Skip to main content

Sixteenth Annual Institute on Privacy and Data Security Law


Speaker(s): Aaron Burstein, Aaron P. Simpson, Adam Kardash, Alan Charles Raul, Alfred J. Saikali, Carolina Lessa, David Glockner, H. Leigh Feldman, Harry A. Valetk, Jay Leek, JoAnn Stonier, Julia Horwitz, Keith Enright, Lisa J. Sotto, Margaret A. Keane, Matthew F. Fitzsimmons, Matthew H. Meade, Miriam H. Wugmeister, Monique Altheim, Noga Rosenthal, Ron Bushar, Sarvesh Mahajan, Scott D. Schafer, Travis LeBlanc, Victoria King, Vincent Liu, Zoe Strickland
Recorded on: Jun. 8, 2015
PLI Program #: 57194

Aaron Simpson is a partner with Hunton Andrews Kurth and head of the firm’s EU data protection and privacy practice.  He advises clients on a broad range of complex privacy, data protection and cybersecurity matters, including international and U.S. federal and state privacy and data security requirements.  Aaron’s work ranges from advising clients on large-scale cybersecurity incidents to the development of cross-border data transfer solutions, compliance with existing and emerging data protection requirements in Europe, and negotiating data-driven commercial agreements.  He has advised numerous clients on the EU General Data Protection Regulation (GDPR).  He also prepares proactive, data breach-readiness solutions for clients, including through the creation of incident response plans and conducting board-level tabletop exercises.

Aaron is well known as a top privacy professional and has been recognized by Chambers and Partners, Computerworld and The Legal 500 for his work on behalf of clients.  Aaron is the only lawyer listed in both The Legal 500 United Kingdom and The Legal 500 United States guides, providing clients with a broad and unique transatlantic perspective on privacy, data protection and cybersecurity matters.

In addition, Aaron is a sought-after media resource on privacy issues and has been quoted in such publications as Bloomberg BNA, Businessweek Magazine, Computer Weekly, Corporate Secretary, DataGuidance, Law360, SC Magazine, The Times and TIME Magazine.  He regularly speaks before industry groups, legal organizations, government agencies and educational institutions at conferences, seminars, roundtables and webinars.  He has written and co-written numerous articles, book chapters and handbooks on privacy and information security issues.

Aaron received his JD from the University of Virginia School of Law and his BA from the University of Texas, High Honors.  He is admitted to practice in New York, and is a Registered Foreign Lawyer of England and Wales.


ALAN RAUL is the founder and leader of Sidley's highly ranked Privacy and Cybersecurity practice. He represents companies on federal, state and international privacy and cybersecurity issues, including digital governance, global data protection and compliance programs, data breaches, consumer protection issues and Internet law. Alan advises companies regarding their cybersecurity preparedness and helps them manage data security incidents. His practice involves litigation and counseling regarding consumer class actions and investigations, enforcement actions and policy development by the FTC, State Attorneys General, SEC, Department of Justice, financial regulators, EU Data Protection Authorities, and other government agencies.

He regularly represents leading tech, telecom, media, financial services and other companies with respect to their digital governance, compliance and crisis management. Alan has recently represented a special cybersecurity review committee of the Board of Directors of a major tech company in connection with its independent investigation of the company's handling of significant data breaches.

Alan provides clients with perspective gained from extensive government service. He previously served as Vice Chairman of the White House Privacy and Civil Liberties Oversight Board, General Counsel of the Office of Management and Budget, General Counsel of the U.S. Department of Agriculture, and Associate Counsel to the President.

Alan serves as a member of the Technology Litigation Advisory Committee of the U.S. Chamber Litigation Center (affiliated with the U.S. Chamber of Commerce). He also serves as a member of the American Bar Association's Cybersecurity Legal Task Force by appointment of the ABA President, and as a member of the Practicing Law lnstitute's (PLI) Privacy Law Advisors Group.

Alan is a member of the governing Board of Directors of the Future of Privacy Forum. He is a member of the Center for Democracy and Technology's Advisory Committee. Alan also serves on the Executive Committee of the Federalist Society's Administrative Law Practice Group. Alan is a frequent author and speaker on privacy, cybersecurity and related issues. He is overall editor arid a contributing author of The Privacy, Data Protection and Cybersecurity Law Review (Law Business Research Ltd, 5th ed. 2018).

Alan holds degrees from Harvard College (AB magna cum /aude),  Harvard Kennedy School of Government (MPA), and Yale Law School (JD).  He clerked for Judge Malcolm R. Wilkey of the U.S. Court of Appeals for the D.C. Circuit.


Carolina Lessa acts as the government affairs liaison for the Latin American region. She works closely with local business units to identify potential business opportunities and legislative and regulatory threats. Carolina manages key relationships with external firms and government bodies. She actively participates in industry coalitions and trade associations to promote public policy objectives in the region.

Prior to joining RELX Group, she headed the Washington, DC office of the largest Brazilian public affairs consulting firm, PATRI, and previously worked for the Brazilian Sugarcane Industry Association (UNICA) advocating for the removal of the ethanol import tariff. Carolina also worked at the American Chamber of Commerce (Amcham), where she led several key issues of the Brazil-US agenda, such as the renewal of a U.S. tariff exemption program, the Generalized System of Preferences. She also worked at the U.S. Consulate in São Paulo, at the Department of Agriculture (USDA) and interned at BioAlliance International, a global NGO dedicated to humanitarian aid for refugees in Africa.

Carolina has a B.A. in International Relations from Fundação Armando Alvares Penteado (FAAP - Brazil), a specialization in Communications from Pontifícia Universidade Católica (PUC - Brazil) and a M.A. in International Trade and Investment Policy from the George Washington University.


Harry A. Valetk is Of Counsel in the International Commercial Practice Group in the New York office, advising global organizations on privacy and data security compliance requirements. He regularly supports companies in the insurance and financial services sector, retail, pharmaceutical/ healthcare, transportation/ logistics, hospitality, defense, social media, cloud technology, and manufacturing industries. His practice is focused on delivering commercially practical advice on designing security, privacy, and technologically compliant solutions. Harry's practice routinely covers issues that range from supporting M&A transactions that result in cross-border data transfers, to digital marketing, regulatory enforcement defense, and cyber security and data breach incident response. He also helps clients perform privacy risk assessments for EU-US Privacy Shield certifications, and works with highly-regulated entities on numerous data protection topics, including HIPAA, GLBA, FERPA, the Children’s Online Privacy Protection Act (COPPA).

Harry puts on an insider’s perspective when advising his clients having worked in-house as Director of MetLife’s Global Privacy Office in New York for almost seven years. In that role, he supported business lines in more than 60 countries to protect the personal data of over 90 million MetLife customers. Additionally, he led numerous strategic efforts to build out a global Privacy Risk Framework, achieve global compliance with applicable data privacy laws, deploy cross-border data transfer solutions, implement global training and awareness initiatives, and manage data and cyber security incidents. Before MetLife, Harry led the video game publishing industry’s privacy compliance efforts as the Director of Privacy Online for the Entertainment Software Rating Board and its COPPA Safe Harbor Seal Program. Finally, Harry served as a trial attorney for the U.S. Department of Justice, Civil Division.


JoAnn C. Stonier is EVP/Chief Data Officer for Mastercard.  In this role, she is responsible for enterprise-wide data strategy and management to ensure the organization maximizes the value of its information assets. Ms. Stonier and her team of global professionals identify the opportunities associated with Mastercard’s information assets and assist in the development of the tools, processes, policies and standards necessary to enable their use.

Previously, Ms. Stonier was EVP Chief Information Governance & Privacy Officer for the organization.  In that role she was responsible for worldwide privacy and information governance, leading those teams as well as leading regulatory engagement in this area.  Prior to joining Mastercard in 2008, Ms. Stonier was the Chief Privacy Officer for American Express Company.  She also held various roles of increasing responsibility at American Express, including Chief Operating Officer, American Express Tax & Business Services; Vice President, Acquisition Integration; and Vice President & Assistant to the Chairman.  Ms. Stonier has worked at Waldenbooks, Inc., PepsiCo and started her career as an auditor for PriceWaterhouse Coopers. 

In addition to her work at Mastercard, Ms. Stonier is an adjunct professor at Pratt Institute where she teaches business strategy and international business, in the Design Management Master’s program.

Ms. Stonier received her Juris Doctorate from St. John’s University in Queens, and her Bachelor of Science degree from St. Francis College.  She holds memberships in the Bar of the State of New York and the Bar of the State of New Jersey.  Ms. Stonier has been recognized as a leader in data and privacy by a number of organizations including the Aspen Institute, the United Nations, and the Information Governance Initiative and has served on the board of the International Association of Privacy Professionals, the Center for Information Policy Leadership and the Information Accountability Foundation. She is a well-regarded speaker at industry events and often addresses the need for balancing data innovation and privacy.  JoAnn is based in Purchase, NY.


Monique Altheim is global data privacy consultant for IBM Security Services.  Ms. Altheim assists multinational companies in solving their data privacy challenges. 

Prior to joining IBM, Ms. Altheim had more than 13 years experience as an attorney, both in Belgium and in the U.S. She has advised clients on an array of international legal issues such as international maritime law, cross-border e-discovery and global privacy and security.

Ms. Altheim is also a member of the International Association of Privacy Professionals’ (IAPP) teaching faculty, where she trains candidates for the Certified Information Privacy Professional certificates (CIPP). Ms. Altheim is herself a CIPP/US and CIPP/EU.

Ms. Altheim has previously presented on numerous data privacy issues for the IAPP Europe Congress and the CPDP Conference in Brussels, LawTech Europe Congress in Prague, The International Conference of Data Protection and Privacy Commissioners, CEIC, International Law Weekend, Fordham School of Law, Georgetown Law Continuing Legal Education, LegalTech NY and NYCLA (c.2011-2015).


Victoria King served as UPS’s first Global Privacy Officer from 2010 until early 2015 when she was promoted to Group Vice President of UPS Public Affairs. As the Global Privacy Officer, she established the company’s global privacy program which encompassed activities in over 220 countries and involved more than 39 million daily tracking requests and over 4 billion annual deliveries.  She worked closely with both US and international colleagues to implement privacy governance, training and compliance programs. She was responsible for the strategic as well as tactical structure of the program. She also lead the company’s Information Security Council, a cross-functional management group that focused on information security and privacy strategies for the company. In her new Public Affairs role, she will continue her privacy and cybersecurity focus with greater emphasis on the global policies and regulatory developments.    

Victoria has been with UPS for 16 years working with the company’s Legal Department.  Prior to joining UPS, she was a law partner with the large regional law firm in Southern California and also worked with PriceWaterhouseCoopers in their Los Angeles, St. Louis and Frankfurt, Germany offices.   

Victoria joined the IAPP’s Educational Advisory Board in 2014. She continues to co-chair the Atlanta KnowledgeNet and has her CIPP-US and IT certifications.     


Vincent Liu (CISSP) is a Partner at Bishop Fox, a cyber security consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups. In this role, he oversees firm management, client matters, and strategy consulting.

Vincent is a recognized expert, having presented at Black Hat and Microsoft BlueHat. He is regularly cited by the press, and has been interviewed by media outlets like Al Jazeera and NPR. Vincent has also co-authored seven books including several industry best-sellers, such as: Hacking Exposed Wireless 1st and 2nd Edition; Hacking Exposed Web Applications 3rd Edition, and most recently Web Application Security: A Beginner’s Guide. He serves as returning faculty at the Practicing Law Institute, and sits on the advisory boards for the University of Advancing Technology and the cyber security accelerator, Mod N Labs.

Prior to founding Bishop Fox, Vincent led the Attack & Penetration team for the Global Security unit at Honeywell International. Before that, he was a consultant with the Ernst & Young Advanced Security Centers and an analyst at the National Security Agency.


As NCC Media’s Chief Privacy Officer and General Counsel, Noga Rosenthal is responsible for guiding the company's privacy and legal initiatives; she holds deep expertise in the development and implementation of comprehensive privacy programs. 

Noga previously served as Chief Privacy Officer at Epsilon where she led the company’s worldwide privacy, compliance and regulatory activities. Prior to Epsilon, she served as General Counsel and Vice President for Compliance and Policy for the Network Advertising Initiative (NAI), running its compliance program and ensuring that member companies delivered on the promise of self-regulation for interest-based advertising. Furthermore, she also led global legal affairs for WPP’s Xaxis, a pioneering programmatic digital media business, as SVP and General Counsel. 

Noga is a member of the Women Leading Privacy Advisory Board of the International Association of Privacy Professional (IAPP) and the IAB Federal Privacy Working Group. She has also served on the IAPP’s Education Advisory Board and was an active member of the UK Data Protection Network, providing guidance on the General Data Protection Regulation. Noga also sat on the Advisory Board of the Digital Advertising Alliance, the Data Standards Committee of the Data and Marketing Association, the Legal Affairs Council and the Public Policy Council of the Interactive Advertising Bureau. She also served as co-chair of the Privacy Committee of the Mobile Marketing Association.

Noga received her bachelor’s degree in English and Political Science from Rutgers and a J.D. from Fordham Law School.

 


Few lawyers in the world have Miriam Wugmeister's breadth and understanding of privacy and data security laws, obligations, and practices. In the words of her clients, she is “extremely practical and phenomenally smart. Just about one of the best privacy advisers there is” (Chambers USA). Co-chair of Morrison & Foerster’s market-leading Global Privacy and Data Security Group and ranked among the top in the profession by all major directories, Ms. Wugmeister is regularly called upon by some of the world’s largest and most complex multinational organizations to confront their most difficult U.S. and international privacy challenges. “Tremendous at helping you come up with practical solutions to real problems” (Chambers USA), she develops cutting-edge solutions for clients that marry legal compliance with business realities.

Having helped hundreds of clients respond to data security incidents, Ms. Wugmeister has worked on several of the most noteworthy and largest data security incidents over the past few years. She has been praised as “clearly operating at the top of her profession; distinguished by her passion, ability to relate to clients, and practical business-minded advice” by Legal 500, which recently named Morrison & Foerster as the 2015 Cyber Crime Firm of the Year. Ms. Wugmeister also works with dozens of companies to develop comprehensive customized incident response plans, training staff, conducting extensive table top exercises, and addressing key issues with Boards of Directors and executive management.

Ms. Wugmeister advises organizations on the planning and execution of complex global compliance efforts, assists in the negotiation of strategic deals, and defends regulatory and litigation matters relating to privacy and data security in the U.S. and internationally. She serves as an arbitrator for the EU-US Privacy Shield Framework Binding Arbitration Program. Ms. Wugmeister regularly advises on data security breach issues; the global collection, use, sharing of employee, customer, vendor, and consumer personal information; ediscovery and monitoring conflicts; social media issues; and cloud computing deals, as well as on developing data security policies and procedures and cybersecurity preparedness and response plans. She also counsels clients on cutting-edge consumer privacy issues surrounding emerging technologies such as the Internet of Things (IoT), telematics, and big data.

As leader of the Global Privacy Alliance (GPA), Ms. Wugmeister encourages the rational development of privacy laws around the world and monitors privacy practices, laws, and regulations globally. On behalf of the GPA’s members, she takes an active role in anticipating upcoming privacy legislation and educating regulators on the commercial implications of proposed regulations. Ms. Wugmeister developed the firm’s Privacy Library and the MoFoNotes subscription database so that organizations can keep apprised of privacy and data security compliance requirements in jurisdictions around the world. She is also co-editor of Global Employee Privacy and Data Security Law, Second Edition (BNA Books, 2011).

Chambers USA and Chambers Global recommend Ms. Wugmeister in the top tier of privacy and data security lawyers worldwide, and Legal 500 US recognizes her as a leading lawyer for her “professionalism and strong international presence.” For her work in data protection and privacy, Ms. Wugmeister is an inaugural inductee into the 2017 Legal 500 Hall of Fame, which is comprised of outstanding U.S. lawyers who have been recommended as Legal 500 “Leading Lawyers” for the last six consecutive years. In 2016, she was named one of Financial Times’ “Top 10 Innovative Lawyers in North America” and a National Law Journal “Cybersecurity and Data Privacy Trailblazer” for her cutting-edge work in this space.  Ms. Wugmeister was previously designated an Ethisphere “Attorney Who Matters,” and a BTI Client Service All-Star, and has been featured in Best Lawyers in America every year since 2008.


Leigh is currently the Head of Privacy and Information Compliance and the Global Chief Privacy Officer within the Corporate Compliance Group at Citi.  In this role, Leigh leads several related functions that touch on the collection, maintenance, use, sharing and disposition of information, including the Chief Privacy Office, Records Management, Compliance Data Governance and compliance coverage for Information Security, Enterprise Operations and Technology, Export Licensing and Citi Security and Investigative Services.

Prior to joining Citi, Leigh was the Chief Privacy Officer at American Express responsible for leading the Global Privacy Team and the Global Privacy Program across the Company.  Prior to that, Leigh spent four years as the Senior Privacy Executive at Bank of America, where he managed the Privacy, Information and Data Compliance team, and ten years at Merrill Lynch, where he was Chief Privacy Counsel and led the Technology, Privacy and Information Law team.  Prior to joining Merrill Lynch, Leigh worked in private practice in New York specializing in Internet, e-commerce and corporate law. 

Leigh received his law degree from Georgetown University and his undergraduate degree from the State University of New York at Binghamton.  In addition to being a lawyer, Leigh is certified by the International Association of Privacy Professionals as a Certified Information Privacy Manager.


Mr. Bushar is a seasoned, highly effective, and innovative cyber security leader with extensive Federal Government, Cyber Security, Risk Management, and Network Operations experience. Mr. Bushar has a dynamic track record of building teams and strategic solutions that drive mission performance, ensure organizational security, and minimize risk. Mr. Bushar has over 17 years of experience in the areas of information assurance, information security, cyber operations, and incident response services. Currently, Mr. Bushar is serving as the Global Director for Mandiant’s Security Program Services, where he is developing innovative security programs and solutions and services for commercial and government clients worldwide.

Prior to his work at Mandiant, Mr. Bushar served as the Director of the Department of Justice Security Operations Center (JSOC) where he led transformative efforts to redefine and restructure key information security and JSOC operations and capabilities. Ron conducted critical Department wide security assessments and served as the project manager for major network security procurements and architecture upgrades. He   served as the Department’s Program Manager for insider threat program related issues and liaison to the National Insider Threat Task Force (NITTF). Ron developed and drafted Department cyber security policies and procedures. He established and nurtured cyber defense innovations within the JSOC with a concept of operations that focus on rapid research, development, and testing of innovative cyber defense solutions for the JSOC and the Department. Ron led cyber incident response activities for major security incidents throughout the Department and its 42 federated components. In November 2011, he received the Justice Management Division Special Commendation Award for his development management of the Department’s Information Security Assessment and Insider Threat Program.

Mr. Bushar has also led the Vulnerability Assessment and Penetration Team at the National Geospatial-­-Intelligence Agency (NGA), and spent eight years in various cyber operation project management and support roles at ManTech International Corporation. Mr. Bushar began his career in the United States Air Force serving in the Information Warfare Aggressor Squadron at Lackland AFB.

Mr. Bushar holds a Master of Science in Management of Information Systems and a Bachelor of Science in Electrical Engineering. He is a certified Project Management Professional (PMP), a Certified Information System Security Professional (CISSP), a Certified Information System Security Architecture Professional (ISSAP), and maintains a professional membership with the Institute of Electrical and Electronic Engineers (IEEE).


Mr. Schafer is currently Senior Counsel at The Vanguard Group, Inc., where he leads the Global Privacy and Data Protection team within the Legal & Compliance Division.  Mr. Schafer and his team advise on privacy, data security, and risk for Vanguard and its global affiliates.   Prior to joining Vanguard, Mr. Schafer was Chief of the Consumer Protection Division for the Office of the Massachusetts Attorney General.  Mr. Schafer led a division that investigated and prosecuted persons and entities for violations of federal and state law relating to predatory lending and foreclosure, Internet safety and security, electronic commerce, consumer privacy and data security, and data breach notification.   Mr. Schafer has been a faculty member for the American Bar Association, Boston Bar Association, Practising Law Institute, and Massachusetts Continuing Legal Education on issues relating to consumer privacy and information security, and he has been a featured speaker on privacy issues for the International Association of Privacy Professionals and various data security consortiums.

Mr. Schafer was also in private practice for ten years with the law firms of Sullivan & Worcester LLP and Zelle Hofmann LLP where he represented clients in a wide variety of commercial civil litigation matters involving computer technology, software licensing, trademark, copyright, misappropriation of trade secrets, unfair competition, and insurance coverage.


Named among The National Law Journal’s “100 Most Influential Lawyers,” Lisa Sotto chairs Hunton Andrews Kurth’s top-ranked Global Privacy and Cybersecurity practice and is the managing partner of the firm’s New York office.  She also serves on the firm’s Executive Committee.  Lisa has received widespread recognition for her work in the areas of privacy and cybersecurity.  She was voted the world’s leading privacy advisor in all surveys by Computerworld magazine and has received top rankings for privacy and data security by Chambers and Partners and The Legal 500.  Lisa serves as the Chairperson of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. 

Featured as “The Queen of Breach” in an article by New York Super Lawyers Magazine, Lisa provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness.  Since 2005, she has advised clients on more than 1,600 cybersecurity and data breach incidents in the U.S. and abroad, including many of the seminal events.  Lisa is the editor and lead author of the legal treatise entitled Privacy and Cybersecurity Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business. 

Lisa assists clients in identifying, evaluating and managing risks associated with privacy and data security practices.  She advises clients on GLB, HIPAA, COPPA, CAN-SPAM, FCRA, VPPA, security breach notification laws, and other U.S. state and federal privacy and data security requirements (including HR rules), and global data protection laws (including those in the EU, Asia and Latin America).  More recently, Lisa’s work includes assisting dozens of clients in developing strategies for complying with the California Consumer Privacy Act of 2018.

Lisa is chair of the New York Privacy Officers’ Forum and a former member of the Board of Directors of IAPP.  She received her J.D. from the University of Pennsylvania Law School, where she was an editor of the Law Review.  She received her B.A. from Cornell University, with Distinction in All Subjects.  Lisa is admitted to practice in New York.


 


Travis is a leading authority on cybersecurity, data privacy, telecommunications and the regulation of emerging and disruptive technologies. Drawing on his broad experience in federal and state government, he helps clients manage litigation and regulatory risk, as well as strategically respond to data breaches, cyberattacks, nation-state attacks, dissemination of stolen data, misinformation campaigns and government enforcement efforts, including those by state attorneys general. In addition to overseeing crisis management, internal investigations and national security matters, Travis advises and counsels clients on complex commercial, antitrust and intellectual property litigation. The respect and skills Travis has earned during his career have translated into appointments and recommendations across political spectrums, including his selection by the US Department of Commerce and the European Commission as an arbitrator for the EU-US Privacy Shield Framework in 2017 and his presidential nomination to the Privacy and Civil Liberties Oversight Board in 2018.

Travis was chief of the Federal Communications Commission’s (FCC) Enforcement Bureau during the Obama administration, where he spearheaded hundreds of enforcement actions involving consumer issues such as false advertising and the Telephone Consumer Protection Act (TCPA), unfair competition, regulatory compliance and fraud, waste and abuse of government programs. He has also worked closely with senior officials at other federal, state and international agencies, including the Federal Trade Commission (FTC), Securities and Exchange Commission (SEC), Consumer Financial Protection Bureau (CFPB), Department of Justice (DOJ), all 50 state attorneys general and data protection authorities across the globe.

Travis previously served as a senior adviser to former California Attorney General Kamala D. Harris and as special assistant attorney general of California, where he oversaw California’s complex litigation and policy in areas such as technology regulation, high-tech crime, cybersecurity, privacy, intellectual property, antitrust, healthcare, telecommunications and human trafficking. Prior to this high-profile California role, he served during the Obama administration as an attorney-adviser in the US Department of Justice’s Office of Legal Counsel, which advises the president, attorney general and executive branch agencies on the constitutionality and legality of the programs and activities of the US government.

With his broad understanding of technology, media and telecommunications, as well as his senior government experience at the national and California levels, Travis is uniquely positioned to advise clients on a wide range of privacy, cybersecurity and information management issues, including cases involving data breaches, class actions and government enforcement actions. As former chief of the FCC’s Enforcement Bureau, Travis has assisted clients with federal and state telecommunications needs, including FCC proceedings and regulations, merger reviews, working with Congress and other regulatory agencies on behalf of clients and advocating for emerging and leading technology companies before regulatory bodies. A deep understanding of real-world issues and legal hurdles and solutions helps Travis respond to and favorably resolve governmental inquiries and fact-finding investigations.

His background and leadership roles, as well as his practice at leading law firms in Washington, DC, and San Francisco, have translated into advising global clients with ties both in California and nationally, as well as responding to and finding solutions for novel local, state and federal legal issues. He has also represented companies, boards and individuals on a diverse array of complex and bet-the-company civil litigation, government investigations and white collar matters involving false claims, bid-rigging, patent infringement, trade secrets, bribery, foreign corrupt practices, RICO, off-label advertising, legal malpractice and material support of terrorism.


Al Saikali is a Chambers-ranked lawyer specializing in privacy and data security law.  He represents companies in minimizing the risks associated with the collection, use, storage, and security of personal information.  In addition to chairing Shook, Hardy & Bacon’s Privacy and Data Security practice, he founded and chairs the Sedona Conference’s Working Group on Privacy and Data Security, and co-chairs the American Bar Association’s Cybersecurity Law Institute.  He has won the Lexology Client Choice award in technology law the last two years in a row and was named a “Trailblazer in Cybersecurity” by the National Law Journal in 2015.  In his spare time, Al is an Adjunct Professor at Saint Thomas University where he teaches Cybersecurity Law, and he maintains a blog (Data Security Law Journal) where he writes about emerging trends and issues in privacy and data security law.  Al has been quoted by the Wall Street Journal, Bloomberg BusinessWeek, and Law360 for his thoughts on privacy and data security legal trends. 


Keith Enright serves as Google’s Chief Privacy Officer and leads the global privacy legal team. He joined Google in March 2011.  He has nearly 20 years of experience in creating and implementing programs for privacy, data stewardship, and information risk management.

Prior to joining Google, Keith served as the senior-most privacy executive at two Fortune 500 online and offline retail enterprises, as senior consultant for a leading global consulting practice, and as General Counsel for a successful advertising technology company.

Keith served a 5-year term on the Board of Directors of the International Association of Privacy Professionals. He has been a guest speaker at Harvard Law School, Stanford Law School, and the Massachusetts Institute of Technology, and is frequently a featured speaker at industry events focusing on technology, privacy and data protection. He is a member of the Maryland Bar and holds the Certified Information Privacy Professional, U.S., and Government (CIPP/US, CIPP/G) certifications.


Matthew H. Meade is co-chair of the firm's Cybersecurity and Data Protection Group where he provides advice regarding data security breaches, information and records management and other areas regarding privacy. He helps clients identify business risks associated with the use and storage of sensitive information. Matt regularly advises clients on security breach notification laws and other U.S. state and federal data security requirements (including laws regarding disposal of records). Matt drafts agreements addressing issues related to data use, privacy and security. He also has prepared document retention and management policies and developed associated training programs.

Matt's recent representations include:

  • Advised numerous entities, including health care providers, manufacturers, retailers, schools, security alarm companies, financial services company, county governments and collection agency on information security breach notification procedures and development of post breach corrective action plans.
  • Coordinated response to multi-state security breaches and hacking with local and federal law enforcement, district attorney and United States Attorney.
  • Performed comprehensive review and subsequent revisions of all security policies for leading hospitality provider and then provided data security training to managers and executives on subjects covered in policies.
  • On behalf of a health care automation solutions provider, obtained dismissal of claims arising from the theft of an employee’s laptop computer containing protected health information, on grounds that court lacked subject matter jurisdiction because plaintiff failed to adequately allege injury-in-fact.
  • Assisted banking client with response to unauthorized customer wire transfer, including developing post-incident policy enhancements.
  • Coordinated internal investigation of health care data breach, subsequent patient notice, communication with the Department of Health & Human Services Office of Civil Rights (“OCR”) and development of corrective steps. OCR closed the case taking no further action and noting the voluntary compliance efforts of the entity.
  • Negotiated with states attorney general office’s on behalf of cloud storage company holding data of health care entity involved in multi-state investigation and multi-jurisdiction litigation.
  • Prepared and reviewed company policies including Written Information Security Programs, document management, social networking and incident response.
  • Conducted internal investigation of processes and procedures of professional sports league, including analysis of discipline by league of teams, coaches and players, and of document management policy.
  • Conducted an internal investigation of a large-scale data leak of personnel information at a Fortune 100 corporation; interviewing relevant employees and preparing a report and recommendations for the Executive Board.
  • Advised clients on proper security measures in connection with employee and customer personal information.

Prior to joining Buchanan, Matt was an associate with the New York office of an international law firm, where, in addition to privacy-related matters, he worked on white-collar internal investigations, federal litigation matters and federal criminal cases, including plea negotiations, participation in proffer sessions, bail proceedings, guilty pleas, pre-sentence reports and negotiations with the United States Attorney's Office.

Matt was selected for inclusion in The Best Lawyers in America® list in  2017 under the Privacy and Data Security Law category.

Matt serves on  the Steering Committee for the Sedona Conference Working Group 11 on  Data Security and Privacy Liability, which brings “together lawyers, judges, policy makers, security experts, technologists and business leaders to identify and develop principles and best practices that will constructively resolve issues surrounding data security and privacy liability.”  Matt speaks and writes regularly on data security and is a co-chair of the ABA’s Second Annual National Institute on Cybersecurity.
 


Zoe Strickland is the newly appointed VP, Global Privacy & US Commercial Compliance head for Cigna health and life insurance. She most recently served as the Managing Director, Global Chief Privacy Officer, for JPMorgan Chase, where she was responsible for domestic and global privacy compliance at the company enterprise level, including its privacy policies, procedures, governance, strategy, training, and administration. Previously, Zoe served as the VP, Chief Privacy Officer for UnitedHealth Group and for Walmart Stores Inc. 

Zoe is an active participant in the privacy community.  She serves on the Advisory Board of the Future of Privacy Forum and several other cross-industry organizations. She previously served on the Board of Directors for the International Association of Privacy Professionals (IAPP). Zoe is a frequent speaker at industry conferences and events, has testified before subcommittees of the House Energy and Commerce Committee, and has been quoted in national and trade media sources, including USA Today, the New York Times, and National Public Radio.


David Glockner is the Chief Compliance Officer for Citadel, a global hedge fund based in Chicago. From 2013-2017 he served as Regional Director of the SEC’s Chicago Regional Office, overseeing the SEC’s examination and enforcement work in nine Midwestern states. While at the SEC he also served as co-chair of the SEC’s Cybersecurity Working Group and was a leader in the SEC’s efforts to expand its use of data analytics in examination and enforcement work. Prior to joining the SEC, he was a managing director at a global digital risk management firm. He spent nearly 25 years as a prosecutor in the United States Attorney’s Office in Chicago, including 11 years as chief of the office’s criminal division, where he was involved in numerous high-profile matters involving public corruption, financial fraud, and national security. He is an adjunct professor at the University of Illinois College of Law, where he teaches a class on cybersecurity and the legal system.


Aaron Burstein has been an attorney advisor to Commissioner Julie Brill at the Federal Trade Commission (FTC) since August 2013 and is responsible for advising Commissioner Brill on enforcement and policy matters concerning privacy, data security, financial practices, and a range of other consumer protection issues.  Before joining the FTC, Aaron was a policy advisor at the National Telecommunications and Information Administration (NTIA) at the Department of Commerce.  At NTIA, Aaron played a central role in drafting Commerce’s privacy “green paper” and the Obama Administration’s Privacy Blueprint.  Aaron was detailed to the National Security Council at the White House, where he served as Director for Privacy and Civil Liberties in the Cybersecurity Directorate.  Before joining NTIA, Aaron was a research fellow at the University of California, Berkeley, School of Law and School of Information and a trial attorney in the Department of Justice’s Antitrust Division.  Aaron earned his law degree from Berkeley and his undergraduate degree from Brown University. 


Jay Leek, CISM, CISA, CISSP, is a Managing Director and Co-founder of ClearSky Security.  He also consults with Blackstone on various areas of cyber security strategy and investing, and he is currently co-leading Blackstone’s portfolio company CISO community. Prior to joining ClearSky, Leek was the Chief Information Security Officer for Blackstone, where he also worked with their information security investments and portfolio companies.  Over the past 20 years, Leek built and headed up global information risk and security programs for Equifax and Nokia and also worked as a Product Manager as well as a Consultant to telecom companies, government agencies and financial institutions assisting them with strategic planning and architectural design required to meet their information risk and security objectives. Leek currently serves as a member of the boards of directors for BigID, BlueLava, Capsule8, CloudKnox, CyberGRX, IntSights and Respond, and the NY Metro ISSA Chapter. He was also formerly a member of the board of directors of Carbon Black, Demisto, Optiv, ProtectWise, RedOwl, Verodin, a Board Observer for Cylance and Phantom and a member of the advisory boards of Accuvant and iSIGHT Partners.


Julia Horwitz is the Coordinator of EPIC's Open Government Program and was the 2012-2013 EPIC Open Government Fellow. She is a graduate of the University of Chicago Law School and graduated magna cum laude from Brown University with a B.A. in American Literature. Ms. Horwitz was a recipient of the 2011 Charles H. March Fellowship at the Federal Trade Commission and the International Association of Privacy Professionals 2012 Summit scholarship. While studying at Chicago Law, Ms. Horwitz was the Intellectual Property Law Society's Vice President for Online and Media, and competed in the 2011 International Trademark Association's Saul Lefkowitz Moot Court.


Margaret Keane is a Partner in the employment group at the international firm of DLA Piper LLP.  She is based in San Francisco and works with clients to address the challenges of today’s workplace, including workplace privacy, employee mobility issues, mobile devices, wage and hour compliance, and related workplace issues.  


Matthew Fitzsimmons is the Head of Cigna’s Privacy & Information Protection Compliance Office and Lead Privacy & Cybersecurity Counsel. At Cigna, Matt is responsible for leading the privacy and information protection compliance team, handling complex privacy and information protection issues and leading the enterprise’s incident response team, leading investigations, breach notification, and incident management activities. Matt also oversees the review and implementation of privacy related legislation, the conduct environmental scans to identify external privacy issues. 

Prior to joining Cigna, Matt was an Assistant Attorney General in Connecticut, heading that Office’s Privacy and Data Security Department. In that role, Matt served as the lead attorney in the AG’s Office on all matters involving data security and privacy, including co-leading the investigation and negotiating the largest ever multistate data breach settlement with a prominent retailer. Matt also served as co-lead counsel in the first-ever state enforcement action for alleged violations of HIPAA. Throughout his time in the AG’s Office, Matt litigated an array of complex matters in state and federal court.

Matt is a frequent guest speaker and panelist at industry and continuing legal education events on the topic of data privacy and security, and has contributed to panel discussions in the United States and Canada. Recently, he was named one of Law360’s “5 Influential Privacy Regulators That You Should Know,” as well as being named to Connecticut Magazine’s 2014 “Forty under 40” and Connecticut Law Tribune’s “New Leaders in the Law.”

Matt also served as Adjunct Professor at the University of Connecticut School of Law, where he taught oral advocacy and brief writing as part of the school’s Moot Court program.


Sarvesh Mahajan is an attorney in Wiggin and Dana's Technology and Outsourcing Group in the firm's New York office. Sarvesh advises a broad range of clients on the negotiation, drafting and implementation of technology and commercial agreements, including outsourcing, software licenses and services, and cloud-based offerings. He has particular experience assisting clients in all stages of information technology and business process outsourcing transactions, advising them on structuring or responding to requests for proposals, drafting and negotiating contracts, and managing and implementing complex, global outsourcing arrangements. Sarvesh also advises clients on intellectual property and data privacy matters.

Prior to joining Wiggin and Dana, Sarvesh served as counsel for a large public university providing online higher education programs and for a multinational information technology services company. He advised senior managers on commercial matters and intellectual property issues. Sarvesh also served as an attorney-advisor in the U.S. Department of Commerce.

Sarvesh received his Master of Laws and Juris Doctor degrees from George Washington University, where he was a member of the Public Contract Law Journal. He earned a Bachelor of Arts degree, cum laude, from the University of Pennsylvania.


Adam is an acknowledged Canadian legal industry leader in privacy and data management. He leads the Osler’s national Privacy and Data Management practice. Adam has been lead counsel on many of the most significant privacy matters in Canada. He advises Fortune 500 clients in their business critical data-protection issues, compliance initiatives and data governance. He regularly represents clients on regulatory investigations and security breaches, and has acted on many of the largest Canadian security incidents to date.  Adam is Special Counsel to the Interactive Advertising Bureau of Canada and counsel to the Digital Advertising Alliance of Canada.