New feature: Customize your PLUS research experience with My Preferences. Learn more.
Skip to main content

Twenty-First Annual Institute on Privacy and Data Security Law


Speaker(s): Aaron P. Simpson, Adam J. Rivera, Akinyemi T. Akiwowo, Alan Charles Raul, Alejandro Mosquera, Brandon Kerstens, Bridget McIlveen, Clark Russell, Colman McCarthy, Damien Kieran, David Wong, Deborah Lynne Adleman, Douglas Bloom, Joanie Dillett, Keith Enright, Laura Juanes Micas, Lisa J. Sotto, Maneesha Mithal, Margaret A. Keane, Michele S. Lucan, Michelle Perez, Miriam H. Wugmeister, Peter M. Lefkowitz, Richard T. Jacobs, Risha Jamison, Robert Lord, Sára G. Hoffman, Thomas J. Smedinghoff, Tokë Vandervoort
Recorded on: Aug. 17, 2020
PLI Program #: 273918

Doug is an Executive Director and Co-Head of Cybersecurity and Privacy for Morgan Stanley's Legal & Compliance Division. In that role, he is responsible for the Firm's legal response to cybersecurity and privacy matters globally—including incident response, regulatory affairs and new legislation affecting the Firm.  Doug has over 20 years’ experience investigating all aspect of financial and computer crimes—having served as a federal prosecutor, criminal defense lawyer and software developer.

Prior to joining Morgan Stanley, Doug was a Director in PwC’s Cybercrime and Breach Response practice, the leader of the Firm’s Cybersecurity Risk & Regulatory Practice, and a member of the Firm’s Financial Crimes Unit.  At PwC, Doug assisted clients across the globe, responding to regulatory changes, conducting cybercrime, fraud and economic espionage investigations, corporate internal investigations and handling breaches of PwC’s clients’ computer networks.  In addition, as a leader of the Firm’s cybersecurity Board governance program, Doug regularly advised clients and their Boards on proper governance of cybersecurity programs and assisted clients in the development of their cybersecurity Board reporting programs.

Prior to joining the PwC, Doug was a federal prosecutor in the United States Attorney’s Office for the Southern District of New York, where he investigated and prosecuted national security cyber offenses, including economic espionage, hacking of national defense and government systems, and the theft of trade secrets.  In addition to his cyber work, Doug investigated and prosecuted several high profile public corruption and accounting fraud cases, and convicted the former majority leader of the New York State Senate and acting Lieutenant Governor of New York State of bribery and extortion.  Doug is a 2015 recipient of the Attorney General’s John Marshal Award, the highest attorney honor granted by the Department of Justice, and a 2013 recipient of the Federal Law Enforcement Foundation’s Prosecutor of the Year award.  Prior to joining the U.S. Attorney’s Office, Doug was an associate in Covington & Burling’s white collar criminal defense and intellectual property practices where he investigated and litigated criminal and civil accounting fraud, tax fraud, and patent infringement cases.

Doug brings deep technical expertise to his legal role, having served as a software engineer and program manager for Xerox’s Palo Alto Research Center, Microsoft and Hewlett Packard.  In those roles, Doug designed and developed artificial intelligence algorithms for natural language processing software and drivers for network management systems. 

Doug is an Adjunct Professor of Law at Fordham University, where he teaches a course on computer crimes.  He is also a published author—whose articles on cybercrime and insider threats regularly appear in the New York Law Journal—and frequent speaker on cybersecurity, fraud, and information management.  He has presented to and taught courses for the Department of Justice, FINRA, the Association of Corporate Counsel, the National Association of Corporate Directors and various universities, businesses and industry participants. 

He received a Bachelor’s degree in Symbolic Systems and a Master’s degree in Linguistics from Stanford University.  He received a Juris Doctor, cum laude, from Harvard Law School.  He is admitted to the New York bar, the U.S. District Courts for the Southern and Eastern Districts of New York, and the U.S. Court of Appeals for the Second Circuit, and is an active member of the Federal Bar Council where he serves on both the Criminal Practice and Westchester County Committees. 



Aaron Simpson is a partner with Hunton Andrews Kurth. He advises clients on a broad range of complex privacy, data protection and cybersecurity matters, including international and U.S. federal and state privacy and data security requirements. Aaron’s work ranges from advising clients on large-scale cybersecurity incidents to the development of cross-border data transfer solutions, compliance with existing and emerging data protection requirements in Europe, and negotiating data-driven commercial agreements. He has substantial experience advising clients on global privacy compliance programs, and his work includes developing strategies for compliance with the California Consumer Privacy Act of 2018. He also has advised numerous clients on the EU General Data Protection Regulation. Additionally, Aaron prepares proactive, data breach-readiness solutions for clients, including through the creation of incident response plans and conducting board-level tabletop exercises. 

Aaron is well known as a top privacy professional and has been recognized by Chambers and Partners, Computerworld and The Legal 500 for his work on behalf of clients. Aaron is the only lawyer listed in both The Legal 500 United States and The Legal 500 United Kingdom guides, providing clients with a broad and unique transatlantic perspective on privacy, data protection and cybersecurity matters.

In addition, Aaron is a sought-after media resource on privacy issues and has been quoted in such publications as Bloomberg BNA, Businessweek Magazine, Computer Weekly, Corporate Secretary, DataGuidance, Law360, SC Magazine, The Times and TIME Magazine. He regularly speaks before industry groups, legal organizations, government agencies and educational institutions at conferences, seminars, roundtables and webinars. He has written and co-written numerous articles, book chapters and handbooks on privacy and information security issues.

Aaron received his JD from the University of Virginia School of Law and his BA from the University of Texas, High Honors. He is admitted to practice in New York, and is a Registered Foreign Lawyer of England and Wales.


Adam Rivera leads the privacy team for the Americas region at Refinitiv. Adam is also the primary attorney at Refinitiv that supports the company’s cybersecurity program. Adam was heavily involved in the company’s GDPR readiness program. Adam is also leading compliance and advocacy efforts related to the newly enacted data privacy laws in California and Brazil. Adam is an active IAPP member and Co-Chair of the Connecticut IAPP KnowledgeNet chapter. Prior to his current role, Adam held various positions at Thomson Reuters, Louis Vuitton and practiced at Schulte Roth & Zabel LLP.


Akinyemi T. Akiwowo is an Executive Director in the Legal and Compliance Division of Morgan Stanley.  As a member of the Firm’s Global Litigation Group, Aki oversees the conduct of active domestic and international institutional (sales, trading, investment banking, capital markets, private equity, and investment management) civil litigation, regulatory enforcement actions, and internal investigations.  His diverse experience includes defending the Firm in data privacy and antitrust litigation matters, as well as investigations by the United States Department of Justice, Commodities and Futures Trading Commission, and the Securities and Exchange Commission.  

Aki currently co-chairs Morgan Stanley’s Legal and Compliance Division Diversity and Inclusion Network, and is also a member of the Council of Urban Professionals Fellows Board.   

Prior to Morgan Stanley, Aki was Principal Counsel in the Department of Enforcement of the Financial Industry Regulatory Authority (FINRA) where he managed a complex case load, as lead counsel, handling all aspects of investigations of member firms and associated individuals for violations of FINRA, NASD and NYSE rules and federal securities laws.  Prior to FINRA Aki was in private practice in New Jersey, focusing on commercial and securities litigation.  

Aki is a 2002 graduate of Loyola University in Maryland and a 2005 graduate of Seton Hall University School of Law. 


ALAN RAUL is the founder and leader of Sidley’s highly ranked Privacy and Cybersecurity practice. He represents companies on federal, state and international privacy, cybersecurity and digital technology issues. His practice includes global data protection and compliance programs, data breaches, crisis management, consumer protection issues and internet law. Alan advises companies regarding their cybersecurity preparedness and digital governance. Alan’s practice involves litigation, regulatory defense, internal investigations, counseling and policy advocacy. He handles consumer class actions, enforcement matters, and public policy involving the FTC, State Attorneys General, SEC, FCC, Department of Justice, international data protection authorities and other government agencies.

Alan provides clients with perspective gained from extensive government service. He previously served as Vice Chairman of the White House Privacy and Civil Liberties Oversight Board, General Counsel of the Office of Management and Budget, General Counsel of the U.S. Department of Agriculture, and Associate Counsel to the President.

Alan serves as a member of the Technology Litigation Advisory Committee of the U.S. Chamber Litigation Center (affiliated with the U.S. Chamber of Commerce). He also serves on the American Bar Association’s Cybersecurity Legal Task Force by appointment of the ABA President, and as a member of the Practicing Law Institute’s Privacy Law Advisors Group. He is a member of the governing Board of Directors of the Future of Privacy Forum, and of the Center for Democracy and Technology’s Advisory Committee.

Alan has represented a Special Cybersecurity Review Committee of the Board of Directors of a major tech company in connection with its independent investigation of the company’s handling of major data breaches. The following representative types of matters are also illustrative of the breadth of Alan’s practice:

  • Digital Governance counseling
  • Privacy and cybersecurity litigation, data breach incidents, regulatory investigations and compliance counseling
  • International data protection compliance programs and cross-border transfers
  • FTC, State Attorney General and international DPA investigations involving consumer protection, privacy, data security and unfair or deceptive business practices
  • SEC, DOJ, Congressional and Inspector General investigations 
  • Cybersecurity, government information requests and national security issues 
  • Internet litigation and counseling, and government information requests, under Electronic Communications Privacy Act and the Computer Fraud and Abuse Act
  • Administrative Procedure Act litigation, regulatory advocacy and counseling
In addition to leading a “Privacy and Data Security” practice nationally rated by Chambers Global and Chambers USA, Alan is ranked by Chambers in its top tier of Privacy and Data Security practitioners. Chambers USA has described Alan as a “true ‘ambassador’ for the privacy sector” who “attracts praise for his deep knowledge of the field. Interviewees stress that ‘he gives invaluable advice’ and is known to be a strong litigator. He also earns plaudits for his regulatory compliance and data protection policy expertise.” He has been named as a leading international Internet and E-Commerce Lawyer in Who’s Who Legal. Alan was also named to Ethisphere Institute’s “Attorneys Who Matter” in Data Privacy/Security, which recognizes lawyers with the highest commitment to public service, legal community engagement and academic involvement. The Washingtonian has named Alan one of Washington, D.C.’s Best Lawyers: Cybersecurity, and the National Law Journal named him a “Cyber Security Trailblazer.”


Bob Lord is the Chief Security Officer at the Democratic National Committee, bringing more than twenty years of experience in the information security space to the Committee, state parties, and campaigns. Previously he was Yahoo’s CISO, covering areas such as risk management, product security, security software development, e-crimes, and APT programs. Before that he acted as the CISO in Residence at Rapid 7, and before that headed up Twitter’s information security program as its first security hire. You can see some of his hobbies at https://www.ilord.com.


Brandon Kerstens is Senior Legal Counsel, Privacy for Match Group, and the Data Protection Officer for Tinder, OkCupid, Plenty of Fish and Hinge.

In these roles he works on a broad range of privacy matters, including the development and implementation of large-scale compliance initiatives, such as GDPR and CCPA, and the ongoing monitoring of compliance based on evolving market practice and regulatory guidance. Additional responsibilities include contractual negotiations of data processing agreements for all Match Group brands headquartered in North America, responding to regulatory inquiries from data protection authorities, assisting with global incident response management, conducting product/feature Privacy-by-Design reviews and DPIAs, and data governance policy development, including guidelines on retention, access, privacy-by-design, data transfers, vendor management, customer care, public relations, and global privacy policies.

Prior to Match Group, Brandon was in private practice at Osler, Hoskin & Harcourt LLP. His practiced focused on privacy and data security, and was the Firm’s national Privacy Officer. At Osler, he provided tailored, risk-based advice to a wide range of clients, from multi-nationals to start-ups, regarding privacy law compliance, anti-spam, incident management and regulatory investigations.


Bridget McIlveen is the Chief Privacy Officer of The Estée Lauder Companies responsible for the company’s privacy compliance program and strategy.  Bridget has over 10 years of experience operationalizing and advising on global privacy related matters in both a law firm and in-house setting.

Prior to joining The Estée Lauder Companies, Bridget practiced at two large national firms in Canada.  She advised clients on a broad range of privacy matters, including drafting privacy policies and procedures, responding to security incidents and investigations by privacy regulatory authorities, conducting privacy and security reviews, drafting outsourcing and service provider agreements, and conducting privacy impact assessments.  She also advised clients on consumer-protection issues associated with carrying on business over the Internet, including anti-spam legislation. 

Bridget is licensed as a Foreign Legal Consultant in New York.


Clark Russell is the Deputy Bureau Chief of the Bureau of Internet and Technology at the New York State Attorney General’s Office.  The Bureau is committed to protecting consumers from online threats and has brought a number of ground-breaking cases involving internet and technology issues.  Clark’s investigations included Secure Our Smartphones, where the office convinced smartphone manufacturers to install a “kill switch” in their smartphones; Operation Clean Turf, the largest investigation into companies flooding the Internet with fake positive reviews; and Operation Child Tracker, the largest state AG investigation of violations of the Children’s Online Privacy Protection Act (“COPPA”) by major child brand websites, and a well-known ad network.  Clark oversees the office’s data breach notification program, and secured numerous record-setting results in data breach cases.  He is also the principal draftsperson of the Stop Hacks and Improve Electronic Data Security Act ("SHIELD Act") which overhauled New York State’s data security and notification, establishing new and unprecedented safeguards of personal data.


Damien Kieran serves as Twitter’s Global Data Protection Officer and is a Legal Director and Associate General Counsel.  Damien leads Twitter’s data protection team responsible for the company’s compliance with global data protection laws.  Prior to becoming Twitter’s first Data Protection Officer, he was Global Litigation Counsel for Twitter and was responsible for managing non-U.S. litigation and regulatory matters for the company. He has testified before the U.S. Senate on Consumer Data Privacy and the European Commission on consumer protection.
 
Before joining Twitter, Damien worked at the New York offices of Paul, Weiss, Rifkind, Wharton & Garrison, LLP, and Weil, Gotshal, & Manges LLP.  His practice focused on complex contentious matters in the high-tech space.  Prior to moving to the United States, Damien worked at Google, and a leading Irish law firm in Dublin.
 
Damien received a Juris Doctorate, magna cum laude, from Northwestern University School of Law; a Master of Laws, summa cum laude, from University College Dublin; and a Bachelor of Laws, magna cum laude, from Nottingham Trent University.  He served as Editor in Chief of the University College Dublin Law Review.


Dave Wong is a Vice President at FireEye Mandiant. Mr. Wong manages the FireEye Mandiant cybersecurity consulting practice in North America. In this capacity, he leads a team of cybersecurity experts to help organizations respond to cybersecurity attacks and make them more resilient to future cybersecurity attacks.

Mr. Wong has extensive experience in cybersecurity and investigating cybercrime. Over the past 10 years, he has investigated some of the largest cybersecurity incidents, including ransomware attacks and intellectual property theft from nation states. Dave brings true front-line experience of real world cyberattacks. Through the investigations, Mandiant learns how attackers circumvent security controls. He uses this experience to help guide companies to secure their networks, data, and intellectual property.

Prior to joining FireEye, Mr. Wong was the Chief Operating Officer of the Intrepidus Group, a boutique cybersecurity firm that focused on mobile application and device security. Dave also has experience working in the financial industry at hedge funds and investment firms.

Mr. Wong is a Certified Information Systems Security Professional (CISSP) and holds a degree in Engineering from the Cooper Union for the Advancement of Science and Art.


Deborah Lynne Adleman is a Director with Ernst & Young LLP (EY) serving as the US andAmericas Data Protection Leader. Deborah provides strategic oversight for the operation of the Americas Regional Data Protection Program as well as the Global Data Protection function, in her role as a core team member of the Global Data ProtectionLeadership team. Data protection key responsibilities include policy developmentand guidance, data protection impact assessment (PIA), Pri-vacy Shield, CCPA, HIPAA,GDPR and Binding Corporate Rules (BCR) compliance, learning and awarenessprograms, incident response and accountability processes and management.

Leveraging her 20 years’ experience in ethics and compliance, Deborah isalso an executive leader within the EY Americas Risk Management, Ethics andCompliance functions where she provides directional guidance for the program.

Previous to her current position, Deborah was a leader in EY’s nationalcompliance advisory services practice where she helped clients assess,implement, improve and monitor the effectiveness of their ethics, compliance anddata protection programs. Her clients included a variety of industries includinghealthcare, financial services, and government agencies. Deborah’s clientwork included conducting corporate ethics and regulatory risk assessments,including enterprise risk management (ERM) and then implementing ethicsand governance compliance programs including learning and awareness, andregulatory compliance data analytics program monitoring including eGRC(enterprise governance, risk and compliance) solutions.

Deborah received her Bachelors of Arts from the University of Pennsylvania.  She is a certified ethics and compliance professional (CCEP) through the Societyof Corporate Compliance and Ethics as well as a certified information privacyprofessional (with CIPP, CIPM, and FIP designations) through the InternationalAssociation of Privacy Professionals.

Deborah is the author of “Compliance Program Effectiveness” Published byAspen Publications, “What You Should Know About Screening for ExcludedIndividuals and Entities”, published by Commerce Clearing House, “Look forCompliance Risks Hiding in the Registration Form” published by the PhysicianPractice Compliance Report, “Evidencing Effectiveness of Your ComplianceProgram” published by The Compliance Officer and “Broken Windows inCompliance” published by the Society for Corporate Compliance and Ethics.Deborah speaks regularly at various conferences. In her spare time, Deborah is anavid baker and writer and volunteers in the community and her church.


Joanie Dillett is Privacy Counsel at Nutanix, Inc. a leading cloud computing IT infrastructure company with more than 6,000 employees across 45+ jurisdictions worldwide. She holds CIPP(E) status and is a member of the International Association of Privacy Professionals.

Before Joanie joined Nutanix, she led the employment and privacy functions for a multinational cloud data integration software service platform where she led legal in the build out of their GDPR compliance program. Before that, she held leadership roles at other multinational technology companies where she led both the employment law, compliance and privacy legal functions.

Joanie earned her law degree summa cum laude from Southwestern University School of Law and her baccalaureate in History from the University of California Los Angeles. In addition to pursuing a passion for researching, learning and writing on all things data privacy these days, she is a contributing editor of Advising California Employers and Employees published by the California Continuing Education of the Bar.


Michele S. Lucan is an Assistant Attorney General at the Connecticut Attorney General's Office in its Privacy and Data Security Department. In this role, Michele handles all matters involving consumer privacy and information security. Most notably, Michele is currently leading and/or co-leading multistate investigations of several massive data breaches involving sensitive personal information.

Michele joined the Attorney General's Office in 2008 and first served in its Consumer Protection Division, where she investigated and pursued enforcement actions against a variety of unfair and deceptive business practices under the Connecticut Unfair Trade Practices Act. In 2013, Michele was appointed to a multidisciplinary Privacy Task Force that was created to focus the Office's response to privacy concerns and data breaches, and educate the public and Connecticut businesses about data protection responsibilities under state and federal law. In early 2015, a dedicated Privacy and Data Security Department was formed and Michele was assigned full-time to the Department from its inception. Michele has spent the past several years working exclusively on privacy-related matters.

Michele is a Certified Information Privacy Professional (CIPP)/ U.S.  She received her B.A. from Loyola University in Maryland and her J.D. from the Quinnipiac University School of Law. Michele speaks regularly on privacy-related topics to government, bar and industry groups.


Michelle Perez is the Chief Privacy Officer at Dow Jones & Company, a global provider of news and business information, where she is responsible for developing, driving and maturing Dow Jones’ privacy program.  Prior to joining Dow Jones, Michelle was the Head of Privacy at Samsung Electronics America, Inc., a multinational electronics and information technology company.  Before Samsung, Michelle served as Assistant General Counsel Privacy for the Interpublic Group of Companies (IPG), a global network of marketing and advertising communication agencies.  Her responsibilities included the development, implementation and management of data privacy policies, initiatives, strategies and programs.  Michelle joined IPG from Philips Electronics America, where she was Senior Privacy Counsel and contributed to corporate efforts aimed at addressing emerging privacy and data protection requirements and growing the company’s privacy program within the U.S. regional organization.

Michelle is a Certified Information Privacy Professional and a Certified Information Privacy Manager.

Michelle is a former Assistant U.S. Attorney for the Eastern District of New York.  She received her J.D. from Fordham Law School and her undergraduate degree from Georgetown University.


Peter Lefkowitz is Vice President and Chief Privacy & Digital Risk Officer at Citrix Systems.  Peter oversees legal and regulatory risk associated with data, products and systems, as well as policy engagement on digital issues.  Prior to joining Citrix, Peter worked as Chief Privacy Officer at GE and at Oracle.  He was the 2018 Chairman of the Board of the International Association of Privacy Professionals and is a member of the Boston Bar Association Council.  Peter attended Yale College and Harvard Law School.


Risha Jamison is Director and Associate General Counsel of Global Privacy Operations at Facebook. At Facebook she focuses on building out privacy compliance efforts, especially with respect to the FTC Order. Before Facebook she spent almost 5 years at the fintech company Stripe, where she was the third attorney hired. She was the Senior Privacy and Data Security Counsel and was responsible for building its global privacy program as well as leading global incident response for legal.

Risha lives in the Bay Area with her spouse, Christina, and their two kids.


Thomas J. Smedinghoff is Of Counsel in the Privacy & Cybersecurity practice group in the Chicago office of Locke Lord LLP. Named as a Top 50 Intellectual Property Trailblazer and Pioneer by the National ‎Law Journal, he is internationally recognized for his leadership in addressing emerging legal issues regarding ‎electronic transactions, identity management, privacy, cybersecurity, and online ‎authentication issues from both a transactional and public policy perspective. He has been retained to structure and implement first-of-their-kind e-commerce ‎initiatives, electronic transactions, and identity management and information ‎security legal infrastructures for the federal government and national and ‎international businesses including banks, insurance companies, investment ‎companies, and certification authorities.  He has also been actively involved in ‎developing legislation and public policy in the area of electronic business and identity management at the state, ‎national, and international levels. ‎

Tom is currently Co-‎Chair of the American Bar Association (ABA) Cybersecurity Legal Task Force, as well as Chair of the Identity Management Legal Task Force and Co-Chair of the Cybersecurity ‎Subcommittee in the ABA Business Law Section. Previously he also served as chair of ABA Section of Science & Technology Law, as well as chair of its Electronic ‎Commerce Division. He also served as chair of the Illinois Commission on Electronic Commerce and Crime, and as an ABA Advisor to the Uniform Law Commission (ULC) Study ‎Committee on Identity Management in Electronic Commerce and the ULC Drafting Committee on the Uniform Electronic Transactions Act.

Tom is also an advisor to the U.S. Delegation to ‎the United Nations Commission on International Trade Law (UNCITRAL), and in that capacity he ‎helped to negotiate the international e-commerce treaty known as the United Nations ‎Convention on the Use of Electronic Communications in International Contracts. He is currently ‎working with UNCITRAL to develop international legal rules to govern electronic identity ‎management issues.

He is a contributing author to the 1st and 2nd editions of The Aba ‎Cybersecurity Handbook - A Resource For Attorneys, Law Firms & Business ‎Professionals (ABA, 2013 and 2018), and co-editor and contributing author of the Guide To Cybersecurity Due Diligence In M&A ‎Transactions (ABA, 2017).  He is also the author of the book titled Information ‎Security Law: The Emerging Standard For Corporate Compliance, (2008), and editor and ‎primary author of the e-commerce book titled Online Law: The Legal Guide To Doing ‎Business On The Internet (1996). He can be reached at Tom.Smedinghoff@lockelord.com


Toke Vandervoort is SVP, Deputy General Counsel at Under Armour. Previously, she served as technology, privacy and litigation counsel and CPO to major US telecom and tech companies. Presently at Under Armour, she leads a 43+ person team of experts in commercial and technology transactions, privacy and consumer protection, patents and trademarks, employment and litigation supporting its global sports apparel and footwear business and Connected Fitness digital enterprise—the world’s largest online fitness/wellness community. She is also a member of the DHS Security Data Privacy & Integrity Advisory Committee; advisory board for Georgetown Cyber Security Law Institute; an HHS-initiated steering committee advising on the creation of non-HIPAA health data rules; and a co-founder of the ACC Data Privacy & Security Forum.


Assistant special agent in-charge (ASAC) Richard T. Jacobs leads the Cyber Branch in the FBI’s New York office.  The branch investigates national security and criminal cyber matters and responds to cyber incidents in the New York metropolitan area.  In 2014, Mr. Jacobs helped establish the Financial Cyber Crimes Task Force, a multi-agency initiative targeting cyber crime and technology-based fraud schemes.

Following graduation from the FBI Academy in 1999, Mr. Jacobs was assigned to New York where he investigated a variety of securities fraud matters.  From 2002 to 2005 he played the role of a corrupt stock broker in a market manipulation undercover operation which resulted in the convictions of 49 individuals.  In June 2010, he was selected to lead a Manhattan-based securities fraud unit which handled the Bernard L. Madoff and the Galleon Group insider trading investigations.  He was named assistant special agent in-charge in October 2014.

Prior to joining the FBI, Mr. Jacobs was a risk manager on Wall Street.  He holds a Master’s Degree in information technology from Carnegie Mellon University, where he graduated with highest distinction, and an MBA with a concentration in finance. He is also a Certified Information Systems Security Professional.


Few lawyers in the world have Miriam’s breadth and understanding of privacy and data security laws, obligations, and practices. In the words of her clients, she is “extremely practical and phenomenally smart. Just about one of the best privacy advisers there is” (Chambers USA). Co-chair of Morrison & Foerster’s preeminent Global Privacy and Data Security Group and ranked among the top in the profession by all major directories, Miriam is regularly called upon by some of the world’s largest and most complex multinational organizations to confront their most difficult U.S. and international privacy challenges.

Having helped hundreds of clients respond to data security incidents, Miriam works with companies to develop comprehensive customized incident response plans, training staff, conducting extensive table top exercises, and addressing key issues with Boards of Directors and executive management.

Miriam advises organizations on the planning and execution of complex global compliance efforts, assists in the negotiation of strategic deals, and defends regulatory and litigation matters relating to privacy and data security in the United States and internationally. She serves as an arbitrator for the EU-U.S. Privacy Shield Framework Binding Arbitration Program. Miriam regularly advises on the global collection, use, and sharing of employee, customer, vendor, and consumer personal information and ediscovery and employee monitoring issues, as well as on developing data security policies and procedures and cybersecurity preparedness and response plans. She also counsels clients on cutting-edge consumer privacy issues surrounding emerging technologies such as the Internet of Things (IoT), telematics, and big data.

Chambers USA and Chambers Global recommend Miriam in the top tier of privacy and data security lawyers worldwide, and Legal 500 US recognizes her as a leading lawyer for her “professionalism and strong international presence.” For her work in data protection and privacy, Miriam is an inaugural inductee into the 2017 Legal 500 Hall of Fame, which is comprised of outstanding U.S. lawyers who have been recommended as Legal 500 “Leading Lawyers” for the last six consecutive years. In 2016, she was named one of Financial Times’ “Top 10 Innovative Lawyers in North America” and a National Law Journal “Cybersecurity and Data Privacy Trailblazer” for her breakthrough work in this space.  Miriam was previously designated an Ethisphere “Attorney Who Matters” and a BTI Client Service All-Star, and she has been featured in Best Lawyers in America every year since 2008.


Named among The National Law Journal’s “100 Most Influential Lawyers,” Lisa Sotto chairs Hunton Andrews Kurth’s top-ranked Global Privacy and Cybersecurity practice and is the managing partner of the firm’s New York office. She also serves on the firm’s Executive Committee. Lisa has received widespread recognition for her work in the areas of privacy and cybersecurity. She was voted the world’s leading privacy advisor in all surveys by Computerworld magazine and has received top rankings for privacy and data security by Chambers and Partners and The Legal 500. Lisa serves as the Chairperson of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. 

Nicknamed both the “Priestess of Privacy” and “Queen of Breach,” Lisa assists clients in identifying, evaluating and managing risks associated with privacy and data security practices. She advises clients on GLB, HIPAA, COPPA, CAN-SPAM, FCRA, VPPA, security breach notification laws, and other U.S. state and federal privacy and data security requirements (including HR rules), and global data protection laws (including those in the EU, Asia and Latin America). More recently, Lisa and her team have assisted more than 100 clients in developing strategies for complying with the California Consumer Privacy Act of 2018.

Lisa also provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness. Since 2005, she has advised clients on more than 1,600 cybersecurity and data breach incidents in the U.S. and abroad, including many of the seminal events. Lisa is the editor and lead author of the legal treatise entitled Privacy and Cybersecurity Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business. 

Lisa is chair of the New York Privacy Officers’ Forum and a former member of the Board of Directors of IAPP. She received her J.D. from the University of Pennsylvania Law School, where she was an editor of the Law Review. She received her B.A. from Cornell University, with Distinction in All Subjects. Lisa is admitted to practice in New York.


Recognized as a 2020 Associate to Watch in Privacy & Data Security in Chambers USA—the only associate in the country listed in that category—Colman advises clients across the country on their obligations under both domestic and international privacy and data security laws, including all 50 state data breach notification laws, the California Consumer Privacy Act (CCPA), Gramm-LeachBliley Act, HIPAA/HITECH, Telephone Consumer Protection Act, CAN-SPAM, Fair Credit Reporting Act and the GDPR. He focuses on providing practical advice that goes beyond simple compliance with the letter of the law, to understand the unique circumstances and considerations for each client, having worked with government, private industry and nonprofit entities nationwide.

When clients face front-end compliance obligations, they turn to Colman for advice on the drafting and implementation of both internal and consumer-facing policies and procedures, including privacy policies, terms of use and incident response plans. He also regularly advises on the drafting and negotiation of vendor contracts, data-transfer agreements, and HIPAA limited data-set agreements.

Colman has directed a number of responses to data incidents, from business-email compromise to employee theft of information to HIPAA risk assessments. Whether overseeing forensic investigations, preparing and delivering notifications, or responding to regulator inquiries, Colman emphasizes the quick and efficient resolution of these time-sensitive matters to ensure compliance and minimize legal risks.

Colman is also an experienced litigator, with a broad background in general commercial matters, copyright and trademark, strict product liability and antitrust, and with significant experience in patent litigation. He has represented major technology companies in courts around the country in the areas of wireless communications, semiconductors and software. On numerous occasions he has helped clients achieve favorable outcomes through dismissal and summary judgment, and has prevailed in a number of discovery disputes that went before the court.

He has devoted substantial time to pro bono representation as well. His pro bono work has included privacy and data security advice for a world-renowned art museum, trademark protection for a major NGO, and representation in asylum, landlord-tenant, and abuse and neglect matters.

Outside of his client practice, Colman makes frequent speaking and media appearances, helping to educate clients, legal professionals and the general public on a broad range of privacy and data security issues. He is an active member of The Sedona Conference® Working Group 11: Data Security and Privacy Liability and the International Association of Privacy Professionals. He also serves as Executive Director for the Johnson County First Amendment Foundation, a nonprofit organization dedicated to helping educate high school students on the importance of the First Amendment, the Constitution and civics in general.


Keith Enright serves as Google’s Chief Privacy Officer and leads the global privacy legal team. He joined Google in March 2011.  He has nearly 20 years of experience in creating and implementing programs for privacy, data stewardship, and information risk management.

Prior to joining Google, Keith served as the senior-most privacy executive at two Fortune 500 online and offline retail enterprises, as senior consultant for a leading global consulting practice, and as General Counsel for a successful advertising technology company.

Keith served a 5-year term on the Board of Directors of the International Association of Privacy Professionals. He has been a guest speaker at Harvard Law School, Stanford Law School, and the Massachusetts Institute of Technology, and is frequently a featured speaker at industry events focusing on technology, privacy and data protection. He is a member of the Maryland Bar and holds the Certified Information Privacy Professional, U.S., and Government (CIPP/US, CIPP/G) certifications.


Laura Juanes is a multilingual law, policy and privacy expert in the technology industry. She currently serves as Global Director of Privacy Policy Engagement at Facebook Inc. 

Laura is a Spanish qualified lawyer, based in the United States, with more than fifteen years of professional experience in technology and media companies. In her role at Facebook, she leads a global team that regularly engages with regulators, policymakers, experts and advocates in order to inform on key privacy issues that impact how individuals use or relate to Facebook’s technology daily. Prior to joining Facebook, she served as an Assistant General Counsel, Privacy & Human Rights, at Yahoo Inc., where she led the legal and public policy team’s efforts on global privacy matters and the company’s Business and Human Rights Program.

Before assuming her AGC role at Yahoo, Laura held various positions, including as General Counsel at Yahoo Spain and as Director of Product Compliance and Law Enforcement response for the Americas. Laura is a law graduate of the Universidad Auto´noma de Madrid, where she worked as a lawyer before joining Yahoo.

Laura holds U.S. and EU Certifications for International Privacy Professionals (CIPP). She serves on the Advisory Board of the Information Accountability Foundation and chairs the Latin America chapter of the Centre for Information Policy Leadership. She is a mentor of startups and entrepreneurs in South Florida and Latin America and a proud Board and founder Member of Woman in Tech Miami Council, with a mission to connect and empower women with diverse technological backgrounds.


Alejandro Mosquera is data attorney at MUFG and is based in New York. He is responsible for providing legal advice in connection with data processing activities (including data privacy and data protection) affecting MUFG’s global operations. Alejandro holds a J.D. from the Universidad de los Andes, an M.I.A. in International Finance and Management from Columbia University, an L.L.M. from The University of Chicago Law School and a one-year course diploma on International, Comparative and European Law from the Université Robert Schuman. Alejandro is admitted to practice law in New York and Colombia and has been certified by the IAPP as Privacy Law Specialist, Certified Information Privacy Professional (US) and Certified Information Privacy Manager. He is fluent in Spanish, English, Portuguese, Italian and French.


Dr Sára Gabriella Hoffman works on global privacy, data protection and cybersecurity matters for Stripe. Previously, she worked for an international law firm focusing on privacy, data protection and antitrust law. She is a cloud architecture expert. As Microsoft Fellow at Stanford, she studied technical and legal aspects of setting up data centers and protecting information from a data security perspective. Since 2013, she is a lecturer at the Freie Universität Berlin and Technische Universität Berlin, where she teaches classes on privacy engineering, data protection and competition law, as well as law & economics. She is a member of the Association for Computing Machinery (ACM).


Maneesha Mithal is the Associate Director of the Federal Trade Commission’s Division of Privacy and Identity Protection, which focuses on consumer privacy, data security, and credit reporting issues.  In this capacity, she has managed significant initiatives, including reports on Big Data, the data broker industry, the Internet of Things, consumer privacy, facial recognition, and mobile privacy disclosures.  She has testified before Congress on data security, connected cars, facial recognition, and identity theft.  She has also supervised dozens of Commission enforcement actions, including against companies such as Wyndham, Google, Youtube, Equifax, Facebook, Twitter, HTC, Snapchat, Uber, and Lenovo.  She has held numerous positions at the Commission, including Chief of Staff of the Bureau of Consumer Protection, and Assistant Director of the International Division of Consumer Protection.  Prior to joining the Commission 1999, Ms. Mithal was an attorney at the Washington law firm of Covington & Burling.  Ms. Mithal earned her law degree from the Georgetown University Law Center and her undergraduate degree from Georgetown University.


Margaret Keane is a Partner in the employment group at the international firm of DLA Piper LLP.  She is based in San Francisco and works with clients to address the challenges of today’s workplace, including workplace privacy, employee mobility issues, mobile devices, wage and hour compliance, and related workplace issues.