Skip to main content

Fundamentals of Privacy Law 2020


Speaker(s): Christopher J. Bender, Elaine C. Zacharakis, Elise Houlik, Flora J. Garcia, Iliana L. Peters, Jo Ann Davaris, Joseph V. DeMarco, Kelly A. Harris, Ken Mortensen, Kristen Ahearn Merigliano, Lei Shen, Maureen A. Young, Meredith K. Grauer, Peter F. McLaughlin, Peter J. Guffin, Ronald E. Plesco , Virginia Lee, William E. Min
Recorded on: Dec. 14, 2020
PLI Program #: 274000

Christopher Bender is a systems security and integration professional with over 30 years of experience in the public and private sector.  Mr. Bender has worked with national and international clients in the financial services, healthcare, energy, defense, aerospace, and transportation sectors accomplish change and taking on new initiatives securely and effectively.

Mr. Bender has developed approaches and methods for working with diverse programs and systems that leverage risk management and business value processes to execute and deliver results that cross technical, legal, and operational domains.  Mr. Bender has led initiatives that have transformed organizations such as introducing systemic risk management to oversight and governance programs; implementing enterprise level security programs that span disparate systems and operating units while influencing the corporate culture for security; and transforming decades old development and infrastructure groups at banks to embrace DevOps and Continuous Integration/ Continuous Deployment (CI/CD).

Mr. Bender is currently the President of the Northcross Group (NCG).  NCG provides professional consulting and program services for mergers and acquisitions, program development, platform migrations, system conversions, and incident response.

Prior to NCG, Mr. Bender was the Vice President of Technology for Millennium Information Systems (MIS), a systems engineering firm supporting the FAA and DOD, as well commercial aerospace.  Mr. Bender was the Lead Architect for the FAA’s Air Transportation Oversight System (ATOS), which implemented a system safety approach for risk management to the oversight program of commercial air carriers.  Mr. Bender was an acting ISSO for the FAA’s Flight Standards Division immediately after 9/11 and led data classification efforts and control assessments for the Division. 

Mr. Bender is a Certified Information Systems Security Professional, CISSP and a Certified Data Privacy Solutions Engineer (CDPSE). Mr. Bender holds a Masters of Science in Information Systems and a Bachelors of Arts in Economics from GW University.  Mr. Bender was adjunct faculty at GW from 1994-1995 in the Columbia College of Arts & Science, and Graduate Program instructor for the Engineering School’s Risk Management program from 2012-2017.  Mr. Bender has a graduate certificate from the University of Virginia in organizational development.


Elise Houlik is Senior Vice President and Assistant General Counsel on Mastercard’s Privacy and Data Protection legal team.  Based in the company’s Global Headquarters in New York, Elise is the company’s Privacy Lead for the North American and Latin American & Caribbean markets.  She manages a cross-functional team of lawyers responsible for ensuring privacy and data protection compliance while advancing business innovation utilizing a privacy by design methodology.  Her team is directly engaged in product development processes for the company’s digital partnerships, open banking, commercial, marketing, and enterprise partnerships divisions on a worldwide basis.  Elise further oversees detailed analysis of emerging data protection laws, regulations and policies across the globe, counseling teams on the impact the changing privacy regulatory environment has on the company and its strategic objectives.

Elise formerly served as Mastercard’s Vice President and Senior Managing Counsel for Privacy and Data Protection in North America.  She previously held the role of Associate General Counsel at Fannie Mae in Washington, D.C., acting as the company’s Lead Privacy & Cybersecurity counsel for several years. 

Active in the greater privacy community, Elise is on the Leadership Council of the Sedona Conference’s Working Group 11 (Data Security & Privacy Liability).  She is Senior Editor of the group’s first publication, the Data Privacy Primer.  In Washington, D.C., Elise served as Co-Chair of the International Association of Privacy Professionals (IAPP) Washington, DC KnowledgeNet Chapter.

Elise received a juris doctor from George Washington University Law School after completing her bachelor of arts studies in English at Johns Hopkins University.  She is a Certified Information Privacy Professional (CIPP-US) and is admitted in the State of Maryland, the District of Columbia, and as In-House Counsel in the State of New York.


Flora J. Garcia discovered privacy law one snowy night in law school when she read the case of Bodil Lindqvist, a Swedish woman who was the first person charged with violating the EU Privacy Directive.  Flora recently joined Wayfair as Data Protection leader. Previously, she was McAfee’s Global Chief Privacy Officer and Information Security Attorney, after stints at MUFG Union Bank and magazine publisher Time Inc. 

Flora is a graduate of the evening program at Fordham Law School, the University of North Carolina at Chapel Hill’s Journalism School, and Duke University, where she majored in computer science and economics.  Flora is an IAPP Fellow of Information Privacy and holds the CIPP/US, CIPP/IT, and CISSP certifications.  


Jo Davaris is the first VP of Global Privacy at Booking Holdings, a world leader in online travel and related services.  She is responsible for building and aligning a consistent privacy program across their brands (Booking.com, Kayak, Priceline, OpenTable, agoda and rentalcars.com).

Prior to joining Booking Holdings, Jo was the first Global Chief Privacy Officer for Mercer, a world leading consulting firm, where she was responsible for developing and overseeing a global privacy program for that provided appropriate controls and risk mitigation around the use of data across the diverse lines of business, while enabling growth, innovation and opportunity. 
 
Prior to joining Mercer, Jo was the Global Head of Privacy Policy and Program Development and Privacy Leader for the Institutional & Network businesses at American Express.  During her 15+ year tenure there, she held a variety of roles spanning a spectrum of pure legal (negotiating contracts with merchants and vendors) and compliance (policy creation and engagement with external sales organizations and banks) to business development (managing oil business relationships and EMV Chip marketing, communications and technical specification membership teams).  Her career path eventually led her to a focus on developing policies that enabled innovation around data analytics products while maintaining customer trust which developed into a specialization in global data protection, privacy policies and privacy program management.
 
Prior to American Express, Jo was an attorney for the Administration for Children’s Services in NYC, where she prosecuted parents that abused and neglected their children.
 
Jo is currently serving on the Education Advisory Board of the International Association of Privacy Professionals, as well as the Advisory Board of the Women, Influence and Power in Law Event.  She recently served on the Board of Directors of Rising Ground, a NYC social services non-profit organization.  She is also a frequent speaker at conferences and panels around Data Protection, Privacy Program Management, Information Governance and Regulatory Change Management.

She received both her JD and her BA from Fordham University.


Joseph V. DeMarco is a partner at DeVore & DeMarco LLP where he specializes in counseling clients on complex issues involving information privacy and security, theft of intellectual property, computer intrusions, on-line fraud, and the lawful use of new technology. His years of experience in private practice and in government handling the most difficult cybercrime investigations handled by the United States Attorney’s Office have made him one of the nation’s leading experts on Internet crime and the law relating to emerging technologies.

From 1997 to 2007, Mr. DeMarco served an Assistant United States Attorney for the Southern District of New York, where he founded and headed the Computer Hacking and Intellectual Property Program, a group of five prosecutors dedicated to investigating and prosecuting violations of federal cybercrime laws and intellectual property offenses. Under his leadership, cybercrime prosecutions grew from a trickle in 1997 to a top priority of the United States Attorney’s Office, encompassing all forms of criminal activity affecting e-commerce and critical infrastructures including computer hacking crimes; transmission of Internet worms and viruses; electronic theft of trade secrets; illegal use of “spyware”; web-based frauds; unlawful Internet gambling; and criminal copyright and trademark infringement offenses. As a recognized expert in the field, Mr. DeMarco was frequently asked to counsel prosecutors and law enforcement agents regarding novel investigative and surveillance techniques and methodologies, and regularly provided advice to the United States Attorney concerning the Office’s most sensitive computer-related investigations. In 2001, Mr. DeMarco also served as a visiting Trial Attorney at the Department of Justice Computer Crimes and Intellectual Property Section in Washington, D.C., where he focused on Internet privacy, gaming, and theft of intellectual property.

Mr. DeMarco is on the panel of approved neutrals of the American Arbitration Association (AAA) where he focuses on resolving disputes between businesses involving data privacy, high-technology and commercial law issues.  He speaks frequently on the benefits of ADR in the area of data security and privacy litigation.

Since 2002, Mr. DeMarco has served as an Adjunct Professor at Columbia Law School, where he teaches the upper-class Internet and Computer Crimes seminar. He has spoken throughout the world on cybercrime, e-commerce, and IP enforcement. He has lectured on the subject of cybercrime at Harvard Law School, the Practicing Law Institute, the National Advocacy Center, and at the FBI Academy in Quantico, Virginia, and has served as an instructor on cybercrime to judges attending the New York State Judicial Institute.

Prior to joining the United States Attorney’s Office, Mr. DeMarco was a litigation associate at Cravath, Swaine & Moore in New York City, where he concentrated on intellectual property, antitrust, and securities law issues for various high-technology clients. Prior to that, Mr. DeMarco served as law clerk to the Honorable J. Daniel Mahoney, United States Circuit Judge for the Second Circuit Court of Appeals.

Mr. DeMarco holds a J.D. magna cum laude from New York University School of Law. At NYU he was a member of the NYU Law Review. He received his B.S.F.S. summa cum laude from the Edmund A. Walsh School of Foreign Service at Georgetown University.  Mr. DeMarco is active in numerous professional associations including the:

  • International Bar Association (Technology and Litigation Sections);
  • International Association of Korean Lawyers (Regional Governor, New York Region);
  • New York State Bar Association, ADR Section;
  • New York State Bar Association, Commercial and Federal Litigation Section (Co-chair, Internet and IP Committee, 2009-present);
  • Connecticut Bar Association;
  • Fairfield County (CT) Bar Association;
  • New Haven County (CT) Bar Association;
  • New York City Bar Association (Co-Chair, Information Technology Law Committee; Past
  • Member, Copyright Committee); and
  • The Copyright Society of the U.S.A.

Mr. DeMarco is a Martindale-Hubbell AV-rated lawyer for Computers and Software, Litigation and Internet Law, and is also listed in Chambers USA: America’s Leading Lawyers for Business guide as a leading lawyer nationwide in Privacy and Data Security. He has also been named as a “SuperLawyer” for his expertise and work in the area of Intellectual Property Litigation. He has published numerous articles and appeared on major news programs in his practice areas; is a member of the Professional Editorial Board of the prestigious Computer Law and Security Review (Elsevier); and serves on the Board of Advisors of the Center for Law and Information Policy at Fordham University School of Law.

Mr. DeMarco has received numerous professional awards, including the U.S. Department of Justice Director’s Award for Superior Performance, as well as the Lawyer of Integrity Award from the Institute for Jewish Humanities. In his spare time he enjoys parenting, golf, and listening to classical piano.


Lei Shen is a partner in the Cybersecurity & Data Privacy and Technology Transactions practices in Mayer Brown’s Chicago office. Lei advises clients regarding a wide range of global data privacy and security issues. She advises companies on navigating and complying with state, federal, and international privacy regulations, including with regard to global data transfers, data breach notification, the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Children’s Online Privacy Protection Act (COPPA), CAN-SPAM, and more. She also advises on e-commerce issues, such as electronic contracting and signatures, and on issues concerning mobile privacy and emerging technologies, such as telematics services, Internet of Things, and big data.

Lei has extensive experience working with companies across many industries to develop privacy statements, terms of use, privacy policies and playbooks, and other internal and external policies and procedures to comply with privacy laws. She regularly negotiates data privacy and security provisions in vendor agreements. Lei has passed the Certified Information Privacy Professional/United States (CIPP/US) certification exam offered by the International Association of Privacy Professionals (IAPP).

Lei was named to Global Data Review’s “40 Under 40” list for top data lawyers from around the world.


Maureen A. Young is Senior Regulatory Counsel and Senior Vice President at Bank of the West, a member of the BNP Paribas Group.  She advises on a wide range of financial services regulatory, data privacy and security, compliance, examination, enforcement and corporate governance matters, as well as regulatory strategy and policy issues.  She supports major business initiatives involving the Bank and its U.S. and global BNP Paribas affiliates, including innovation and fintech projects.  She is a Certified Information Privacy Professional (CIPP/US), International Association of Privacy Professionals (IAPP).

Prior to joining Bank of the West in 2016, Maureen was Managing Director and Associate General Counsel at MUFG Union Bank, serving as a lead lawyer on key regulatory and implementation projects and as lead privacy counsel to the Privacy and Information Security team. The strategic projects she supported included strategy for and formation of a U.S. intermediate holding company as required by the Federal Reserve’s Enhanced Prudential Standards regulations. She also served as legal centerpost on a major business integration consolidating the U.S. workforce under one legal entity and integrating business line management and operations across MUFG’s legal entities in the Americas.

Maureen was previously a partner at a large international law firm, where she was a member of the Financial Institutions Corporate and Regulatory Group, Commercial Technology Group, and was Co-Chair and Co-Founder of the firm’s Privacy and Security Group. Before joining the firm in 2003, Maureen was Assistant General Counsel in Bank of America’s Legal Department, Regulatory and Corporate Services Group.

Maureen is well-established in the California and national banking and financial services industry. She is a member of the Board of Directors of the Financial Women of San Francisco, currently serving as Co-Chair of the Programs Committee.  She is a past Chair of the American Bar Association Banking Law Committee, as well as a past Chair of the Financial Institutions Committee of the California Lawyers Association and past President of the San Francisco Bank Attorneys Association.  She organizes presentations and speaks regularly to financial and professional organizations.

She received her J.D. from University of California at Berkeley, School of Law, her Ph.D. and M.A. in Jurisprudence and Social Policy from University of California at Berkeley, and her A.B. (magna cum laude, Phi Beta Kappa) from Georgetown University.


Peter J. Guffin is a partner at Pierce Atwood LLP and heads the firm’s Privacy & Data Security practice.  He regularly advises clients with respect to compliance with state, federal, and international laws and regulations relating to privacy and data protection, as well as with respect to data security incidents, ranging from internal investigations, incident response, breach notification obligations, communications with regulators, risk mitigation, and litigation strategies. 

Guffin also is a Professor of Practice and Director of the Information Privacy Law Program at the University of Maine School of Law (teaching information privacy and cybersecurity law).

Guffin is a graduate of University of Pennsylvania Law School and Rutgers College (magna cum laude; Phi Beta Kappa).  He has been listed since 2014 in the Best Lawyers in America for Copyright Law, Trademark Law, and Litigation-Intellectual Property.  In 2017, he was among a distinguished group of leading privacy law scholars and practitioners selected to serve as an independent arbitrator for EU-US Privacy Shield Program by the US Department of Commerce and EU Commission.  He is a Certified Information Privacy Professional (CIPP/US, CIPP/E), International Association of Privacy Professionals.

His publications include: co-author, Maine: Internet Privacy Law Advances Consumer Privacy Protection and Fills a Federal-level Regulatory Void, OneTrust Data Guidance, July 2020; author, Digital Court Records Access, Social Justice, and Judicial Balancing: What Judge Coffin Can Teach UsMaine Law Review, May 2020; co-author, Maine's New Internet Privacy Law in BriefMaine Lawyers Review, July 11, 2019; author, Why Study Privacy Law?, Maine Bar Journal, Volume 33, Winter/Spring 2018 ; author, Chapter titled “The Electronic Communications Privacy Act” in “Data Security and Privacy in Massachusetts, book published by MCLE Press (2018); founder and author of the blog, Privacy Law Perspectives, www.privacylawperspectives.com.

His recent presentations include:

  • “Artificial Intelligence Technologies and Data Protection," AI webinar at University of Maine (May 2020)
  • “Why Privacy Matters,” Maine State Bar Association Annual Bar Conference (June 2018)
  • “Transparency and Privacy: Court Records and E-Filing in Maine,” Maine State Bar Association Annual Bar Conference (June 2018)
  • “The EU General Data Protection Regulation: What Researchers Need to Know,” presentation at Research Integrity Symposium (May 2018)
  • “The NAIC Insurance Data Security Model Law: What Insurers Need to Know,” presentation at education session of Members Participation Council meeting of the National Organization of Life and Health Guaranty Associations (April 2018)
  • “Beyond Ethics – Privacy, Cybersecurity and Data Breach Notification Laws Affecting Lawyers,” CLE presentation sponsored by the Maine State Bar Association and the Maine Board of Overseers of the Bar (November 2017)


Ronald Plesco, a former prosecutor, is an internationally known information security and privacy lawyer with more than 20 years of experience in cyber investigations, privacy, threat intelligence, information assurance, identity management, cyber threats and cyber-enabled frauds, data analytics and artificial intelligence.

Ronald's clients represent the top global retail, financial, manufacturing, automotive, technology, communications, defense, life sciences and private equity corporations. 

Experience

Ron is a seasoned professional and recognized leader with experience in:

  • Privacy
  • Cyber Incident response and investigation
  • Cyber Threat Intelligence
  • Cyber Crime Threats
  • Credit Card Fraud
  • Identity and Information Theft
  • Identity Management
  • Information Assurance
  • Risk and Compliance
  • Brand Development/Management

Prior Experience

Ronald previously served as CEO of the National Cyber Forensics & Training Alliance (NCFTA), where he managed the development of intelligence that led to more than 400 worldwide cybercrime arrests in four years and prevented over US$2 billion in fraud. 

Notable NCFTA intelligence-led arrests include Ghost Click, Anonymous, Coreflood and multiple online frauds.

Ronald also previously served under Governor Tom Ridge as the Director of Public Safety Policy for Pennsylvania. Immediately after 9/11, he was also selected to serve as chair of the Cyber Attacks Committee for the Pennsylvania Homeland Security Council. He also supported Secretary Tom Ridge at the US Department of Homeland Security in the development and deployment of the National Cyber Security Division, US-CERT, TSA Secure Flight and US-VISIT programs.

Prior to joining DLA Piper, Ron was a Principal in KPMG's Cyber Services practice and concentrated on the healthcare, manufacturing, financial, insurance, retail, and automotive industries. Ron joined KPMG in 2012 after a distinguished career in the private and public sectors and is a frequent speaker internationally.

Recognitions

  • Winner, Most Influential People in Security, Security Magazine, December 2010
  • Winner, Editors' Choice Award, Secure Computing Magazine, 2010

Education

  • J.D., Oklahoma City University School of Law
  • B.A., History and Political Science, Washington & Jefferson College

Memberships

  • Commissioned Member, Pennsylvania Homeland Security Council
  • Past President, Central Pennsylvania Infragard Chapter
  • Past Chief Counsel/Technology Counsel, International Association of Financial Fraud Investigators
  • NCFTA Board Member & Chair
  • Economic Crime Institute, Utica College Board Member
  • Infragard Board Member
  • Member, American Bar Association
  • Member, American Bar Association Science and Technology Committee (member sub¬committees or cyber crime and privacy)
  • Member, American Society for Industrial Security High Technology Crimes Investigators
  • Member, International Association of Privacy Professionals
  • Member, International Association of Chiefs of Police Member, International Association of Financial Fraud Investigators
  • Member, Pennsylvania Bar Association
  • Member, RSA Chairman’s Circle


William (Bill) Min is Executive Vice President and General Counsel for the LexisNexis Risk Solutions Group, a part of RELX. In this role, he is responsible for all legal, compliance and regulatory matters across the global organization. LexisNexis Risk Solutions Group is part of RELX (LSE: REL/AMS: REN/NYSE: RELX), a global provider of information and analytics for professional and business customers across industries.

Prior to joining RELX, Bill served as Deputy General Counsel and Chief Privacy & Data Governance Officer at Western Union. He also held in-house legal positions at Live Nation Entertainment, Inc., Starwood Hotels & Resorts, Sara Lee Corporation and Sunkyong America, Inc. Prior to working as in-house counsel, Bill was a mergers and acquisitions attorney at two New York City law firms.

Among his accomplishments, Bill is acknowledged as an expert in the area of data privacy, and built and led the global privacy function at Western Union, Live Nation and Starwood.

Bill holds a BA in the Biological Basis of Behavior from the University of Pennsylvania, a MA in Liberal Studies from State University of New York at Stony Brook, and a JD from Fordham University School of Law.


Overview

Iliana L. Peters believes good data privacy and security is fundamental to ensuring patients’ trust in the health care system, and to helping health care clients succeed in an ever-changing landscape of threats to data security. She is recognized by the health care industry as a preeminent thinker and speaker on data privacy and security, particularly with regard to HIPAA, the HITECH Act, the 21st Century Cures Act, the Genetic Information Nondiscrimination Act (GINA), the Privacy Act, and emerging cyber threats to health data.

For over a decade, she both developed health information privacy and security policy, including on emerging technologies and cyber threats, for the Department of Health and Human Services, and enforced HIPAA regulations through spearheading multi-million dollar settlement agreements and civil money penalties pursuant to HIPAA. Iliana also focused on training individuals in both the private and public sector, including compliance investigators, auditors, and State Attorneys General, on HIPAA regulations and policy, and on good data privacy and security practices.

As a CISSP, Iliana works hard to bridge the gap between legal requirements for the security of health data and security industry best practices, so that clients can better understand data security issues and jargon. She is excited to bring her extensive experience drafting, implementing, and enforcing health privacy and security regulations and guidance to a practice that focuses on helping clients develop and implement good data privacy and security practices to avoid risk, and helping clients prepare for and recover from emerging cyber threats.


Elaine Zacharakis Loumbas is an experienced attorney who focuses her practice on corporate and regulatory health law, privacy, and information technology matters.   Over the course of her career, Elaine has represented the full spectrum of health care entities, including, but not limited to hospitals, pharmaceutical companies, medical device companies, pharmacies, retail health clinics, health insurance companies, pharmacy benefit managers, and physicians. 

In addition, she has a technology background with an engineering degree from Columbia University and work experience as a management information systems consultant.  This background enables her to consult with her clients and interact with their privacy, cybersecurity and information technology teams in a valuable way. 

Since 1999 (when the HIPAA regulations were first introduced), Elaine has counseled clients extensively on privacy compliance matters.  She also has worked on a panoply of health information technology agreements.  Elaine’s experience also extends to medical devices, pharma and the biotech industries where she advises on regulatory and intellectual property licensing matters and has negotiated a variety of contracts.

Some representative projects include:  negotiating numerous health information technology agreements for hospital clients, preparing privacy policies for a medical device company, negotiating telemedicine agreements, establishing a pharmacy benefit management program for an on-line pharmacy, drafting HIPAA policies and consulting for the privacy office of a global pharmaceutical company, serving as privacy counsel to an association that develops quality tools and data analysis for hospital systems, negotiating provider agreements with over 140 health plans on behalf of a national provider system, preparing HIPAA compliance documents and negotiating business associate agreements for a business associate of health plans, incorporating start-up health care businesses, and analyzing regulatory issues for a start-up telemedicine company. 

Elaine’s earlier work experience includes: in-house counsel with Baxter Healthcare Corporation. attorney with the law firm of Gardner, Carton & Douglas (now Faegre Drinker) and a management information systems consultant with Andersen Consulting (now Accenture).  At Baxter she established their HIPAA compliance program and served on the global privacy team.

Elaine is an adjunct professorship at the Biotechnology Management and Entrepreneurship Program at Yeshiva University for the Katz School of Science and Health in midtown Manhattan.  She also served as an adjunct professor in Chicago at the Beazley Institute for Health Law at Loyola Law School and the Center for Information Technology and Privacy at the John Marshall Law School from 2004 to 2016.   Elaine is the former Chair of the ABA Health Law Section’s e-health, privacy and security interest group.

Elaine received her law degree from Notre Dame Law School and her undergraduate from Columbia University’s School of Engineering & Applied Science.  She is admitted to practice law in New York and Illinois.  She lives in the New York City metropolitan area.


Kelly Harris is Vice President, Corporate Counsel, Privacy & Cybersecurity at Prudential Insurance Company of America, based in Newark, NJ.   In her role, Kelly provides specialized legal advice and counsel regarding information security and privacy laws/regulations, data usage and governance, and legal issues related to information protection, cybersecurity, and emerging technologies to all of Prudential’s complex and federated businesses and groups.  Before joining Prudential 2.5 years ago, Kelly spent 7 years helping to build the Privacy and Information Security programs at Wyndham Worldwide.  She started her legal career as an associate with Kirkpatrick & Lockhart (now K&L Gates) and then Gibbons, PC before going in-house to Japanese pharmaceutical companies Daiichi Sankyo and Otsuka.


Ken Mortensen, Esq., is the InterSystems’ Data Protection Officer promoting and leading Global Trust and Privacy for the company. He is based in their Cambridge headquarters and has global responsibility across the company to enhance information privacy, governance, and cyber risk processes not only in the development and deployment of InterSystems technology, but also in the management of operations and services. Ken focuses on enhancing global trust and privacy throughout InterSystems demonstrating to customers, clients, and stakeholders our commitment to investing and growing the capabilities of InterSystems in order to stay in front of emerging risks for privacy and cybersecurity.

Prior to joining InterSystems, Ken was a Senior Managing Director over at PwC specializing in data protection, privacy, and cybersecurity and led the expansion of PwC’s healthcare privacy offerings. Before that, Ken was the Vice President, Assistant General Counsel & Chief Privacy Officer at CVS Health, where he created the Information Governance Department and was responsible for overseeing enterprise information governance to deliver privacy compliance as well as leading the information security risk management organization to address cyber risks. While at CVS, he oversaw compliance with CVS’s FTC Consent Decree, OCR Corrective Action plan, and PCI program, including securing the first-ever closure letter from OCR. He was also the first Chief Privacy Officer for Boston Scientific responsible for implementing a global privacy and security program and introducing a governance emphasis for risk.

Prior to that, Ken served in the Administration of President George W. Bush as the Associate Deputy Attorney General for the U.S. Department of Justice, where he was the primary counsel and policy advisor to the Attorney General and Deputy Attorney General on privacy and civil liberties matters. While at Justice, he led the U.S. delegation to negotiate privacy and cybersecurity terms with the European Union as well as oversaw the privacy and civil liberties processes for numerous national security and foreign intelligence programs, including work with the National Security Council related to FISA and EO 12333. Prior to going to Justice, Ken served at the U.S. Dep’t of Homeland Security as part of the team that stood up the Privacy Office at the beginning of the agency eventually as Deputy Chief Privacy Officer.

Before his government service, Ken was a partner in his own law firm as one of the early practitioners of privacy and security law, during which he served as Special Counsel to the Pennsylvania Attorney General. He taught computer law and information policy at Villanova Law School and was an electrical engineer at Burroughs in Large System Design focusing on information assurance and system test.

Ken is a former member of the board of directors for the International Association of Privacy Professionals (IAPP), including serving as Secretary for one year. He currently serves on the IAPP Research Advisory Board and the board of Shared Assessments, an organization focused on addressing third party information risks. Previously, Ken served on the board of the Health Information Trust Alliance (HITRUST) and participated in the development of the privacy control category of the HITRUST CSF.

Ken currently teaches privacy law at Boston University Law School and cybersecurity law at the University of Maine School of Law. Ken is co-author with Andy Serwin of the West Publishing book, Healthcare Security and Privacy Law, and has authored chapters and sections for other privacy, cybersecurity, and governance risk books and publications.  He is an internationally recognized expert on these topics and speaks globally on privacy, cybersecurity, and the governance of information.

Ken is admitted to the bars of Pennsylvania and New Jersey as well as the Supreme Court of the United States. He received his Juris Doctorate from Villanova University School of Law, his MBA from the Villanova University College of Finance, and his Bachelor’s of Science in Engineering degree in Electrical and Computer Engineering from Drexel University. He has a Certificate in Foreign Intelligence Law from the Judge Advocate General's School of Law. He has CIPP/US, CIPP/G, and CIPM certifications from IAPP.


Peter McLaughlin is a partner in the Boston office of Culhane Meadows and a member of the firm’s Privacy & Data Security practice. He has nearly 20 years of experience advising U.S. and international clients on their handling of corporate and personal information and complying with cybersecurity, privacy, and data protection standards.

After having been Assistant GC (Privacy & Security) and global privacy officer for Cardinal Health as far back as 2005, with a total 7 years of in-house experience, McLaughlin appreciates the importance of practical guidance to clients. McLaughlin advises clients with respect to a broad range of technology transactions, privacy and security issues. These predominantly touch: 1) the domestic and global handling of personal data, including the CCPA, EU GDPR preparedness, and Privacy Shield compliance; 2) information security programs (across industries), Internet of Things, US and multinational security reviews, and post-incident responses with management of forensic teams; and 3) innovative uses of information and technology, such as digital health and life sciences, advertising and consumer marketing, Internet of Things, autonomous vehicles, facial recognition, and analytics.

Mr. McLaughlin is a regular contributor to blogs, magazines, and journals, and he has presented at events by: PLI; Privacy Xchange Forum; RSA Conference; mHIMSS; IAPP; HIPAA Summit; World IP Forum; and others.

McLaughlin received his J.D. from Georgetown Law in 1993 and his B.A. from Columbia in 1986.

 


 


Kristen Ahearn Merigliano is Associate General Counsel, Director, Compliance and Privacy Officer at Memorial Sloan Kettering Cancer Center (MSK).  She works closely with MSK’s Information Security and Information Systems partners on key institutional projects involving patient information.  In collaboration with Office of General Counsel, Health Information Management, and the clinical and administrative teams, Kristen advises staff on operational practices to ensure compliance with Federal and state privacy regulations.  The Privacy Office also assists patients and their families with questions or concerns regarding privacy and confidentiality.  Kristen’s work experience includes more than 25 years at MSK in various roles in the outpatient areas and hospital administration.  She graduated from the University of Scranton with a BS in Health Administration, minor in Business. She received her Juris Doctor from New York Law School.  Kristen is admitted to the New York State bar.


Meredith K. Grauer is responsible for the strategy, development and execution of Nielsen’s Global Privacy Program, including advice, compliance oversight, support for commercial transactions, and reporting to the Board and senior leadership. She has in-depth experience counseling businesses on privacy, data security and IT matters, and guiding the implementation of new technologies and data-related initiatives.

Meredith has advised on all aspects of data protection legal and regulatory compliance (including advice related to US and global laws, such as GLBA, GDPR, CCPA, PIPEDA, as well as industry self-regulatory standards, such as DAA, NAI). She has responded to regulatory inquiries and examinations, developed privacy-related policies and procedures, advised on data breaches and security incidents, and created and implemented privacy/data protection risk assessments.


Virginia “Ginny” Lee is the Americas Privacy Officer for Cisco. Previously, she was Head of Global Data Privacy and Director, Senior Corporate Counsel at ServiceNow and before that, Director – Global Privacy at Starbucks at both companies, she was responsible for the establishment of global privacy programs. She was also Sr. Attorney – Privacy/Security at Intel Corporation, responsible for providing legal guidance on privacy and security matters, especially as they relate to “Privacy By Design”. Prior to Intel, Ginny was the Director of Platform and Product Privacy at Yahoo! where she was responsible for the policy direction of Yahoo!’s varied products and platforms. Ginny has worked on policy, regulatory and compliance issues for the Network Advertising Initiative, a self-regulatory association for the third-party advertising industry. In addition to her legal experience, Ginny has held positions in engineering, product management and technical support. She holds a BA in Applied Mathematics from the University of Maine, a MBA from the University of New Hampshire, and a JD from the University of Maine School of Law. Ginny is also a Fellow of Information Privacy (FIP), Certified Information Privacy Professional (CIPP/US, /G, IT) and Manager (CIPM) and is admitted to practice in Maine, Washington and Oregon, as well as being a registered patent attorney. She is currently an adjunct professor at the University of Maine School of Law.