacy and information security. Most notably, the Section is currently leading and/or co-leading multistate investigations of several massive data breaches involving sensitive personal information.

Michele joined the Attorney General's Office in 2008 and first served in its Consumer Protection Division, where she investigated and pursued enforcement actions against a variety of unfair and deceptive business practices under the Connecticut Unfair Trade Practices Act. In 2013, Michele was appointed to a multidisciplinary Privacy Task Force that was created to focus the Office's response to privacy concerns and data breaches, and educate the public and Connecticut businesses about data protection responsibilities under state and federal law. In early 2015, a dedicated Privacy Section was formed and Michele was assigned full-time to the Section from its inception. Michele has spent the past several years working exclusively on privacy-related matters.

Michele is a Certified Information Privacy Professional (CIPP)/ U.S.  She received her B.A. from Loyola University in Maryland and her J.D. from the Quinnipiac University School of Law. Michele speaks regularly on privacy-related topics to government, bar and industry groups.


Michelle Perez is the Chief Privacy Officer at Dow Jones & Company, a global provider of news and business information, where she is responsible for developing, driving and maturing Dow Jones’ privacy program.  Prior to joining Dow Jones, Michelle was the Head of Privacy at Samsung Electronics America, Inc., a multinational electronics and information technology company.  Before Samsung, Michelle served as Assistant General Counsel Privacy for the Interpublic Group of Companies (IPG), a global network of marketing and advertising communication agencies.  Her responsibilities included the development, implementation and management of data privacy policies, initiatives, strategies and programs.  Michelle joined IPG from Philips Electronics America, where she was Senior Privacy Counsel and contributed to corporate efforts aimed at addressing emerging privacy and data protection requirements and growing the company’s privacy program within the U.S. regional organization.

Michelle is a Certified Information Privacy Professional and a Certified Information Privacy Manager.

Michelle is a former Assistant U.S. Attorney for the Eastern District of New York.  She received her J.D. from Fordham Law School and her undergraduate degree from Georgetown University.


Peter Lefkowitz is Chief Privacy & Digital Risk Officer at Citrix Systems, Inc. (NASDAQ:CTXS), a leader in unified workspace, networking, and analytics solutions that help organizations unlock innovation, engage customers, and boost productivity without sacrificing security.

Lefkowitz oversees legal, regulatory, and governance risk associated with data, products, and systems, as well as policy engagement on digital issues. He was the 2018 Chairman of the Board of the International Association of Privacy Professionals and is a member of the Boston Bar Association Council. Prior to joining Citrix, he served as Chief Privacy Officer at both GE and Oracle.

Lefkowitz holds a bachelor’s degree in history from Yale University, a J.D. from Harvard Law School, and has taught privacy law at Boston College Law School. He has been published on privacy law, cloud computing, and the Internet of Things (IoT), including an OpEd in the New York Times on proposals for US. Federal privacy legislation. 


Risha Jamison is Director and Associate General Counsel of Global Privacy Operations at Facebook. At Facebook she focuses on building out privacy compliance efforts, especially with respect to the FTC Order. Before Facebook she spent almost 5 years at the fintech company Stripe, where she was the third attorney hired. She was the Senior Privacy and Data Security Counsel and was responsible for building its global privacy program as well as leading global incident response for legal.

Risha lives in the Bay Area with her spouse, Christina, and their two kids.


Thomas J. Smedinghoff is Of Counsel in the Privacy & Cybersecurity practice group in the Chicago office of Locke Lord LLP.  Named as a Top 50 Intellectual Property Trailblazer and Pioneer by the National ‎Law ‎Journal, he is internationally recognized for his leadership in addressing emerging legal issues regarding electronic transactions, identity management, information security, and online authentication issues from both a transactional and public policy perspective. He has been retained to structure and implement first-of-their-kind ‎e-commerce ‎initiatives, electronic transactions, and identity management and ‎information ‎security legal infrastructures for the federal government and national and ‎‎international businesses including banks, insurance companies, investment ‎‎companies, and certification authorities.  He has also been actively involved in ‎‎developing legislation and public policy in the area of electronic business and identity ‎management at the state, ‎national, and international levels. ‎

He is Chair of the American Bar Association (ABA) Identity Management Legal Task Force, and previously Co-Chair of the ABA Cybersecurity Legal Task Force, and Co-Chair of the Cybersecurity Subcommittee in the ABA Business Law Section. He is also an advisor to the U.S. Delegation to the United Nations Commission on International Trade Law (UNCITRAL), and in that capacity he helped to negotiate the international e-commerce treaty known as the United Nations Convention on the Use of Electronic Communications in International Contracts. He is currently working with UNCITRAL to develop international legal rules to govern electronic identity management issues. He also served as an Advisor to the Uniform Law Commission Study Committee on Identity Management in Electronic Commerce.        

Tom is co-editor and contributing author of the Guide to Cybersecurity Due Diligence in M&A Transactions (ABA, 2017), and a contributing author to the 1st and 2nd editions of The ABA Cybersecurity Handbook - A Resource for Attorneys, Law Firms & Business Professionals (ABA, 2013 and 2018).  He is also the author of the book titled Information Security Law: The Emerging Standard for Corporate Compliance, (2008), and editor and primary author of the e-commerce book titled Online Law: The Legal Guide to Doing Business on the Internet (1996). He can be reached at Tom.Smedinghoff@lockelord.com


Assistant Special Agent in-Charge (ASAC) Richard T. Jacobs leads the Cyber Branch in the FBI’s New York office.  The branch investigates national security and criminal cyber matters and responds to cyber incidents in the New York metropolitan area.  In 2014, Mr. Jacobs helped establish the Financial Cyber Crimes Task Force, a multiagency initiative targeting cyber crime and technology-based fraud schemes.

Following graduation from the FBI Academy in 1999, Mr. Jacobs was assigned to New York where he investigated a variety of securities fraud matters.  From 2002 to 2005 he played the role of a corrupt stock broker in a market manipulation undercover operation which resulted in the convictions of 49 individuals.  In June 2010, he was selected to lead a Manhattan-based securities fraud unit which handled the Bernard L. Madoff and the Galleon Group insider trading investigations.  He was named Assistant Special Agent in-Charge in October 2014. 

Prior to joining the FBI, Mr. Jacobs was a risk manager on Wall Street.  He holds a Master’s Degree in information technology from Carnegie Mellon University, where he graduated with highest distinction, and an MBA with a concentration in finance. He is also a Certified Information Systems Security Professional.


Few lawyers in the world have Miriam’s breadth and understanding of privacy and data security laws, obligations, and practices. In the words of her clients, she is “extremely practical and phenomenally smart. Just about one of the best privacy advisers there is” (Chambers USA).

Co-chair of Morrison & Foerster’s preeminent Global Privacy and Data Security Group and ranked among the top in the profession by all major directories, Miriam is regularly called upon by some of the world’s largest and most complex multinational organizations to confront their most difficult U.S. and international privacy challenges. “Tremendous at helping you come up with practical solutions to real problems” (Chambers USA), she develops cutting-edge solutions for clients that marry legal compliance with business realities.

Having helped hundreds of clients respond to data security incidents, Miriam works with companies to develop comprehensive customized incident response plans, training staff, conducting extensive table top exercises, and addressing key issues with Boards of Directors and executive management.

Miriam advises organizations on the planning and execution of complex global compliance efforts, assists in the negotiation of strategic deals, and defends regulatory and litigation matters relating to privacy and data security in the United States and internationally. She serves as an arbitrator for the EU-U.S. Privacy Shield Framework Binding Arbitration Program. Miriam regularly advises on the global collection, use, and sharing of employee, customer, vendor, and consumer personal information and ediscovery and employee monitoring issues, as well as on developing data security policies and procedures and cybersecurity preparedness and response plans. She also counsels clients on cutting-edge consumer privacy issues surrounding emerging technologies such as the Internet of Things (IoT), telematics, and big data. Miriam also serves as a board member of the ADP AI & Data Ethics Committee.

As leader of the Global Privacy Alliance (GPA), Miriam encourages the rational development of privacy laws around the world and monitors privacy practices, laws, and regulations globally. On behalf of the GPA’s members, she takes an active role in anticipating upcoming privacy legislation and educating regulators on the commercial implications of proposed regulations.

Chambers USA and Chambers Global recommend Miriam in the top tier of privacy and data security lawyers worldwide, and Legal 500 US recognizes her as a leading lawyer for her “professionalism and strong international presence.” For her work in data protection and privacy, Miriam is an inaugural inductee into the 2017 Legal 500 Hall of Fame, which is comprised of outstanding U.S. lawyers who have been recommended as Legal 500 “Leading Lawyers” for the last six consecutive years. In 2016, she was named one of Financial Times’ “Top 10 Innovative Lawyers in North America” and a National Law Journal “Cybersecurity and Data Privacy Trailblazer” for her breakthrough work in this space. Miriam was previously designated an Ethisphere “Attorney Who Matters” and a BTI Client Service All-Star, and she is featured in Best Lawyers in America, 2021.


Named among The National Law Journal’s “100 Most Influential Lawyers,” Lisa Sotto chairs Hunton Andrews Kurth’s top-ranked Global Privacy and Cybersecurity practice and is the managing partner of the firm’s New York office. She also serves on the firm’s Executive Committee. Lisa has received widespread recognition for her work in the areas of privacy and cybersecurity. She was voted the world’s leading privacy advisor in all surveys by Computerworld magazine and has received top rankings for privacy and data security by Chambers and Partners and The Legal 500. Chambers and Partners honored Lisa with the 2021 Outstanding Contribution to the Legal Profession award, noting that a peer called her “a legend.” Lisa serves as the Chairperson of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. 

Nicknamed both the “Priestess of Privacy” and “Queen of Breach,” Lisa assists clients in identifying, evaluating and managing risks associated with privacy and data security practices. She provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness. Since 2005, she has advised clients on more than 2,000 cybersecurity and data breach incidents in the U.S. and abroad, including many of the world’s seminal events. She has handled numerous cyber incidents and data breaches involving industrial control systems, proprietary business information, and virtually every type of personal information. Lisa regularly meets with senior management to discuss cybersecurity legal developments, and has led numerous full board and audit committee discussions on these topics.

Lisa also advises clients on CCPA/CPRA, VCDPA, GLB, HIPAA, COPPA, CAN-SPAM, FCRA, VPPA, security breach notification laws, and other U.S. state and federal privacy and data security requirements (including HR rules), and global data protection laws (including those in the EU, Asia and Latin America). Lisa is the editor and lead author of the legal treatise entitled Privacy and Cybersecurity Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business. 

Lisa is chair of the New York Privacy Officers’ Forum and a former member of the Board of Directors of IAPP. She received her J.D. from the University of Pennsylvania Law School, where she was an editor of the Law Review. She received her B.A. from Cornell University, with Distinction in All Subjects. Lisa is admitted to practice in New York.


Recognized as a 2020 Associate to Watch in Privacy & Data Security in Chambers USA—the only associate in the country listed in that category—Colman advises clients across the country on their obligations under both domestic and international privacy and data security laws, including all 50 state data breach notification laws, the California Consumer Privacy Act (CCPA), Gramm-LeachBliley Act, HIPAA/HITECH, Telephone Consumer Protection Act, CAN-SPAM, Fair Credit Reporting Act and the GDPR. He focuses on providing practical advice that goes beyond simple compliance with the letter of the law, to understand the unique circumstances and considerations for each client, having worked with government, private industry and nonprofit entities nationwide.

When clients face front-end compliance obligations, they turn to Colman for advice on the drafting and implementation of both internal and consumer-facing policies and procedures, including privacy policies, terms of use and incident response plans. He also regularly advises on the drafting and negotiation of vendor contracts, data-transfer agreements, and HIPAA limited data-set agreements.

Colman has directed a number of responses to data incidents, from business-email compromise to employee theft of information to HIPAA risk assessments. Whether overseeing forensic investigations, preparing and delivering notifications, or responding to regulator inquiries, Colman emphasizes the quick and efficient resolution of these time-sensitive matters to ensure compliance and minimize legal risks.

Colman is also an experienced litigator, with a broad background in general commercial matters, copyright and trademark, strict product liability and antitrust, and with significant experience in patent litigation. He has represented major technology companies in courts around the country in the areas of wireless communications, semiconductors and software. On numerous occasions he has helped clients achieve favorable outcomes through dismissal and summary judgment, and has prevailed in a number of discovery disputes that went before the court.

He has devoted substantial time to pro bono representation as well. His pro bono work has included privacy and data security advice for a world-renowned art museum, trademark protection for a major NGO, and representation in asylum, landlord-tenant, and abuse and neglect matters.

Outside of his client practice, Colman makes frequent speaking and media appearances, helping to educate clients, legal professionals and the general public on a broad range of privacy and data security issues. He is an active member of The Sedona Conference® Working Group 11: Data Security and Privacy Liability and the International Association of Privacy Professionals. He also serves as Executive Director for the Johnson County First Amendment Foundation, a nonprofit organization dedicated to helping educate high school students on the importance of the First Amendment, the Constitution and civics in general.


Alejandro Mosquera is data attorney at MUFG and is based in New York. He is responsible for providing legal advice in connection with data processing activities (including data privacy and data protection) affecting MUFG’s global operations. Alejandro holds a J.D. from the Universidad de los Andes, an M.I.A. in International Finance and Management from Columbia University, an L.L.M. from The University of Chicago Law School and a one-year course diploma on International, Comparative and European Law from the Université Robert Schuman. Alejandro is admitted to practice law in New York and Colombia and has been certified by the IAPP as Privacy Law Specialist, Certified Information Privacy Professional (US) and Certified Information Privacy Manager. He is fluent in Spanish, English, Portuguese, Italian and French. 


Keith Enright serves as Google’s Chief Privacy Officer and leads the global privacy legal team.  He joined Google in March 2011. He has more than 20 years of experience in creating and implementing programs for privacy, data stewardship, and information risk management.

Prior to joining Google, Keith served as the senior-most privacy executive at two Fortune 500 online and offline retail enterprises, as senior consultant for a leading global consulting practice, and as General Counsel for a privately held advertising technology company.

Keith has been a featured speaker discussing online privacy and related subjects on NBC Nightly News with Brian Williams, CNN, NPR Talk of the Nation and other major media outlets. He has been a guest speaker at Harvard Law School, Stanford Law School, and the Massachusetts Institute of Technology, and is frequently featured at industry events focusing on technology, privacy and data protection.

Keith serves on the Board of Directors of Zoom Information, Inc., and previously served a 5-year term on the Board of Directors of the International Association of Privacy Professionals. He is NACD Directorship Certified by the National Association of Corporate Directors, is a member of the Maryland Bar, and holds the Certified Information Privacy Professional certification from the International Association of Privacy Professionals.


Laura Juanes is a multilingual law, policy and privacy expert in the technology industry. She currently serves as Global Director of Privacy Policy Engagement at Facebook Inc. 

Laura is a Spanish qualified lawyer, based in the United States, with more than fifteen years of professional experience in technology and media companies. In her role at Facebook, she leads a global team that regularly engages with regulators, policymakers, experts and advocates in order to inform on key privacy issues that impact how individuals use or relate to Facebook’s technology daily. Prior to joining Facebook, she served as an Assistant General Counsel, Privacy & Human Rights, at Yahoo Inc., where she led the legal and public policy team’s efforts on global privacy matters and the company’s Business and Human Rights Program.

Before assuming her AGC role at Yahoo, Laura held various positions, including as General Counsel at Yahoo Spain and as Director of Product Compliance and Law Enforcement response for the Americas. Laura is a law graduate of the Universidad Auto´noma de Madrid, where she worked as a lawyer before joining Yahoo.

Laura holds U.S. and EU Certifications for International Privacy Professionals (CIPP). She serves on the Advisory Board of the Information Accountability Foundation and chairs the Latin America chapter of the Centre for Information Policy Leadership. She is a mentor of startups and entrepreneurs in South Florida and Latin America and a proud Board and founder Member of Woman in Tech Miami Council, with a mission to connect and empower women with diverse technological backgrounds.


Dr Sára Gabriella Hoffman works on global privacy, data protection and cybersecurity matters for Stripe. Previously, she worked for an international law firm focusing on privacy, data protection and antitrust law. She is a cloud architecture expert. As Microsoft Fellow at Stanford, she studied technical and legal aspects of setting up data centers and protecting information from a data security perspective. Since 2013, she is a lecturer at the Freie Universität Berlin and Technische Universität Berlin, where she teaches classes on privacy engineering, data protection and competition law, as well as law & economics. She is a member of the Association for Computing Machinery (ACM).


Maneesha Mithal is the Associate Director of the Federal Trade Commission’s Division of Privacy and Identity Protection, which focuses on consumer privacy, data security, and credit reporting issues.  In this capacity, she has managed significant initiatives, including reports on Big Data, the data broker industry, the Internet of Things, consumer privacy, facial recognition, and mobile privacy disclosures.  She has testified before Congress on data security, connected cars, facial recognition, and identity theft.  She has also supervised dozens of Commission enforcement actions, including against companies such as Wyndham, Google, Youtube, Equifax, Facebook, Twitter, HTC, Snapchat, Uber, and Lenovo.  She has held numerous positions at the Commission, including Chief of Staff of the Bureau of Consumer Protection, and Assistant Director of the International Division of Consumer Protection.  Prior to joining the Commission 1999, Ms. Mithal was an attorney at the Washington law firm of Covington & Burling.  Ms. Mithal earned her law degree from the Georgetown University Law Center and her undergraduate degree from Georgetown University.


Margaret Keane is a Partner in the employment group at the international firm of DLA Piper LLP.  She is based in San Francisco and works with clients to address the challenges of today’s workplace, including workplace privacy, employee mobility issues, mobile devices, wage and hour compliance, and related workplace issues.