Skip to main content

Sixteenth Annual Institute on Privacy and Data Security Law

Speaker(s): Aaron Burstein, Aaron P. Simpson, Adam Kardash, Alan Charles Raul, Alfred J. Saikali, Carolina Lessa, David Glockner, H. Leigh Feldman, Harry A. Valetk, Jay Leek, JoAnn Stonier, Julia Horwitz, Keith Enright, Lisa J. Sotto, Margaret A. Keane, Matthew F. Fitzsimmons, Matthew H. Meade, Miriam H. Wugmeister, Monique Altheim, Noga Rosenthal, Ron Bushar, Sarvesh Mahajan, Scott D. Schafer, Travis LeBlanc, Victoria King, Vincent Liu, Zoe Strickland
Recorded on: Jun. 8, 2015
PLI Program #: 57194

Alan Raul is the founder and leader of Sidley’s highly ranked Privacy, Data Security and Information Law practice. He represents companies on federal, state and international privacy and cybersecurity issues, including global data protection and compliance programs, data breaches, consumer protection issues and Internet law. Alan advises companies regarding their cybersecurity and information governance and preparedness, and helps them address crisis management for data security incidents. Alan’s practice involves litigation and counseling regarding consumer class actions and investigations, enforcement actions and policy development by the FTC, State Attorneys General, SEC, Department of Justice and other government agencies.

Alan provides clients with perspective gained from extensive government service. He previously served as Vice Chairman of the White House Privacy and Civil Liberties Oversight Board, General Counsel of the Office of Management and Budget, General Counsel of the U.S. Department of Agriculture, and Associate Counsel to the President.

Alan serves as a member of the Data Security, Privacy, and Intellectual Property Litigation Advisory Committee of the U.S. Chamber Litigation Center (affiliated with the U.S. Chamber of Commerce). He also serves ex officio on the American Bar Association’s Cybersecurity Legal Task Force by past appointment of the ABA President, and as a member of the Practicing Law Institute’s (PLI) Privacy Law Advisors Group.

Alan has represented a Special Cybersecurity Review Committee of the Board of Directors of a major tech company in connection with its independent investigation of the company’s handling of major data breaches. The following representative types of matters are also illustrative of the breadth of Alan’s practice:

  • Privacy and cybersecurity litigation, data breach incidents, regulatory investigations and compliance counseling.
  • International data protection compliance programs and cross-border transfers.
  • FTC and State Attorney General investigations involving consumer protection, privacy, data security and unfair or deceptive business practices.
  • SEC, DOJ, Congressional and Inspector General investigations.
  • Cybersecurity, government information requests and national security issues.
  • Internet litigation and counseling under Electronic Communications Privacy Act and the Computer Fraud and Abuse Act.
  • Administrative Procedure Act litigation, regulatory advocacy and counseling.

In addition to leading a “Privacy and Data Security” practice nationally rated by Chambers Global and Chambers USA, Alan is ranked by Chambers in its top tier of Privacy and Data Security practitioners. Chambers USA has described Alan as a “true ‘ambassador’ for the privacy sector” who “attracts praise for his deep knowledge of the field. Interviewees stress that ‘he gives invaluable advice’ and is known to be a strong litigator. He also earns plaudits for his regulatory compliance and data protection policy expertise.” He has been named as a leading international Internet and E-Commerce Lawyer in Who’s Who Legal. Alan was also named to Ethisphere Institute’s “Attorneys Who Matter” in Data Privacy/Security, which recognizes lawyers with the highest commitment to public service, legal community engagement and academic involvement. In 2016, the Washingtonian named Alan one of Washington, DC’s Best Lawyers: Cybersecurity.

Alan is a frequent author and speaker on privacy and related issues. He is the editor and contributing author of The Privacy, Data Protection and Cybersecurity Law Review (Law Business Research Ltd. 1st ed., 2nd ed. and 3rd ed.), co-author of Administrative Law of the European Union: Oversight (ABA 2008), and author of Privacy and the Digital State: Balancing Public Information and Personal Privacy (Kluwer Academic Publishers 2001). He has appeared frequently as a legal commentator on television and radio, and testifies before Congress on various issues.

Alan also writes and speaks regularly on Internet and information law topics, “junk science,” and federal regulatory policy, as well as on constitutional, political and social issues. He has published numerous articles in legal periodicals, as well as pieces in the Wall Street Journal, Washington Post, Los Angeles Times, New York Times, Washington Times, Politico, The Hill and various Bloomberg BNA publications. He is also a frequent contributor to the practice’s Data Matters blog. Alan is a graduate of Harvard College, the Harvard Kennedy School of Government, and Yale Law School.

Carolina Lessa acts as the government affairs liaison for the Latin American region. She works closely with local business units to identify potential business opportunities and legislative and regulatory threats. Carolina manages key relationships with external firms and government bodies. She actively participates in industry coalitions and trade associations to promote public policy objectives in the region.

Prior to joining RELX Group, she headed the Washington, DC office of the largest Brazilian public affairs consulting firm, PATRI, and previously worked for the Brazilian Sugarcane Industry Association (UNICA) advocating for the removal of the ethanol import tariff. Carolina also worked at the American Chamber of Commerce (Amcham), where she led several key issues of the Brazil-US agenda, such as the renewal of a U.S. tariff exemption program, the Generalized System of Preferences. She also worked at the U.S. Consulate in São Paulo, at the Department of Agriculture (USDA) and interned at BioAlliance International, a global NGO dedicated to humanitarian aid for refugees in Africa.

Carolina has a B.A. in International Relations from Fundação Armando Alvares Penteado (FAAP - Brazil), a specialization in Communications from Pontifícia Universidade Católica (PUC - Brazil) and a M.A. in International Trade and Investment Policy from the George Washington University.

Harry A. Valetk is Of Counsel in the International Commercial Practice Group in the New York office, advising global organizations on privacy and data security compliance requirements. He regularly supports companies in the insurance and financial services sector, retail, pharmaceutical/ healthcare, transportation/ logistics, hospitality, defense, social media, cloud technology, and manufacturing industries. His practice is focused on delivering commercially practical advice on designing security, privacy, and technologically compliant solutions. Harry's practice routinely covers issues that range from supporting M&A transactions that result in cross-border data transfers, to digital marketing, regulatory enforcement defense, and cyber security and data breach incident response. He also helps clients perform privacy risk assessments for EU-US Privacy Shield certifications, and works with highly-regulated entities on numerous data protection topics, including HIPAA, GLBA, FERPA, the Children’s Online Privacy Protection Act (COPPA).

Harry puts on an insider’s perspective when advising his clients having worked in-house as Director of MetLife’s Global Privacy Office in New York for almost seven years. In that role, he supported business lines in more than 60 countries to protect the personal data of over 90 million MetLife customers. Additionally, he led numerous strategic efforts to build out a global Privacy Risk Framework, achieve global compliance with applicable data privacy laws, deploy cross-border data transfer solutions, implement global training and awareness initiatives, and manage data and cyber security incidents. Before MetLife, Harry led the video game publishing industry’s privacy compliance efforts as the Director of Privacy Online for the Entertainment Software Rating Board and its COPPA Safe Harbor Seal Program. Finally, Harry served as a trial attorney for the U.S. Department of Justice, Civil Division.

JoAnn Stonier is the Chief Information Governance & Privacy Officer of Mastercard, where she is responsible for all aspects of Mastercard’s data governance program, including identifying and mitigating data risks across the company, influencing the creation of data driven products and solutions and overseeing data policy.  She advises senior management on a broad range of complex legal, data and regulatory issues.    JoAnn and her global team manage data risk as an element of the company’s product and business strategy.   Information Governance & Privacy are key to Mastercard’s commitment to making all of its products and services safe, simple and smart.  Prior to joining Mastercard in 2008, Ms. Stonier was the Chief Privacy Officer for American Express Company. 

JoAnn is a recognized expert in the field of privacy, data protection and information governance.  She currently serves as the Chairman of the Board of Directors of the International Association of Privacy Professionals (IAPP); as a member on the United Nations Global Pulse Privacy Advisory Group; and on the Steering Committee for the World Economic Forum’s Data Driven Development Initiative.  She is also on the boards of the Information Accountability Foundation and the Centre for Information Policy Leadership.  She is also a board Advisor for Momentum Aerospace Group and Hope for the Warriors for privacy and information related issues.  For her leadership in Privacy, Data Protection and Information Governance, Ms. Stonier has been recognized by the Information Governance Initiative as the Chief Information Governance Officer of 2015 and in 2011 she was named as an Aspen Institute First Mover Fellow. 

In addition to her work at Mastercard, Ms. Stonier is an Adjunct Professor at Pratt Institute where she teaches business strategy and international business, in the Design Management Master’s program.  

Ms. Stonier received her Juris Doctorate from St. John’s University in Queens, and her Bachelor of Science degree from St. Francis College.  She holds memberships in the Bar of the State of New York and the Bar of the State of New Jersey.

Keith Enright is Legal Director for Privacy at Google, where he leads the Internet company’s global privacy legal team. He joined Google in March 2011 after more than 10 years at high­growth start­ups, large consulting practices and Fortune 500 retail and online services organizations. He has deep experience in creating and implementing programs for privacy, data stewardship and information risk management.

Most recently, Keith served as as Macy’s Inc.’s first Chief Privacy Officer and Vice President, Privacy. His responsibilities extended over 800 Macy’s and Bloomingdale’s brick and mortar locations;;; banking operations of Federated Department Stores National Bank and Department Stores National Bank; and corporate support functions such as benefits and payroll administration for a workforce of more than 100,000. Keith served on the Managing Board of the Macy's Credit and Customer Services division.

Before Macy's, Keith served as the first Chief Privacy Officer and Director of Enterprise Information Policy for Limited Brands, Inc. There he oversaw privacy for customer and employee data for Victoria’s Secret, Bath and Body Works, Henri Bendel, White Barn Candle Company, C.O. Bigelow and La Senza, including their websites and more than 4,000 retail locations.

Previously, he was a Senior Consultant with IBM Business Consulting Services, where he served as Privacy Technology Lead for its Public Sector Security, Privacy and Wireless practice. Prior to joining IBM, Keith was the General Counsel and Vice President of ISP Relations for AdKnowledge, during which time he served as a charter member of the Steering Committee of the Email Service Provider's Coalition and the Email Authentication Implementers Group.

Keith serves on the Board of Directors of the International Association of Privacy Professionals, as well as a number of industry advisory boards.  He is frequently a featured speaker at industry events focusing on privacy and IT Security. He regularly briefs legislators and regulators from around world on issues relating to privacy and technology. He holds the Certified Information Privacy Professional, US, and Government (CIPP/US, CIPP/G) certifications.

Matthew Fitzsimmons is an Assistant Attorney General in Connecticut, heading that Office’s Privacy and Data Security Department. He serves as the lead attorney in the Office on all matters involving data security and privacy. AAG Fitzsimmons has been in a lead role in several multistate data breach and general consumer protection investigations. He also served as co-lead counsel in the first-ever state enforcement action for alleged violations of HIPAA. AAG Fitzsimmons has litigated an array of complex matters involving violations of the Connecticut Unfair Trade Practices Act in state and federal court.

In 2011, Attorney General Jepsen appointed AAG Fitzsimmons to lead a multidisciplinary Privacy Task Force to educate the public about data protection and to focus the office's response to Internet privacy concerns and data breaches that affect consumers. In March 2015, Attorney General George Jepsen created a dedicated and permanent Privacy and Data Security Department within the Connecticut Attorney General’s Office and appointed AAG Fitzsimmons as its Department Head. The formation of an official Department was in part to ensure that the privacy and data security work of the office maintains the high level of excellence and cutting edge commitment it receives today by dedicating staff to work exclusively on privacy-related matters. Like the Task Force before it, the new Department will be responsible for all investigations involving consumer privacy and data security. It will also help to educate the public and business community about their responsibilities, which include protecting personally identifiable and sensitive data and promptly notifying affected individuals and the Office of the Attorney General when breaches do occur.

AAG Fitzsimmons is a frequent guest speaker and panelist at industry and continuing legal education events on the topic of data privacy and security, and has contributed to panel discussions in the United States and Canada. Recently, AAG Fitzsimmons was named one of Law360’s “5 Influential Privacy Regulators That You Should Know,” as well as being named to Connecticut Magazine’s 2014 “Forty under 40” and Connecticut Law Tribune’s “New Leaders in the Law.”

AAG Fitzsimmons also serves as Adjunct Professor at the University of Connecticut School of Law, where he teaches oral advocacy and brief writing as part of the school’s Moot Court program. AAG Fitzsimmons received his B.A., magna cum laude, from the University of Hartford and his J.D., with honors, from the University of Connecticut School of Law.

Matthew H. Meade is co-chair of the firm's Cybersecurity and Data Protection Group where he provides advice regarding data security breaches, information and records management and other areas regarding privacy. He helps clients identify business risks associated with the use and storage of sensitive information. Matt regularly advises clients on security breach notification laws and other U.S. state and federal data security requirements (including laws regarding disposal of records). Matt drafts agreements addressing issues related to data use, privacy and security. He also has prepared document retention and management policies and developed associated training programs.

Matt's recent representations include:

  • Advised numerous entities, including health care providers, manufacturers, retailers, schools, security alarm companies, financial services company, county governments and collection agency on information security breach notification procedures and development of post breach corrective action plans.
  • Coordinated response to multi-state security breaches and hacking with local and federal law enforcement, district attorney and United States Attorney.
  • Performed comprehensive review and subsequent revisions of all security policies for leading hospitality provider and then provided data security training to managers and executives on subjects covered in policies.
  • On behalf of a health care automation solutions provider, obtained dismissal of claims arising from the theft of an employee’s laptop computer containing protected health information, on grounds that court lacked subject matter jurisdiction because plaintiff failed to adequately allege injury-in-fact.
  • Assisted banking client with response to unauthorized customer wire transfer, including developing post-incident policy enhancements.
  • Coordinated internal investigation of health care data breach, subsequent patient notice, communication with the Department of Health & Human Services Office of Civil Rights (“OCR”) and development of corrective steps. OCR closed the case taking no further action and noting the voluntary compliance efforts of the entity.
  • Negotiated with states attorney general office’s on behalf of cloud storage company holding data of health care entity involved in multi-state investigation and multi-jurisdiction litigation.
  • Prepared and reviewed company policies including Written Information Security Programs, document management, social networking and incident response.
  • Conducted internal investigation of processes and procedures of professional sports league, including analysis of discipline by league of teams, coaches and players, and of document management policy.
  • Conducted an internal investigation of a large-scale data leak of personnel information at a Fortune 100 corporation; interviewing relevant employees and preparing a report and recommendations for the Executive Board.
  • Advised clients on proper security measures in connection with employee and customer personal information.

Prior to joining Buchanan, Matt was an associate with the New York office of an international law firm, where, in addition to privacy-related matters, he worked on white-collar internal investigations, federal litigation matters and federal criminal cases, including plea negotiations, participation in proffer sessions, bail proceedings, guilty pleas, pre-sentence reports and negotiations with the United States Attorney's Office.

Matt was selected for inclusion in The Best Lawyers in America® list in  2017 under the Privacy and Data Security Law  category.

Matt serves on  the Steering Committee for the Sedona Conference Working Group 11 on  Data Security and Privacy Liability, which brings “together lawyers, judges, policy makers, security experts, technologists and business leaders to identify and develop principles and best practices that will constructively resolve issues surrounding data security and privacy liability.”  Matt speaks and writes regularly on data security and is a co-chair of the ABA’s Second Annual National Institute on Cybersecurity.

Monique Altheim is global data privacy consultant for IBM Security Services.  Ms. Altheim assists multinational companies in solving their data privacy challenges. 

Prior to joining IBM, Ms. Altheim had more than 13 years experience as an attorney, both in Belgium and in the U.S. She has advised clients on an array of international legal issues such as international maritime law, cross-border e-discovery and global privacy and security.

Ms. Altheim is also a member of the International Association of Privacy Professionals’ (IAPP) teaching faculty, where she trains candidates for the Certified Information Privacy Professional certificates (CIPP). Ms. Altheim is herself a CIPP/US and CIPP/EU.

Ms. Altheim has previously presented on numerous data privacy issues for the IAPP Europe Congress and the CPDP Conference in Brussels, LawTech Europe Congress in Prague, The International Conference of Data Protection and Privacy Commissioners, CEIC, International Law Weekend, Fordham School of Law, Georgetown Law Continuing Legal Education, LegalTech NY and NYCLA (c.2011-2015).

Noga Rosenthal brings extensive experience in online advertising, legal issues and emerging technologies to Epsilon. In her role as Chief Privacy Officer, Noga oversees all privacy-related activities for Epsilon and its Conversant business, including global development, implementation, maintenance of and adherence to the organization’s policies and procedures covering the privacy of, and access to, online and offline consumer data. Her responsibilities include ensuring compliance with various self-regulatory regimes as well as domestic state and federal laws and regulations and those of foreign jurisdictions.

Noga guides and advocates on behalf of Epsilon’s internal teams, partners and clients to support industry self-regulation, responsible privacy practices, as well as consumer awareness, transparency and choice. Additionally, she monitors and helps guide the company’s global public policy efforts.

Prior to Epsilon, Noga served as General Counsel and Vice President for Compliance and Policy for the Network Advertising Initiative (NAI), leading their compliance program and ensuring that member companies delivered on the promise of self-regulation for interest-based advertising. Previously, she held the role of Senior Vice President and General Counsel of WPP plc companies Xaxis and Media Innovation Group, LLC.

Noga sits on the Board of Directors of the NAI and sits on the Advisory Board of the Digital Advertising Alliance, the Legal Affairs Council and the Public Policy Council of the Interactive Advertising Bureau and has served in the past on the International Association of Privacy Professionals Education Advisory Board.

Noga holds a Bachelor of Arts degree in English and Political Science from the Rutgers College and a J.D. from Fordham Law School.

Victoria King served as UPS’s first Global Privacy Officer from 2010 until early 2015 when she was promoted to Group Vice President of UPS Public Affairs. As the Global Privacy Officer, she established the company’s global privacy program which encompassed activities in over 220 countries and involved more than 39 million daily tracking requests and over 4 billion annual deliveries.  She worked closely with both US and international colleagues to implement privacy governance, training and compliance programs. She was responsible for the strategic as well as tactical structure of the program. She also lead the company’s Information Security Council, a cross-functional management group that focused on information security and privacy strategies for the company. In her new Public Affairs role, she will continue her privacy and cybersecurity focus with greater emphasis on the global policies and regulatory developments.    

Victoria has been with UPS for 16 years working with the company’s Legal Department.  Prior to joining UPS, she was a law partner with the large regional law firm in Southern California and also worked with PriceWaterhouseCoopers in their Los Angeles, St. Louis and Frankfurt, Germany offices.   

Victoria joined the IAPP’s Educational Advisory Board in 2014. She continues to co-chair the Atlanta KnowledgeNet and has her CIPP-US and IT certifications.     

Vincent Liu (CISSP) is a Partner at Bishop Fox, a cyber security consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups. In this role, he oversees firm management, client matters, and strategy consulting.

Vincent is a recognized expert, having presented at Black Hat and Microsoft BlueHat. He is regularly cited by the press, and has been interviewed by media outlets like Al Jazeera and NPR. Vincent has also co-authored seven books including several industry best-sellers, such as: Hacking Exposed Wireless 1st and 2nd Edition; Hacking Exposed Web Applications 3rd Edition, and most recently Web Application Security: A Beginner’s Guide. He serves as returning faculty at the Practicing Law Institute, and sits on the advisory boards for the University of Advancing Technology and the cyber security accelerator, Mod N Labs.

Prior to founding Bishop Fox, Vincent led the Attack & Penetration team for the Global Security unit at Honeywell International. Before that, he was a consultant with the Ernst & Young Advanced Security Centers and an analyst at the National Security Agency.

Few lawyers in the world have Miriam Wugmeister’s breadth and understanding of privacy and data security laws, obligations, and practices. In the words of her clients, she is “extremely practical and phenomenally smart. Just about one of the best privacy advisers there is” (Chambers USA).

Co-chair of Morrison & Foerster’s market-leading Global Privacy and Data Security Group and ranked among the top in the profession by all major directories, Ms. Wugmeister is regularly called upon by some of the world’s largest and most complex multinational organizations to confront their most difficult U.S. and international privacy challenges. “Tremendous at helping you come up with practical solutions to real problems” (Chambers USA), she develops cutting-edge solutions for clients that marry legal compliance with business realities.

Having helped hundreds of clients respond to data security incidents, Ms. Wugmeister has worked on several of the most noteworthy and largest data security incidents over the past few years. She has been praised as “a hugely enthusiastic individual who clearly loves what she does” by her clients to Legal 500, which recently named Morrison & Foerster as the 2015 Cyber Crime Firm of the Year. Ms. Wugmeister also works with dozens of companies to develop comprehensive customized incident response plans, training staff, conducting extensive table top exercises, and addressing key issues with Boards of Directors and executive management.

Ms. Wugmeister advises organizations on the planning and execution of complex global compliance efforts, assists in the negotiation of strategic deals, and defends regulatory and litigation matters relating to privacy and data security in the U.S. and internationally. She regularly provides advice on data security breach issues; the global collection, use, sharing of employee, customer, vendor, and consumer personal information; ediscovery and monitoring conflicts; social media issues; and cloud computing deals, as well as on developing data security policies and procedures and cybersecurity preparedness and response plans. She also advises clients on cutting-edge consumer privacy issues surrounding emerging technologies such as the Internet of Things (IoT), telematics, and big data.

As leader of the Global Privacy Alliance (GPA), Ms. Wugmeister encourages the rational development of privacy laws around the world and monitors privacy practices, laws, and regulations globally. On behalf of the GPA’s members, she takes an active role in anticipating upcoming privacy legislation and educating regulators on the commercial implications of proposed regulations. Ms. Wugmeister developed the firm’s Privacy Library and the MoFoNotes subscription database so that organizations can keep apprised of privacy and data security compliance requirements in jurisdictions around the world. She is also co-editor of Global Employee Privacy and Data Security Law, Second Edition (BNA Books, 2011).

Chambers USA and Chambers Global recommend Ms. Wugmeister in the top tier of U.S. privacy and data security lawyers, and Legal 500 US recognizes her as a leading lawyer for her “professionalism and strong international presence.” Ethisphere listed her as one of its 2012 “Attorneys Who Matter,” and BTI named her a 2012 Client Service All-Star. Ms. Wugmeister was also noted by Best Lawyers in America 2015.

Leigh is currently the Head of Privacy and Information Compliance and the Global Chief Privacy Officer within the Corporate Compliance Group at Citi.  In this role, Leigh leads several related functions that touch on the collection, maintenance, use, sharing and disposition of information, including the Chief Privacy Office, Records Management, Compliance Data Governance and compliance coverage for Information Security, Enterprise Operations and Technology, Export Licensing and Citi Security and Investigative Services.

Prior to joining Citi, Leigh was the Chief Privacy Officer at American Express responsible for leading the Global Privacy Team and the Global Privacy Program across the Company.  Prior to that, Leigh spent four years as the Senior Privacy Executive at Bank of America, where he managed the Privacy, Information and Data Compliance team, and ten years at Merrill Lynch, where he was Chief Privacy Counsel and led the Technology, Privacy and Information Law team.  Prior to joining Merrill Lynch, Leigh worked in private practice in New York specializing in Internet, e-commerce and corporate law. 

Leigh received his law degree from Georgetown University and his undergraduate degree from the State University of New York at Binghamton.  In addition to being a lawyer, Leigh is certified by the International Association of Privacy Professionals as a Certified Information Privacy Manager.

Mr. Bushar is a seasoned, highly effective, and innovative cyber security leader with extensive Federal Government, Cyber Security, Risk Management, and Network Operations experience. Mr. Bushar has a dynamic track record of building teams and strategic solutions that drive mission performance, ensure organizational security, and minimize risk. Mr. Bushar has over 17 years of experience in the areas of information assurance, information security, cyber operations, and incident response services. Currently, Mr. Bushar is serving as the Global Director for Mandiant’s Security Program Services, where he is developing innovative security programs and solutions and services for commercial and government clients worldwide.

Prior to his work at Mandiant, Mr. Bushar served as the Director of the Department of Justice Security Operations Center (JSOC) where he led transformative efforts to redefine and restructure key information security and JSOC operations and capabilities. Ron conducted critical Department wide security assessments and served as the project manager for major network security procurements and architecture upgrades. He   served as the Department’s Program Manager for insider threat program related issues and liaison to the National Insider Threat Task Force (NITTF). Ron developed and drafted Department cyber security policies and procedures. He established and nurtured cyber defense innovations within the JSOC with a concept of operations that focus on rapid research, development, and testing of innovative cyber defense solutions for the JSOC and the Department. Ron led cyber incident response activities for major security incidents throughout the Department and its 42 federated components. In November 2011, he received the Justice Management Division Special Commendation Award for his development management of the Department’s Information Security Assessment and Insider Threat Program.

Mr. Bushar has also led the Vulnerability Assessment and Penetration Team at the National Geospatial-­-Intelligence Agency (NGA), and spent eight years in various cyber operation project management and support roles at ManTech International Corporation. Mr. Bushar began his career in the United States Air Force serving in the Information Warfare Aggressor Squadron at Lackland AFB.

Mr. Bushar holds a Master of Science in Management of Information Systems and a Bachelor of Science in Electrical Engineering. He is a certified Project Management Professional (PMP), a Certified Information System Security Professional (CISSP), a Certified Information System Security Architecture Professional (ISSAP), and maintains a professional membership with the Institute of Electrical and Electronic Engineers (IEEE).

Mr. Schafer is currently Senior Counsel at The Vanguard Group, Inc., where he leads the Global Privacy and Data Protection team within the Legal & Compliance Division.  Mr. Schafer and his team advise on privacy, data security, and risk for Vanguard and its global affiliates.   Prior to joining Vanguard, Mr. Schafer was Chief of the Consumer Protection Division for the Office of the Massachusetts Attorney General.  Mr. Schafer led a division that investigated and prosecuted persons and entities for violations of federal and state law relating to predatory lending and foreclosure, Internet safety and security, electronic commerce, consumer privacy and data security, and data breach notification.   Mr. Schafer has been a faculty member for the American Bar Association, Boston Bar Association, Practising Law Institute, and Massachusetts Continuing Legal Education on issues relating to consumer privacy and information security, and he has been a featured speaker on privacy issues for the International Association of Privacy Professionals and various data security consortiums.

Mr. Schafer was also in private practice for ten years with the law firms of Sullivan & Worcester LLP and Zelle Hofmann LLP where he represented clients in a wide variety of commercial civil litigation matters involving computer technology, software licensing, trademark, copyright, misappropriation of trade secrets, unfair competition, and insurance coverage.

Aaron Burstein has been an attorney advisor to Commissioner Julie Brill at the Federal Trade Commission (FTC) since August 2013 and is responsible for advising Commissioner Brill on enforcement and policy matters concerning privacy, data security, financial practices, and a range of other consumer protection issues.  Before joining the FTC, Aaron was a policy advisor at the National Telecommunications and Information Administration (NTIA) at the Department of Commerce.  At NTIA, Aaron played a central role in drafting Commerce’s privacy “green paper” and the Obama Administration’s Privacy Blueprint.  Aaron was detailed to the National Security Council at the White House, where he served as Director for Privacy and Civil Liberties in the Cybersecurity Directorate.  Before joining NTIA, Aaron was a research fellow at the University of California, Berkeley, School of Law and School of Information and a trial attorney in the Department of Justice’s Antitrust Division.  Aaron earned his law degree from Berkeley and his undergraduate degree from Brown University. 

Al Saikali is a Partner in the Miami office of Shook, Hardy & Bacon, where he founded and chairs the firm’s Data Privacy and Data Security Practice Group.  In that role, Al directs breach response efforts, represents companies in litigation arising from data breaches and other privacy issues, and counsels organizations to help them comply with laws governing the collection, storage, use, and disposal of sensitive information.  Al Saikali is the co-chair of the Sedona Conference’s Working Group on Privacy and Data Security and a board member of the International Association of Privacy Professionals.  He maintains a blog (Data Security Law Journal) where he writes about emerging trends and issues in data security and data privacy law.

David Glockner joined the SEC in December 2013 as Regional Director for its Chicago office, which oversees the SEC’s examination and enforcement work in nine Midwestern states. He is active in cybersecurity issues for the SEC at both the local and national levels. Previously, he was the managing director in charge of the Chicago office of a global digital risk management and investigations firm. From 1987 to 2012, he served in the U.S. Attorney’s Office in Chicago, including 11 years as chief of the office’s criminal division. During his career as a federal prosecutor he led and oversaw significant prosecutions involving securities and commodities fraud, public corruption, intellectual property crime, cybercrime, national security, and customs and export enforcement. He was one of the office’s computer crime coordinators for more than 20 years and wrote the Justice Department’s principal reference manual on banking crimes. He is an adjunct professor at the University of Illinois College of Law, where he teaches a course on cybersecurity and the legal system.

Jay Leek, CISM, CISA, CISSP is a Managing Director and the Chief Information Security Officer for Blackstone since joining in May 2012 where he also oversees the Blackstone Portfolio Company Information Risk & Security Community. Prior to joining Blackstone, Jay established, built and headed up global information risk and security programs for Equifax and Nokia. Over the past 20 years, Jay has also worked as a product manager as well as a consultant to numerous telecom companies, government agencies and financial institutions assisting them with business development, strategic planning and architectural design required to meet their information risk and security objectives. He also acts as an industry advisor for information security organizations and government agencies, and he currently serves as a Board Director for Optiv Security, RedOwl Analytics, CyberGRX and the NY Metro ISSA Chapter, Board Observer for Cylance and Phantom Cyber and on the Advisory Board for iSIGHT Partners and Risk IO.

Julia Horwitz is the Coordinator of EPIC's Open Government Program and was the 2012-2013 EPIC Open Government Fellow. She is a graduate of the University of Chicago Law School and graduated magna cum laude from Brown University with a B.A. in American Literature. Ms. Horwitz was a recipient of the 2011 Charles H. March Fellowship at the Federal Trade Commission and the International Association of Privacy Professionals 2012 Summit scholarship. While studying at Chicago Law, Ms. Horwitz was the Intellectual Property Law Society's Vice President for Online and Media, and competed in the 2011 International Trademark Association's Saul Lefkowitz Moot Court.

Margaret Keane is a Partner in the employment group at the international firm of DLA Piper LLC.  She is based in San Francisco and works with clients to address the challenges of today’s workplace, including workplace privacy, employee mobility issues, mobile devices, wage and hour compliance, and related workplace issues.

Sarvesh Mahajan is an attorney in Wiggin and Dana's Technology and Outsourcing Group in the firm's New York office. Sarvesh advises a broad range of clients on the negotiation, drafting and implementation of technology and commercial agreements, including outsourcing, software licenses and services, and cloud-based offerings. He has particular experience assisting clients in all stages of information technology and business process outsourcing transactions, advising them on structuring or responding to requests for proposals, drafting and negotiating contracts, and managing and implementing complex, global outsourcing arrangements. Sarvesh also advises clients on intellectual property and data privacy matters.

Prior to joining Wiggin and Dana, Sarvesh served as counsel for a large public university providing online higher education programs and for a multinational information technology services company. He advised senior managers on commercial matters and intellectual property issues. Sarvesh also served as an attorney-advisor in the U.S. Department of Commerce.

Sarvesh received his Master of Laws and Juris Doctor degrees from George Washington University, where he was a member of the Public Contract Law Journal. He earned a Bachelor of Arts degree, cum laude, from the University of Pennsylvania.

Travis LeBlanc is Chief of the Bureau of Enforcement at the Federal Communications Commission where he leads the Commission's largest organizational unit, including its 24 field offices around the country.

Prior to joining the FCC, LeBlanc served as Special Assistant Attorney General of California and a senior advisor to Attorney General Kamala D. Harris. In this capacity, he oversaw the California Department of Justice's operations and activities involving complex litigation, legislation, and policy matters such as technology regulation, telecommunications, high-tech crime, cybersecurity, privacy, intellectual property, antitrust, and health care. He established California's first high-tech crime and privacy enforcement units. He also secured agreements with leading technology companies to protect consumer privacy, promote online safety, and respect intellectual property rights. He is an Affiliated Scholar at the University of California Hastings College of the Law and a member of the American Law Institute.

LeBlanc previously served in the Obama Administration as an attorney in the U.S. Department of Justice's Office of Legal Counsel, which advises the President, Attorney General, and general counsels of executive branch agencies on the constitutionality and legality of the programs and activities of the United States government. He has worked as an attorney at Williams & Connolly LLP in Washington, D.C. and Keker & Van Nest LLP in San Francisco, where his practice concentrated on white-collar criminal defense and complex civil litigation. From 2012-2014, LeBlanc was an Appellate Lawyer Representative to the United States Court of Appeals for the Ninth Circuit and in 2012, he was selected as Columbia Law School's Visitor from Government Practice. He clerked for the Hon. Stephen Reinhardt on the United States Court of Appeals for the Ninth Circuit. He has an A.B. from Princeton University, an M.P.A. from the John F. Kennedy School of Government at Harvard University, a J.D. from Yale Law School, and an LL.M. in International Law from the University of Cambridge.

Zoe Strickland is the Managing Director, Global Chief Privacy Officer, for JPMorgan Chase.  She is responsible for domestic and global privacy compliance at the company enterprise level, including its privacy policies, procedures, governance, strategy, training, and administration. Previously, Zoe served as the VP, Chief Privacy Officer for UnitedHealth Group and for Walmart Stores Inc.

Zoe is an active participant in the privacy community.  She serves on the Advisory Board of the Future of Privacy Forum and several other cross-industry organizations. She previously served on the Board of Directors for the International Association of Privacy Professionals (IAPP). Zoe is a frequent speaker at industry conferences and events, has testified before subcommittees of the House Energy and Commerce Committee, and has been quoted in national and trade media sources, including USA Today, the New York Times, and National Public Radio.

Aaron advises clients on a broad range of complex privacy and cybersecurity matters, including state, federal and international privacy and data security requirements as well as the remediation of large-scale data security incidents. He helps clients identify, evaluate and manage risks associated with their collection and use of information.

Aaron is well known as a top privacy professional and has been recognized by Chambers and Partners, New York Super LawyersComputerworld and The Legal 500 for his work on behalf of clients. He is a sought-after media resource on privacy issues and has been quoted in publications such as Bloomberg Businessweek Magazine, DataGuidance and TIME Magazine. Aaron regularly speaks before industry groups, legal organizations, government agencies and educational institutions at conferences, seminars, roundtables and webinars. In addition, Aaron lectures on privacy and information security at Columbia University. He has written and co-written numerous articles, book chapters and handbooks on privacy and information security issues.

He is a member of the New York State bar and received his J.D. from the University of Virginia School of Law and his B.A., with high honors, from the University of Texas.

Adam is an acknowledged Canadian legal industry leader in privacy and data management. He leads the Osler’s national Privacy and Data Management practice. Adam has been lead counsel on many of the most significant privacy matters in Canada. He advises Fortune 500 clients in their business critical data-protection issues, compliance initiatives and data governance. He regularly represents clients on regulatory investigations and security breaches, and has acted on many of the largest Canadian security incidents to date.  Adam is Special Counsel to the Interactive Advertising Bureau of Canada and counsel to the Digital Advertising Alliance of Canada.

Named among The National Law Journal’s “100 Most Influential Lawyers,” Lisa Sotto chairs Hunton & Williams’ top-ranked Global Privacy and Cybersecurity practice and is the managing partner of the firm’s New York office. She also serves on the firm’s Executive Committee. Lisa was voted the world’s leading privacy advisor in all surveys by Computerworld magazine and has received top rankings for privacy and data security by Chambers and Partners and The Legal 500. She serves as the Chairperson of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. Featured as “The Queen of Breach” in an article by New York Super Lawyers Magazine, Lisa provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness. Since 2005, she has advised clients on more than 1,200 cybersecurity and data breach incidents in the U.S. and abroad, including many of the seminal events. Lisa is the editor and lead author of the legal treatise entitled Privacy and Cybersecurity Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business. She is co-chair of the International Privacy Law Committee of the New York State Bar Association, chair of the New York Privacy Officers’ Forum, and a former member of the Board of Directors of IAPP.