PLI PLUS 2.0 is now available – click here to test drive the new platform.
Skip to main content

Twentieth Annual Institute on Privacy and Data Security Law

Speaker(s): Alexandra Ross, Christine E. Lyon, D. Esther Chavez, Darren Abernethy, Derek Care, Emily Yu, Flora J. Garcia, Francoise Gilbert, Harvey Jang, Hilary M. Wandall, James G. Snell, Jared Ho, Jeanne M. Sheahan, Jody Westby, John F. Hyland, Jonathan Fox, Jonathan D. Avila, Katherine L. Kettler, Kathryn J. Fritz, Lara Kehoe Hoffman, Lisa R. Lifshitz, Lydia F. de la Torre, Marty Myers, Maureen A. Young, Merri A. Baldwin, Michelle Visser, Polina Zvyagina, Stacey D. Schesser, Stephen Wu, Steven Cooper, Thomas J. Smedinghoff
Recorded on: May. 6, 2019
PLI Program #: 251427

Martin H. (Marty) Myers is a partner in the firm's San Francisco office and a member of the Insurance Coverage and Arbitration practice groups, representing corporate policyholders in complex coverage disputes with their insurers.

A nationally recognized insurance recovery practitioner, Mr. Myers has helped clients recover billions of dollars in a wide array of industries, from agriculture to technology.

For more than twenty years, he has litigated, arbitrated and resolved complex coverage disputes throughout the world over a variety of losses and claims, including media liability, intellectual property, product recall, catastrophic property and business income loss, securities fraud and derivative litigation, management and professional liability, marine cargo, crime, alien tort/torture victim protection act, employment practices, mass tort and long tail asbestos and environmental claims.  Mr. Myers routinely advises clients on insurance program placement and complex risk transfer and indemnification issues; he is regarded as one of the world’s leading lawyers in transaction risk insurance products, including representation and warranty (warranty and indemnity) and tax loss insurance.

Representative Matters

  • Represented The Walt Disney Company in several insurance arbitrations in the US and Canada regarding coverage for major media liability/defamation, employment practices and class action matters.
  • Represented Adobe Systems, Inc. in successful litigation in Northern District of California to obtain defense fees/costs and indemnification under errors and omissions policies for massive exposure in font rights and misappropriation litigation brought by Agfa Monotype (originator of Times New Roman font).
  • Represented Sony Computer Entertainment America in obtaining substantial recovery through insurance litigation in Northern District of California and U.S. Court of Appeals for the Ninth Circuit for losses from consumer class actions for alleged damages associated with Sony PlayStation® game consoles.
  • Represented the GIC, the Government of Singapore real estate sovereign wealth fund in successful litigation and arbitrations recovering full first party and third party policy proceeds for loss of warehouse storage facilities by fire outside of Seoul, and follow on liabilities to third party property owners and others.
  • Represented the E. & J. Gallo Winery and glass bottle-making affiliate in successful insurance litigation for recovery of losses from first party and third party insurers for property damage and business income losses arising from catastrophic failure or glass furnace.
  • Represented IAC/InterActiveCorp in obtaining substantial recoveries under errors & omissions policies for defense and settlement of consumer class actions over TicketMaster “Entertainment Rewards” programs; also advised IAC on errors and omissions and general liability coverage for consumer class actions.
  • Represented World Fuel Services in litigation in Southern District of New York obtaining complete recovery, plus interest under marine cargo policy for phishing theft of millions of tons of marine gas oil lost to pirates off the coast of Togo.


  • Law360, Insurance MVP (2016)
  • Chambers USA, Insurance: Policyholder
  • The Best Lawyers in America, Insurance Law (2014-2018)
  • The Legal 500 US


  • University of Michigan Law School, J.D., 1987
  • Miami University, B.A., 1984

Bar Admissions

  • California
  • Numerous admissions pro hac vice throughout the United States
  • Has appeared for clients in marine matters in Courts of Norway

Alexandra Ross is Director, Global Privacy and Data Security Counsel at Autodesk, Inc., a leader in 3D design, engineering and entertainment software. Previously she was Senior Counsel at Paragon Legal and Associate General Counsel for Wal-Mart Stores. She is a certified information privacy professional (CIPP/US, CIPP/E, CIPM, CIPT and FIP) and practices in San Francisco, California. She holds a law degree from Hastings College of Law and a B.S. in theater from Northwestern University. Alexandra is a recipient of the 2019 Bay Area Corporate Counsel Award – Privacy.

Alexandra launched The Privacy Guru blog in January of 2014 and has published an ebook Privacy for Humans (available on Amazon and iTunes).

Christine Lyon is a partner in Morrison & Foerster’s Privacy + Data Security practice.  Chris helps companies develop privacy and data protection strategies for new products and services, as well as privacy compliance programs for their customer and employee data. A trusted advisor, Chris works collaboratively with her clients to develop practical approaches that leverage data while complying with evolving global privacy and data protection laws.

Based in Silicon Valley, Chris’ clients span various industries for which data are vital to operations or business models, including technology service providers, hardware and software companies, pharmaceutical and biotechnology companies, and consumer product manufacturers.  She has extensive experience navigating privacy risks from design through production and beyond, regularly counseling startups and large multinationals alike throughout the lifespans of their products and services.  Chris has particularly extensive experience advising technology companies on building privacy protections into cutting-edge offerings including connected products and services (Internet of Things), artificial intelligence (AI) and data analytics, and cloud-based services, as well as on managing the related “Big Data” implications.  She also frequently conducts privacy assessments of new products and services and helps clients structure and negotiate the privacy aspects of M&A and other strategic transactions to both achieve compliance and manage data risks.

By addressing emerging data protection laws, including the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), Chris helps clients achieve efficiency and cross-jurisdictional coordination in their privacy programs. Chris also has experience implementing a variety of mechanisms to facilitate international data flows and transfers, including EU Binding Corporate Rules, Privacy Shield certification, and international data transfer agreements. She has coordinated projects spanning privacy law requirements in dozens of countries, consolidating this information into practical, actionable privacy programs for clients.

Legal500 US has recognized Chris as a “rising star” in the area of privacy and data protection, and she has received The Burton Award for Distinguished Legal Writing.  She frequently writes and speaks on U.S. and global data protection laws, particularly on technology-related privacy issues.

D. ESTHER CHAVEZ currently serves as Senior Assistant Attorney General in the Consumer Protection Division of the Office of Texas Attorney General Ken Paxton where her work encompasses a broad range of consumer protection concerns with a focus on civil enforcement cases relating to privacy and data security.

Ms. Chavez’ current professional activities include service as Immediate Past-Chair of the Texas State Bar’s Consumer & Commercial Law Council and as Course Director of the State Bar’s 2018 Advanced Consumer & Commercial Law Conference. 

Ms. Chavez is a frequent speaker at national and state continuing legal education seminars on a variety of privacy and consumer protection topics and most recently has been a presenter at the 22nd Annual Health Care Compliance Institute; the Federal Trade Commission’s 2020 Southeast Region Common Ground Conference and the National Association of Attorneys’ General Consumer Protection Spring and Fall Seminars.

Ms. Chavez obtained her undergraduate and legal education at the University of Texas at Austin and the University of Texas School of Law.

Darren Abernethy is Senior Counsel at the San Francisco headquarters of TrustArc Inc.  Assisting customers for more than two decades, TrustArc is the global leader in privacy compliance technology solutions, privacy consulting and TRUSTe certification solutions, addressing all phases of companies’ privacy program management and data governance.

At TrustArc, Darren provides product and legal advice for the company’s portfolio of consent, advertising, marketing and consumer-facing technology solutions.  He also helps manage the company’s own privacy and data governance program; negotiates transactional and contractual matters; and interfaces with regulators, policy officials and TrustArc’s industry partners and peers.  Darren’s areas of particular attention include EMEA data protection law, global digital advertising, the California Consumer Privacy Act, geolocation, cross-border data transfers and marketing regulations.

Prior to joining TrustArc, Darren practiced telecommunications law in private practice in Washington, D.C.  In this capacity, he advised cable and broadband providers, cellular carriers, and members of the wireless spectrum ecosystem on FCC telecommunications matters and data privacy.  After “going west” from Washington to San Francisco, Darren helped lead a marketing and management services agency focused on “smart,” connected culinary devices prior to acquisition by its largest client.

A holder of the American Bar Association-IAPP Privacy Law Specialist designation and seven International Association of Privacy Professionals certifications, Darren is admitted to practice law in New York, Washington, D.C., and California.  

When not privacy’ing, Darren attempts to play soccer for a recreational league team, enjoys hiking the S.F. Bay Area with family and friends, and welcomes a hearty pub quiz with colleagues.  He also enjoys amateur astronomy and chipping away with his wife at their plan to visit and emboss their official U.S. National Park Passport with each of the 60 National Parks’ stamps.

Derek Care is Director II, Privacy – Legal at Uber, a global transportation technology company headquartered in San Francisco, California. In this role, Derek is responsible for advising teams throughout Uber regarding global privacy requirements and best practices, including relating to the EU’s General Data Protection Regulation and other global privacy laws. Derek is also responsible for implementing privacy policies, procedures and trainings; leading cross-company compliance efforts; and helping to embed privacy-by-design into Uber’s operations. Prior to joining Uber, Derek was Privacy Counsel at Bloomberg LP, and before that, Counsel at Bingham McCutchen LLP.

Emily Yu is Lead Privacy Counsel at Seagate Technology, where she advises and assists the company with compliance on existing and emerging data protection regulatory requirements. Prior to joining Seagate, Emily worked at TrustArc as a Global Privacy Manager and assisted several Fortune 100 companies with privacy program management and compliance with a number of international standards and frameworks, including EU-US Privacy Shield, APEC CBPRs and GDPR validations. She is also one of the first graduates of SCU Law’s Privacy Certificate program.

Flora J. Garcia discovered privacy law one snowy night in law school when she read the case of Bodil Lindqvist, a Swedish woman who was the first person charged with violating the EU Privacy Directive.  Flora recently joined Wayfair as Data Protection leader. Previously, she was McAfee’s Global Chief Privacy Officer and Information Security Attorney, after stints at MUFG Union Bank and magazine publisher Time Inc. 

Flora is a graduate of the evening program at Fordham Law School, the University of North Carolina at Chapel Hill’s Journalism School, and Duke University, where she majored in computer science and economics.  Flora is an IAPP Fellow of Information Privacy and holds the CIPP/US, CIPP/IT, and CISSP certifications.  

Francoise Gilbert, CEO of DataMinding, is one the world’s top legal experts in the areas of privacy and data security compliance, data governance, and risk management. She is the primary author and editor of the law treatise "Global Privacy and Security Law" (2 volumes, 4, 000 pages; Wolters Kluwer publisher) which covers in depth the privacy and data protection laws of 68 countries on all continents.

Ms. Gilbert received the 2019 Vanguard Award (California Lawyers Association) in recognition of her pioneering work in the area of data privacy and security law.  She has received numerous accolades from her peers acknowledging her thought leadership in identifying and addressing the unique privacy and data security legal issues raised by emerging technologies, including recognitions by the National Law Journal as “Privacy & Cybersecurity Trailblazer”, and by Best Lawyers as a “San Francisco Best Lawyer of the Year” in the area of Data Protection. She currently focuses her research and analysis on the myriad privacy, security and ethical issues raised by the use of Artificial Intelligence (AI) and Internet of Things (IoT) technologies.

In her private practice, she assists clients in anticipating their data security, privacy, and information management obligations, and in addressing these obligations in the context of their business and revenue objectives. Projects include, among others, framing and designing disclosures and compliance programs to meet the most recent legal developments, such as the California Consumer Protection Act (CCPA), or the European General Data Protection Regulation (GDPR); structuring Data Protection by Design and by Default processes in the development of new products; or implementing practical structures to address global operations and cross-border data transfer restrictions.

Harvey Jang is Vice President and Chief Privacy Officer at Cisco responsible for the company’s global privacy strategy and vision. In this role, he leads a global team of privacy professionals, lawyers, and engineers that develop and orchestrate Cisco privacy policies and standards; privacy engineering, innovation, and insights; and compliance capabilities, certifications, and accountability frameworks. Harvey and his team represent Cisco with regulators, standards bodies, non-governmental organizations (NGOs), media, and customers on issues related to privacy, information governance, and data ethics. 

Prior to joining Cisco, Harvey was Senior Director of Legal Affairs for McAfee, a part of Intel Security, where he was lead counsel for privacy, security, marketing, consumer protection, and antitrust. In this role, he worked closely with engineers and product teams to develop and implement data protection policies and practices, design privacy enhancing products and functionality, and manage legal compliance. Previously, Harvey was the Director of Privacy and Information Management and Chief Privacy & Security Counsel for HP; Senior Compliance Counsel for Symantec; and Litigation Counsel with O’Melveny & Myers LLP and Gibson Dunn & Crutcher LLP.

Harvey serves on the Research Advisory Board of the International Association of Privacy Professionals (IAPP); is an instructor for the IAPP’s privacy credentials (CIPP/US, CIPP/Europe, and CIP/Technologist); and is on the Advisory Council of the Centre for Information Policy Leadership (CIPL). He is also a frequent speaker on a variety of topics related to privacy, security, and information governance.

Harvey earned his B.A. from the University of California, Los Angeles, and his J.D. from the University of California, Hastings College of the Law. He is also a Certified Information Privacy Professional and Fellow of Information Privacy by IAPP, Certified Information Security Manager by the Information Systems Audit and Control Association (ISACA), and Certified Information Professional by the Association for Information and Image Management (AIIM).

Hilary Wandall is General Counsel, Corporate Secretary and Chief Data Governance Officer of TrustArc Inc.  She oversees all legal, regulatory and policy and strategic partnership matters and manages the legal, policy and data governance, regulatory affairs and business development teams.  She also serves as President of the certification subsidiary, TRUSTe LLC.  Hilary joined TrustArc in 2016 after 22 years at the global pharmaceutical company, Merck, where she most recently was AVP, Compliance and Chief Privacy Officer.  Hilary led the global privacy program at Merck since 2004 and the global compliance program for the Merck Animal Health business since 2013.  During her tenure at Merck, Hilary also held positions as corporate attorney, marketing promotion manager and biomedical research scientist.

Hilary is actively engaged in efforts to support the development of the privacy profession, to drive interoperability across privacy and data protection regimes around the world, and to scale and integrate privacy and data governance through technology.  She recently has co-authored multiple articles on cross-jurisdictional privacy interoperability.  She has been involved in various organizations across the privacy and legal communities, including the Executive Committee of the IAPP Board of Directors and 2016 IAPP Board Chairman, Chair of the Board of the International Pharmaceutical Privacy Consortium, member of the OECD Privacy Experts Working Group, Executive Committee of the Board of Trustees of the International Accountability Foundation, Advisory Board of the Future of Privacy Forum, Steering Committee of the Centre for Information Policy Leadership, and the Advisory Board of the Temple Law Center for Compliance and Ethics.

Hilary received her law degree and MBA from Temple University, Master of Bioethics from the University of Pennsylvania, and Bachelor of Science in Biology from Moravian College. She holds the CIPP/US, CIPP/EU and CIPM certifications.  She is also a Fellow of Information Privacy.  She is admitted to practice law in New Jersey and Pennsylvania.  She resides with her family in Pennsylvania.

Jeanne Sheahan is a passionate privacy attorney with expertise in leading privacy compliance programs at public domestic and international organizations. She is the Head of Privacy Compliance at First Republic Bank. Before that, she was the first global privacy lead for Eventbrite, the world's largest event technology platform, and she was the lead privacy attorney at Groupon, an e-commerce marketplace, responsible for leading the design and implementation of Groupon's worldwide privacy compliance program, including for GDPR. She is a Fellow of Information Privacy (FIP, CIPP/US, CIPM) with the International Association of Privacy Professionals.

Jeanne also worked for 8 years as outside counsel, including at Davis Wright Tremaine counseling on privacy and security best practices. She is also a seasoned litigator. While at DWT and for 4 years at Bingham McCutchen, she represented clients from start-ups to Fortune 500 companies in bet-the-company litigation and government investigations.

Jim Snell is a partner in the Privacy & Security Group at Perkins Coie.  He represents clients in a broad range of complex commercial matters, including Internet and privacy issues, security issues, IP, false advertising, and class actions.  Jim’s experience includes, among other things, IoT, unmanned vehicles, wiretap and surveillance matters, AI and machine learning, the Communications Decency Act, biometrics, web scraping, data breach, and the Telephone Consumer Protection Act.

Jim is a Certified Information Privacy Professional (CIPP) as designated by the International Association of Privacy Professionals (IAPP).

John F. Hyland has primarily focused his practice to employment law since his admission to the Bar in 1995.  Prior to forming Rukin Hyland LLP, John held an Of Counsel position with Paul Hastings, LLP in the firm's San Francisco office where he advised and represented companies in State and Federal court actions covering all areas of employment law, including wrongful termination, discrimination, harassment, disability law, employee privacy, employee leaves, and wage and hour issues.  John has represented clients in jury trials and arbitrations, and has argued cases before the California Court of Appeal.  He continues to advise and represent clients in all areas of employment law and in commercial and business disputes. 

John serves as an editor and contributing author for the CEB Publication, Employee Leave Laws: Compliance and Litigation (2016).  John also serves as a contributing author to the Thompson Reuters Inside the Minds publications.   John regularly conducts training seminars and presents on a wide array of employment law issues.  He serves as an instructor for the Sonoma State University Human Resources Certification Program.

Law & Politics Magazine selected John as one of its Northern California Super Lawyers each year from 2006 through 2012, and again in 2014-17.  San Francisco's Best Lawyers named John in its 2012 edition, and The Best Lawyers in America selected John for inclusion in each edition since 2012.

In addition to his litigation and counseling practice, John devotes a significant part of his practice to serving as a mediator.  John obtained certification as an employment law mediator from Cornell University’s School of Industrial Relations.  He served as a mediator for the Sonoma County Superior Court ADR Program in which he mediated a wide array of civil cases, and he continues to serve as a panelist for the Court’s settlement conference program.  John is also a member of the Early Neutral Evaluation Program for the United States District Court for the Northern District of California for which he serves as an evaluator.

John received his B.S. degree from Saint Joseph's University in Philadelphia, Pennsylvania.  He earned his J.D. degree from Golden Gate University School of Law in San Francisco, where graduated in 1995 with highest honors and first in his class.  While at Golden Gate, John served as a contributing author and associate editor for the Golden Gate Law Review.

Jonathan Avila joined Walmart Stores, Inc. as Vice President, Chief Privacy Officer in October 2012.  Mr. Avila is responsible for the worldwide data privacy and records management program for Walmart’s operations involving 11,000 retail locations with more than two million employees in 27 countries, as well as Walmart’s e-commerce websites in ten countries.  Mr. Avila previously served as Vice President -- Counsel, Chief Privacy Officer of The Walt Disney Company.  Mr. Avila initiated the data privacy program at Disney in 2001 and led the development of Disney's enterprise privacy compliance program covering all of Disney's online and offline business activities in the nearly 50 countries in which Disney operates.

Mr. Avila has been active in the international data privacy community, having served for five years on the board of directors of the International Association of Privacy Professionals, including serving as President of the IAPP in 2009.  Mr. Avila has spoken at numerous conferences on data privacy issues, including conferences of the international data privacy commissioners sponsored by the governments of Spain and Mexico.  Mr. Avila is a co-author of Privacy Compliance and Litigation in California (CEB 2014).  Mr. Avila served on the advisory committee to the California Office of Privacy Protection on the development of its guidance on California's "Shine the Light" law relating to business' information sharing practices.  Mr. Avila also has taught on the subject of privacy law as an Adjunct Professor of the School of Law of the University of Arkansas.

Mr. Avila began his career as a law clerk to Judge W. Eugene Davis of the United States Court of Appeals for the Fifth Circuit.  Mr. Avila later was an associate with Latham & Watkins, and Litigation Counsel with the CBS television network.  Before joining Disney, Mr. Avila served as General Counsel Chief Privacy Officer of, Inc., a venture capital funded Internet company.

Mr. Avila graduated with a B.A. from Yale University and a J.D. from Harvard Law School.  Mr. Avila also holds a diploma from the University of Salamanca (Spain) and holds the Certified Information Privacy Professional credential issued by the IAPP.

Jonathan Fox, Director of Privacy Engineering and Strategy and Planning, is a member of Cisco’s Chief Privacy Office and co-author of THE PRIVACY ENGINEER’S MANIFESTO, Getting from Policy to Code to QA to Value (ApressOpen 2014).

With over 17 years of privacy experience, Jonathan’s principal areas of focus have been product development, government relations, mergers and acquisitions, and training. He is a Certified Information Privacy Professional (CIPP/US), a Certified Information Privacy Manager (CIPM), and was a Certified Information Security Manager (CISM).

Prior to Cisco, Jonathan was a Senior Privacy Engineer at Intel.  His previous roles have included Director of Data Privacy, McAfee; Director of Privacy, eBay; Deputy Chief Privacy Officer for Sun Microsystems, and Editor-in-Chief of        

Jonathan frequently speaks at industry events and is a member of the IEEE P7002 Personal Data Privacy Working Group, part of the IAPP Privacy Engineering Section Forum Advisory Board, and is Chair of the ISO/PC 317 Consumer Protection: Privacy by Design for Consumer Goods and Services US Technical Advisory Group.

Katherine L. Kettler is the Director of US Legal Investigations/Employment Law.  She leads a team of investigators who review internal claims of harassment, discrimination and retaliation.  Katherine has been an employment law attorney for almost 20 years with a focus on employment litigation and counseling in all aspects of labor and employment law, including ADA and leave of absence compliance, discrimination avoidance, sexual harassment and diversity/inclusion programs.


J.D. summa cum laude  – Boston College Law School; Newton, MA
M.S.W. – University of Pennsylvania; Philadelphia, PA
B.A. -- Bar College; Annandale-on-Hudson, NY

Prior Law Firm Affiliations

Miller Law Group
Paul Hastings Janofsky & Walker
Ropes & Gray

Professional Recognition

Named a “Rising Star” by Super Lawyers – Northern California magazine in 2010 and 2011


Federal Court, District of Massachusetts

Bar Admissions


Lara Kehoe Hoffman is Vice President, Data Privacy and Security (Legal) and Global Data Protection Officer at Netflix, a global streaming entertainment service available in over 190 countries. Lara joined Netflix in January 2015, bringing with her a passion for building and improving data protection programs, and promoting a pro-privacy culture. Lara has domain expertise in GDPR, information management, education and kids privacy, among other areas.

In her legal career Lara has represented a diverse array of clients from start-ups to multinationals in businesses ranging from technology to retail to toys. In her personal time Lara tends to three teenagers and two cats, and watches a lot of shows and movies (which means lap time for happy cats).

Lara attended the University of San Diego, School of Law and has a degree in Comparative Literature from Yale.

Lisa Lifshitz is a partner in Torkin Manes’ Business Law Group, specializing in the areas of information technology and business law and is the leader of the firm’s Technology, Privacy & Data Management Group and Emerging Technology Group.

Lisa has particular expertise in preparing and negotiating technology agreements, including Internet-related, m-commerce and e-commerce agreements, cloud computing agreements, mobile payment agreements and outsourcing, system acquisition and master services agreements. She provides technology-related advice on financings and acquisitions, including export control/open source advice on cross-border deals. She also provides guidance on IoT, AI/smart contracts, blockchain and open source legal matters. Lisa has considerable experience helping non-Canadian companies, especially American entities, create appropriate legal agreements for their entry into the Canadian marketplace.

Lisa also practises in the area of privacy, cybersecurity and information management, advising both Canadian and international clients on compliance with Canadian privacy requirements. She routinely advises clients on trans-border data transfers, data breach management and anti-spam compliance. She also advises on the oversight obligations of boards of directors regarding cybersecurity issues and on cybersecurity risk mitigation strategies more generally.

Lisa is a prolific writer on technology, privacy and cybersecurity law issues, including as the author of the monthly “IT Girl” column for Canadian Lawyer magazine online. She has contributed to such publications as the American Bar Association (ABA)’s Business Law Today, Internet and E-Commerce Law in Canada and e-Commerce Law Report and has spoken for the ABA, Lexpert, the Canadian Technology Law Association, the Ontario Bar Association and the International Technology Law Association.

Lisa has been highly recognized by for her technology and privacy law expertise both nationally and internationally. She was awarded the 2018 Lexpert Zenith Award for Mid-Career Excellence in Computer and IT Law. She has been recognized since 2015 by The Best Lawyers in Canada for Privacy and Data Security Law, Technology Law; has been ranked in Chambers Canada and Chambers Global for Information Technology; and as a recommended lawyer in Computer & IT Law in The Canadian Legal Lexpert® Directory since 2005.  She holds leadership positions in the ABA’s Business Law and Science and Technology Sections.

Lydia de la Torre joined Santa Clara in 2017 as the inaugural privacy fellow. She is the co-director of the Privacy Certificate program and teaches comparative data privacy. Her research centers on State data governance laws.

Lydia started working in data protection in 1997. She has extensive professional experience working on complex EU, US, and international data protection issues in the private sector. She started her career working as an Associate at Garrigues, a Spanish legal firm that provides business law advice in thirteen countries across Europe, Africa, Asia and the Americas. Professor de la Torre has worked as privacy counsel and consultant for fortune five hundred companies such as eBay, PayPal, Intuit and HP. Professor de la Torre’s current areas of interest include EU data protection laws and data protection at the local and State level in California.

Lydia founded the legal blog ‘Golden Data’ ( in 2018 with the goal of promoting the teaching of comparative privacy law. The blog includes teaching resources, case law analysis and op-eds on topics related to data governance laws including GDPR and CCPA.           


J.D., Univesidad Complutense Madrid (Spain)

L.L.M. EU Tax Law, Centro de Estudios Garrigues (Spain)

L.L.M. Intellectual Property, Santa Clara University School of Law

Areas of Specialization

Data Protection, Privacy, Cybersecurity

Affiliations and Honors

Member California Bar Association

Member Madrid Bar Association (Spain)

Member IAPP (CIPP/US Certified)

Member Internet Ethics Advisory Group – Markkula Center for Applied Ethics

Outstanding Faculty Award (2006 for teaching Legal Translation and Interpretation at the National Hispanic University)

2012/2013 LL.M. Student of the Year Santa Clara University School of Law



“Is California on its way to going for ‘adequacy’?“

DPR matchup: The California Consumer Privacy Act 2018”

“Do we need the CCPA whistle-blower provision back?”


A guide to the California Consumer Privacy Act of 2108

See also:

Maureen A. Young is Senior Regulatory Counsel and Senior Vice President at Bank of the West, a member of the BNP Paribas Group.  She advises on a wide range of financial services regulatory, data privacy and security, compliance, examination, enforcement and corporate governance matters, as well as regulatory strategy and policy issues.  She supports major business initiatives involving the Bank and its U.S. and global BNP Paribas affiliates, including innovation and fintech projects.  She is a Certified Information Privacy Professional (CIPP/US), International Association of Privacy Professionals (IAPP).

Prior to joining Bank of the West in 2016, Maureen was Managing Director and Associate General Counsel at MUFG Union Bank, serving as a lead lawyer on key regulatory and implementation projects and as lead privacy counsel to the Privacy and Information Security team. The strategic projects she supported included strategy for and formation of a U.S. intermediate holding company as required by the Federal Reserve’s Enhanced Prudential Standards regulations. She also served as legal centerpost on a major business integration consolidating the U.S. workforce under one legal entity and integrating business line management and operations across MUFG’s legal entities in the Americas.

Maureen was previously a partner at a large international law firm, where she was a member of the Financial Institutions Corporate and Regulatory Group, Commercial Technology Group, and was Co-Chair and Co-Founder of the firm’s Privacy and Security Group. Before joining the firm in 2003, Maureen was Assistant General Counsel in Bank of America’s Legal Department, Regulatory and Corporate Services Group.

Maureen is well-established in the California and national banking and financial services industry. She is a member of the Board of Directors of the Financial Women of San Francisco, currently serving as Co-Chair of the Programs Committee.  She is a past Chair of the American Bar Association Banking Law Committee, as well as a past Chair of the Financial Institutions Committee of the California Lawyers Association and past President of the San Francisco Bank Attorneys Association.  She organizes presentations and speaks regularly to financial and professional organizations.

She received her J.D. from University of California at Berkeley, School of Law, her Ph.D. and M.A. in Jurisprudence and Social Policy from University of California at Berkeley, and her A.B. (magna cum laude, Phi Beta Kappa) from Georgetown University.

Merri Baldwin is a shareholder at Rogers Joseph O’Donnell, where her practice focuses on attorney liability and commercial litigation.  She handles claims of legal malpractice and breach of fiduciary duty, as well as motions to disqualify and for sanctions.  She regularly counsels lawyers and law firms on legal ethics and law practice management issues.  She represents attorneys in disciplinary matters before the State Bar of California, and has extensive experience handling attorney-client fee disputes.  Ms. Baldwin is a Vice-Chair of the State Bar of California’s Closing the Justice Gap Working Group.  Ms. Baldwin is a former chair of the State Bar of California Committee on Professional Responsibility and Conduct, and is currently a member of the California Lawyers Association Ethics Committee.  She is a co-chair of the Legal Malpractice subcommittee for the American Bar Association Litigation Section Committee on Professional Services Litigation.  Ms. Baldwin served as the President of the Bar Association of San Francisco for 2017.  Ms. Baldwin frequently lectures to attorneys and professional organizations on issues related to litigation, legal malpractice and ethics issues, and she is a lecturer at the University of California at Berkeley School of Law.  Ms. Baldwin co-edited The Law of Lawyers’ Liability (ABA/First Chair Press 2012) and since 2006 she has served as a consulting editor for the Attorney Fee Agreement Forms Manual, published by Continuing Education of the Bar, California.  Prior to law school, Ms. Baldwin was a Fulbright Scholar at the London School of Economics.


J.D., University of California at Berkeley, School of Law (Boalt Hall)

B.A., Smith College, Magna Cum Laude with high honors

Michelle Visser has extensive experience in defending companies that face the regulatory investigations, class action litigation, and payment card brand claims that frequently follow the announcement of cybersecurity incidents. In addition to litigating privacy and cybersecurity matters, Michelle has navigated numerous companies through their cybersecurity response, including by overseeing technical forensic investigations, advising on notification obligations and coordinating communication strategies.

When faced with an incident, companies call Michelle for crisis response with an eye toward potential litigation. Clients also look to Michelle for privacy and cybersecurity advice before a crisis is at hand. Michelle regularly takes the lessons learned from litigating privacy and cybersecurity matters to provide clients with proactive advice on how to structure their privacy and cybersecurity programs and incident response plans in ways designed to reduce legal exposure.

For her role in representing companies that have faced some of the most high-profile cybersecurity incidents and litigation to date, Michelle was named one of the “40 Under 40” in 2018 by the Global Data Review and a “Rising Star” by Law360 in 2015. She was also recognized as one of the “Women Leaders in Technology Law” by The San Francisco Recorder in 2015.

Michelle is also regularly turned to for defense against other types of class actions and complex litigation with experience in defending companies against securities, antitrust, and other commercial claims.

Stephen S. Wu is a shareholder with Silicon Valley Law Group in San Jose, California.  He advises clients on transactions, compliance, liability, security, and privacy matters regarding the latest technologies in areas such as robotics, artificial intelligence, automated transportation, the Internet of Things, and Big Data.  He helps clients with domestic and international privacy and security matters in negotiating agreements, incident response, breach notification, litigation, and managing privacy and security programs, certifications, and audits.  He counsels clients concerning cyber-risk insurance policies and coverage and risk management strategies.  In addition, he advises clients on secure electronic commerce using digital signatures, other secure electronic signatures, electronic credentials such as digital certificates, encryption, and public key infrastructure.

From 1997 to 2001, Mr. Wu was VeriSign, Inc.’s second in-house attorney, where he managed the development and deployment of worldwide policies and procedures for VeriSign’s digital certification Internet security services.  Before his work at VeriSign, he practiced with two international law firms in the areas of intellectual property and general litigation, as well as technology transactions.

Mr. Wu served as Chair of the American Bar Association Section of Science and Technology Law from 2010 to 2011.  From 2001 to 2004, Mr. Wu was Co-Chair of the Section’s Information Security Committee.  He helped found the Section’s Artificial Intelligence and Robotics, Internet of Things, Big Data, and Homeland Security Committees.

Mr. Wu has written or co-written seven books on information security law, including his most recent publications: A Guide to HIPAA Security and the Law Second Edition (2016) and A Legal Guide to Enterprise Mobile Device Management:  Managing Bring Your Own Device (BYOD) and Employer-Issued Device Programs (2013).  He has written numerous book chapters and articles on data protection, artificial intelligence, and robotics topics.  He is a frequent speaker at industry conferences and continuing legal education programs on information security, EU’s General Data Protection Regulation, artificial intelligence, robotics, autonomous driving, and other cutting edge technologies.

Mr. Wu received a Bachelor of Arts degree from the University of Pittsburgh in 1985, and graduated from Harvard Law School in 1988 with a Juris Doctor degree..

Steven M. Cooper is an Associate General Counsel, Employment Law, at Western Digital Corporation, where he has been since June 2014.  He provides advice and counseling in all areas of employment law, including workplace investigations, wrongful termination litigation, performance management, compliance with anti-discrimination and leave laws, reasonable accommodations, mergers and acquisitions, and reductions in force.  He has also trained managers and other employees on sexual harassment and other discrimination laws, managing within the law, and performance management.

Steven is also a member of the Western Digital Privacy team, focusing on the privacy rights of employees.  In this role, he has been responsible for updating various policies, drafting privacy notices for employees, reviewing vendor agreements, providing advice on employee monitoring, and overseeing the records of processing activities program. 

Before joining Western Digital, Steven served in both Legal and HR with Tesla Inc. and at DaVita Inc.  Steven started his law practice at O’Melveny and Myers LLP in its Los Angeles office. 

Steven earned his J.D., magna cum laude, from Hastings College of the Law, and his B.A., cum laude, from U.C. San Diego.

Thomas J. Smedinghoff is Of Counsel in the Privacy & Cybersecurity practice group in the Chicago office of Locke Lord LLP.  Named as a Top 50 Intellectual Property Trailblazer and Pioneer by the National ?Law ?Journal, he is internationally recognized for his leadership in addressing emerging legal issues regarding electronic transactions, identity management, information security, and online authentication issues from both a transactional and public policy perspective. He has been retained to structure and implement first-of-their-kind ?e-commerce ?initiatives, electronic transactions, and identity management and ?information ?security legal infrastructures for the federal government and national and ??international businesses including banks, insurance companies, investment ??companies, and certification authorities.  He has also been actively involved in ??developing legislation and public policy in the area of electronic business and identity ?management at the state, ?national, and international levels. ?

He is Chair of the American Bar Association (ABA) Identity Management Legal Task Force, and previously Co-Chair of the ABA Cybersecurity Legal Task Force, and Co-Chair of the Cybersecurity Subcommittee in the ABA Business Law Section. He is also an advisor to the U.S. Delegation to the United Nations Commission on International Trade Law (UNCITRAL), and in that capacity he helped to negotiate the international e-commerce treaty known as the United Nations Convention on the Use of Electronic Communications in International Contracts. He is currently working with UNCITRAL to develop international legal rules to govern electronic identity management issues. He also served as an Advisor to the Uniform Law Commission Study Committee on Identity Management in Electronic Commerce.        

Tom is co-editor and contributing author of the Guide to Cybersecurity Due Diligence in M&A Transactions (ABA, 2017), and a contributing author to the 1st and 2nd editions of The ABA Cybersecurity Handbook - A Resource for Attorneys, Law Firms & Business Professionals (ABA, 2013 and 2018).  He is also the author of the book titled Information Security Law: The Emerging Standard for Corporate Compliance, (2008), and editor and primary author of the e-commerce book titled Online Law: The Legal Guide to Doing Business on the Internet (1996). He can be reached at

Kate is a partner Fenwick’s litigation, intellectual property and privacy groups, and recently completed a 12-year term as the firm’s managing partner.

Kate’s practice concentrates on business and IP litigation, with an emphasis on trademark, right of publicity and copyright, especially as applied to new technology areas. She has successfully litigated cases in federal and state courts throughout the country and through alternative dispute mechanisms. She represents and advises software publishers, computer hardware manufacturers, gaming and digital media companies, entertainment companies, traditional media publishers and consumer products companies on a wide variety of commercial and IP issues, including copyright, defamation, trademark, trade dress, advertising, right of publicity, trade secret and unfair competition matters.

Kate received her B.A., magna cum laude, from the University of California at Santa Barbara, where she was a member of Phi Beta Kappa and a University of California Regents’ Scholar. She received her J.D., cum laude, in from Georgetown University Law Center, where she was research editor of the American Criminal Law Review.

Kate is admitted to practice in New York and California. She is also admitted to practice before the U.S. District Courts for the Southern and Eastern Districts of New York, and the Northern, Eastern, Central and Southern Districts of California, as well as U.S. Courts of Appeal for the Second and Ninth Circuits.

Professional Activities and Recognition

Kate has served on the Board of Trustees of the Santa Clara County Bar Association and the Board of Directors of the Bar Association of San Francisco. She is active in diversity initiatives in the profession, including serving as Chair of the Santa Clara County Bar Association’s Diversity Committee and speaking on diversity issues before numerous organizations and groups including the Minority Corporate Counsel Association, the Project for Attorney Retention, and the Hastings Women’s Leadership Academy.

Kate writes and speaks regularly on IP issues to groups that include the Federal Judicial Center and Practicing Law Institute, and since 1999 has taught an advanced trademark law seminar at UC Berkeley School of Law.

Kate is actively involved in pro bono, both in direct client representation and with pro bono organizations. She has represented documentary filmmakers on IP issues, including David Weissman in connection with his films We Were Here, which was short-listed for an Academy Award, and The Cockettes. For many years she was on the capital defense team for a client on California’s death row, ultimately achieving a reversal of his death sentence, and has assisted clients in obtaining political asylum.  She currently serves as Vice Chair of the board of Equal Justice Works, and is a member of the board of directors of Bay Area Legal Aid. She also served on the Legal Service Corporation’s Pro Bono Task Force and was co-chair of the Subcommittee on Technology Best Practices in Pro Bono. She was recently recognized by OneJustice as a “Champion of Justice.”

Recent Recognitions

Kate has been honored by a number of prominent publications and organizations. Her most recent recognitions include:

  • The National Law Journal’s 75 Outstanding Women Lawyers (2015)
  • The Recorder’s list of Top 50 Women Leaders in Tech Law (multiple years) and, in 2015, was additionally designated as one of 10 “Power Players”
  • Diversity Council, Top 50 Women Lawyers List (2017)
  • “Northern California Super Lawyer” in the area of Intellectual Property Litigation
  • Best Lawyers, recognized for intellectual property litigation (2020)

AV Peer Review Rated as “Preeminent” by LexisNexis Martindale-Hubbell

Stacey Schesser is the Supervising Deputy Attorney General for the Privacy Unit in the Consumer Protection Section of the Office of the California Attorney General.  Her recent matters include People v. Glow, People v. Equifax, and leading the team that drafted regulations for the California Consumer Privacy Act (CCPA). She began her career at the Attorney General’s Office in 2007 in its Criminal Division and has worked in the Privacy Unit since its inception in 2012.  Stacey was recently recognized as one of the Recorder’s “Women Leader in Tech Law” and was the only public sector recipient of this award.  Stacey received her J.D. at UC Berkeley’s School of Law, where she wrote on privacy law issues for the California Law Review, and received her B.A. at Douglass College, Rutgers University.

Polina is a Privacy Lawyer that specialized in Product work. She has worked at Apple, Uber, and Airbnb. She specializes in global scalable approaches to privacy by design, privacy training, product privacy and general privacy risk mitigation.  She’s currently serving in a new policy role at Facebook specializing in building scalable solutions for responsible AI using existing and forthcoming frameworks.

Prior to her legal career, she worked as an investigator at the NYC Civilian Complaint Review Board, where she investigated allegations of police misconduct.

Jah-Juin “Jared” Ho is an attorney with the Division of Privacy and Identity Protection (DPIP) at the Federal Trade Commission.  This Division of the FTC has responsibility for enforcing federal statutes and regulations that pertain to information security and consumer privacy.  Jared investigates and prosecutes violations of U.S. federal laws governing the privacy and security of consumer information and has worked on FTC enforcement actions under Section 5 of the Federal Trade Commission Act.  Prior to joining DPIP, Jared was an attorney in the FTC’s Office of Technology Research and Investigations.  Jared has also served as a Senior Policy Advisor in the Federal Communications Commission’s Enforcement Bureau where he advised on cases and rulemaking.

In addition to his federal service, Jared was a Deputy Attorney General for the State of New Jersey where he led his office’s privacy and data security efforts. He has also served as a visiting fellow at Princeton University’s Center for Information Technology Policy.

Drawing upon a unique combination of more than twenty years of technical, legal, policy, and business experience, Ms. Westby provides consulting and legal services to public and private sector clients around the world in the areas of privacy, security, cyber governance, incident response, and digital asset inventories and data mapping. Her cyber risk assessment methodology has been used by large multinational corporations in nearly every industry sector.  Her team has deep expertise in assessing industrial control and SCADA systems used in manufacturing, electrical grids, and critical infrastructure sectors. She also serves as Adjunct Professor to the Georgia Institute of Technology’s School of Computer Science. Ms. Westby is a professional blogger for Forbes and writes a regular column on cybersecurity for Leader’s Edge magazine, published by the Council of Insurance Agents and Brokers.

Ms. Westby is a member of the bars of the District of Columbia, Pennsylvania, and Colorado. She serves as chair of the American Bar Association’s (ABA) Privacy and Computer Crime Committee (Science & Technology Law Section) and co-chair of the Cybercrime Committee (Criminal Justice Section) and is serving a fourth term on the ABA President’s Cybersecurity Legal Task Force.  She co-chaired the World Federation of Scientists’ (WFS) Permanent Monitoring Panel on Information Security and served on the ITU Secretary-General’s High Level Experts Group on Cybersecurity. 

Ms. Westby led the development of the International Toolkit on Cybercrime Legislation and is an editor and co-author of the 2010 WFS-ITU publication, The Quest for Cyber Peace. Ms. Westby is co-author and editor of four books on privacy, security, cybercrime, and enterprise security programs and author of two books on legal issues associated with cybersecurity research, all published by the ABA.  She speaks globally on these issues.

Previously, she launched In-Q-Tel for the CIA, was senior managing director at PricewaterhouseCoopers, was senior fellow and director of IT Studies for the Progress and Freedom Foundation, and was director of domestic policy for the U.S. Chamber of Commerce. 

Ms. Westby practiced law at Shearman & Sterling and Paul, Weiss, Rifkind, Wharton & Garrison.  B.A., summa cum laude, University of Tulsa; J.D., magna cum laude, Georgetown University Law Center; Order of the Coif.  Ms. Westby is a member of the American Bar Foundation and the Cosmos Club.