Skip to main content

Global Data Protection Boot Camp 2021

Speaker(s): Amy Purcell, Brian L. Hengesbaugh, David Herman, Farah Y. Zaman, Flávia Rebello, Frances Phillips Taft, Harry A. Valetk, Jo Ann Davaris, John Bennett, Jordan Crenshaw, Michael Phillips, Michelle Perez, Miriam Wimmer, Stacey D. Schesser, Timothy D. Smith
Recorded on: Oct. 6, 2021
PLI Program #: 303218

Amy Purcell is Chief Privacy Officer and Senior Counsel of The Vanguard Group, Inc.  Amy is responsible for leading Vanguard’s enterprise-wide Global Privacy and Records Management Program. Amy manages a team of attorneys responsible for ensuring compliance with domestic and international privacy regulations, as well as privacy and records management professionals responsible for the operation and implementation of the Program.

Prior to joining Vanguard, Amy practiced privacy and data security law for over 10 years at a Philadelphia law firm. 

Amy earned a B.S. in Political Science from Susquehanna University and her J.D. from Cornell Law School.

Amy resides in Wayne, PA with her husband and three sons (including 7-year old twins).  In her free time, Amy enjoys spending time with her family outdoors (especially on a beach).

Brian Hengesbaugh is Chair of the Firm's Global Data Privacy and Security Business Unit, a Member of the Firm's Global IP Tech Steering Committee. Brian is listed in The Legal 500 Hall of Fame and was recognized as a Regulatory & Compliance Trailblazer by the National Law Journal. He is also listed as a Leading Lawyer for Cyber law (including data protection and privacy) in The Legal 500 and is listed in Chambers. Formerly Special Counsel to the General Counsel of the US Department of Commerce, Brian played a key role in the development and implementation of the US Government’s domestic and international policy in the area of privacy and electronic commerce. In particular, he served on the core team that negotiated the US-EU Safe Harbor Privacy Arrangement (Safe Harbor), and earned a Medal Award from the US Department of Commerce for this service. In addition, Brian participated on behalf of the United States in the development of a draft Council of Europe Treaty on Cyber Crime, and in the negotiation of a draft Hague Convention on Jurisdiction and the Recognition of Foreign Judgments. Brian has been quoted in the Wall Street Journal, New York Times, Forbes, CNET, Slate Magazine, Compliance Weekly, BNA Bloomberg, PCWorld and other news publications on global privacy and security issues.

Practice Focus

Brian provides advice on global data privacy, data protection, cybersecurity, digital media, direct marketing information management, and other legal and regulatory issues. He focuses on these issues in the context of: (i) advisory matters, such as new privacy and security laws and regulations, as well as technology transformations related to IoT, blockchain, mobile, cloud, data monetization, and other initiatives; (ii) transactional matters, such as mergers & acquisitions, sourcing, distributor, business partner, and other third party arrangements; and (iii) crisis matters, such as data security events, regulatory and governmental inquiries related to privacy and security issues, internal investigations, and litigation-related matters.

Brian's practice covers privacy and information management, with emphasis on regulatory and transactional issues, including data security and information technology, privacy and data protection, sourcing, digital and electronic signatures, email and telemarketing, social media, cyber crime, and jurisdiction and the enforcement of foreign judgments.

Professional Honors

  • Legal 500 Hall of Fame 
  • Leading Lawyer in Technology: Cyber law (including data protection and privacy), Legal 500 USA, 2009-2017
  • Regulatory & Compliance Trailblazer, National Law Journal, 2015
  • Recognized in Privacy and Data Security Law, Best Lawyers in America, 2016-2017

Professional Associations and Memberships

  • American Bar Association - International Law Section
  • International Association of Privacy Professionals (IAPP) - Former Advisory Board Member


Illinois~United States (2004)

Indiana~United States (1995)


University of Minnesota Law School (J.D. cum laude) (1995)

Central European University (Budapest) (Certificate) (1993)

Washington University (A.B. Economics) (1991)




Farah Zaman is General Counsel of the NAI, non-profit organization that is the leading self-regulatory association dedicated to responsible data collection and its use for digital advertising. 

Zaman formerly served as the Chief Privacy Officer at Meredith Corporation, responsible for leading Meredith’s privacy and first-party data strategy and establishing its first privacy office to address compliance, education and product development. Previously, Zaman served as Senior Global Data Privacy Counsel for Colgate Palmolive, where she led the global data privacy program addressing employee privacy and supporting business including the development of IoT devices and direct to consumer initiatives. Zaman had previously served as Senior Counsel of Privacy for Nielsen’s global privacy program. Zaman began her career in New York City government, serving as a post-graduate legal fellow in the Mayor's Office for International Affairs and subsequently as an Agency Attorney in the Office of Data Privacy for the Department of Social Services.

Zaman's passion for data privacy extends to her volunteerism. She serves on the advisory boards of the International Association of Privacy Professionals’ Women Leading Privacy and Diversity in Privacy Boards, the Future of Privacy Forum, and start-up Safe Porter. She is also on the advisory board for The Resolution Project, an organization that aims to develop socially responsible young leaders and serves as a member of CHIEF, a private network focused on connecting and supporting women executive leaders.

Zaman serves as a member of the Carnegie Mellon Board of Advisers for the Dietrich College of Humanities and Social Sciences and is an adjunct faculty member of Albany Law School.

She earned a B.S. in decision science and international relations from Carnegie Mellon University and received a J.D. from Brooklyn Law School.

Flavia Rebello is a partner in our Intellectual Property, Technology and Data Protection Team. Her practice includes data protection, licensing, sourcing and transactions, franchising and e-commerce and Internet.

Practice Focus

Expert in drafting, negotiating and reviewing agreements involving intellectual property, including supply of technology, trademark license, patent license, franchise, copyright license, software license and distribution, SaaS outsourcing. Expertise in data protection and privacy issues, including implementation projects, review of policies, and data breaches. Legal advice in various aspects of e-commerce, Internet and social media.

Representative Legal Matters

Legal representation of clients engaged in different industries, including TMT, banking and finance and consumer goods. She is ranked and recommended in Chambers, Legal 500, Latin Lawyer 250, Leader League, Análise Advocacia, LACCA Approved, Who's Who Legal, WTR-1000, IP Stars.

Professional Associations and Memberships

- Brazilian Bar Association
- Co-head of the Technology Transfer, Licensing and Franchising Commission of ABPI (Brazilian Intellectual Property Association)
- Co-head of the Intellectual Property Committee of ABDTIC (Brazilian Association for Information Technology and Communications Law).


OAB SP - Nº 184096


Graduated in 2000 from Universidade de São Paulo Law School.
Master of Laws (LL.M) at the University of Chicago Law School.
Master of Laws (LL.M.) in Economic and Financial Law at Universidade de São Paulo Law School, in 2006, on taxation of intellectual property.
Foreign Associate at Dallas Office of Baker McKenzie in 2005.

Frances Philips Taft is a dual-qualified attorney (US/UK) with over fifteen years of international data privacy and employment law matters as in-house counsel and in private practice. She has an established track record of in-house experience, leading teams, and driving a business-focused culture. 

Fran currently is the Chief Privacy Officer for 3M, a diversified technology company with 96,000 + employees and operations in over seventy (70) countries.  3M has a global presence in the following businesses: Safety and Industrial; Transportation and Electronics; Health Care; and Consumer. 

As 3M Chief Privacy Officer, Fran oversees 3M’s privacy program, compliance, and strategy and directs all aspects of 3M’s privacy policies worldwide.  Her primary focus at 3M is establishing a global privacy governance program and process related to privacy, data protection, and cybersecurity, including providing guidance and advice on new products and expansion to new markets.  Fran partners with 3M  internal stakeholders to provide legal, regulatory, compliance, and commercial advice on global privacy, data protection, and security requirements (including U.S. state and federal consumer protection and privacy laws, CCPA, CPRA, GDPR, Chinese Cybersecurity Law, PDPA, CPPA, PIPEDA, LGPD, and POPIA, among others) across all business operations, including IT, Engineering, Human Resources, Cybersecurity, and Marketing functions, business transactions, and security incident response. 

Before joining 3M,  Fran was the former Executive Counsel and Global Labor and Employment Counsel and Global Data Privacy Counsel for GE Oil & Gas based in Florence, Italy, and Baker Hughes, a GE company (BHGE), an international industrial service company operations in 120+ countries and over 61,000 employees. At BHGE and GE Oil & Gas, she was responsible for global data privacy compliance and labor and employment matters, data privacy compliance, anticipating new social legislation/critical risks for the business, and supporting M&A transactions.

Fran is a frequent speaker on global labor and employment, ethics and compliance, and data privacy matters. She has written several articles on data privacy, human rights, labor and employment, and international pension and employee benefits issues and has contributed to several textbooks and publications.


Harry A. Valetk is a Partner in Baker McKenzie’s Global Privacy and Security Practice Group based in New York, where he advises global organizations on privacy and data security compliance requirements. He regularly supports companies in the insurance and financial services sector, pharmaceutical/ healthcare, hospitality, cloud technology, and manufacturing industries.  His practice is focused on delivering commercially practical advice on designing security, privacy, and technologically compliant solutions. Harry's practice routinely covers issues that range from supporting M&A transactions that result in cross-border data transfers, to digital marketing, regulatory enforcement defense, and cyber security and data breach incident response. He also helps clients perform privacy risk assessments for highly-regulated entities on numerous data protection topics, including the California Consumer Privacy Act (CCPA), GDPR,HIPAA, GLBA, the Children’s Online Privacy Protection Act (COPPA).  Before joining the Firm in 2014, Harry was Director of MetLife’s Global Privacy Office.  Before MetLife, Harry led the video game publishing industry’s privacy compliance efforts as the Director of Privacy Online for the Entertainment Software Rating Board and its COPPA Safe Harbor Seal Program. Finally, Harry served as a trial attorney for the U.S. Department of Justice, Civil Division.

Jo Davaris joined Booking Holdings, a world leader in online travel and related services, as its first head of Global Privacy in late 2019.  She is responsible for building and aligning a consistent privacy program across their brands (, Kayak, Priceline, OpenTable, agoda and

Prior to joining Booking Holdings,  Jo was the first Global Chief Privacy Officer for Mercer, a world leading consulting firm, where she was responsible for developing and overseeing a global privacy program for that provided appropriate controls and risk mitigation around the use of data across the diverse lines of business, while enabling growth, innovation and opportunity. 
Prior to joining Mercer, Jo was the Global Head of Privacy Policy and Program Development and Privacy Leader for the Institutional & Network businesses at American Express.  During her 15+ year tenure there, she held a variety of roles spanning a spectrum of pure legal (negotiating contracts with merchants and vendors) and compliance (policy creation and engagement with external sales organizations and banks) to business development (managing oil business relationships and EMV Chip marketing, communications and technical specification membership teams).  Her career path eventually led her to focus on developing policies that enabled innovation around data analytics products while maintaining customer trust which developed into a specialization in global data protection, privacy policies and privacy program management.
Prior to American Express, Jo was an attorney for the Administration for Children’s Services in NYC, where she prosecuted parents that abused and neglected their children.
Jo is currently serving on the Advisory Board of the Women, Influence and Power in Law ALM Event.  She is also on the Advisory Board of Classifi, an integrated eDiscovery, Information Governance & Infonomics company.  She recently served on the Board of Directors of Rising Ground, a NYC social services non-profit organization.  She is also a frequent speaker at conferences and panels around Data Protection, Privacy Program Management, Information Governance, Regulatory Change Management and Women’s Leadership Development.

She received both her JD and her BA from Fordham University.

John (Jack) Bennett is a managing director in the Cyber Risk practice of Kroll, based in the San Francisco office. He leverages over 25 years of experience, which includes leading the third and sixth largest FBI field divisions where he focused on providing investigative and intelligence support to various FBI teams and governments globally. Jack’s significant responsibilities include coordinating with large enforcement agencies, providing investigative assistance and developing policies and programs for federal and global government agencies. Having led a variety of complex investigations throughout his distinguished career, Jack’s expertise includes matters related to global security, trust and safety, privacy, risk management, cyber incident response and insider threats.

Prior to joining Kroll, Jack was the Assistant Director in Charge leading the FBI Los Angeles Field Division, the third largest FBI field division, with a staff of 1500 and 120 management personnel. In this role, he coordinated a 40 agency intelligence coalition and facilitated one of the largest law enforcement partnerships with the Los Angeles Police Department and the Los Angeles County Sheriff offices. Additionally, he provided investigative and intelligence support to all South East Asia and Oceania Region Legal Attaché offices. 

Before joining the FBI Los Angeles Field Division, Jack was the Special Agent in Charge leading the FBI San Francisco Field Division, the sixth largest FBI field division, with a staff of 800. He was also the Chairman of the Special Agents in Charge (SAC) Advisory Board, reporting to the FBI Director. His key responsibilities involved creating multi-year strategic direction for the division, including threat mitigation and budget forecast and execution. Further, he also designed the UK’s embedded Foreign Intelligence Service Personnel program along with the development and deployment of the FBI’s crisis management protocols and capabilities for northern California. While leading the LAFD, Jack also worked with FBI headquarters to develop policies for the FBI’s Insider Threat and Damage Assessment programs. In this role, he additionally oversaw San Francisco’s branches of cyber, intelligence analysis, counterintelligence, violent crime, white collar crime, counter terrorism, air wing and digital forensic lab.

In his previous roles, Jack has worked as a Domestic Director of National Intelligence in the Pacific region, where he led the integration and coordination of federal, state, local and tribal intelligence strategy in the region. He also engaged top private sector tech companies to ensure their views were in the comprehensive threat analysis of the region. Additionally, he chaired the coordination of all U.S. government agencies intelligence capabilities within the region. 

In one of his previous roles as an Assistant Special Agent in Charge of the Cyber Branch in the San Francisco Division, Jack embedded with EUROPOL’s European Cyber Crime Center (EC3) to manage FBI cyber operations. He was appointed to the Director’s Next Generation Cyber initiative to overhaul the FBI’s cyber capabilities. He also led national security surveillance programs, air wing/flight operations, SWAT tactical command, civil rights program, human trafficking program coordination and crimes against children program. He oversaw operations of special events, including the America’s Cup and the San Francisco Giants World Series. He also expanded FBI customer and victim relations with top Silicon Valley tech companies such as Google, Apple, Facebook and Twitter.

Earlier as a Supervisory Special Agent for the National Center for Missing and Exploited Children (NCMEC), Jack embedded with INTERPOL in Lyon, France to represent FBI’s interests for global operations. He was involved in the FBI liaison with Congress to draft child protection legislation, resulting in passing the Adam Walsh Act. He also developed sharing protocols and law enforcement databases between the NCMEC/U.S. Government and the Interpol and Europol. He has trained international law enforcement on child abduction and exploitation matters.

Jack has been engaged in several notable assignments, which include developing and advancing all digital forensic policies and procedures for the FBI. In one of his previous roles, he was also in charge of all digital forensic laboratories and programs: cryptology, malicious software, video, audio and image analysis, computer science, computer analysis and response teams, certifications, accreditations and forensic training. He has also partnered with Australian and UK governments to provide forensic teams with advanced forensic services to assist with counter-terrorism operations, and oversaw the FBI covert operations in Phnom Phen, Cambodia targeting the child sex tourism industry. In addition, Jack was responsible for leading the landmark intellectual property rights criminal investigation between Oracle and SAP. 

Jack received a B.A. in criminal justice and sociology from Eckerd College. He has completed his trainings in the Federal Bureau of Investigation Academy, Drug Enforcement Administration Academy and Georgia Bureau of Investigation Academy. He holds a Carnegie Mellon Executive Chief Information Security Officer Certification.

Jordan Crenshaw serves as Vice President and leads the day-to-day operations at the U.S. Chamber of Commerce’s Technology Engagement Center. Crenshaw also directs the Chamber’s privacy working group which is comprised of nearly 300 companies and trade associations, which developed model privacy legislation and principles.

Before joining the Chamber, Crenshaw served as an attorney with another trade association focusing on environmental issues and analysis of consumer privacy laws. Previously, Crenshaw managed discovery issues in the defense of a financial institution against TCPA claims at McGuireWoods, LLP. During law school, Crenshaw interned for Virginia Senate Majority Leader Thomas Norment, the Office of the Attorney General of Virginia, the U.S. Department of Labor Office of Administrative Law Judges, and the National Right to Work Defense Foundation.

Crenshaw earned both his undergraduate degree and Juris Doctor from the College of William and Mary.

Michelle Perez is a seasoned privacy professional, and has advised businesses on the development, implementation and management of data privacy programs.  She is the Chief Privacy Officer, Associate General Counsel, at Dow Jones & Company, Inc., a global provider of news and business information, where she oversees privacy compliance for its businesses while enabling growth and innovation.  Prior to joining Dow Jones, Michelle was the Head of Privacy at Samsung Electronics America, Inc. (“SEA”), and was responsible for driving, developing and maturing SEA’s privacy program.  Before Samsung, Michelle guided privacy and data protection efforts at the Interpublic Group of Companies, (“IPG”), a global network of marketing and advertising communications agencies, and at Philips Electronics North America Corporation.  Michelle is a Certified Information Privacy Professional and a Certified Information Privacy Manager.

Michelle is a former Assistant U.S. Attorney for the Eastern District of New York.  She received her J.D. from Fordham Law School and her undergraduate degree from Georgetown University.

Miriam Wimmer is currently a member of the Board of Directors of the Brazilian National Data Protection Authority (Autoridade Nacional de Proteção de Dados – ANPD).

She holds a PhD degree in Communications and Cultural Policy from the Faculty of Communication of the University of Brasilia, and a Master degree in Public Law from the State University of Rio de Janeiro. She took part in the one-year International Division Program of Waseda University, in Tokyo, with academic distinction.

She is a professional civil servant since 2007 and a Certified Information Privacy Professional/Europe (CIPP/E), with experience in senior positions in different public organizations, such as the national telecommunications regulator, Anatel (2007-2011), the Ministry of Communications (2011-2016) and the Ministry of Science, Technology, Innovation and Communication (2016-2020). In her previous roles, she coordinated the drafting of the Brazilian Strategy for Digital Transformation and on the National Artificial Intelligence Strategy.

She is also a Professor of Law at IDP-Brasília and a lecturer on personal data protection and regulation of new technologies at several higher education institutions.

Tim Smith is Unum’s Chief Privacy Officer.  He also leads Unum’s Law Technology and Records Management organization.  Unum is a global Fortune 250 financial services company.  Unum offers a full array of benefits solutions, including leave/absence management, disability, long term care, life, accident, critical illness, dental and vision benefits through the workplace — benefits that help to protect our insured’s families, finances, and futures.  Unum insures approximately 39 million people worldwide and pays billions of dollars a year in benefits to insureds and their families.

In his 20+ years at Unum, Tim has held various legal and business leadership roles.  For the past 8 years he has been Unum’s Chief Privacy Officer.  Prior to leading the Privacy Office, he served as a VP of Regulatory & Government Affairs at Unum. 

Tim earned a bachelor’s degree from the University of Pennsylvania and a law degree from the University of Maine.  In addition to a JD, he holds the professional designations of Certified Information Privacy Professional (CIPP/US), Associate Life and Health Claims (ALHC), Health Insurance Associate (HIA) and Managed Health Professional (MHP).

Tim’s opinions and expertise on cutting edge privacy issues has been sought broadly, including at events and venues such as MIT’s Center for Information Systems Research, the International Association of Privacy Professionals (IAPP) Global Annual conference as well as the IAPP’s international “Privacy. Security. Risk.” Conference, the University of Maine School of Law Summer Privacy Institute, and the Defense Research Institute’s (DRI) Data Breach and Privacy Law seminar.  He has also served on the Maine Cybersecurity Cluster Board of Directors and as Chair of the Maine Guaranty Association Board of Directors.

Stacey Schesser is the Supervising Deputy Attorney General for the Privacy Unit in the Consumer Protection Section of the Office of the California Attorney General.  Her recent matters include People v. Glow, People v. Equifax, and leading the team that drafted regulations for the California Consumer Privacy Act (CCPA). She began her career at the Attorney General’s Office in 2007 in its Criminal Division and has worked in the Privacy Unit since its inception in 2012.  Stacey was recently recognized as one of the Recorder’s “Women Leader in Tech Law” and was the only public sector recipient of this award.  Stacey received her J.D. at UC Berkeley’s School of Law, where she wrote on privacy law issues for the California Law Review, and received her B.A. at Douglass College, Rutgers University.

David Herman is an experienced Cyber Security, Data Protection and Privacy leader with expertise in incident management, internal investigations, law enforcement, litigation, vendor risk management, employee monitoring, and financial regulation. He recently assumed the role of Senior Cybersecurity Counsel/Privacy Officer and Senior Vice President at Chubb.  For the previous seven years, he was Senior Data Protection and Privacy Counsel at Bloomberg LP serving as the company’s global legal lead for incident response. Prior to that, Dave worked at the US Securities and Exchange Commission, for 15 years where he investigated and brought cases in a wide range of subject matters primarily focused on cyber security and technology related issues. He was an original member of the Office of Internet Enforcement, the US government's first office tasked with policing online securities fraud and led the Division of Enforcement’s efforts to combat online security breaches at U.S. brokerage firms.

Michael Phillips is the Chief Claims Officer of the cyber insurtech Resilience. Michael offers experienced legal counsel at the intersection of data protection, insurance, and cybersecurity. Michael serves as Co-Chair of the Ransomware Task Force convened by the Institute for Security & Technology. Selected to Insurance Business America's Hot 100 List 2020, Michael's tech and legal thought leadership has been published by The New Yorker, BuzzFeed, and Bloomberg.