Skip to main content

Global Data Protection Boot Camp 2020

Speaker(s): Amy Purcell, Anna Leipsic, Benjamin Hayes, Brian L. Hengesbaugh, Bruno Gencarelli, Farah Y. Zaman, Gabriela Paiva Morette, Harry A. Valetk, Ivelisse Clausell, Jo Ann Davaris, John Crisan, Jordan Crenshaw, Michelle Perez, Stacey D. Schesser, Stefan Niederer, Timothy D. Smith
Recorded on: Oct. 13, 2020
PLI Program #: 273949


Gabriela Paiva Morette is a partner in the IPTech group and focuses on TMT matters. She received a master of laws degree from Kings College London. Worked at the London office of Baker & McKenzie in 2011, in the Intellectual Property practice group.

Practice Focus
Extensive expertise in connection with commercial contracts of the information technology, entertainment and new media industries, including drafting, negotiating and reviewing agreements involving intellectual property development, licensing and transfer of copyrights, and image/voice rights. Experience with solution implementation projects, including software license/assignment and related services (maintenance and support), professional services, distribution and outsourcing agreements. Advises on liability of internet service providers, data protection/privacy and domain name registration and related conflicts.

Focus on telecommunications, including applicable regulations and commercial practices. Expertise in strategy development in disputes involving intellectual property.

Representative Legal Matters

Legal representation of clients engaged in the following sectors: media and entertainment, telecommunications, information technology and related services.

News, Events and Publications

Co-author. Agreements involving software and registration thereof with INPI (Brazilian Patent and Trademark Office). Brazilian Association of Intellectual Property Bulletin. 2009. p.2.

Professional Associations and Memberships

Brazilian Bar Association
Brazilian Association of Intellectual Property


São Paulo, Brazil (2008) - 270498


  • Graduated in 2005 from Universidade de São Paulo Law School.
  • Master of Laws (LL.M.) at Kings College London, United Kingdom.

Amy Purcell is Chief Privacy Officer and Senior Counsel of The Vanguard Group, Inc.  Amy is responsible for leading Vanguard’s enterprise-wide Global Privacy Program and representing Vanguard on privacy-related legal issues. Amy manages a team of attorneys responsible for ensuring compliance with domestic and international privacy regulations, as well as privacy professionals responsible for the operation and implementation of Vanguard’s Global Privacy Program.

Prior to joining Vanguard, Amy practiced privacy and data security law for over 10 years at a Philadelphia law firm. 

Amy earned a B.S. in Political Science from Susquehanna University and her J.D. from Cornell Law School.

Amy resides in Wayne, PA with her husband and three sons (including 6-year old twins).  In her free time, Amy enjoys spending time with her family outdoors (especially on a beach).

Brian Hengesbaugh is Chair of the Firm's Global Data Privacy and Security Business Unit, a Member of the Firm's Global IP Tech Steering Committee, and a Member of the Firm's Financial Institutions' Group. Brian is listed in The Legal 500 Hall of Fame and was recognized as a Regulatory & Compliance Trailblazer by the National Law Journal. He is also listed as a Leading Lawyer for Cyber law (including data protection and privacy) in The Legal 500 and is listed in Chambers. Formerly Special Counsel to the General Counsel of the US Department of Commerce, Brian played a key role in the development and implementation of the US Government’s domestic and international policy in the area of privacy and electronic commerce. In particular, he served on the core team that negotiated the US-EU Safe Harbor Privacy Arrangement (Safe Harbor), and earned a Medal Award from the US Department of Commerce for this service. In addition, Brian participated on behalf of the United States in the development of a draft Council of Europe Treaty on Cyber Crime, and in the negotiation of a draft Hague Convention on Jurisdiction and the Recognition of Foreign Judgments. Brian has been quoted in the Wall Street Journal, New York Times, Forbes, CNET, Slate Magazine, Compliance Weekly, BNA Bloomberg, PCWorld and other news publications on global privacy and security issues.

Practice Focus

Brian provides advice on global data privacy, data protection, cybersecurity, digital media, direct marketing information management, and other legal and regulatory issues. He focuses on these issues in the context of: (i) advisory matters, such as new privacy and security laws and regulations, as well as technology transformations related to IoT, blockchain, mobile, cloud, data monetization, and other initiatives; (ii) transactional matters, such as mergers & acquisitions, sourcing, distributor, business partner, and other third party arrangements; and (iii) crisis matters, such as data security events, regulatory and governmental inquiries related to privacy and security issues, internal investigations, and litigation-related matters.

Brian's practice covers privacy and information management, with emphasis on regulatory and transactional issues, including data security and information technology, privacy and data protection, sourcing, digital and electronic signatures, email and telemarketing, social media, cyber crime, and jurisdiction and the enforcement of foreign judgments.

Professional Honors

  • Legal 500 Hall of Fame 
  • Leading Lawyer in Technology: Cyber law (including data protection and privacy), Legal 500 USA, 2009-2017
  • Regulatory & Compliance Trailblazer, National Law Journal, 2015
  • Recognized in Privacy and Data Security Law, Best Lawyers in America, 2016-2017

Professional Associations and Memberships

  • American Bar Association - International Law Section
  • International Association of Privacy Professionals (IAPP) - Former Advisory Board Member


Illinois~United States (2004)

Indiana~United States (1995)


University of Minnesota Law School (J.D. cum laude) (1995)

Central European University (Budapest) (Certificate) (1993)

Washington University (A.B. Economics) (1991)




Farah Zaman is Chief Privacy Officer of Meredith Corporation, responsible for leading Meredith’s privacy and first-party data strategy, as well as its compliance, education, and protection planning and procedures across all businesses and locations. Meredith is a top brand-led media company engaging audiences with trusted content across multiple platforms, including digital, video, print, and broadcast television.

Prior to joining Meredith, Zaman served as Senior Global Data Privacy Counsel for Colgate Palmolive, where she led the global data privacy program and advised the company's global legal team, stakeholders, and senior leadership on data privacy matters. Previously, she was Senior Counsel of Privacy for Nielsen. Zaman began her career in New York City government, serving as a post-graduate legal fellow in the Mayor's Office for International Affairs and subsequently as an Agency Attorney in the Office of Data Privacy for the Department of Social Services.

Zaman's passion for data privacy extends to her volunteerism. She serves on the advisory boards of the International Association of Privacy Professionals’ Women Leading Privacy section, the Future of Privacy Forum, and The Resolution Project, an organization that aims to develop socially responsible young leaders. She is also a member of the Carnegie Mellon Board of Advisors for the Dietrich College of Humanities and Social Sciences, and she served as chair of the International Women's Rights Committee of the New York County Women's Bar Association earlier in her career.

Zaman is an adjunct faculty member of Albany Law School and serves as a member of CHIEF, a private network focused on connecting and supporting women leaders.

Harry A. Valetk is a partner in the Global Privacy and Security Practice Group based in New York, advising global organizations on privacy and data security compliance requirements. He regularly supports companies in the insurance and financial services sector, retail, pharmaceutical/ healthcare, transportation/ logistics, hospitality, defense, social media, cloud technology, and manufacturing industries. His practice is focused on delivering commercially practical advice on designing security, privacy, and technologically compliant solutions. Harry's practice routinely covers issues that range from supporting M&A transactions that result in cross-border data transfers, to digital marketing, regulatory enforcement defense, and cyber security and data breach incident response. He also helps clients perform privacy risk assessments for EU-US Privacy Shield certifications, and works with highly-regulated entities on numerous data protection topics, including GDPR, CCPA, HIPAA, GLBA, FERPA, the Children’s Online Privacy Protection Act (COPPA).

Harry puts on an insider’s perspective when advising his clients having worked in-house as Director of MetLife’s Global Privacy Office in New York for almost seven years. In that role, he supported business lines in more than 60 countries to protect the personal data of over 90 million MetLife customers. Additionally, he led numerous strategic efforts to build out a global Privacy Risk Framework, achieve global compliance with applicable data privacy laws, deploy cross-border data transfer solutions, implement global training and awareness initiatives, and manage data and cyber security incidents. Before MetLife, Harry led the video game publishing industry’s privacy compliance efforts as the Director of Privacy Online for the Entertainment Software Rating Board and its COPPA Safe Harbor Seal Program. Finally, Harry served as a trial attorney for the U.S. Department of Justice, Civil Division.

Ivelisse (“Ivie”) Clausell is a seasoned privacy lawyer with an established record of helping companies achieve compliance with ever evolving privacy regulations.  Ivie is currently Vice President and Global Head of Privacy & Information Security at Esperion Therapeutics, Inc., the first person to hold such role.  She is responsible for all aspects of the company’s global data privacy and protection programs, including conducting risk assessments and implementing proper mitigation strategies; providing opportunities for enterprise learning and awareness; developing policies and procedures; leading timely incident evaluations; and generally supporting innovation through Privacy by Design and Privacy by Default principles.

Prior to joining Esperion, Ivie held various positions of increasing complexity and responsibility in biopharmaceutical companies.  At Johnson & Johnson, where she was the company’s first senior counsel of privacy law, Ivie supported the Global Privacy organization through its compliance readiness activities for GDPR, CCPA, and Brazil’s General Data Protection Law.  At Otsuka America Pharmaceutical, Inc., where, again, she was the first Privacy Officer, Ivie provided legal support for digital health initiatives and mobile applications, and established a cross-functional, cross-affiliate Global Privacy & Information Security Council to ensure consistent interpretation and application of regulations.  Prior to that, Ivie spent nearly nine years at Bristol-Myers Squibb Company, initially as an employment lawyer and eventually as part of the global privacy law group, where her career-long interest in data privacy and protection began.

Ivie holds a JD from Benjamin Cardozo/Yeshiva University School of Law, and a Master of Arts degree from Teachers College/Columbia University.  Ivie is deeply concerned and passionate about helping families that experience food insecurities.  She serves on the Board of Directors of Jo’s Outreach, a food pantry that feeds residents of Monroe and Pike Counties in northeast Pennsylvania.  She enjoys practicing yoga, cooking without recipes (the results are always a surprise!), and reading historical fiction (particularly anything by Philippa Gregory).

Jo Davaris is the first VP of Global Privacy at Booking Holdings, a world leader in online travel and related services.  She is responsible for building and aligning a consistent privacy program across their brands (, Kayak, Priceline, OpenTable, agoda and

Prior to joining Booking Holdings, Jo was the first Global Chief Privacy Officer for Mercer, a world leading consulting firm, where she was responsible for developing and overseeing a global privacy program for that provided appropriate controls and risk mitigation around the use of data across the diverse lines of business, while enabling growth, innovation and opportunity. 
Prior to joining Mercer, Jo was the Global Head of Privacy Policy and Program Development and Privacy Leader for the Institutional & Network businesses at American Express.  During her 15+ year tenure there, she held a variety of roles spanning a spectrum of pure legal (negotiating contracts with merchants and vendors) and compliance (policy creation and engagement with external sales organizations and banks) to business development (managing oil business relationships and EMV Chip marketing, communications and technical specification membership teams).  Her career path eventually led her to a focus on developing policies that enabled innovation around data analytics products while maintaining customer trust which developed into a specialization in global data protection, privacy policies and privacy program management.
Prior to American Express, Jo was an attorney for the Administration for Children’s Services in NYC, where she prosecuted parents that abused and neglected their children.
Jo is currently serving on the Education Advisory Board of the International Association of Privacy Professionals, as well as the Advisory Board of the Women, Influence and Power in Law Event.  She recently served on the Board of Directors of Rising Ground, a NYC social services non-profit organization.  She is also a frequent speaker at conferences and panels around Data Protection, Privacy Program Management, Information Governance and Regulatory Change Management.

She received both her JD and her BA from Fordham University.

John T. Crisan is currently Chief Privacy Officer at Johnson & Johnson (J&J).  J&J, through its over 130,000 employees around the globe, is the world's largest and most broadly based healthcare company, operating in the consumer, pharmaceutical, and medical device markets.

Prior to his current role, Mr. Crisan previously progressed through a series of other roles at Johnson & Johnson, including Chief Compliance Officer for Johnson & Johnson; division General Counsel for the Johnson & Johnson Consumer sector; Assistant General Counsel for M&A, Pharmaceutical and Consumer business sectors; and Regional Counsel for Asia/Pacific.

Mr. Crisan joined J&J 30 years ago from the New York City law offices of O’Melveny (previously O'Sullivan Graev & Karabell), where he specialized in corporate law, with an emphasis on mergers & acquisitions and venture capital.  Prior to his work with O'Sullivan Graev & Karabell, he practiced with the New York City firm of Reid & Priest, where he worked in the general corporate law area.

Mr. Crisan received his law degree from Georgetown University Law Center in 1985, and his bachelor's degree from Catholic University of America in 1982, both located in Washington, D.C. 

He recently completed his tenure as Chairman of the Board of Trustees of the Children’s Specialized Hospital Foundation (an independent foundation), as a member of the Board of Trustees of Children’s Specialized Hospital (the largest pediatric rehabilitative hospital in the U.S.); and currently serves as a member of the Board of Trustees of International Schools Services (the non-profit leader in global education and related services), and on the Board of Visitors of Seton Hall University Law School.  He resides in Newtown, Pennsylvania.

Jordan Crenshaw serves as Executive Director and oversees policy at the U.S. Chamber of Commerce’s Technology Engagement Center. He directly manages the Chamber’s Telecommunications & E-Commerce Policy Committee, which analyzes federal privacy, cloud computing, broadband, internet, e-commerce, and broadcast policies that impact U.S. businesses. Crenshaw also directs the Chamber’s privacy working group which is comprised of over 200 companies and trade associations, which developed model privacy legislation and principles.

Before joining the Chamber, Crenshaw served as an attorney with another trade association focusing on environmental issues and analysis of consumer privacy laws. Previously, Crenshaw managed discovery issues in the defense of a financial institution against TCPA claims at McGuireWoods, LLP. During law school, Crenshaw interned for Virginia Senate Majority Leader Thomas Norment, the Office of the Attorney General of Virginia, the U.S. Department of Labor Office of Administrative Law Judges, and the National Right to Work Defense Foundation.

Crenshaw earned both his undergraduate degree and Juris Doctor from the College of William and Mary.

Michelle Perez is the Chief Privacy Officer at Dow Jones & Company, a global provider of news and business information, where she is responsible for developing, driving and maturing Dow Jones’ privacy program.  Prior to joining Dow Jones, Michelle was the Head of Privacy at Samsung Electronics America, Inc., a multinational electronics and information technology company.  Before Samsung, Michelle served as Assistant General Counsel Privacy for the Interpublic Group of Companies (IPG), a global network of marketing and advertising communication agencies.  Her responsibilities included the development, implementation and management of data privacy policies, initiatives, strategies and programs.  Michelle joined IPG from Philips Electronics America, where she was Senior Privacy Counsel and contributed to corporate efforts aimed at addressing emerging privacy and data protection requirements and growing the company’s privacy program within the U.S. regional organization.

Michelle is a Certified Information Privacy Professional and a Certified Information Privacy Manager.

Michelle is a former Assistant U.S. Attorney for the Eastern District of New York.  She received her J.D. from Fordham Law School and her undergraduate degree from Georgetown University.

Tim Smith is Unum’s Chief Privacy Officer.  He also leads Unum’s Information Governance Compliance (IGC) organization.  Unum is a global Fortune 500 insurance company.  Unum helps people gain affordable access to disability, life, accident, critical illness, dental and vision benefits through the workplace — benefits that help them protect their families, their finances and their futures.  Unum insures approximately 36 million people and pays approximately $7 billion a year in benefits to insureds and their families.

In his 20+ years at Unum, he has held various business and leadership roles.  For the past 7 years he has been CPO and VP of IGC.  Immediately prior to leading the Privacy Office, he served as a VP of Government Affairs at Unum for 5 years. 

Tim earned a bachelor’s degree from the University of Pennsylvania and a law degree from the University of Maine.  In addition to a JD, he holds the professional designations of Certified Information Privacy Professional (CIPP/US), Associate Life and Health Claims (ALHC), Health Insurance Associate (HIA) and Managed Health Professional (MHP).

Tim has spoken and been a guest speaker throughout the U.S., including at MIT’s Center for Information Systems Research, the International Association of Privacy Professionals (IAPP) international “Privacy. Security. Risk.” Conference, the University of Maine School of Law,  and the Defense Research Institute’s (“DRI”) Data Breach and Privacy Law seminar.  He has also served on the Maine Cybersecurity Cluster Board of Directors and as Chair of the Maine Guaranty Association Board of Directors. 

He lives in Portland, Maine with his wife and their two daughters.

I advise Barclays on legal issues relating to data privacy, cybersecurity, and intellectual property in the Americas.  I enjoy the variety of unique issues raised by the business areas I cover, including Barclays U.S. consumer, investment, and corporate banks.  Most of my 14 years of lawyering have been in private practice in New York City, first at a large international law firm and then at an intellectual property boutique, where I focused on litigating trademark and copyright disputes.  I also clerked for the late Honorable Harold Baer Jr. in the U.S. District Court for the Southern District of New York.  Finally, I am committed to maintaining an active pro bono practice, primarily helping entrepreneurs who lack the means to pay for counsel.

Benjamin Hayes, Esq., CIPP/US,G,E,C, CIPM, CIPT, FIP has been a legal advisor in the area of privacy, data governance, and security incident management since 1999, focused primarily on in-house strategic and compliance counseling for multi-national enterprises.  He spent 6 years at Kirkpatrick & Lockhart (now K&L Gates) developing compliance programs with then-new privacy laws like the EU Privacy Directive, HIPAA, COPPA, and Gramm-Leach-Bliley for clients that spanned a range of industries from financial services to entertainment and media to manufacturing and shipping.  Ben developed early privacy programs for DuPont, Deutsche Bank, JP Morgan, and World Wrestling Entertainment.

Ben joined Accenture in 2006 as Americas Privacy Lead—an in-house role developing Accenture’s compliance program.  He led several global initiatives at Accenture, including the development of its incident response program, its client data protection program (a methodology for assessing data risks associated with individual consulting engagements, and right-sizing data security for the engagement, backed up with continuous auditing and program review, and an approach to contracting for cloud services so as to take account of dozens of privacy laws around the globe.

He became Nielsen’s first CPO in 2014 and spent 4 years developing its global privacy program, including the establishment of its first global privacy policy, integration of an acquired data management platform (DMP), and leading ramp-up efforts for compliance with GDPR from 2016 onwards.  

In January, 2019 Ben became the first CPO of Zeta Global, a marketing software, analytics, and data company headquartered in New York City.  In that role he is overseeing Zeta’s privacy compliance program, managing privacy integration of its acquisitions, engaging in hands-on privacy by design, and helping navigate the CCPA and beyond.

Stacey Schesser is the Supervising Deputy Attorney General for the Privacy Unit in the Consumer Protection Section of the Office of the California Attorney General.  Her recent matters include People v. Glow, People v. Equifax, and leading the team that drafted regulations for the California Consumer Privacy Act (CCPA). She began her career at the Attorney General’s Office in 2007 in its Criminal Division and has worked in the Privacy Unit since its inception in 2012.  Stacey was recently recognized as one of the Recorder’s “Women Leader in Tech Law” and was the only public sector recipient of this award.  Stacey received her J.D. at UC Berkeley’s School of Law, where she wrote on privacy law issues for the California Law Review, and received her B.A. at Douglass College, Rutgers University.

Mr Gencarelli heads the International data flows and protection Unit at the European Commission (DG Justice and Consumers). He led the Commission's work in the area of data protection in the decisive phases of the legislative reform of EU data protection law and the EU-US negotiations. In that capacity, he headed the Commission's delegation in the interinstitutional negotiations with the European Parliament and the Council that resulted in the adoption of the GDPR and "Law Enforcement Directive". He was also one of the lead negotiators of the EU-US Privacy Shield and "Umbrella Agreement". He recently negotiated the mutual adequacy arrangement with Japan that created the world’s largest area of free data flows. He currently co-leads for the Commission the negotiations with the UK on all aspects relating to justice and consumers in the context of Brexit.  Mr Gencarelli previously served as a member of the European Commission's Legal Service (representing the Commission before courts in antitrust cases) and as a chief of staff of a judge at the European Court of Justice after having practiced law in the private sector. He holds degrees in law and political science, and teaches EU Competition Law at Sciences Po Paris. He is the author of numerous publications on EU law.

Stefan Niederer is Senior Data Protection Officer at the Department for European and International Affairs of the Office of the Federal Commissioner for Data Protection and Freedom of Information. Located in Bonn, Germany, he has attended frequently meetings of the Cooperation Expert Subgroup in Brussels, which is an entity of the European Data Protection Board and its predecessor, the Article-29-Working-Party, where data protection regulators from EU member states come together to discuss important cases and topics that are of significance for many or all member states. His expertise also covers international bodies, since he regularly contributes to the work of the OECD´s Working Party on Security and Privacy in the Digital Economy (WP SPDE) as well as to the Council of Europe´s Committee on Data Protection (T-PD) or to the Global Privacy Enforcement Network (GPEN). He represents his office at the annual meetings of the International Conference of Data Protection and Privacy Commissioners and in topic-specific working groups of the conference, too. As to his background, he has studied public law, economics and public administration being a graduate of the Federal University of Administrative Sciences. After services at various federal agencies he joined the Federal Commissioner´s Office in 2007, where he first worked in the Department for Police and Intelligence Affairs before moving on to the European and International Department.