Privacy Consulting TrustArc offers privacy consulting services to help manage all phases of your privacy program. Meeting requirements of the broad and ever-changing privacy regulatory landscape is challenging. Finding technology tools and a proven methodology, along with a partner you can trust to help manage your program can be an even bigger challenge.Schedule a Consultation Privacy Consulting Offerings TrustArc Privacy Consulting combines leading technology, proven methodology, and privacy experts who have significant in-house corporate experience leading global privacy programs for enterprises across a wide range of industries.With a unique hybrid background of legal, technology, business process, project management, and data protection expertise, TrustArc consultants can help you operationalize and manage data privacy at each stage of privacy maturity.TrustArc Consulting spans the globe with resources across the US, Canada, Europe, Asia and Latin America. GDPR Maturity AssessmentConduct a comprehensive assessment of your company’s GDPR compliance program and develop a plan to manage ongoing privacy compliance. CCPA Priorities AssessmentAssess your California Consumer Privacy Act readiness and develop an action plan. HIPAA AssessmentRely on the TrustArc HIPAA Assessment for achieving and maintaining HIPAA compliance. Strategic Priorities AssessmentDevelop a roadmap for short and long-range privacy planning. Our consultants will assess your core business processes, platforms and systems against best practices, emerging trends and applicable regulations. PIA / DPIA Program DevelopmentDesign and implement a process to conduct and manage PIAs / DPIAs and risk assessments across your organization. Includes process development, customized assessment templates, and training. Privacy Risk AssessmentsIdentify and mitigate privacy risks in conjunction with new product /system launches, geographic expansions, and mergers & acquisitions. DPIA / PIA Manager Consulting SolutionsTrustArc Privacy experts help build and implement GDPR DPIAs / PIAs and produce reports that demonstrate compliance. GDPR ImplementationOur team of experts will customize then implement the controls your company needs for GDPR compliance, such as: Individual Rights Management Program Development, Breach Readiness, and Consent and Notice. TrustArc Privacy Consulting Team With over two dozen experts spanning the world in the US, Canada, Latin America, Europe and Asia, the team has over 200 years of collective privacy experience at globally recognized companies. This team has completed hundreds of successful engagements for companies at all levels of privacy maturity to help build, implement, and demonstrate privacy compliance programs. The team has deep knowledge and rich experience with corporate executive, legal, and business experience. Most team members have several CIPP certifications, law degrees, and Fellow of Information Privacy standing. Eleanor Treharne-JonesCIPP/ESVP Consulting & Sales San FranciscoMore › Margaret AlstonCIPP/G/C/M Consulting Program Director San FranciscoMore › Ray EverettJD, CIPP/US Privacy Consulting Director, Global San FranciscoMore › K RoyalJD, FIP, CIPP/US/E, CIPM Privacy Consulting Director, US West PhoenixMore › Paul IagnoccoPrivacy Consulting Director, US East MichiganMore › Xavier AlabartCIPP/E, CIPT, IGP, PMP, MBA Senior Privacy Consultant EuropeMore › Nadya Elizabeth AswadJD, CIPP/E/US Senior Privacy Consultant Central Time ZoneMore › Virginia BartlettCIPP, CIPP-IT, CIPM Senior Privacy Consultant New York CityMore › Naheed BleeckerCIPM, CISA, CISM, ISO 27001 Lead Implementer, PMP, Six Sigma Black Belt Senior Privacy Consultant WisconsinMore › Darlene CedrésJD, CIPP, CISM Senior Privacy Consultant New Jersey More › Estella CohenCIPM, CIPP/C, FIP Senior Privacy Consultant (Canada) TorontoMore › Jodi DanielsCIPP/US Senior Privacy Consultant AtlantaMore › Rob GilbertCIPP/C/E, CIPM, CIPT Senior Privacy Consultant Canada More › Julie GloverSenior Privacy Consultant OregonMore › Martin GombergCISSP, CIPP/ESenior Privacy Consultant FloridaMore › Juan Luis Hernandez CondeSenior Privacy Consultant (Latin America) Mexico CityMore › Jim KeeseSenior Privacy Consultant ColoradoMore › James KoonsCIPP/US Senior Privacy Consultant LancasterMore › Wendi Lozada-SmithCIPP/US/E, CISM, CISSPSenior Privacy Consultant DallasMore › Amedeo MaturoSenior Privacy Consultant SpainMore › Mike (MJ) NesheiwatJD, CIPP/USSenior Privacy Consultant OregonMore › Ralph O'BrienCIPP/E, CIPM, ISO27001:2013 Lead Assessor, First 100 Fellow of Information Privacy (FIP) Senior Privacy Consultant LondonMore › Luckner Saint-DicSenior Privacy Consultant SwitzerlandMore › Kristy SawyerSenior Privacy Consultant BostonMore › Janalyn SchreiberCIPP Senior Privacy ConsultantWashington, D.C.More › Beth SipulaFIP, CIPM, CIPP/US Senior Privacy ConsultantPhoenixMore › Jamie SorleyCIPP/US Senior Privacy ConsultantMore › Joseph SroujiSenior Privacy ConsultantEU/ParisMore › Vanessa StoutCIPM, RIM Senior Privacy ConsultantTexasMore › José TabuenaSenior Privacy Consultant TexasMore › Deborah Cook WellsCIPP/US Senior Privacy Consultant IllinoisMore › Dick WongCIPM, CIPT, CISSP, ISO27001:2005 Auditor, CISM, CRISC Senior Privacy Consultant (Asia-Pacific) SingaporeMore › Pat WynneCIPP US Senior Privacy Consultant PennsylvaniaMore › Learn how TrustArc privacy consulting can help you build and manage your privacy program. Schedule a Consultation Resources × Eleanor Treharne-JonesCIPP/ESVP Consulting & Sales San Francisco As Vice President, Consulting Eleanor leads TrustArc’s team of global privacy consultants delivering privacy assessments for large enterprises across Asia, Europe and the U.S. and supporting integration of TrustArc’s market-leading Assessment Manager. In her role at TrustArc, Eleanor has pioneered multiple successful thought leadership initiatives including a four-year research program, as well as a wide range of events in both the US and Europe – including the highly successful Privacy Insight Series and IoT Privacy Summits in Silicon Valley in 2014 and 2015. In 2012, Eleanor played a key role in supporting TrustArc’s global expansion as they entered the European Market. Prior to joining TrustArc, Eleanor led a global strategic communications consultancy building on her 11 years experience advising UK Government Ministers through high profile issues from public health campaigns and disease outbreaks to counter-terrorism and military operations in Afghanistan. Eleanor graduated from Cambridge University (UK) with a MA in Philosophy. She is a Certified Information Privacy Professional (CIPP/E) an IAPP Advisory Board Member and Founding Member of the European CIP Institute creating a body of knowledge for crisis/risk management professionals. × Margaret AlstonCIPP/G/C/MConsulting Program Director San Francisco Margaret has more than 15 years of Privacy experience, much of that at the VP level. She started out in the consulting world, managing a privacy boutique firm’s consulting organization, Privacy Council. She scoped, bid, planned, resourced, managed, and in some cases performed hands-on for EU, HIPAA, GLBA, COPPA, and Web site privacy projects. She is IAPP certified for basic, Government, Program Management, and Canadian privacy, she has covered a broad range of data stewardship issues in the US, India, EU, Australia, and Canada. Most recently employed as a Senior Privacy Manager for Intuit, as well as Intuit’s Canadian Privacy Officer, Margaret helped create privacy sensitive strategies, business models, and products. She also has set up and managed privacy by design and privacy compliance programs in both the technology realm as well as for specific sets of rules, such as HIPAA, 7216, Safe Harbor, and GLBA. × Ray EverettJD, CIPP/USPrivacy Consulting Director, Global San Francisco Ray Everett, CIPP/US, is Principal Consultant - US at TrustArc. Ray has spent nearly two decades working at the intersection of privacy and risk management. Appointed as one of the first US corporate privacy officers in 1999, he was an original founding board member of the IAPP. Prior to joining TrustArc, Ray managed global advertising and search privacy issues for Yahoo, and served as general manager for the privacy monitoring business unit at Keynote Systems. Co-author of two books on privacy, he has also provided consulting on customer and human resources data privacy issues for more than two dozen Global 2000 firms in healthcare, financial services, online services, brick-and-mortar retail, and e-commerce. Ray is a graduate of George Washington University Law School. × Virginia BartlettCIPP, CIPP-IT, CIPMSenior Privacy Consultant New York City Virginia Bartlett is a career Privacy and Data Protection Officer with significant experience implementing privacy risk management and governance systems across public and private data ecosystems. Her deep data protection expertise spans nearly every data type, includes global companies such as Pearson Education, Merck, MetLife, and Sony and “big data” organizations like Knewton (education) and IMS (health). Virginia also serves on the Board of an international nonprofit and sponsor Generation Safe 360 assessment for schools, and a FERPA and COPPA badging program to help school systems manage school safety and privacy. Virginia became an early leader in the recent debate about personalized learning and student privacy, creating a highly customized global privacy governance and risk management framework for sector leader Pearson Education, testifying by state legislatures, and contributing her expertise during public reaction to a cloud-based nonprofit called inBloom. Virginia is a founding member of the International Association of Privacy Professionals, and a current member of its credentialing committee. She is a graduate of the Kellogg School of Management Women Board of Directors program, Columbia Teacher’s College Mediation program, Air Academy Associates Six Sigma Process Management Champion Program and several International Association of Privacy Professionals training programs. She is an alumni of Skidmore College, where she earned a B.A. in Government/Policy. × Xavier AlabartCIPP/E, CIPT, IGP, PMP, MBASenior Privacy Consultant Europe Xavier Alabart has more than two decades of experience in advisory and program management, primarily in the technology, healthcare and financial services industry. His expertise includes compliance, privacy, data protection, information governance, records and information management, auditing, systems development and quality management. × Nadya Elizabeth AswadJD, CIPP/E/USSenior Privacy Consultant Central Time Zone Nadya Elizabeth Aswad JD, CIPP/E/US, is a senior-level certified privacy professional with advanced degrees in law and technology. She has more than fifteen years of experience as a privacy professional for global companies in various industries, and has built, implemented, and led information management and privacy compliance programs. Nadya’s in-house positions include Chief Privacy Officer and other privacy roles at a Fortune 25 Corporation, Fannie Mae, and Privacy Director, and Director of Governance, Risk, and Compliance in the financial services, healthcare, and hospitality sectors. As a consultant, Nadya was a Director in the Cybersecurity and Privacy Practice at PwC and held similar positions with other privacy and security consulting firms. Nadya has specialized experience developing and executing privacy strategies and reporting results. She has a mastery of privacy and information management laws, regulations and industry standards, process and data flows, data and system inventories, risk management, data breach response, data loss prevention, frameworks, and privacy policies. × Naheed BleeckerCIPM, CISA, CISM, ISO 27001 Lead Implementer, PMP, Six Sigma Black BeltSenior Privacy Consultant Wisconsin Naheed Bleecker has over 25 years’ experience in IT, with a focus on Information Security in variety of leadership roles. She has led PCI DSS certification efforts and HIPAA assessments. In the world of Privacy she has not only played the role of vendor and customer, and but has also managed the vendor assessment process as an objective stakeholder. Naheed has worked in many industries, including finance, manufacturing, higher education and process outsourcing. Naheed’s passion is highlighting the importance of securing the most critical endpoint in the organization: the human. She has been a featured speaker on the topics of social engineering and building quality into information security programs. Naheed is a Ponemon Fellow, and holds the following certifications: CIPM, CISA, CISM, ISO 27001 Lead Implementer, PMP and Six Sigma Black Belt. × Darlene Cedrés JD, CIPP, CISMSenior Privacy Consultant New Jersey Darlene has over twenty-five years’ experience holding various leadership roles for global companies across various industries. She is a lawyer, privacy practitioner, and a “techie” who was a software engineer in another life. During her career, Darlene has developed privacy/security governance programs, and has deep expertise in data breach prevention and crisis management. In addition, Darlene conducts controls and performs impact assessments for compliance with HIPAA/HiTech, GLBA, ISO27001/2, GDPR, PCI-DSS, among others. Driven by her passion of technology, law and data, Darlene regularly speaks to young people about ethical and safe digital practices. Formerly senior legal counsel and the first Chief Privacy Officer for Samsung Electronics America, she was previously in similar positions with Wyndham Hotel Group and MasterCard. × Estella CohenCIPM, CIPP/C, FIPSenior Privacy Consultant (Canada) Toronto Estella holds dual designations from the International Association of Privacy Professionals (IAPP) as a Certified Information Privacy Professional (CIPP/C), and a Certified Information and Privacy Manager, (CIPM) and just recently was accepted as an IAPP Fellow of Information Privacy (FIP). Estella is the former Executive Director at the Office of the Information and Privacy Commissioner of Ontario (IPC), the independent body that oversees the privacy and access laws in Ontario, Canada. She supported the commissioner’s development of “Privacy by Design” – unanimously adopted an international framework for privacy and data protection in 2010. Prior to this position, Estella was charged with developing and implementing a comprehensive privacy awareness program for the Ontario Government. The program was awarded a Public Sector Quality Award and has become the template for how to develop a culture of privacy in government departments. Currently, Estella is providing consulting and research services to a number of private sector companies who do business with Europe and will need to demonstrate compliance with both the Privacy Shield Framework and the General Data Protection Regulation. Fluent in Spanish with an excellent working knowledge of French, she has shared her knowledge of access and privacy issues internationally. × Jodi DanielsCIPP/USSenior Privacy Consultant Atlanta Jodi is a digital privacy expert with more than 19 years experience in privacy, marketing, strategy, and finance roles. She has worked in multiple industries such as Financial Services, Automotive, Media, and Retail. Jodi most recently served as the privacy partner for Digital Banking and Digital Marketing, Financial Center channel operations, ATMs and Military Banking channels. Jodi started her career in privacy by creating the comprehensive privacy program at Cox Automotive. In that role, she served 20+ companies including Autotrader and Kelley Blue Book and created and maintained privacy policies and served as privacy advisor on all data-related initiatives. Jodi has been a featured speaker at the Boston Bar Association, Digital Advertising Alliance, Atlanta Wireless Technology Forum and Emory University. Jodi earned both a Masters of Business Administration and a Bachelor of Business Administration with a concentration in Accounting from Emory University’s Goizueta Business School. Ms. Daniels is a Certified Informational Privacy Professional (CIPP/US). × Rob Gilbert CIPP/C/E, CIPM, CIPTSenior Privacy ConsultantCanada Robert Gilbert is a privacy professional with extensive experience helping organizations meet their compliance obligations. As Privacy Manager for the Canada Border Services Agency, Rob and his team worked with legal, IT, business units and regulators to balance legal and policy responsibilities with program requirements. As Privacy Operations Manager with the Treasury Board of Canada Secretariat, Rob advised and trained other privacy experts from Canada’s 200-plus federal departments. Most recently, as Project Manager for the Department of Justice’s Privacy Act Reform Initiative, Rob brought “hands-on” experience to this update to Canada’s public sector privacy law. A past Canadian Advisory Board member with the IAPP, Rob has deep roots in the profession, and is a keen proponent of the General Data Protection Regulation. × Julie Glover CIPP/US, CIPMSenior Privacy ConsultantOregon Glover is a former privacy, employment and business attorney with an additional 20+ years’ privacy and HR experience with global technology and retail companies including Intel and Nike, as well as tech start-ups and healthcare organizations. She has consulted on technology product/service development, GDPR assessments and implementation, and all aspects of privacy program development. Glover focuses on ensuring clients’ desired privacy posture as a means to building brand reputation, global and sectoral privacy compliance, customer trust and increased profits. Glover holds a BA, Summa Cum Laude, from Denison University and a JD from the University of Virginia School of Law. × Martin GombergCISSP, CIPP/ESenior Privacy ConsultantFlorida Martin Gomberg, CISSP, CIPP/E, has spent over thirty years in information technology, as Vice President of Technical Strategies for a major bank, CIO for a major cable television and media brand, and as SVP and Global Director of Information Security, Privacy, Data and Business Protection. He served as the Data Systems Protection officer for an Italian affiliate. As a consultant and ‘Ask an Expert’ advisor he has provided guidance to numerous companies in conforming to GDPR requirements. He is an active speaker, blogger and the author of the recently released CISO REDEFINED, focused on the globalization and digital transformation of business, and the protection and privacy of personal and company consequential data, domestic and global. × Paul IagnoccoPrivacy Consulting Director, US East Michigan As Kellogg’s first Chief Privacy Officer from August 2015 – January 2017, Paul was responsible for implementing a global privacy program that covers both consumer and employee privacy, including policies, procedures, contracts, assessments, training and education. In his prior 10 years at Kellogg, Paul served as senior director of global digital operations at Kellogg. In this capacity, he was responsible for identifying and leading the development and integration of marketing capabilities, including consumer product data initiatives, as well as corporate equity protection services around the globe. In addition, he has served as director for global digital strategy where he provided the vision and leadership in the building of a global digital marketing team, and as director of e-business where he was responsible for launching Kellogg’s initial e-commerce initiatives back in 2005. Prior to joining the Kellogg Company, Paul was employed by Biggs|Gilmore agency in Kalamazoo, Michigan. There he co-created the Agency’s digital strategy discipline serving as senior digital strategist and digital account supervisor. In this capacity, he developed digital strategies and user experiences for Fortune 500 clients including, Brunswick Marine (consumer goods), Pfizer (healthcare), DuPont (automotive), Zimmer, Inc. (healthcare) and Kellogg’s (consumer packaged goods). In addition to the above, he has served as director of Student Affairs Information Services (divisional CIO), and assistant dean of student life at Western Michigan University. Paul has a secondary social studies teacher certification and Bachelor of Arts degrees in both Political Science and Public Administration from Western Michigan University. × Juan Luis Hernandez CondeSenior Privacy Consultant (Latin America) Mexico City Juan Luis specializes in tech law, privacy and venture capital with over six years of experience helping companies develop their privacy policies in compliance with Mexican Law; representing them in related litigation in Mexican Courts and; has recently advised the Mexican Supreme Court on the subject. He is passionate about the Law and Policy frameworks of privacy in the Latin American region and their application to international transactions. × Jim KeeseSenior Privacy Consultant Colorado Jim is a proven and quantified privacy specialist with over 20 years’ experience in building, implementing and managing international data privacy, information governance and security programs for Fortune 500 Companies. He has the vision to define a multiyear strategic and operational framework that encompass regulatory requirements, external and internal risks, business objectives and data protection technology. Competence in defining and driving corporate requirements related to domestic and international data breaches and information governance. His leadership as a forerunner in the privacy field has resulted in successful and highly rated global privacy and data protection programs as the Chief Privacy Officer for Western Union and Eastman Kodak. He has knowledge for various sectors to include: healthcare, cloud services, pharmaceutical, medical, financial services, and retail. Published multiple articles related to privacy and data protection. As the Chief Managing Officer for Privacy International, LLP, he has assisted many international companies in data breach obligations, privacy program enhancements, GDPR assessments and implementation plans. His comprehensive regulatory, operational and consulting experience that enables organizations and clients to approach privacy/data protection and data governance holistically from advisory perspective, based on practical implementation that enhances organizational governance and compliance. × James KoonsCIPP/USSenior Privacy Consultant Lancaster James is a data privacy and data protection expert with over 28 years of experience in privacy, security, information systems management and digital marketing. He has worked in various industries including healthcare, education, security, retail and ecommerce. James most recently served as Chief Privacy Officer for the dotDigitalGroup (dotmailer), one of the EU’s largest digital marketing automation firms, where he served over 3,500 companies with marketing compliance, risk assessment and data privacy consultation. During his career as an international privacy professional, he has developed, implemented and maintained global privacy programs, introduced streamlined processes using privacy technology, created privacy policies and data protection agreements, and helped major organizations foster a culture of data protection. James has served as a member of the board of directors for an impressive number of industry organizations and is a very active member of the International Association of Privacy Professionals (IAPP). He has also been a featured speaker at both marketing and privacy events such as the DMA, IAPP, and IRCE. He has testified in US Senate committee hearings as a witness on both data privacy and information security matters as well as serves as an active member of the FBI’s InfraGard focusing on data privacy issues. James is a decorated US Army veteran and is a Certified Information Privacy Professional (CIPP/US). × Wendi Lozada-Smith CIPP/US/E, CISM, CISSPSenior Privacy Consultant Dallas Lozada-Smith is a global privacy and ethics leader with a unique combination of experience in Global Privacy, Information Security, and IT for Fortune 100 financial services and telecommunications companies. With specialized expertise in the new EU Privacy legislation (GDPR), employee privacy, health, and financial privacy, and Internet of Things (IOT), she has provided guidance to global business units operating in more than 60 countries. She has consulted on privacy program and policy development, information security best practices, cross border data transfers, risk assessment, and privacy by design. Lozada-Smith has held a variety of IT/Data Protection leadership positions, including serving as AVP Privacy for AT&T; VP Corporate Information Security for Wachovia, and Information Security Officer for SACU. She received a Master's degree from Vanderbilt University and holds three privacy and security certifications: CIPP/US/E, CISM, and CISSP. × Amedeo MaturoSenior Privacy Consultant Spain As a Privacy Lawyer, Amedeo has more than 13 years experience in the area of Security of Information and in the Privacy field. He covers almost every aspect of Privacy implementation programs; from the definition of the scope, to the design, implementation and testing of the legal and technical compliance measures. Member of the ISACA, he is a volunteer in the Privacy/Data Protection community. He also develops privacy awareness programs for adolescents, in collaboration with the Spanish Privacy Professionals Association (APEP). As CISA, he rolled out several IT Audit projects for e-commerce start ups as well as for multinational companies, helping redesign security procedures and processes. Professor of Legal aspects in the e-commerce projects in Elche Univ. Master, he has developed almost his whole career in Spain. × Mike (MJ) Nesheiwat JD, CIPP/US Senior Privacy Consultant Oregon MJ Nesheiwat JD, CIPP/US, is a senior-level certified privacy professional with advanced degrees in law and engineering. He has more than fifteen years of experience as a privacy professional for global companies in healthcare, semiconductor, and cloud computing in US and Europe. MJ has had several in house positions at Intel, Proteus Digital Health, and Barnes and Noble for leading privacy and security compliance for HIPAA, GDPR, Privacy Impact Assessments, and transactional lead for Business Associate Agreements and Data Sharing. MJ has supported both small startups and Fortune 50 companies in developing and executing privacy strategies and reporting results. He has a mastery of privacy and information management laws, regulations and industry standards, process and data flows, data and system inventories, risk management, data breach response, data loss prevention, frameworks, and privacy policies. × Ralph O’Brien, CIPP/E, CIPM, ISO27001:2013 Lead Assessor, First 100 Fellow of Information Privacy (FIP) Senior Privacy Consultant London Ralph T O’Brien has spent nearly two decades advising global businesses, working at the intersection of privacy, security and risk management. Ralph is an experienced consultant, speaker, trainer, auditor, negotiator and manager. His key passion is in using his knowledge of Privacy laws and information governance standards to help businesses develop and grow, engaging stakeholders, and delivering complex projects within the information governance sphere. Ralph is a qualified ISO 27001:2013 Lead Assessor, and has successfully navigated many organizations through to certification, and contributed to many national information governance standards. He is currently writing and blogging on privacy and security issues, is Vice Chair of the UK’s Data Protection Forum, and is on the committee rewriting the British Standard for Personal Information management BS 10012-2. × K RoyalJD, FIP, CIPP/US/E, CIPMPrivacy Consulting Director, US West Phoenix K Royal is an attorney and compliance professional with 25 years of experience in the legal and health-related fields, which provides her a thorough perspective when implementing or overseeing programs globally. She is skilled in privacy laws, breach management, compliance, training, and program development. K has a particular interest in technology along with its challenges and opportunities. K is an adjunct professor at the Sandra Day O’Connor College of Law and is currently in the dissertation phase of her PhD in Public Affairs. As an attorney, she has been recognized as a Forty-under-40 honoree for Phoenix, as an educational leader through the YWCA, one of the top pro bono attorneys in Arizona, a finalist in the Silicon Valley Corporate Counsel awards for the Rising Star category, and most recently awarded Member of the Year for the Association of Corporate Counsel (out of 40k members globally). Her areas of work mainly center around privacy and regulatory compliance while her personal loves are civic education, youth outreach, diversity initiatives, and leadership training. × Luckner Saint-DicSenior Privacy Consultant Switzerland Luckner has more than 15 years experiences in Risk Management. He started in the consulting world as a Technology Risk Consultant and Auditor at Arthur Andersen. A certified Lead Auditor ISO/ IEC 27001:2013 he helps organizations to set information security governance strategy and data privacy as well as risk prioritization based on recognized standards such as COSO, ISO 31000 and EU directives in data privacy. Luckner has expertise in data protection and risk management which he uses to set clear risk management strategies, risk analysis and remediation roadmaps with solid business and financial foundations. He helps organizations review their risk exposure from an Access and Segregation of Duties perspective and major ERP (SAP) Business Processes with a strategic plan for remediation based on environment and risk exposure. × Kristy SawyerSenior Privacy Consultant Boston Kristy has over a decade of Privacy experience in the private and federal sectors. In her most recent role, she managed overall coordination and development of privacy and data protection strategies and policies for her clients. To ensure on-time project roll-outs, she worked with clients from day one and supported each project to the end. In her role as the Verification and Biometrics Division Privacy Officer for the Department of Homeland Security, US Citizenship Immigration Service, she managed all Privacy Office functions including developing privacy policies; conducting initial and periodic privacy risk assessments; responding to data incidents and breaches; and developing privacy statements, privacy impacts assessments and system of records notices. She played critical roles in the negotiation and development of information sharing arrangements with domestic and foreign partners ensuring compliance with domestic and foreign law. × Janalyn SchreiberCIPM, CISSPSenior Privacy Consultant Washington, D.C. Janalyn brings 20 years of experience consulting with Fortune 500 companies in the Financial Services, Healthcare, and Oil & Gas sectors on the complexities of managing privacy, protecting data and responding to high profile investigations and litigations. As a leader in top global consulting firms, Janalyn led teams in conducting risk assessments, building comprehensive data management and protection frameworks, and establishing policies and controls for adhering to complex global privacy and regulatory standards; in systematizing data retention and archiving practices; and in forensic collection and investigation responses in over 20 countries. Janalyn also approached global privacy and data management issues with technology solutions, leading development of a custom regulatory compliance application; and partnering with Data Analytics teams developing machine learning solutions to rapidly analyze, categorize, and retain/cull structured and unstructured data. A regular presenter on Global Privacy Strategy and Analytics in Investigation Response, Janalyn is a testifying Expert Witness in the Fourth Judicial District Court, and has spoken extensively in meetings with DOJ, SEC, HHS, FBI and contentious opposing parties to fully articulate her clients’ defensible practices. Before joining TrustArc, Janalyn was a Managing Director at Navigant Consulting, a Principal at Deloitte, and a Vice President at Xerox Corporation. Her certifications include: Information Privacy Manager Certificate (CIPM) from the International Association of Privacy Professionals (IAPP), Certified Information Systems Security Professional (CISSP) from (ISC)2, and Security+ and Network+ from CompTIA. × Beth Sipula FIP, CIPM, CIPP/USSenior Privacy Consultant Phoenix Beth Sipula is a Senior Privacy Consultant at TrustArc. Beth has spent the last fifteen years focusing on a broad range of data privacy, data security and risk management areas. She has extensive experience in leading global data privacy assessments, SaaS, implementing privacy by design programs, creating and conducting privacy training, evaluating new and emerging technologies, product lifecycle support, mobile applications, web site and offline data collection, use, transfer and storage of data, M&A assessments and support, marketing/CRM data best practices, and leading PCI-DSS compliance programs. Beth’s last role was as the privacy leader at Citrix Systems, Inc. where she oversaw all aspects of global privacy, PCI-DSS and data protection for the company. × Jamie SorleyCIPP/USSenior Privacy Consultant Jamie joins us from private practice where she advised clients on health care privacy compliance and helped them navigate data breaches, security incidents and government investigations. A former supervisor for the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), Jamie served as the lead investigator for HIPAA breaches in Texas, New Mexico, Arkansas, Oklahoma and Louisiana and worked with the Health Information Privacy Division in Washington, D.C. on policy issues stemming from the passage of the Health Information Technology for Economic and Clinical Health (HITECH) Act. Jamie also served in the U.S. Department of Justice as a Special Assistant United States Attorney in the Northern District of Texas, where she investigated and prosecuted civil cases involving violations of Stark Law, Anti-kickback laws, and the False Claims Act. Jamie earned her Bachelor’s degree and a MBA from Texas Tech University and her JD from the Southern Methodist University Dedman School of Law. She is a member of the American Bar Association, the American Health Lawyers Association and the International Association of Privacy Professionals and is a CIPP/US. She is also the Chair of the Dallas Bar Association Health Law Section and is a frequent speaker on HIPAA, HITECH, and information privacy and security. × Joseph SroujiSenior Privacy ConsultantEU/ParisJoseph Srouji is a member of the Paris bar. He is former Senior Counsel for Data Protection & Regulatory Affairs at GE Capital where he worked for over 11 years based in Paris as a specialist in data protection, financial and banking regulation and compliance. As Data Protection Officer to the French Data Protection Authority (CNIL), he managed the data protection program for both the GE Corporate group and Capital businesses in Europe. In addition, he teaches graduate law students in Common Law, International Law and Technology Law at Université Paris 2 Panthéon - Assas. He completed his law degrees from Université Paris 2 Panthéon Assas, his MBA from The George Washington University and his B.A. from the University of Dayton. × Vanessa StoutCIPM, RIMSenior Privacy ConsultantTexasVanessa Stout has over 15 years experience in project management, incident response operations, privacy and eDiscovery strategy with time spent in both the legal and professional services industries. Vanessa has diverse experience consulting in risk and solution assessment with proven success in litigation readiness, privacy assessment and strategic project planning, primarily focusing on international and cross-border border clients. She believes in adapting to the needs of the client, measuring and mitigating risks, providing transparency, and enhancing team dynamics for an approach that adapts to the client’s current business reality. Vanessa holds the following certifications: CIPM, ARMA (RIM) Certification, Goethe Institute Certification. She is also a certified Business Chemistry Facilitator and former lecturer at the University of Houston’s Paralegal Certification on E-Discovery. × José TabuenaSenior Privacy Consultant Texas José is an attorney and compliance professional experienced in the direct involvement of challenging privacy and data security matters issues with multiple industries and perspectives ranging from serving as an organization’s privacy officer and attorney, to leading multidisciplinary teams on engagements as an external consultant at Big 4 firms. He combines legal expertise with the understanding of emerging technologies, and brings hands-on experience in applying audit controls to work flow processes. José served as Chief Privacy Officer for a major academic medical center developing approaches for data sharing controls and population health activities with affiliates and network partners. He has performed comprehensive assessments of privacy program particularly in the health care and life sciences industry sectors. His experience encompassing clinical research activities, health information Exchange development, and guidelines on secondary uses of sensitive health and personal data. In the role of privacy counsel, he focused on technology transactions and data privacy including negotiation of cloud license and service agreements, as well as emerging areas of information technology such as mobile health applications. José is a graduate of the University of California Berkeley School of Law. He is a published author including a stint as a regular columnist for Compliance Week, and is currently an adjunct professor teaching at Widener Delaware Law School and Southern New Hampshire University. × Deborah Cook WellsCIPP/USSenior Privacy Consultant Illinois Deborah Cook Wells has worked in the Financial Sector for over 25 years, the past 7 focusing on global incident response with one of the largest financial firms in the world. She has managed large, cross-Line of Business incidents, including discovery, assessing impact, developing a response strategy, coordinating approvals, and providing customer contact and executive reporting. She also has managed the team providing Privacy reporting on a firm-wide basis. She has developed policies, procedures, controls, onboarding documents and training. In her career, Deborah has built and managed training groups and call centers, worked in Branch Banking and Personal Trust, developed eCommerce strategies for corporations, and led many diverse projects. She has led successful process improvement projects in both large and small organizations. × Dick WongCIPM, CIPT, CISSP, ISO27001:2005 Auditor, CISM, CRISCSenior Privacy Consultant (Asia-Pacific) Singapore Dick Wong, CIPP/A, CIPM, CIPT, CISSP, Certified ISO27001:2005 Auditor, CISM, CRISC, is a Senior Consultant for Compliance Solutions at TrustArc. Dick is an information security and privacy professional with nearly 20 years of experience split between these two professions. He has worked in industries that include aviation, retail, technology, government, education, real estate and financial services where he drove and managed information security and privacy programs. As a privacy practitioner, Dick has led change in organizations with the understanding of global and local best practices in order to meet their legal, cultural and personal expectations. His customised privacy approach allows internal and external clients to meet privacy challenges that include the translation of the laws and regulations, enforcement activities and processes, while taking into account the monitoring of all legal compliance factors for both local and global markets. In validating his understanding, experiences and practices through the various professional certifications and networks, Dick is able to demonstrate a consistent view and keep abreast with the privacy norms regardless they are in legal, risk, compliance, security and technology as well as operational matters leading to consumer experience. He holds a Bachelor of Computer Science (Digital Systems Security) from University of Wollongong, Australia, and is involved with the Information Systems Audit and Control Association [ISACA®], the International Information System Security Certification Consortium [(ISC)2®] and the International Association of Privacy Professionals [IAPP]. × Pat WynneCIPP USSenior Privacy Consultant Pennsylvania Pat worked in the healthcare industry as Chief Privacy and Security Officer and In-house Counsel for a multi-state behavioral healthcare provider. She was responsible for HIPAA privacy and security strategy and program development including enterprise-wide policies and procedures, workforce training and awareness programs, complaint and breach investigation, management and notification processes, business associate and vendor management processes, data governance, and risk audit and risk management processes. As a consultant, her risk assurance and advisory services included conducting risk analysis and risk assessment procedures mandated by HIPAA, HITECH, FERPA, Red Flag, GLBA, FINRA and related financial industry regulations and advising clients in building compliant and accountable Data Privacy and Cybersecurity programs. She also led HITRUST scoping and readiness assessments, and security risk analysis required for EHR meaningful use certification. Clients included healthcare providers and insurers, pharmacy and healthcare solutions companies, business associates, cloud services providers, financial services and real estate investment companies. She brings this experience to TrustArc and looks forward to expanding her expertise particularly in the areas of Privacy Shield certifications and GDPR compliance.