PLI PLUS 2.0 is now available – click here to test drive the new platform.
Skip to main content

Twenty-Second Annual Institute on Privacy and Cybersecurity Law

Speaker(s): Aaron P. Simpson, Adam J. Rivera, Adam Kardash, Akinyemi T. Akiwowo, Alan Charles Raul, Alejandro Mosquera, Alfred J. Saikali, Brandon Kerstens, Bridget McIlveen, Clark Russell, Dera J. Nevin, Douglas Bloom, Eric M. Friedberg, Gregory Sadowski, Jason M. Loring, Keith Enright, Kristin Cohen, Lisa J. Sotto, Margaret A. Keane, Mark Watts, Michael Dolan, Michele S. Lucan, Michelle Perez, Miriam H. Wugmeister, Peter M. Lefkowitz, Renard C. Francois, Richard T. Jacobs, Robert Lord, Ryan Vinelli, Sára G. Hoffman, Teena Lee, Thiago Luis Sombra, Tokë Vandervoort, William E. Min
Recorded on: May. 17, 2021
PLI Program #: 303180

Doug is an Executive Director and Co-Head of Cybersecurity & Privacy for Morgan Stanley's Legal & Compliance Division. In that role, he is responsible for the Firm's legal response to cybersecurity matters—including incident response, regulatory affairs and new legislation affecting the Firm. Doug is also responsible for privacy matters affecting the Firm’s personnel and client base.  Doug has over 20 years’ experience investigating all aspect of financial and computer crimes—having served as a federal prosecutor, criminal defense lawyer and software developer.

Prior to joining Morgan Stanley, Doug was a Director in PwC’s Cybercrime and Breach Response practice, the leader of the Firm’s Cybersecurity Risk & Regulatory Practice, and a member of the Firm’s Financial Crimes Unit.  At PwC, Doug assisted clients across the globe, responding to regulatory changes, conducting cybercrime, fraud and economic espionage investigations, corporate internal investigations and handling breaches of PwC’s clients’ computer networks.  In addition, as a leader of the Firm’s cybersecurity Board governance program, Doug regularly advised clients and their Boards on proper governance of cybersecurity programs and assisted clients in the development of their cybersecurity Board reporting programs.

Prior to joining the PwC, Doug was a federal prosecutor in the United States Attorney’s Office for the Southern District of New York, where he investigated and prosecuted national security cyber offenses, including economic espionage, hacking of national defense and government systems, and the theft of trade secrets.  In addition to his cyber work, Doug investigated and prosecuted several high profile public corruption and accounting fraud cases, and convicted the former majority leader of the New York State Senate and acting Lieutenant Governor of New York State of bribery and extortion.  Doug is a 2015 recipient of the Attorney General’s John Marshal Award, the highest attorney honor granted by the Department of Justice, and a 2013 recipient of the Federal Law Enforcement Foundation’s Prosecutor of the Year award.  Prior to joining the U.S. Attorney’s Office, Doug was an associate in Covington & Burling’s white collar criminal defense and intellectual property practices where he investigated and litigated criminal and civil accounting fraud, tax fraud, and patent infringement cases.

Doug brings deep technical expertise to his legal role, having served as a software engineer and program manager for Xerox’s Palo Alto Research Center, Microsoft and Hewlett Packard.  In those roles, Doug designed and developed artificial intelligence algorithms for natural language processing software and drivers for network management systems. 

Doug is an Adjunct Professor of Law at Fordham University, where he teaches a course on computer crimes.  He is also a published author—whose articles on cybercrime and insider threats regularly appear in the New York Law Journal—and frequent speaker on cybersecurity, fraud, and information management.  He has presented to and taught courses for the Department of Justice, FINRA, the Association of Corporate Counsel, the National Association of Corporate Directors and various universities, businesses and industry participants. 

He received a Bachelor’s degree in Symbolic Systems and a Master’s degree in Linguistics from Stanford University.  He received a Juris Doctor, cum laude, from Harvard Law School.  He is admitted to the New York bar, the U.S. District Courts for the Southern and Eastern Districts of New York, and the U.S. Court of Appeals for the Second Circuit, and is an active member of the Federal Bar Council where he serves on both the Criminal Practice and Westchester County Committees.

Aaron Simpson is a partner with Hunton Andrews Kurth. He advises clients on a broad range of complex privacy, data protection and cybersecurity matters, including international and U.S. federal and state privacy and data security requirements. Aaron’s work ranges from advising clients on large-scale cybersecurity incidents to the development of cross-border data transfer solutions, compliance with existing and emerging data protection requirements in Europe, and negotiating data-driven commercial agreements. He frequently assists clients with due diligence and negotiation of privacy and data security issues in corporate transactions. Aaron also prepares proactive, data breach-readiness solutions for clients, including through the creation of incident response plans and conducting board-level tabletop exercises. 

Additionally, Aaron has substantial experience advising clients on global privacy compliance programs, and his work includes developing strategies for compliance with the California Consumer Privacy Act of 2018 and California Privacy Rights Act of 2020. He also has advised numerous clients on the EU General Data Protection Regulation.

Aaron is well known as a top privacy professional and has been recognized by Chambers and Partners, Computerworld and The Legal 500 for his work on behalf of clients. Aaron is the only lawyer listed in both The Legal 500 United States and The Legal 500 United Kingdom guides, providing clients with a broad and unique transatlantic perspective on privacy, data protection and cybersecurity matters.

In addition, Aaron is a sought-after media resource on privacy issues and has been quoted in such publications as Bloomberg BNA, Businessweek Magazine, Computer Weekly, Corporate Secretary, DataGuidance, Law360, SC Magazine, The Times and TIME Magazine. He regularly speaks before industry groups, legal organizations, government agencies and educational institutions at conferences, seminars, roundtables and webinars. He has written and co-written numerous articles, book chapters and handbooks on privacy and information security issues.

Aaron received his JD from the University of Virginia School of Law and his BA from the University of Texas, High Honors. He is admitted to practice in New York, and is a Registered Foreign Lawyer of England and Wales.

Adam Rivera leads the privacy team for the Americas region at LSEG. Adam also supports and provides counsel to LSEG’s cybersecurity program. Adam has led compliance programs in relation to GDPR, CCPA and the LGPD and regularly engages in advocacy in connection with proposed privacy legislation. Adam is an active IAPP member and former Co-Chair of the Connecticut IAPP KnowledgeNet chapter. Prior to his current role, Adam held various positions at Refinitiv, Thomson Reuters, Louis Vuitton and practiced law at Schulte Roth & Zabel LLP in New York City.

Akinyemi T. Akiwowo is an Executive Director in the Firm’s Global Litigation Group, Aki oversees the conduct of active domestic and international institutional (sales, trading, investment banking, capital markets, data privacy, private equity, and investment management) civil litigation, regulatory enforcement actions, and internal investigations.  His diverse experience includes defending the Firm in class action and antitrust litigation matters, as well as investigations by the Department of Justice, Commodities and Futures Trading Commission, and the Securities and Exchange Commission.  

Aki currently co-chairs Morgan Stanley’s Legal and Compliance Division Diversity and Inclusion Network, and is also a member of the Council of Urban Professionals Fellows Board.   

Prior to Morgan Stanley, Aki was Principal Counsel in the Department of Enforcement of the Financial Industry Regulatory Organization (FINRA) where he managed a complex case load, as lead counsel, handling all aspects of investigations of member firms and associated individuals for violations of FINRA, NASD and NYSE rules and federal securities laws.  Prior to FINRA Aki was in private practice in New Jersey, focusing on commercial and securities litigation.  

Aki is a 2002 graduate of Loyola University in Maryland and a 2005 graduate of Seton Hall University School of Law. 

ALAN RAUL is the founder and leader of Sidley’s highly ranked Privacy and Cybersecurity practice. He represents companies on federal, state and international privacy, cybersecurity and digital technology issues. His practice includes global data protection and compliance programs, data breaches, crisis management, consumer protection issues and internet law. Alan advises companies regarding their cybersecurity preparedness and digital governance. Alan’s practice involves litigation, regulatory defense, internal investigations, counseling and policy advocacy. He handles consumer class actions, enforcement matters, and public policy involving the FTC, State Attorneys General, SEC, FCC, Department of Justice, international data protection authorities and other government agencies.

Alan provides clients with perspective gained from extensive government service. He previously served as Vice Chairman of the White House Privacy and Civil Liberties Oversight Board, General Counsel of the Office of Management and Budget, General Counsel of the U.S. Department of Agriculture, and Associate Counsel to the President.

Alan serves as a member of the Technology Litigation Advisory Committee of the U.S. Chamber Litigation Center (affiliated with the U.S. Chamber of Commerce). He also serves on the American Bar Association’s Cybersecurity Legal Task Force by appointment of the ABA President, and as a member of the Practicing Law Institute’s Privacy Law Advisors Group. He is a member of the governing Board of Directors of the Future of Privacy Forum, and of the Center for Democracy and Technology’s Advisory Committee.

Alan has represented a Special Cybersecurity Review Committee of the Board of Directors of a major tech company in connection with its independent investigation of the company’s handling of major data breaches. The following representative types of matters are also illustrative of the breadth of Alan’s practice:

  • Digital Governance counseling
  • Privacy and cybersecurity litigation, data breach incidents, regulatory investigations and compliance counseling
  • International data protection compliance programs and cross-border transfers
  • FTC, State Attorney General and international DPA investigations involving consumer protection, privacy, data security and unfair or deceptive business practices
  • SEC, DOJ, Congressional and Inspector General investigations 
  • Cybersecurity, government information requests and national security issues 
  • Internet litigation and counseling, and government information requests, under Electronic Communications Privacy Act and the Computer Fraud and Abuse Act
  • Administrative Procedure Act litigation, regulatory advocacy and counseling

In addition to leading a “Privacy and Data Security” practice nationally rated by Chambers Global and Chambers USA, Alan is ranked by Chambers in its top tier of Privacy and Data Security practitioners. Chambers USA has described Alan as a “true ‘ambassador’ for the privacy sector” who “attracts praise for his deep knowledge of the field. Interviewees stress that ‘he gives invaluable advice’ and is known to be a strong litigator. He also earns plaudits for his regulatory compliance and data protection policy expertise.” He has been named as a leading international Internet and E-Commerce Lawyer in Who’s Who Legal. Alan was also named to Ethisphere Institute’s “Attorneys Who Matter” in Data Privacy/Security, which recognizes lawyers with the highest commitment to public service, legal community engagement and academic involvement. The Washingtonian has named Alan one of Washington, D.C.’s Best Lawyers: Cybersecurity, and the National Law Journal named him a “Cyber Security Trailblazer.”

Bob Lord most recently served as the first Chief Security Officer at the Democratic National Committee. In that role he worked to secure the Committee, as well as helping state parties and campaigns. Previous roles include CISO at Yahoo, CISO in Residence at Rapid 7, and before that he headed up Twitter’s information security program as its first security hire. You can see some of his hobbies at

Brandon Kerstens is Director, Privacy Counsel for Match Group, and the Data Protection Officer for Tinder, OkCupid, Plenty of Fish and Hinge.

In these roles he works on a broad range of privacy matters, including the development and implementation of large-scale compliance initiatives, such as GDPR and CCPA/CPRA, and the ongoing monitoring of compliance based on evolving market practice and regulatory guidance. Additional responsibilities include conducting product/feature Privacy-by-Design reviews and DPIAs, contractual negotiations of data processing agreements, responding to regulatory inquiries from data protection authorities, employee privacy training, and assisting with global incident response management and data governance policy development, including guidelines on retention, access, privacy-by-design, data transfers, vendor management, customer care, public relations, and global privacy policies.

Prior to Match Group, Brandon was in private practice at Osler, Hoskin & Harcourt LLP. His practiced focused on privacy and data security, and was the Firm’s national Privacy Officer. At Osler, he provided tailored, risk-based advice to a wide range of clients, from multi-nationals to start-ups, regarding privacy law compliance, anti-spam, incident management and regulatory investigations.

Bridget McIlveen is the Chief Privacy Officer of The Estée Lauder Companies responsible for the company’s privacy compliance program and strategy.  Bridget has over 10 years of experience operationalizing and advising on global privacy related matters in both a law firm and in-house setting.

Prior to joining The Estée Lauder Companies, Bridget practiced at two large national firms in Canada.  She advised clients on a broad range of privacy matters, including drafting privacy policies and procedures, responding to security incidents and investigations by privacy regulatory authorities, conducting privacy and security reviews, drafting outsourcing and service provider agreements, and conducting privacy impact assessments.  She also advised clients on consumer-protection issues associated with carrying on business over the Internet, including anti-spam legislation. 

Bridget is licensed as a Foreign Legal Consultant in New York.

C.M. Tokë Vandervoort is Chief Legal Officer at the non-profit Environmental Defense Fund, with leadership responsibility for the operational legal support areas, including privacy for operations around the world.  Tokë has enjoyed a distinguished career in the law as a strategic partner advising corporate business operations in the technology, privacy/cyber and data, consumer products, retail, manufacturing and telecom sectors.  She has served as the SVP, Deputy General Counsel at Under Armour where she lead a global interdisciplinary team providing Commercial, Digital, Privacy, Litigation, Consumer Protection, Intellectual Property and Employment expertise to advance the mission of UA’s performance sports footwear, apparel and equipment business, as well as its suite of digital health/fitness/wellness mobile apps (MyFitnessPalMapMyFitness, etc  with nearly 300M accounts worldwide). She lead the nascent UA Privacy program to receive international recognition for program innovation and the companies response to a major global data breach in the same year. Prior to that, Ms. Vandervoort served as VP, Asst. General Counsel for technology, privacy/security and the Chief Privacy Officer to a major US telecom/internet solutions company, where she also developed its inaugural privacy program.  She has extensive experience in Technology innovation; Privacy program development, compliance and breach response; Litigation, regulatory enforcement and investigations; Consumer protection, marketing/advertising and social media; Intellectual Property portfolio management; Government relations engagement; and Board, Audit Committee and senior executive briefings in these areas. Ms. Vandervoort is also an active member of the Georgetown Cyber Security Law Institute Advisory Board, and Women in Cyber. She has also served as an advisor to the Center for Democracy & Technology; an HHS-initiated steering committee advising on the creation of non-HIPAA health data rules; and as a Co-founder of the Association of Corporate Counsel Data Privacy & Security Forum.

Clark Russell is the Deputy Bureau Chief of the Bureau of Internet and Technology at the New York State Attorney General’s Office. The Bureau is committed to protecting consumers and families from new and developing online threats. As a pioneer in this field, the office has brought cutting edge cases and entered important settlements related to a wide range of online issues, including child safety, privacy, deceptive or illegal trade practices, consumer fraud, spyware, spam, discrimination, and free speech. Clark’s investigations included Secure Our Smartphones, where the office convinced smartphone manufacturers to install a “kill switch” in their smartphones; Operation Clean Turf, the largest investigation into companies flooding the Internet with fake positive reviews; and Operation Child Tracker, the largest state AG investigation of violations of the Children’s Online Privacy Protection Act (“COPPA”) by major child brand websites, and a well-known ad network. Clark oversees the office’s data breach notification program and secured numerous record-setting settlements in data breach cases. He is also the principal draftsperson of the Stop Hacks and Improve Electronic Data Security Act, the office’s overhaul of New York State’s data security law to require new and unprecedented safeguards of personal data.

Eric M. Friedberg is co-founder and Co-President of Stroz Friedberg, LLC, a cyber consultancy and technical services firm acquired by Aon plc in 2016. Mr. Friedberg has 30 years of public and private sector experience in law, cyber-crime response, cyber-governance, IT security, forensics, investigations and e-discovery. His expertise is sought by boards, audit committees, C-suites, law firms and the courts. Mr. Friedberg has led responses to some of the most serious cyber-attacks on the nation’s companies, including attacks by state-sponsored agents, organized crime, hacktivists and malicious insiders. He is an expert in incident response governance, technologies and policies. He has also conducted enterprise-wide cyber security risk assessments in many business sectors. He has been quoted extensively on cyber-crime and IT security issues in print, digital and television media.

In 2019, Mr. Friedberg was appointed by Governor Andrew Cuomo to the New York State Cyber Advisory Board.

Mr. Friedberg is also a leader in the fields of e-discovery, forensics and privacy, having managed many high-profile assignments in those areas, testified as an expert, been appointed by courts as a Special Master and led the development of new investigative methodologies. He has lectured and published book chapters and articles on e-discovery and forensics. He was previously a member of the Sedona Conference’s Working Group 6, the International Association of Privacy Professionals, and the advisory board of The Future of Privacy Forum.

For the 16 years before Stroz Friedberg was acquired by Aon, Mr. Friedberg co-led that firm from a start-up to a 550+ person firm with nine U.S. and four foreign offices. While always a principal business developer and leader of major client assignments, Mr. Friedberg oversaw geographic and service line growth, M&A, infusions of private equity capital, board interactions, and many of the firm’s divisions. Mr. Friedberg was an officer and director of the firm, and a member of the compensation committee.

Before building Stroz Friedberg, Mr. Friedberg was for 11 years a federal prosecutor at the U.S. Attorney’s Office in Brooklyn, New York.

Mr. Friedberg began his career as an intellectual property and securities litigator at Skadden, Arps.

Gregory Sadowski is a Senior Assistant Attorney General at the Florida Office of the Attorney General as part of the Multistate and Privacy Bureau, where he is involved in an array of investigations including the automotive industry and data breaches.

As part of the Multistate and Privacy Bureau, Mr. Sadowski has participated as a member of the multistate investigations into several high-profile data breaches.  He has also been part of the multistate executive committee investigating the Takata airbag recall, the Volkswagen emissions investigation, and is currently part of several other ongoing investigations.

Before joining the Florida Office of the Attorney General, Mr. Sadowski worked as an eDiscovery team leader with Huron Consulting Group on mergers and acquisitions, antitrust, and other federal enforcement actions.

Mr. Sadowski has an undergraduate degree from the University of Miami in Business Administration majoring in Computer Information Systems and Business Management, a Masters’ in Business Administration with specializations in Economics and Legal Issues from the University of Miami, and a Juris Doctorate from St. Thomas School of Law.

Jason Loring serves as Chief Privacy and Security Counsel for EY.  In this role, he is the lead data privacy, security and information protection lawyer in the U.S. and the Americas region (including Canada, Israel, Latin America and South America).  Mr. Loring is the primary legal advisor on matters relating to data privacy, data protection, confidentiality, information technology and information security for EY in the U.S. and the Americas, and manages a team of data protection attorneys.  Prior to this role, he handled privacy and security issues for the corporate services subsidiary of a major U.S. broker-dealer.

Mr. Loring graduated from the College of Charleston with a B.A. in History, and he received his law degree from the Wake Forest University School of Law where he was a member of Law Review.  He joined EY in 2018 and was named to his current role in 2020.

Mr. Loring is a Certified Information Privacy Manager, a Certified Information Privacy Professional/US, and a member of the Georgia state bar.

Kristin Cohen is an Assistant Director in the Division of Privacy and Identity Protection at the Federal Trade Commission.  Her work focuses primarily on enforcing federal statutes and regulations that pertain to information security and consumer privacy, including the Children’s Online Privacy Protection Act.  Ms. Cohen previously served as the Chief of the FTC’s Office of Technology Research and Investigation. This Office conducts research on emerging applied technologies, including with respect to privacy and data security issues. Prior to joining the FTC, Ms. Cohen was an associate at Hogan Lovells and clerked for the Honorable Robert B. King on the Fourth Circuit Court of Appeals.  Ms. Cohen received her undergraduate degree from Georgetown University and her law degree from the University of Virginia.


Mark Watts is a technology specialist with over 20 years’ experience.  He advises companies on technology issues such as cloud computing, machine learning, apps and facial recognition. Much of Mark's experience was gained in-house at IBM where he held various roles, including Global Data Privacy Counsel.

Mark has particular expertise in data privacy. He advises multinational companies on implementing General Data Protection Regulation compliant programs and Binding Corporate Rules. Mark has been involved in many of the most high profile and highest value data privacy litigation in the world and regularly advises companies in relation to incident response and defending regulatory enforcement actions all over the world.

Michael Dolan’s expertise and accomplishments surround the successful use and protection of data in a manner that meets regulatory and customer expectations—leading programs to meet business objectives while efficiently mitigating risk at large, international institutions.  His particular focus has been on cybersecurity, data protection, data usage, information security, and privacy through CISO, legal counsel, privacy leader, and executive risk-management roles.  He has excelled at leveraging “leadership by influence” to drive clear solutions resolving the grey areas of existing legal concepts, rapidly changing statutory obligations, U.S. and international regulatory expectations, and market demands as applied to cutting-edge information technologies and risk-management programs.

Mr. Dolan has hands-on, executive-management experience concerning compliance risk, information security, operational risk, privacy, and supplier risk-management programs. As Head of Enterprise Privacy for Best Buy, Mr. Dolan oversees Best Buy’s privacy program, including Best Buy Health, designed to help ensure that Best Buy successfully meets its mission to enrich lives through technology while adhering to its Guiding Principles.  He’s led the design and implementation of Best Buy’s fully automated platform supporting California Consumer Privacy Act requests, now available to all Americans, and also serves as lead cybersecurity counsel and data incident response leader.

In addition to his privacy and cybersecurity responsibilities, Mr. Dolan has played a significant role in Best Buy’s U.S. efforts to support its employees and mitigate risk in response to the COVID-19 pandemic, helping to ensure that Best Buy can support consumers, businesses, and public-health efforts as a recognized “essential business” across nearly all North American jurisdictions.  He is responsible for the content of the COVID-19 Health Screening executed daily by tens of thousands of workers, guided multiple inquiries and pilots surrounding opportunities to leverage technology to address pandemic risks, co-leads Best Buy’s approaches surrounding vaccination, and leads Best Buy’s U.S. employee COVID-19 Testing Program.

Mr. Dolan is a published author, past Minnesota Law & Politics “Rising Star,” and recipient of a national “Innovation Award” for his approach to cybersecurity challenges. He also has served as Adjunct Professor of Law with the University of Minnesota Law School, as Judicial Law Clerk to the Hon. Bruce D. Willis of the Minnesota Court of Appeals, and as the Campaign Director of a United States Senator.

Mr. Dolan received his MBA, with a finance concentration, from the University of Minnesota’s Carlson School of Management and JD, cum laude, from the University of Minnesota Law School. Mike received his Bachelor of Science as a triple major from the University of Wisconsin-Madison. He resides in Minnesota with his wife, two children, and labradoodle Milton.

Michele Lucan is a Deputy Associate Attorney General at the Connecticut Attorney General's Office and Chief of its Privacy Section. In this role, Michele oversees all matters involving consumer privacy and information security. Most notably, the Section is currently leading and/or co-leading multistate investigations of several massive data breaches involving sensitive personal information.

Michele joined the Attorney General's Office in 2008 and first served in its Consumer Protection Division, where she investigated and pursued enforcement actions against a variety of unfair and deceptive business practices under the Connecticut Unfair Trade Practices Act. In 2013, Michele was appointed to a multidisciplinary Privacy Task Force that was created to focus the Office's response to privacy concerns and data breaches, and educate the public and Connecticut businesses about data protection responsibilities under state and federal law. In early 2015, a dedicated Privacy Section was formed and Michele was assigned full-time to the Section from its inception. Michele has spent the past several years working exclusively on privacy-related matters.

Michele is a Certified Information Privacy Professional (CIPP)/ U.S.  She received her B.A. from Loyola University in Maryland and her J.D. from the Quinnipiac University School of Law. Michele speaks regularly on privacy-related topics to government, bar and industry groups.

Michelle Perez is a seasoned privacy professional, and has advised businesses on the development, implementation and management of data privacy programs.  She is the Chief Privacy Officer, Associate General Counsel, at Dow Jones & Company, Inc., a global provider of news and business information, where she oversees privacy compliance for its businesses while enabling growth and innovation.  Prior to joining Dow Jones, Michelle was the Head of Privacy at Samsung Electronics America, Inc. (“SEA”), and was responsible for driving, developing and maturing SEA’s privacy program.  Before Samsung, Michelle guided privacy and data protection efforts at the Interpublic Group of Companies, (“IPG”), a global network of marketing and advertising communications agencies, and at Philips Electronics North America Corporation.  Michelle is a Certified Information Privacy Professional and a Certified Information Privacy Manager.

Michelle is a former Assistant U.S. Attorney for the Eastern District of New York.  She received her J.D. from Fordham Law School and her undergraduate degree from Georgetown University.

Peter Lefkowitz is Chief Digital Risk Officer at Citrix Systems, Inc. (NASDAQ:CTXS), a leader in unified workspace, networking, and analytics solutions that help organizations unlock innovation, engage customers, and boost productivity without sacrificing security.

Lefkowitz oversees legal, regulatory, and governance risk associated with data, products, and systems, as well as policy engagement on digital issues. He was the 2018 Chairman of the Board of the International Association of Privacy Professionals and is a member of the Boston Bar Association Council. Prior to joining Citrix, he served as Chief Privacy Officer at both GE and Oracle.

Ryan Vinelli is the Chief Privacy Officer at Finance of America Companies. His work focuses on data protection, information security and ensuring a global-approach to data.

Prior to joining Finance of America Companies, Ryan was Head of Global Privacy Legal & Compliance at Western Union.  Ryan was Global Cybersecurity Counsel for Verizon Media supporting brands including Yahoo, Aol, Tumblr, Huffington Post, Techcrunch and Engagdet. Ryan was also a Vice President handling global legal and privacy matters for Starwood Hotels & Resorts Worldwide, Inc. and after its acquisition at Marriott Hotels International. Ryan began his career in data protection as privacy counsel for General Electric.

Ryan is a graduate of the Benjamin N. Cardozo School of Law and holds undergraduate and graduate degrees in computer science from Tufts University. Ryan is licensed to practice law in multiple states and is a registered Patent attorney.

Teena Lee is the Senior Vice President, Associate General Counsel, Deputy Chief Privacy Officer, for News Corporation, where she is responsible for data privacy globally for News Corp.  She manages News Corp’s corporate data privacy accountability program, and oversees the data privacy management programs of the various business units under the News Corp umbrella of companies.  Ms. Lee previously held a similar position at The Estee Lauder Companies Inc. as the former Vice President, Privacy and Ecommerce Counsel, and was responsible for the management of the global data privacy program, as well as serving dedicated attorney roles to Estee Lauder’s ecommerce and social/digital media advertising divisions.

Prior to Estee Lauder, Teena was a senior associate at the law firm, Davis Wright Tremaine LLP.  Teena is a graduate of the New York University School of Law.

William (Bill) Min is Executive Vice President and General Counsel for the LexisNexis® Risk Solutions Group (RSG). In this role, he is responsible for all legal, compliance and regulatory matters across the global organization. RSG has more than 8,700 employees serving customers in over 180 countries. RSG is part of RELX (LSE: REL/AMS: REN/NYSE: RELX), a global provider of information and analytics.

RSG is a portfolio of brands that provides its customers with innovative technologies, information-based analytics and decision tools and data services that help solve problems, make better decisions, stay compliant, reduce risk, improve their operations and benefit people around the globe across multiple industries, including aviation, agriculture, chemical and energy, financial services, collections and payments, commercial property, corporations and non-profits, government and law enforcement agencies, healthcare, human resources, insurance and tax. RSG is headquartered in metro Atlanta, Georgia.

Prior to joining LexisNexis® Risk Solutions Group, Bill served as Deputy General Counsel and Chief Privacy & Data Governance Officer at Western Union. He also held in-house legal positions at Live Nation Entertainment, Inc., Starwood Hotels & Resorts, Sara Lee Corporation and Sunkyong America, Inc. Prior to working as in-house counsel, Bill was a mergers and acquisitions attorney at two New York City law firms.

Among his accomplishments, Bill is acknowledged as an expert in the area of data privacy, and he structured and led the global privacy function at Western Union, Live Nation and Starwood.

Bill holds a BA in the Biological Basis of Behavior from the University of Pennsylvania, a MA in Liberal Studies from State University of New York at Stony Brook, and a JD from Fordham University School of Law.

Assistant Special Agent in-Charge (ASAC) Richard T. Jacobs leads the Cyber Branch in the FBI’s New York office.  The branch investigates national security and criminal cyber matters and responds to cyber incidents in the New York metropolitan area.  In 2014, Mr. Jacobs helped establish the Financial Cyber Crimes Task Force, a multiagency initiative targeting cyber crime and technology-based fraud schemes.

Following graduation from the FBI Academy in 1999, Mr. Jacobs was assigned to New York where he investigated a variety of securities fraud matters.  From 2002 to 2005 he played the role of a corrupt stock broker in a market manipulation undercover operation which resulted in the convictions of 49 individuals.  In June 2010, he was selected to lead a Manhattan-based securities fraud unit which handled the Bernard L. Madoff and the Galleon Group insider trading investigations.  He was named Assistant Special Agent in-Charge in October 2014. 

Prior to joining the FBI, Mr. Jacobs was a risk manager on Wall Street.  He holds a Master’s Degree in information technology from Carnegie Mellon University, where he graduated with highest distinction, and an MBA with a concentration in finance. He is also a Certified Information Systems Security Professional.

Few lawyers in the world have Miriam’s breadth and understanding of privacy and data security laws, obligations, and practices. In the words of her clients, she is “extremely practical and phenomenally smart. Just about one of the best privacy advisers there is” (Chambers USA).

Co-chair of Morrison & Foerster’s preeminent Global Privacy and Data Security Group and ranked among the top in the profession by all major directories, Miriam is regularly called upon by some of the world’s largest and most complex multinational organizations to confront their most difficult U.S. and international privacy challenges. “Tremendous at helping you come up with practical solutions to real problems” (Chambers USA), she develops cutting-edge solutions for clients that marry legal compliance with business realities.

Having helped hundreds of clients respond to data security incidents, Miriam works with companies to develop comprehensive customized incident response plans, training staff, conducting extensive table top exercises, and addressing key issues with Boards of Directors and executive management.

Miriam advises organizations on the planning and execution of complex global compliance efforts, assists in the negotiation of strategic deals, and defends regulatory and litigation matters relating to privacy and data security in the United States and internationally. She serves as an arbitrator for the EU-U.S. Privacy Shield Framework Binding Arbitration Program. Miriam regularly advises on the global collection, use, and sharing of employee, customer, vendor, and consumer personal information and ediscovery and employee monitoring issues, as well as on developing data security policies and procedures and cybersecurity preparedness and response plans. She also counsels clients on cutting-edge consumer privacy issues surrounding emerging technologies such as the Internet of Things (IoT), telematics, and big data. Miriam also serves as a board member of the ADP AI & Data Ethics Committee.

As leader of the Global Privacy Alliance (GPA), Miriam encourages the rational development of privacy laws around the world and monitors privacy practices, laws, and regulations globally. On behalf of the GPA’s members, she takes an active role in anticipating upcoming privacy legislation and educating regulators on the commercial implications of proposed regulations.

Chambers USA and Chambers Global recommend Miriam in the top tier of privacy and data security lawyers worldwide, and Legal 500 US recognizes her as a leading lawyer for her “professionalism and strong international presence.” For her work in data protection and privacy, Miriam is an inaugural inductee into the 2017 Legal 500 Hall of Fame, which is comprised of outstanding U.S. lawyers who have been recommended as Legal 500 “Leading Lawyers” for the last six consecutive years. In 2016, she was named one of Financial Times’ “Top 10 Innovative Lawyers in North America” and a National Law Journal “Cybersecurity and Data Privacy Trailblazer” for her breakthrough work in this space. Miriam was previously designated an Ethisphere “Attorney Who Matters” and a BTI Client Service All-Star, and she is featured in Best Lawyers in America, 2021.

In July 2019, Renard François was named the Global Chief Privacy Officer for JPMorgan Chase & Co. where he leads the Global Privacy Office and is responsible for global privacy compliance at the enterprise level, including its privacy policies, procedures, governance, strategy, training, and administration.

Prior to joining the Firm, Renard spent five years at General Electric, most recently as the Global Chief Privacy Officer, where he implemented a comprehensive privacy governance framework throughout GE and led GE’s cross-business, cross-function GDPR Readiness Project. Before leading the corporate team, he was GE Capital’s Chief Privacy & Data Protection Counsel and oversaw the development and implementation of GE Capital’s privacy and data protection policies, standards, and practices globally.

Prior to joining GE Capital, Renard spent four years at Caterpillar Financial Services Corp. in Nashville, Tennessee, where he provided global, legal support in the areas of privacy and data protection and other regulatory areas.  From 2008-2010, he worked in Caterpillar Inc.’s Law and Public Policy Division as the Privacy and Data Protection subject matter expert for its global operations and helped to establish the company’s privacy and data protection governance structure.

In 2001, Renard started his legal career at the U.S. Federal Trade Commission in Washington, DC, as a staff attorney in the Division of Marketing Practices and then became an Advisor to the Director of the Bureau of Consumer Protection.  As a staff attorney, he litigated cases under Section 5 of the FTC Act, including the lead case in the International Netforce law enforcement sweep; co-chaired the FTC’s Spam forum; and worked on the CAN-SPAM Act. As an Advisor, he continued his work on privacy and reviewing actions brought under Section 5 of the FTC Act.

After working at the FTC, Renard was an associate at Bass, Berry & Sims, PLC in Nashville, TN, where he litigated in federal and state courts, advised clients on privacy and intellectual property issues, and worked on internal investigations and regulatory audits.

For seven years, Renard served on the U.S. Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. He is also a former candidate for the Nashville City Council, and has served as a Commissioner of Nashville’s Social Services Commission. He earned a B.A. in history from the University of Pennsylvania, his law degree from the George Washington University Law School, and has an LL. M. in Information Technology and Privacy Law.

Named among The National Law Journal’s “100 Most Influential Lawyers,” Lisa Sotto chairs Hunton Andrews Kurth’s top-ranked Global Privacy and Cybersecurity practice and is the managing partner of the firm’s New York office. She also serves on the firm’s Executive Committee. Lisa has received widespread recognition for her work in the areas of privacy and cybersecurity. She was voted the world’s leading privacy advisor in all surveys by Computerworld magazine and has received top rankings for privacy and data security by Chambers and Partners and The Legal 500. Chambers and Partners honored Lisa with the 2021 Outstanding Contribution to the Legal Profession award, noting that a peer called her “a legend.” Lisa serves as the Chairperson of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. 

Nicknamed both the “Priestess of Privacy” and “Queen of Breach,” Lisa assists clients in identifying, evaluating and managing risks associated with privacy and data security practices. She provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness. Since 2005, she has advised clients on more than 2,000 cybersecurity and data breach incidents in the U.S. and abroad, including many of the world’s seminal events. She has handled numerous cyber incidents and data breaches involving industrial control systems, proprietary business information, and virtually every type of personal information. Lisa regularly meets with senior management to discuss cybersecurity legal developments, and has led numerous full board and audit committee discussions on these topics.

Lisa also advises clients on CCPA/CPRA, VCDPA, GLB, HIPAA, COPPA, CAN-SPAM, FCRA, VPPA, security breach notification laws, and other U.S. state and federal privacy and data security requirements (including HR rules), and global data protection laws (including those in the EU, Asia and Latin America). Lisa is the editor and lead author of the legal treatise entitled Privacy and Cybersecurity Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business. 

Lisa is chair of the New York Privacy Officers’ Forum and a former member of the Board of Directors of IAPP. She received her J.D. from the University of Pennsylvania Law School, where she was an editor of the Law Review. She received her B.A. from Cornell University, with Distinction in All Subjects. Lisa is admitted to practice in New York.

Thiago’s practice focuses on Technology, Compliance and Public Law, and in particular on anti-corruption investigations handled by public authorities and regulators, data protection, cybersecurity and digital platforms. He was awarded as one of the world’s leading young lawyers in anti-corruption investigations by GIR 40 under 40 and technology by GDR 40 under 40. Based on his experience as State Attorney, he also advises clients in cases related to state-owned companies, administrative sanctioning procedures, concessions, bids and administrative contracts in general. He served as State Attorney of São Paulo before the Federal Supreme Court (STF) and Superior Court of Justice (STJ), and as a clerk at the STJ. He is currently a professor at the University of Brasília (UnB), member of the International Association of Privacy Professionals (IAPP) and the International Committee of Digital Economy of the International Chamber of Commerce (ICC). He is certified by the International Association of Privacy Professionals with CIPP/Europe and author of the book ‘Fundamentals of privacy Regulation and Personal Data Protection’ (2019)’, published by Amazon.


  • Bachelor of Laws, Centro Universitário de Brasília
  • Master’s degree in Private Law, Pontifícia Universidade Católica
  • Specialization in Cyberlaw, focusing on privacy protection and data protection, London School of Economics, United Kingdom
  • Post-graduation in Private Law, Università degli Studi di Camerino, Italy
  • PhD in Law, Technology and Regulation from University of Brasília


  • Análise Advocacia 500 – Regulatory; Telecommunications (2019); Automotive (2019 – 2020); Compliance (2019 -2020); Concessions (2020); Digital (2019 - 2020); Education (2020); Energy (2020); Healthcare Plans (2020); Insurance (2020); Rubber and Plastics (2020); Technology (2020); Trade (2020); Distrito Federal (2020)
  • Chambers Latin America – Technology (2019 - 2021)
  • CIPP/Europe certification – International Association of Privacy Professionals;
  • Leaders League – Public Law (2020); Data Protection (2018-2019); Technology (2018-2019)
  • Latin Lawyer 250 – Anti-corruption investigations and Compliance; Administrative Law; Data, technology and privacy law (2020)
  • The Legal 500 – Public Law (2018-2019); Compliance (2019); TMT (2018 - 2021); Energy and Natural Resources: Electricity (2018)
  • Global Data Review – 40 under 40 (2018; 2020)
  • Global Investigations Review – 40 under 40 (2020)
  • Who’s Who Legal Brazil – Administrative litigation (2018-2020); Data (2018 – 2020)
  • Who’s Who Legal Global – Data privacy and protection (2020)
  • Who’s Who Legal Thought Leaders – Brazil (2020); Investigations (2021) 

Al Saikali is a national leader in privacy and data security law according to Chambers and Legal 500.  Al represents companies in matters involving the collection, use, storage, and security of personal information. Al and his team at Shook Hardy & Bacon have represented companies in more than 150 privacy and data security class action lawsuits, including more biometric privacy class actions than any other law firm in the United States. He has represented companies in incident response matters impacting as many as ten million individuals in 120 countries. Al’s dedication to his clients earned him the Lexology Client Service Award two years in a row. 

In addition to chairing Shook Hardy & Bacon’s Privacy and Data Security practice, Al founded and is Chair Emeritus of the Sedona Conference’s Working Group on Privacy and Data Security Liability.  He is one of a small number of data privacy practitioners who hold the Fellow in Privacy designation, accredited by the International Association of Privacy Professionals.  Al is often quoted by the Wall Street Journal, Bloomberg BusinessWeek, and Law360 for his thoughts on cybersecurity and data privacy trends. 

In his spare time, Al maintains a blog (, where he writes about emerging developments in privacy and data security law. 

Alejandro Mosquera is data attorney at MUFG and is based in New York. He is responsible for providing legal advice in connection with data processing activities (including data privacy and data protection) affecting MUFG’s global operations. Alejandro holds a J.D. from the Universidad de los Andes, an M.I.A. in International Finance and Management from Columbia University, an L.L.M. from The University of Chicago Law School and a one-year course diploma on International, Comparative and European Law from the Université Robert Schuman. Alejandro is admitted to practice law in New York and Colombia and has been certified by the IAPP as Privacy Law Specialist, Certified Information Privacy Professional (US) and Certified Information Privacy Manager. He is fluent in Spanish, English, Portuguese, Italian and French. 

Keith Enright serves as Google’s Chief Privacy Officer and leads the global privacy legal team.  He joined Google in March 2011. He has more than 20 years of experience in creating and implementing programs for privacy, data stewardship, and information risk management.

Prior to joining Google, Keith served as the senior-most privacy executive at two Fortune 500 online and offline retail enterprises, as senior consultant for a leading global consulting practice, and as General Counsel for a privately held advertising technology company.

Keith has been a featured speaker discussing online privacy and related subjects on NBC Nightly News with Brian Williams, CNN, NPR Talk of the Nation and other major media outlets. He has been a guest speaker at Harvard Law School, Stanford Law School, and the Massachusetts Institute of Technology, and is frequently featured at industry events focusing on technology, privacy and data protection.

Keith serves on the Board of Directors of Zoom Information, Inc., and previously served a 5-year term on the Board of Directors of the International Association of Privacy Professionals. He is NACD Directorship Certified by the National Association of Corporate Directors, is a member of the Maryland Bar, and holds the Certified Information Privacy Professional certification from the International Association of Privacy Professionals.

Dera Nevin is the Data Policy and Strategy Officer of The Blackstone Group.  Ms. Nevin provides legal guidance and compliance support to Blackstone’s privacy, information security, information and data governance and data services functions.

Before joining Blackstone in 2019, Ms. Nevin was a lawyer at Baker & McKenzie LLP in the Data Privacy Group, and Counsel at Proskauer Rose LLP, where she also served as Director Information Governance and eDiscovery Services. Prior to that, she has worked as Managing Counsel, eDiscovery at TD Bank Group and in private practice at law firms in Ontario, Canada.

Ms. Nevin received a BA (Hons) and an MA from Queen’s University in Kingston, Canada and a JD from the University of Toronto Faculty of Law, where she was elected Valedictorian and served as the co-Editor in Chief of the Law Review.  She is admitted to practice in New York and Ontario, Canada.

Dr Sára Gabriella Hoffman works on global privacy, data protection and cybersecurity matters for Stripe. Previously, she worked for an international law firm focusing on privacy, data protection and antitrust law. She is a cloud architecture expert. As Microsoft Fellow at Stanford, she studied technical and legal aspects of setting up data centers and protecting information from a data security perspective. Since 2013, she is a lecturer at the Freie Universität Berlin and Technische Universität Berlin, where she teaches classes on privacy engineering, data protection and competition law, as well as law & economics. She is a member of the Association for Computing Machinery (ACM).

Margaret Keane is a Partner in the employment group at the international firm of DLA Piper LLP.  She is based in San Francisco and works with clients to address the challenges of today’s workplace, including workplace privacy, employee mobility issues, mobile devices, wage and hour compliance, and related workplace issues.

Adam is an acknowledged Canadian legal industry leader in privacy and data management. He is chair of Osler’s national Privacy and Data Management practice, and leads Osler’s AccessPrivacy thought leadership platform. Adam has been lead counsel on many of the most significant privacy matters in Canada, including the largest cyber security incidents and regulatory investigations in Canada to date. He advises Fortune 500 clients in their business critical data-protection issues, compliance initiatives and data governance. Adam has extensive experience in the privacy law area and regularly advises Chief Privacy Officers, in-house counsel and compliance professionals in the private, health public and not-for-profit sectors on managing security incidents, privacy regulatory investigations and broader data governance matters.