PLI PLUS 2.0 is now available – click here to test drive the new platform.
Skip to main content

Nineteenth Annual Institute on Privacy and Data Security Law

Speaker(s): Abigail M. Lyle, Alan Charles Raul, Alfred J. Saikali, Bojana Bellamy, Chandra B. McMahon, Chris Nims, Darlene Cedres, Eric M. Friedberg, Ian C. Ballon, J. Andrew Heaton, Joanna Fine, John C. Cleary, Kumneger Emiru, Laura Juanes Micas, Lisa J. Sotto, Maneesha Mithal, Margaret A. Keane, Matthew D. Lawless, Matthew W. Van Hise, Mihir Kshirsagar, Mike Dvilyanski, Miriam H. Wugmeister, Peter M. Lefkowitz, Robert J. Jones, Zoe Strickland
Recorded on: May. 29, 2018
PLI Program #: 219185

John Cleary’s practice focuses on serving the Technology Transaction and Data Privacy needs of U.S. companies, with an emphasis on data security incidents and other cyber controversies.

John also brings his dispute resolution skills to bear on problems faced by clients across an array of litigation and pre-litigation settings, principally in the areas of intellectual property, cybersecurity, insurance, banking and maritime law.  John previously served for several years as an Assistant U.S. Attorney in Washington, D.C., representing U.S. government agencies and officials in a range of constitutional and other federal sector issues.
  • New York Intellectual Property Law Association
  • Maritime Law Association of the United States
  • Amicus Brief Committee, Member 
  • Committee on Cybersecurity, 2015 - present

  • Vice Chair

ALAN RAUL is the founder and leader of Sidley’s highly ranked Privacy and Cybersecurity practice. He represents companies on federal, state and international privacy, cybersecurity and digital technology issues. His practice includes global data protection and compliance programs, data breaches, crisis management, consumer protection issues and internet law. Alan advises companies regarding their cybersecurity preparedness and digital governance. Alan’s practice involves litigation, regulatory defense, internal investigations, counseling and policy advocacy. He handles consumer class actions, enforcement matters, and public policy involving the FTC, State Attorneys General, SEC, FCC, Department of Justice, international data protection authorities and other government agencies.

Alan provides clients with perspective gained from extensive government service. He previously served as Vice Chairman of the White House Privacy and Civil Liberties Oversight Board, General Counsel of the Office of Management and Budget, General Counsel of the U.S. Department of Agriculture, and Associate Counsel to the President.

Alan serves as a member of the Technology Litigation Advisory Committee of the U.S. Chamber Litigation Center (affiliated with the U.S. Chamber of Commerce). He also serves on the American Bar Association’s Cybersecurity Legal Task Force by appointment of the ABA President, and as a member of the Practicing Law Institute’s Privacy Law Advisors Group. He is a member of the governing Board of Directors of the Future of Privacy Forum, and of the Center for Democracy and Technology’s Advisory Committee.

Alan has represented a Special Cybersecurity Review Committee of the Board of Directors of a major tech company in connection with its independent investigation of the company’s handling of major data breaches. The following representative types of matters are also illustrative of the breadth of Alan’s practice:

  • Digital Governance counseling
  • Privacy and cybersecurity litigation, data breach incidents, regulatory investigations and compliance counseling
  • International data protection compliance programs and cross-border transfers
  • FTC, State Attorney General and international DPA investigations involving consumer protection, privacy, data security and unfair or deceptive business practices
  • SEC, DOJ, Congressional and Inspector General investigations 
  • Cybersecurity, government information requests and national security issues 
  • Internet litigation and counseling, and government information requests, under Electronic Communications Privacy Act and the Computer Fraud and Abuse Act
  • Administrative Procedure Act litigation, regulatory advocacy and counseling

In addition to leading a “Privacy and Data Security” practice nationally rated by Chambers Global and Chambers USA, Alan is ranked by Chambers in its top tier of Privacy and Data Security practitioners. Chambers USA has described Alan as a “true ‘ambassador’ for the privacy sector” who “attracts praise for his deep knowledge of the field. Interviewees stress that ‘he gives invaluable advice’ and is known to be a strong litigator. He also earns plaudits for his regulatory compliance and data protection policy expertise.” He has been named as a leading international Internet and E-Commerce Lawyer in Who’s Who Legal. Alan was also named to Ethisphere Institute’s “Attorneys Who Matter” in Data Privacy/Security, which recognizes lawyers with the highest commitment to public service, legal community engagement and academic involvement. The Washingtonian has named Alan one of Washington, D.C.’s Best Lawyers: Cybersecurity, and the National Law Journal named him a “Cyber Security Trailblazer.”

Eric M. Friedberg is co-founder and Co-President of Stroz Friedberg, LLC, a cyber consultancy and technical services firm acquired by Aon plc in 2016. Mr. Friedberg has 30 years of public and private sector experience in law, cyber-crime response, cyber-governance, IT security, forensics, investigations and e-discovery. His expertise is sought by boards, audit committees, C-suites, law firms and the courts. Mr. Friedberg has led responses to some of the most serious cyber-attacks on the nation’s companies, including attacks by state-sponsored agents, organized crime, hacktivists and malicious insiders. He is an expert in incident response governance, technologies and policies. He has also conducted enterprise-wide cyber security risk assessments in many business sectors. He has been quoted extensively on cyber-crime and IT security issues in print, digital and television media.

In 2019, Mr. Friedberg was appointed by Governor Andrew Cuomo to the New York State Cyber Advisory Board.

Mr. Friedberg is also a leader in the fields of e-discovery, forensics and privacy, having managed many high-profile assignments in those areas, testified as an expert, been appointed by courts as a Special Master and led the development of new investigative methodologies. He has lectured and published book chapters and articles on e-discovery and forensics. He was previously a member of the Sedona Conference’s Working Group 6, the International Association of Privacy Professionals, and the advisory board of The Future of Privacy Forum.

For the 16 years before Stroz Friedberg was acquired by Aon, Mr. Friedberg co-led that firm from a start-up to a 550+ person firm with nine U.S. and four foreign offices. While always a principal business developer and leader of major client assignments, Mr. Friedberg oversaw geographic and service line growth, M&A, infusions of private equity capital, board interactions, and many of the firm’s divisions. Mr. Friedberg was an officer and director of the firm, and a member of the compensation committee.

Before building Stroz Friedberg, Mr. Friedberg was for 11 years a federal prosecutor at the U.S. Attorney’s Office in Brooklyn, New York.

Mr. Friedberg began his career as an intellectual property and securities litigator at Skadden, Arps.

J. Andrew Heaton serves as overall global privacy lead for the Danaher organization, working with the privacy leads for Danaher's four business segments and the "pivots" at Danaher's operating companies.  He also advises on legal matters pertaining to information security.

Before joining Danahar, Mr. Heaton was a principal in Ernst & Young LLP and served as Global Lead Counsel – Data Privacy and Security for the global EY organization.  In this role, he led EY’s global data protection team, served as global privacy officer for the organization, and advised EY on legal aspects of data protection and information technology worldwide. 

Prior to assuming his global responsibilities in 2014, he served in a similar capacity with EY’s practice in the United States and was also lead counsel for EY’s financial services practice.

Mr. Heaton graduated summa cum laude from Bradley University in Illinois.  He received his law degree with honors from the University of Chicago Law School.  He joined EY in 1994 and was named a principal in 2000.

Mr. Heaton is a Certified Information Privacy Manager, a Certified Information Privacy Professional/US, and a member of the bars of New York, the District of Columbia and Maryland.

Peter Lefkowitz is Chief Digital Risk Officer at Citrix Systems, Inc. (NASDAQ:CTXS), a leader in unified workspace, networking, and analytics solutions that help organizations unlock innovation, engage customers, and boost productivity without sacrificing security.

Lefkowitz oversees legal, regulatory, and governance risk associated with data, products, and systems, as well as policy engagement on digital issues. He was the 2018 Chairman of the Board of the International Association of Privacy Professionals and is a member of the Boston Bar Association Council. Prior to joining Citrix, he served as Chief Privacy Officer at both GE and Oracle.

Robert J. Jones is the Global Head of Financial Lines, Specialty Claims, at AIG.  Robert is responsible for claims within the Cyber, Media, Technology, Fidelity and Kidnap & Ransom lines of business.  Robert has developed Financial Lines expertise through a variety of technical and managerial roles in Claims, Reinsurance and Underwriting.  Robert began his career at The Travelers in 1989 and joined AIG in 1992.  Robert received a B.S. from the State University of New York at Binghamton.

Few lawyers in the world have Miriam’s breadth and understanding of privacy and data security laws, obligations, and practices. In the words of her clients, she is “extremely practical and phenomenally smart. Just about one of the best privacy advisers there is” (Chambers USA).

Co-chair of Morrison & Foerster’s preeminent Global Privacy and Data Security Group and ranked among the top in the profession by all major directories, Miriam is regularly called upon by some of the world’s largest and most complex multinational organizations to confront their most difficult U.S. and international privacy challenges. “Tremendous at helping you come up with practical solutions to real problems” (Chambers USA), she develops cutting-edge solutions for clients that marry legal compliance with business realities.

Having helped hundreds of clients respond to data security incidents, Miriam works with companies to develop comprehensive customized incident response plans, training staff, conducting extensive table top exercises, and addressing key issues with Boards of Directors and executive management.

Miriam advises organizations on the planning and execution of complex global compliance efforts, assists in the negotiation of strategic deals, and defends regulatory and litigation matters relating to privacy and data security in the United States and internationally. She serves as an arbitrator for the EU-U.S. Privacy Shield Framework Binding Arbitration Program. Miriam regularly advises on the global collection, use, and sharing of employee, customer, vendor, and consumer personal information and ediscovery and employee monitoring issues, as well as on developing data security policies and procedures and cybersecurity preparedness and response plans. She also counsels clients on cutting-edge consumer privacy issues surrounding emerging technologies such as the Internet of Things (IoT), telematics, and big data. Miriam also serves as a board member of the ADP AI & Data Ethics Committee.

As leader of the Global Privacy Alliance (GPA), Miriam encourages the rational development of privacy laws around the world and monitors privacy practices, laws, and regulations globally. On behalf of the GPA’s members, she takes an active role in anticipating upcoming privacy legislation and educating regulators on the commercial implications of proposed regulations.

Chambers USA and Chambers Global recommend Miriam in the top tier of privacy and data security lawyers worldwide, and Legal 500 US recognizes her as a leading lawyer for her “professionalism and strong international presence.” For her work in data protection and privacy, Miriam is an inaugural inductee into the 2017 Legal 500 Hall of Fame, which is comprised of outstanding U.S. lawyers who have been recommended as Legal 500 “Leading Lawyers” for the last six consecutive years. In 2016, she was named one of Financial Times’ “Top 10 Innovative Lawyers in North America” and a National Law Journal “Cybersecurity and Data Privacy Trailblazer” for her breakthrough work in this space. Miriam was previously designated an Ethisphere “Attorney Who Matters” and a BTI Client Service All-Star, and she is featured in Best Lawyers in America, 2021.

Ian C. Ballon is Co-Chair of Greenberg Traurig LLP’s Global Intellectual Property & Technology Practice Group and represents internet, mobile, entertainment and technology companies in defending data privacy, security breach and TCPA class action suits and in other intellectual property and technology litigation. A list of recent cases may be found at

He is also the author of the leading treatise on internet and mobile law, E-Commerce and Internet Law: Treatise with Forms 2d edition, the 5-volume set published by West (, which includes extensive coverage of security breach and data privacy issues. In addition, he is the author of The Complete CAN-SPAM Act Handbook (West 2008) and The Complete State Security Breach Notification Compliance Handbook (West 2009). He also serves as Executive Director of Stanford University Law School’s Center for E-Commerce, which hosts the annual Best Practices Conference where lawyers, scholars and judges are regularly featured and interact.

Ian was named the Lawyer of the Year for Information Technology Law in the 2019, 2018, 2016 and 2013 editions of Best Lawyers in America and was recognized as the 2012 New Media Lawyer of the Year by the Century City Bar Association. In both 2018 and 2019 he was recognized as one of the Top 1,000 trademark attorneys in the world for his litigation practice by World Trademark Review. In addition, in 2019 he was named one of the top 20 Cybersecurity lawyers in California and in 2018 one of the Top Cybersecurity/Artificial Intelligence lawyers in California by the Los Angeles and San Francisco Daily Journal. He received the “Trailblazer” Award, Intellectual Property, 2017 from The National Law Journal and he has been recognized as a “Groundbreaker” in The Recorder’s 2017 Litigation Departments of the Year Awards. In 2010, he was the recipient of the California State Bar Intellectual Property Law section's Vanguard Award for significant contributions to the development of intellectual property law (

Mr. Ballon was listed in Variety's "Legal Impact Report: 50 Game-Changing Attorneys" and has been named by the LA Daily Journal as one of the Top 75 intellectual property litigators in California in every year that the list has been published (2009 through 2018) and as one of the top 100 lawyers in California. He is also listed in Legal 500 U.S., The Best Lawyers in America (in the areas of information technology and intellectual property) and Chambers and Partners USA Guide in the areas of privacy and data security and information technology. Mr. Ballon also holds the CIPP/US certification from the International Association of Privacy Professionals (IAPP).

Ian can be reached at:, 310-586-6575 or via leading social media platforms (IanBallon).

Named among The National Law Journal’s “100 Most Influential Lawyers,” Lisa Sotto chairs Hunton Andrews Kurth’s top-ranked Global Privacy and Cybersecurity practice and is the managing partner of the firm’s New York office. She also serves on the firm’s Executive Committee. Lisa has received widespread recognition for her work in the areas of privacy and cybersecurity. She was voted the world’s leading privacy advisor in all surveys by Computerworld magazine and has received top rankings for privacy and data security by Chambers and Partners and The Legal 500. Chambers and Partners honored Lisa with the 2021 Outstanding Contribution to the Legal Profession award, noting that a peer called her “a legend.” Lisa serves as the Chairperson of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. 

Nicknamed both the “Priestess of Privacy” and “Queen of Breach,” Lisa assists clients in identifying, evaluating and managing risks associated with privacy and data security practices. She provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness. Since 2005, she has advised clients on more than 2,000 cybersecurity and data breach incidents in the U.S. and abroad, including many of the world’s seminal events. She has handled numerous cyber incidents and data breaches involving industrial control systems, proprietary business information, and virtually every type of personal information. Lisa regularly meets with senior management to discuss cybersecurity legal developments, and has led numerous full board and audit committee discussions on these topics.

Lisa also advises clients on CCPA/CPRA, VCDPA, GLB, HIPAA, COPPA, CAN-SPAM, FCRA, VPPA, security breach notification laws, and other U.S. state and federal privacy and data security requirements (including HR rules), and global data protection laws (including those in the EU, Asia and Latin America). Lisa is the editor and lead author of the legal treatise entitled Privacy and Cybersecurity Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business. 

Lisa is chair of the New York Privacy Officers’ Forum and a former member of the Board of Directors of IAPP. She received her J.D. from the University of Pennsylvania Law School, where she was an editor of the Law Review. She received her B.A. from Cornell University, with Distinction in All Subjects. Lisa is admitted to practice in New York.

Al Saikali is a national leader in privacy and data security law according to Chambers and Legal 500.  Al represents companies in matters involving the collection, use, storage, and security of personal information. Al and his team at Shook Hardy & Bacon have represented companies in more than 150 privacy and data security class action lawsuits, including more biometric privacy class actions than any other law firm in the United States. He has represented companies in incident response matters impacting as many as ten million individuals in 120 countries. Al’s dedication to his clients earned him the Lexology Client Service Award two years in a row. 

In addition to chairing Shook Hardy & Bacon’s Privacy and Data Security practice, Al founded and is Chair Emeritus of the Sedona Conference’s Working Group on Privacy and Data Security Liability.  He is one of a small number of data privacy practitioners who hold the Fellow in Privacy designation, accredited by the International Association of Privacy Professionals.  Al is often quoted by the Wall Street Journal, Bloomberg BusinessWeek, and Law360 for his thoughts on cybersecurity and data privacy trends. 

In his spare time, Al maintains a blog (, where he writes about emerging developments in privacy and data security law. 

Kumneger Emiru is a Senior Manager, Corporate Counsel at ServiceNow, where she focuses on global privacy compliance and manages ServiceNow’s AMS privacy team. Kumneger serves as the lead negotiator on commercial transactions related to privacy for both inbound and outbound agreements. Her responsibilities also include product counseling and support and drafting privacy policies and procedures. During her tenure at ServiceNow, Kumneger also provided contract support to regional sales teams.

Kumneger previously worked at MongoDb supporting sales teams with commercial contracts, and at Workday, where her work included conducting privacy audits and trainings. She began her career at the Department of Health and Human Services, Office for Civil Rights, where she investigated alleged HIPAA violations.

Kumneger is a Certified Information Privacy Professional US/Europe. She received her law degree from the University of Iowa, College of Law and holds an A.B. from the University of Chicago with honors in dual concentrations of Public Policy and African and African American Studies.

Kumneger is admitted to practice in Illinois and is a registered in-house counsel in California.

Laura Juanes is a multilingual law, policy and privacy expert in the technology industry. She currently serves as Global Director of Privacy Policy Engagement at Facebook Inc. 

Laura is a Spanish qualified lawyer, based in the United States, with more than fifteen years of professional experience in technology and media companies. In her role at Facebook, she leads a global team that regularly engages with regulators, policymakers, experts and advocates in order to inform on key privacy issues that impact how individuals use or relate to Facebook’s technology daily. Prior to joining Facebook, she served as an Assistant General Counsel, Privacy & Human Rights, at Yahoo Inc., where she led the legal and public policy team’s efforts on global privacy matters and the company’s Business and Human Rights Program.

Before assuming her AGC role at Yahoo, Laura held various positions, including as General Counsel at Yahoo Spain and as Director of Product Compliance and Law Enforcement response for the Americas. Laura is a law graduate of the Universidad Auto´noma de Madrid, where she worked as a lawyer before joining Yahoo.

Laura holds U.S. and EU Certifications for International Privacy Professionals (CIPP). She serves on the Advisory Board of the Information Accountability Foundation and chairs the Latin America chapter of the Centre for Information Policy Leadership. She is a mentor of startups and entrepreneurs in South Florida and Latin America and a proud Board and founder Member of Woman in Tech Miami Council, with a mission to connect and empower women with diverse technological backgrounds.

Matthew W. Van Hise is an Assistant Attorney General and Chief of the Privacy Unit at the Illinois Attorney General’s Office.  AAG Van Hise has been with the Attorney General’s Office working in the Consumer Fraud Bureau since 2011.  He enforces the Illinois Consumer Fraud and Deceptive Business Practices Act and spends the majority of his time focusing on privacy, data security, and data breach related investigations and litigation.  AAG Van Hise functions as both the lead and co-lead attorney for many national multistate investigations into several of the largest data breach incidents to date.

As Chief of the Privacy Unit, he serves as the point person within the Illinois Attorney General’s Office on matters such as privacy, data security, technology, and the secure handling of consumers’ personal information.  AAG Van Hise also oversees the Illinois Attorney General’s Identity Theft Unit, which was created in 2006 and has assisted over forty-five thousand consumers with complaints covering a wide variety of identity theft issues and privacy areas. 

Matthew leads the National Association of Attorneys General Privacy Working Group, on both privacy and identity theft.  He also co-leads the NAAG medical privacy discussions. 

Prior to this, he worked at the Michigan Attorney General’s Office, on both privacy and identity theft.  Matthew received a B.A. from Bradley University and a J.D. from the Thomas M. Cooley Law School in Lansing, Michigan.  Matthew has served as panelist and as guest speaker at numerous data security and privacy conferences throughout the country.  He is an active member in the International Association of Privacy Professionals, holding the CIPP/US certification, as well as a member in many local, state, and national Bar Associations.

Zoe Strickland is a Senior Fellow at the Future of Privacy Forum.  Over a twenty-year period, Zoe has served as head of global privacy and other roles for Fortune 20 companies and agencies, including in healthcare, banking, retail and government.  Zoe’s experience in multiple industry sectors at some of the world’s largest companies has given her a unique perspective in the evolving world of privacy, information protection, and effective compliance structures. 

Roles have included:

  • Vice-President, Global Privacy & US Commercial Compliance for Cigna health and life insurance, where she was responsible for the enterprise privacy program (including managing legal and compliance functions and co-chairing the senior level Cyber & Privacy Council), and for the domestic healthcare compliance programs for Cigna’s commercial businesses.
  • Managing Director, Global Chief Privacy Officer, for JPMorgan Chase, where she led the firm’s privacy compliance program, and was actively involved in other information compliance and risk initiatives such as regarding the firm’s risk taxonomy and risk appetite
  • Vice-President, Chief Privacy Officer for UnitedHealth Group, where she led the firm’s privacy program, co-chaired the senior level Privacy & Security Steering Committee, and led implementation of HITECH privacy requirements.
  • Vice-President, Chief Privacy Officer for Walmart Stores Inc, leading their privacy and records programs and strategy, including integration and management of online and offline practices.
  • Chief Privacy Officer and head of consumer policies for the United States Postal Service, where she developed its privacy program, updated the records program, and headed other consumer functions like claims appeals.

Zoe is an active participant in the privacy community.  She previously served on the IAPP Board of Directors, and led the bank subgroup for the Business Roundtable regarding new approaches to privacy.  Other cross-industry memberships included: GS-1 privacy workgroup (co-chair); privacy/security subcommittee of the Council for Excellence in Government (co-chair); Centre for Information Policy Leadership; AHIP Privacy & Confidentiality Work Group; Confidentiality Coalition of the Healthcare Leadership Council; RIM Council; RILA Privacy and security workgroup; and FPF Advisory Board.

Zoe is a frequent speaker at industry conferences and events, including keynotes at the 2015 IAPP Asia-Pacific conference and the 2016 Executive Women’s Forum.  She has been quoted in several media sources such as The New York Times, USA, and National Public Radio.  She has testified at subcommittees of the House Energy and Commerce Committee, and was interviewed by the Economist on data sovereignty:

Early in her privacy career, Zoe won the 2004 IAPP Privacy Innovations Award for work on privacy impact assessments, and was featured in the 11/04 edition of Government Executive and the 2002 book Privacy Payoff: How Successful Businesses Build Consumer Trust by Ann Cavoukian and Tyler Hamilton.

Mike Dvilyanski is Supervisory Special Agent at the Cyber Branch at the FBI’s New York office. The Cyber Branch investigates national security and criminal computer intrusion matters and responds to cyber incidents in the New York City metropolitan area. In his role as Supervisory Special Agent, Mike leads an investigative team focused on state-sponsored computer intrusions against U.S. interests and was responsible for the development and implementation of a cyber incident response framework for the FBI’s New York office. Prior to his current position, Mike served as Supervisory Special Agent in the Cyber Division at FBI Headquarters in Washington, D.C., where he oversaw investigations of state-sponsored cyber threats. In 2017, Mike returned to FBI Headquarters in Washington, D.C., where he led the FBI’s efforts to combat election interference and foreign influence operations. Mike graduated from the FBI Academy in 2005 and was assigned to the New York Field Office of the FBI, where he investigated Counterintelligence and Cyber matters.

Abigail Lyle regularly defends financial institutions in litigation involving lending practices and federal and state consumer financial services laws, and advises clients on a variety of compliance issues, including the Equal Credit Opportunity Act, Regulation B, Fair Housing Act, Truth in Lending Act, Real Estate Settlement Procedures Act, Fair Debt Collection Practices Act and its state counterparts, Telephone Consumer Protection Act, Unfair Deceptive or Abusive Acts or Practices, Bank Secrecy Act/Anti-Money Laundering, and flood insurance issues.  She also regularly represents financial institutions, directors, and officers in regulatory enforcement actions by the Department of Justice, Consumer Financial Protection Bureau, Federal Deposit Insurance Corporation, Office of the Comptroller of the Currency, Federal Reserve, and U.S. Department of Housing and Urban Department, including responding to “15 day letters,” notices of violation, and administrative proceedings on issues relating to lending practices and debt instruments.

Abigail served as a judicial clerk for the Honorable William P. Dimitrouleas of the U.S. District Court for the Southern District of Florida from 2009-2011, and is admitted to practice in Texas and Florida.

Relevant Experience

  • Represented national mortgage servicer in Telephone Consumer Protection Act, Fair Credit Reporting Act, and Fair Debt Collection Practices Act litigation.
  • Defended national chain stores in class action litigation involving text marketing programs and the Telephone Consumer Protection Act.
  • Defended financial institutions, including credit card issuers, Fintech companies, mortgage lenders, and auto lenders in litigation involving the Fair Debt Collection Practices Act, Fair Credit Reporting Act, Truth in Lending Act, force-placed insurance, and securities fraud.
  • Advised mortgage servicers, mortgage originators, auto lenders, and credit card issuing financial institutions on compliance with the Bankruptcy Code, Fair Debt Collection Practices Act, Fair Credit Reporting Act, Truth in Lending Act, Real Estate Settlement Procedures Act, Telephone Consumer Protection Act, and other consumer compliance statutes.
  • Prepared text marketing programs for national chain stores for compliance with Telephone Consumer Protection Act.
  • Assisted multiple banks and mortgage companies in preparing for regulatory examinations by performing audits of their origination and servicing practices, policies, and procedures.


JD, University of Miami School of Law, summa cum laude, Order of the Coif, Writing & Research Editor for the University of Miami Law Review, Miami Scholar, 2007

BA, Political Science, Furman University, magna cum laude, Phi Beta Kappa, 2003

Bojana Bellamy is the President of Hunton Andrews Kurth LLP's Centre for Information Policy Leadership, a preeminent global information policy think tank located in Washington, DC and London. Bojana brings more than 20 years of experience and deep knowledge of global data privacy and cybersecurity law, compliance and policy. She has a proven industry record in designing strategy, and building and managing data privacy compliance programs. Bojana was recently elected to participate in a new transatlantic initiative, the “Privacy Bridge Project,” that seeks to develop practical solutions to bridge the gap between European and US privacy regimes. She joins a distinguished group of approximately 20 privacy experts from the EU and US.

Chandra McMahon is senior vice president and Chief Information Security Officer for Verizon. She is responsible for setting information security strategy, policy, standards, architecture and processes. McMahon and her team work with and across Verizon’s business units to protect its customers and its leading networks.

Prior to joining Verizon, McMahon held leadership positions of increasing responsibility at Lockheed Martin including serving as the company’s Chief Information Security Officer and most recently as vice president of commercial markets. In that role she was responsible for developing and delivering a portfolio of cybersecurity and information technology solutions and services for Fortune 500 companies in critical infrastructure industries such as financial, utility and technology companies.

McMahon has briefed White House and Congressional staff, and various U.S. Government leaders on cyber security matters. A sought-after speaker, she has been active in promoting cybersecurity information-sharing partnerships between the U.S. Government and industry. She currently is a member of the Aspen Institute Cyber Strategy Group, a cross-sector public-private forum aimed at translating pressing cybersecurity conversations into action.

McMahon holds a Bachelor of Science degree in Industrial Engineering and Operations Research from Virginia Tech as well as a Master’s degree in Engineering Science from Penn State University.  She currently holds the following certifications: Certified Information Security Manager (CISM), Certified Secure Software Lifecycle Professional (CSSLP), and Certified Cloud Security Professional (CCSP).

Chris Nims is the Senior Vice President, Chief Information Security Officer (CISO) and ‘Paranoid in Chief’ at Oath. The Paranoids are responsible for protecting Oath’s more than one billion users around the world, as well as the company’s employees and systems. Chris and his team work closely and collaboratively at all levels across Oath’s dynamic media and technology brands to strive for the highest level of security and safety amid evolving online threats.

Prior to joining Oath, Chris was the CISO at AOL after being promoted rapidly through a series of leadership positions that focused on developing information security strategies in technically demanding global environments. He has nearly 20 years of experience in balancing business needs of Fortune 500 companies and startups with risks and costs of controls. He aso has a history of building and enforcing comprehensive security and compliance programs.

Prior to AOL, Chris was Manager of Internet Security at MyCFO and Manager of IS Security at Netscape Communications. He holds a BS in Computer Science from Northwestern University and a CISO certificate from the Carnegie Mellon Heinz College. Chris also completed the Next Security 50 executive development program.

A resident of Reston, VA, Chris is married with three children.

Darlene Cedres is Senior Legal Counsel and Chief Privacy Officer at Samsung Electronics America. She is a seasoned privacy & security practitioner with a well-rounded background rooted in a strong technology foundation. She also has demonstrable experience in the design of internal controls for measuring/managing risk/compliance, as well as project management and process development.

Joanna Fine is a member of the Privacy and Data Management group. She advises clients on a wide range of privacy-compliance initiatives, including conducting privacy and security reviews and audits; drafting privacy policies, practices and procedures; managing privacy/security breaches; assisting with investigations by privacy regulatory authorities; and drafting outsourcing and other service-provider agreements involving transfers (including transborder flows) of personal information.

Joanna also provides privacy and consumer protection advice with respect to e-commerce and marketing initiatives (including online and mobile marketing), and compliance with Canada’s anti-spam legislation. In addition, she advises clients on employee privacy matters and privacy issues in mergers and acquisitions.

Maneesha Mithal is the Associate Director of the Federal Trade Commission’s Division of Privacy and Identity Protection, which focuses on consumer privacy, data security, and credit reporting issues.  In this capacity, she has managed significant initiatives, including reports on Big Data, the data broker industry, the Internet of Things, consumer privacy, facial recognition, and mobile privacy disclosures.  She has testified before Congress on data security, connected cars, facial recognition, and identity theft.  She has also supervised dozens of Commission enforcement actions, including against companies such as Wyndham, Google, Youtube, Equifax, Facebook, Twitter, HTC, Snapchat, Uber, and Lenovo.  She has held numerous positions at the Commission, including Chief of Staff of the Bureau of Consumer Protection, and Assistant Director of the International Division of Consumer Protection.  Prior to joining the Commission 1999, Ms. Mithal was an attorney at the Washington law firm of Covington & Burling.  Ms. Mithal earned her law degree from the Georgetown University Law Center and her undergraduate degree from Georgetown University.

Margaret Keane is a Partner in the employment group at the international firm of DLA Piper LLP.  She is based in San Francisco and works with clients to address the challenges of today’s workplace, including workplace privacy, employee mobility issues, mobile devices, wage and hour compliance, and related workplace issues.

Matt Lawless is an attorney in The Procter & Gamble Company’s Global Privacy, Cybersecurity, and Information Technology Law group. He advises clients with respect to consumer data projects and information security, negotiates privacy contracts, and leads P&G’s privacy compliance and training programs.

Matt also serves as an adjunct professor of law at the Northern Kentucky University Chase College of Law, the University of Dayton School of Law, and the University of Cincinnati College of Law, where he teaches courses in information privacy. Matt frequently speaks and writes on law and technology topics, and has presented most recently on privacy in the internet of things, standing in data breach litigation, and privacy issues in electronic discovery at the ANA/BAA Marketing Law Conference, the CincyBrand conference, the OSBA Annual Midwest Labor and Employment Law Seminar, and the Northern Kentucky University Cybersecurity Symposium.

Prior to joining P&G, Matt worked in private practice and was a law clerk for judges on the United States District Court for the Western District of Kentucky and the United States Court of Appeals for the Sixth Circuit. He is a graduate of the Cincinnati Academy of Leadership for Lawyers and has been recognized as an Ohio Super Lawyers “Rising Star.” Matt holds the CIPP/E, CIPM, CIPP/US, and FIP credentials from the International Association of Privacy Professionals, and is a 2016-2018 co-chair of the IAPP’s Cincinnati KnowledgeNet.

Matt received his B.A. from Michigan State University, M.A. from Texas Tech University, and J.D. from the Indiana University Maurer School of Law - Bloomington.

Mihir Kshirsagar is an Assistant Attorney General in the Bureau of Internet & Technology for the New York State Office of Attorney General. He received his law degree from the University of Pennsylvania Law School and received an A.B. degree from Harvard. Mihir is a litigator with broad experience in consumer protection, securities and antitrust laws. He practiced at Cravath, Swaine & Moore LLP and Cahill Gordon & Reindel LLP before joining the Attorney General’s office in 2016.