Privacy Consulting Consulting Solutions TrustArc Consultants can help you manage all phases of your privacy program. Meeting requirements of the broad and ever-changing regulatory landscape is challenging. Finding technology tools and a proven methodology, along with a long term trusted privacy partner to help manage your program can be an even bigger challenge. Privacy Consulting Offerings TrustArc Privacy Consulting combines leading technology, proven methodology, and privacy experts who have significant in-house corporate experience leading global privacy programs for enterprises across a wide range of industries.With a unique hybrid background of legal, technology, business process, project management, and data privacy expertise, they can help fully operationalize data privacy at each stage of privacy maturity.TrustArc Consulting spans the globe in locations across the US, Canada, Europe, Asia and Latin America. Consulting Team The TrustArc Privacy Consulting Group has an average of 10-20 years of privacy experience at globally recognized companies such as eBay, Citrix, Intuit, Merck, Pearson, Sony, and Unilever. This team has dedicated their careers to helping organizations develop, implement, and sustain privacy programs. Some notable accomplishments of team members include: being a founding board member of the IAPP, a published author of several privacy books, a credentialing committee member of the IAPP, a Forty-under-40 honoree for Phoenix, AZ, and a pioneer of “Privacy by Design”. In addition to being leaders in the workplace, team members also help the community by serving on advisory committees. The team enjoys using their many years of expertise to help organizations with everything from meeting privacy law requirements to implementing complex privacy governance programs. Eleanor Treharne-JonesCIPP/E VP Consulting San FranciscoMore › Margaret AlstonCIPP/G/C/M Consulting Program Director San FranciscoMore › Ray EverettJD, CIPP/US Principal Consultant (US) San FranciscoMore › Monique AltheimCIPP US/EU, CIPM Senior Privacy Consultant New YorkMore › Nadya Elizabeth AswadJD, CIPP/E/US Senior Privacy Consultant Central Time ZoneMore › Virginia BartlettCIPP, CIPP-IT, CIPM Senior Privacy Consultant New York CityMore › Estella CohenCIPM, CIPP/C, FIP Senior Privacy Consultant (Canada) TorontoMore › Jay HarrisJD, CIPP/USSenior Privacy Consultant Washington, D.C.More › Paul IagnoccoSenior Privacy Consultant MichiganMore › Juan Luis Hernandez CondeSenior Privacy Consultant (Latin America) Mexico CityMore › Jim KeeseSenior Privacy Consultant ColoradoMore › Anju KhuranaCIPP/US/E, IGP Senior Privacy Consultant New YorkMore › Ralph O'BrienCIPP/E, CIPM, ISO27001:2013 Lead Assessor, First 100 Fellow of Information Privacy (FIP) Senior Privacy Consultant LondonMore › K RoyalJD, CIPP/E/US Senior Privacy Consultant PhoenixMore › Janalyn SchreiberCIPP Senior Privacy ConsultantWashington, D.C.More › Beth SipulaCIPP Senior Privacy ConsultantPhoenixMore › Joseph SroujiSenior Privacy ConsultantEU/ParisMore › Laurel StrandCIPP US, CIPP-E, CHPC, CISSP Senior Privacy ConsultantSacramentoMore › Dick WongCIPM, CIPT, CISSP, ISO27001:2005 Auditor, CISM, CRISC Senior Privacy Consultant (Asia-Pacific) SingaporeMore › Pat WynneCIPP US Senior Privacy Consultant PennsylvaniaMore › Learn how our team of privacy experts can help. Contact Us Resources × Eleanor Treharne-JonesCIPP/EVP Consulting San Francisco As Vice President, Consulting Eleanor leads TRUSTe’s team of global privacy consultants delivering privacy assessments for large enterprises across Asia, Europe and the U.S. and supporting integration of TRUSTe’s market-leading Assessment Manager. In her role at TRUSTe, Eleanor has pioneered multiple successful thought leadership initiatives including a four-year research program, as well as a wide range of events in both the US and Europe – including the highly successful Privacy Insight Series and IoT Privacy Summits in Silicon Valley in 2014 and 2015. In 2012, Eleanor played a key role in supporting TRUSTe’s global expansion as they entered the European Market. Prior to joining TRUSTe, Eleanor led a global strategic communications consultancy building on her 11 years experience advising UK Government Ministers through high profile issues from public health campaigns and disease outbreaks to counter-terrorism and military operations in Afghanistan. Eleanor graduated from Cambridge University (UK) with a MA in Philosophy. She is a Certified Information Privacy Professional (CIPP/E) an IAPP Advisory Board Member and Founding Member of the European CIP Institute creating a body of knowledge for crisis/risk management professionals. × Margaret AlstonCIPP/G/C/MConsulting Program Director San Francisco Margaret has more than 15 years of Privacy experience, much of that at the VP level. She started out in the consulting world, managing a privacy boutique firm’s consulting organization, Privacy Council. She scoped, bid, planned, resourced, managed, and in some cases performed hands-on for EU, HIPAA, GLBA, COPPA, and Web site privacy projects. She is IAPP certified for basic, Government, Program Management, and Canadian privacy, she has covered a broad range of data stewardship issues in the US, India, EU, Australia, and Canada. Most recently employed as a Senior Privacy Manager for Intuit, as well as Intuit’s Canadian Privacy Officer, Margaret helped create privacy sensitive strategies, business models, and products. She also has set up and managed privacy by design and privacy compliance programs in both the technology realm as well as for specific sets of rules, such as HIPAA, 7216, Safe Harbor, and GLBA. × Ray EverettJD, CIPP/USPrincipal Consultant (US) San Francisco Ray Everett, CIPP/US, is Principal Consultant - US at TRUSTe. Ray has spent nearly two decades working at the intersection of privacy and risk management. Appointed as one of the first US corporate privacy officers in 1999, he was an original founding board member of the IAPP. Prior to joining TRUSTe, Ray managed global advertising and search privacy issues for Yahoo, and served as general manager for the privacy monitoring business unit at Keynote Systems. Co-author of two books on privacy, he has also provided consulting on customer and human resources data privacy issues for more than two dozen Global 2000 firms in healthcare, financial services, online services, brick-and-mortar retail, and e-commerce. Ray is a graduate of George Washington University Law School. × Virginia BartlettCIPP, CIPP-IT, CIPMSenior Privacy Consultant New York City Virginia Bartlett is a career Privacy and Data Protection Officer with significant experience implementing privacy risk management and governance systems across public and private data ecosystems. Her deep data protection expertise spans nearly every data type, includes global companies such as Pearson Education, Merck, MetLife, and Sony and “big data” organizations like Knewton (education) and IMS (health). Virginia also serves on the Board of an international nonprofit and sponsor Generation Safe 360 assessment for schools, and a FERPA and COPPA badging program to help school systems manage school safety and privacy. Virginia became an early leader in the recent debate about personalized learning and student privacy, creating a highly customized global privacy governance and risk management framework for sector leader Pearson Education, testifying by state legislatures, and contributing her expertise during public reaction to a cloud-based nonprofit called inBloom. Virginia is a founding member of the International Association of Privacy Professionals, and a current member of its credentialing committee. She is a graduate of the Kellogg School of Management Women Board of Directors program, Columbia Teacher’s College Mediation program, Air Academy Associates Six Sigma Process Management Champion Program and several International Association of Privacy Professionals training programs. She is an alumni of Skidmore College, where she earned a B.A. in Government/Policy. × Monique AltheimCIPP US/EU, CIPMSenior Privacy Consultant New York Monique Altheim is a subject matter expert (SME) in global and U.S. data privacy and information security laws and best practices, regulatory compliance, and operational implementation. Before joining TRUSTe, Monique was a managing consultant at IBM Security, where she advised IBM clients in a wide range of industries on managing their global privacy and data protection compliance, focusing on solutions applied to the Cloud, IoT, Data analytics and GDPR readiness. As one of her roles at IBM she was the global privacy lead for a $ billion data center consolidation project of a German Financial Institution. This project involved global handling and migration of sensitive personal information from 150 Data Centers in 100+ countries to a handful Data Centers in 4 countries. Prior to her role at IBM Security, Monique had 12+ years experience as an international attorney in Belgium and in the U.S., specializing in global data privacy and eDiscovery law. Besides being a dually licensed attorney both in Belgium and in New York, Monique also holds EU and US Information Privacy Professional Certificates (CIPP), and a Information Privacy Manager Certificate (CIPM) from the International Association of Privacy Professionals (IAPP) and is a member of their teaching faculty. She has been admitted to the inaugural class of IAPP Fellow of Information Privacy (FIP) recipients. Monique is a sought after speaker on data privacy issues and is fluent in 6 languages. × Nadya Elizabeth AswadJD, CIPP/E/USSenior Privacy Consultant Central Time Zone Nadya Elizabeth Aswad JD, CIPP/E/US, is a senior-level certified privacy professional with advanced degrees in law and technology. She has more than fifteen years of experience as a privacy professional for global companies in various industries, and has built, implemented, and led information management and privacy compliance programs. Nadya’s in-house positions include Chief Privacy Officer and other privacy roles at a Fortune 25 Corporation, Fannie Mae, and Privacy Director, and Director of Governance, Risk, and Compliance in the financial services, healthcare, and hospitality sectors. As a consultant, Nadya was a Director in the Cybersecurity and Privacy Practice at PwC and held similar positions with other privacy and security consulting firms. Nadya has specialized experience developing and executing privacy strategies and reporting results. She has a mastery of privacy and information management laws, regulations and industry standards, process and data flows, data and system inventories, risk management, data breach response, data loss prevention, frameworks, and privacy policies. × Estella CohenCIPM, CIPP/C, FIPSenior Privacy Consultant (Canada) Toronto Estella holds dual designations from the International Association of Privacy Professionals (IAPP) as a Certified Information Privacy Professional (CIPP/C), and a Certified Information and Privacy Manager, (CIPM) and just recently was accepted as an IAPP Fellow of Information Privacy (FIP). Estella is the former Executive Director at the Office of the Information and Privacy Commissioner of Ontario (IPC), the independent body that oversees the privacy and access laws in Ontario, Canada. She supported the commissioner’s development of “Privacy by Design” – unanimously adopted an international framework for privacy and data protection in 2010. Prior to this position, Estella was charged with developing and implementing a comprehensive privacy awareness program for the Ontario Government. The program was awarded a Public Sector Quality Award and has become the template for how to develop a culture of privacy in government departments. Currently, Estella is providing consulting and research services to a number of private sector companies who do business with Europe and will need to demonstrate compliance with both the Privacy Shield Framework and the General Data Protection Regulation. Fluent in Spanish with an excellent working knowledge of French, she has shared her knowledge of access and privacy issues internationally. × Jay HarrisJD, CIPP/USSenior Privacy ConsultantWashington, D.C. Jay Harris, JD, CIPP/US, joins TrustArc as a Senior Privacy Consultant with experience serving in executive roles for two global, public consumer data companies, leading their data privacy programs, drafting and negotiate complex SAAS/DAAS agreements involving consumer data/financial privacy, managing complex FCRA class action litigation, and leading M&A due diligence teams in software acquisition reviews. Jay is based in Washington, DC. × Paul IagnoccoSenior Privacy Consultant Michigan As Kellogg’s first Chief Privacy Officer from August 2015 – January 2017, Paul was responsible for implementing a global privacy program that covers both consumer and employee privacy, including policies, procedures, contracts, assessments, training and education. In his prior 10 years at Kellogg, Paul served as senior director of global digital operations at Kellogg. In this capacity, he was responsible for identifying and leading the development and integration of marketing capabilities, including consumer product data initiatives, as well as corporate equity protection services around the globe. In addition, he has served as director for global digital strategy where he provided the vision and leadership in the building of a global digital marketing team, and as director of e-business where he was responsible for launching Kellogg’s initial e-commerce initiatives back in 2005. Prior to joining the Kellogg Company, Paul was employed by Biggs|Gilmore agency in Kalamazoo, Michigan. There he co-created the Agency’s digital strategy discipline serving as senior digital strategist and digital account supervisor. In this capacity, he developed digital strategies and user experiences for Fortune 500 clients including, Brunswick Marine (consumer goods), Pfizer (healthcare), DuPont (automotive), Zimmer, Inc. (healthcare) and Kellogg’s (consumer packaged goods). In addition to the above, he has served as director of Student Affairs Information Services (divisional CIO), and assistant dean of student life at Western Michigan University. Paul has a secondary social studies teacher certification and Bachelor of Arts degrees in both Political Science and Public Administration from Western Michigan University. × Juan Luis Hernandez CondeSenior Privacy Consultant (Latin America) Mexico City Juan Luis specializes in tech law, privacy and venture capital with over six years of experience helping companies develop their privacy policies in compliance with Mexican Law; representing them in related litigation in Mexican Courts and; has recently advised the Mexican Supreme Court on the subject. He is passionate about the Law and Policy frameworks of privacy in the Latin American region and their application to international transactions. × Anju KhuranaCIPP/US/E, IGPSenior Privacy Consultant New York Anju Khurana is an Attorney, Certified Information Privacy Professional (CIPP/US/E) and Certified Information Governance Professional (IGP) with 15+ years of legal and consulting experience providing strategic advice to Fortune 500 corporations, governmental entities, and law firms in identifying, evaluating and managing global privacy, cybersecurity and information governance risks for the information lifecycle. She is a former partner/litigator of a law firm, consultant, law lecturer, speaker, writer and subject matter expert in the areas of Privacy and Data Protection, Information Governance, Legal & Regulatory Compliance, eDiscovery and Litigation Support. She has provided guidance and support to clients both in the US and internationally around data protection and privacy issues, developed privacy strategy, policies, procedures, monitored and analyzed US and international privacy regulations, responded to data incidents/breach notification, monitored and measured privacy compliance and enforcement, performed privacy risk assessments, privacy impact assessments (PIAs), implemented privacy by design, supported GDPR readiness and compliance and conducted third-party/vendor due diligence, negotiation, compliance and management. × Ralph O’Brien, CIPP/E, CIPM, ISO27001:2013 Lead Assessor, First 100 Fellow of Information Privacy (FIP) Senior Privacy Consultant London Ralph T O’Brien has spent nearly two decades advising global businesses, working at the intersection of privacy, security and risk management. Ralph is an experienced consultant, speaker, trainer, auditor, negotiator and manager. His key passion is in using his knowledge of Privacy laws and information governance standards to help businesses develop and grow, engaging stakeholders, and delivering complex projects within the information governance sphere. Ralph is a qualified ISO 27001:2013 Lead Assessor, and has successfully navigated many organizations through to certification, and contributed to many national information governance standards. He is currently writing and blogging on privacy and security issues, is Vice Chair of the UK’s Data Protection Forum, and is on the committee rewriting the British Standard for Personal Information management BS 10012-2. × K RoyalJD, CIPP/E/USSenior Privacy Consultant Phoenix K Royal is an attorney and compliance professional with 25 years of experience in the legal and health-related fields, which provides her a thorough perspective when implementing or overseeing programs globally. She is skilled in privacy laws, breach management, compliance, training, and program development. K has a particular interest in technology along with its challenges and opportunities. K is an adjunct professor at the Sandra Day O’Connor College of Law and is currently in the dissertation phase of her PhD in Public Affairs. As an attorney, she has been recognized as a Forty-under-40 honoree for Phoenix, as an educational leader through the YWCA, one of the top pro bono attorneys in Arizona, a finalist in the Silicon Valley Corporate Counsel awards for the Rising Star category, and most recently awarded Member of the Year for the Association of Corporate Counsel (out of 40k members globally). Her areas of work mainly center around privacy and regulatory compliance while her personal loves are civic education, youth outreach, diversity initiatives, and leadership training. × Beth Sipula CIPPSenior Privacy Consultant Phoenix Beth Sipula is a Senior Privacy Consultant at TRUSTe. Beth has spent the last fifteen years focusing on a broad range of data privacy, data security and risk management areas. She has extensive experience in leading global data privacy assessments, SaaS, implementing privacy by design programs, creating and conducting privacy training, evaluating new and emerging technologies, product lifecycle support, mobile applications, web site and offline data collection, use, transfer and storage of data, M&A assessments and support, marketing/CRM data best practices, and leading PCI-DSS compliance programs. Beth’s last role was as the privacy leader at Citrix Systems, Inc. where she oversaw all aspects of global privacy, PCI-DSS and data protection for the company. × Joseph SroujiSenior Privacy ConsultantEU/ParisJoseph Srouji is a member of the Paris bar. He is former Senior Counsel for Data Protection & Regulatory Affairs at GE Capital where he worked for over 11 years based in Paris as a specialist in data protection, financial and banking regulation and compliance. As Data Protection Officer to the French Data Protection Authority (CNIL), he managed the data protection program for both the GE Corporate group and Capital businesses in Europe. In addition, he teaches graduate law students in Common Law, International Law and Technology Law at Université Paris 2 Panthéon - Assas. He completed his law degrees from Université Paris 2 Panthéon Assas, his MBA from The George Washington University and his B.A. from the University of Dayton. × Laurel StrandCIPP US, CIPP-E, CHPC, CISSPSenior Privacy Consultant Sacramento Laurie is an experienced privacy and information security professional with strong analytical and communication skills. She possess a wide range of business experience in large and small companies, including international privacy compliance and information security. Key competencies include: data analysis, research of industry standards, international regulatory compliance, privacy and security risk assessments, breach response, developing policy and associated guidelines, communicating information security requirements and recommending appropriate controls. 8 years Data Protection and Privacy Compliance 4 years Data Architecture, 4 Years Data Warehouse Management 12 years Accounting, Finance and Audit × Dick WongCIPM, CIPT, CISSP, ISO27001:2005 Auditor, CISM, CRISCSenior Privacy Consultant (Asia-Pacific) Singapore Dick Wong, CIPP/A, CIPM, CIPT, CISSP, Certified ISO27001:2005 Auditor, CISM, CRISC, is a Senior Consultant for Compliance Solutions at TRUSTe. Dick is an information security and privacy professional with nearly 20 years of experience split between these two professions. He has worked in industries that include aviation, retail, technology, government, education, real estate and financial services where he drove and managed information security and privacy programs. As a privacy practitioner, Dick has led change in organizations with the understanding of global and local best practices in order to meet their legal, cultural and personal expectations. His customised privacy approach allows internal and external clients to meet privacy challenges that include the translation of the laws and regulations, enforcement activities and processes, while taking into account the monitoring of all legal compliance factors for both local and global markets. In validating his understanding, experiences and practices through the various professional certifications and networks, Dick is able to demonstrate a consistent view and keep abreast with the privacy norms regardless they are in legal, risk, compliance, security and technology as well as operational matters leading to consumer experience. He holds a Bachelor of Computer Science (Digital Systems Security) from University of Wollongong, Australia, and is involved with the Information Systems Audit and Control Association [ISACA®], the International Information System Security Certification Consortium [(ISC)2®] and the International Association of Privacy Professionals [IAPP]. × Jim KeeseSenior Privacy Consultant Colorado Jim is a proven and quantified privacy specialist with over 20 years’ experience in building, implementing and managing international data privacy, information governance and security programs for Fortune 500 Companies. He has the vision to define a multiyear strategic and operational framework that encompass regulatory requirements, external and internal risks, business objectives and data protection technology. Competence in defining and driving corporate requirements related to domestic and international data breaches and information governance. His leadership as a forerunner in the privacy field has resulted in successful and highly rated global privacy and data protection programs as the Chief Privacy Officer for Western Union and Eastman Kodak. He has knowledge for various sectors to include: healthcare, cloud services, pharmaceutical, medical, financial services, and retail. Published multiple articles related to privacy and data protection. As the Chief Managing Officer for Privacy International, LLP, he has assisted many international companies in data breach obligations, privacy program enhancements, GDPR assessments and implementation plans. His comprehensive regulatory, operational and consulting experience that enables organizations and clients to approach privacy/data protection and data governance holistically from advisory perspective, based on practical implementation that enhances organizational governance and compliance. × Janalyn SchreiberCIPM, CISSPSenior Privacy Consultant Washington, D.C. Janalyn brings 20 years of experience consulting with Fortune 500 companies in the Financial Services, Healthcare, and Oil & Gas sectors on the complexities of managing privacy, protecting data and responding to high profile investigations and litigations. As a leader in top global consulting firms, Janalyn led teams in conducting risk assessments, building comprehensive data management and protection frameworks, and establishing policies and controls for adhering to complex global privacy and regulatory standards; in systematizing data retention and archiving practices; and in forensic collection and investigation responses in over 20 countries. Janalyn also approached global privacy and data management issues with technology solutions, leading development of a custom regulatory compliance application; and partnering with Data Analytics teams developing machine learning solutions to rapidly analyze, categorize, and retain/cull structured and unstructured data. A regular presenter on Global Privacy Strategy and Analytics in Investigation Response, Janalyn is a testifying Expert Witness in the Fourth Judicial District Court, and has spoken extensively in meetings with DOJ, SEC, HHS, FBI and contentious opposing parties to fully articulate her clients’ defensible practices. Before joining TRUSTe, Janalyn was a Managing Director at Navigant Consulting, a Principal at Deloitte, and a Vice President at Xerox Corporation. Her certifications include: Information Privacy Manager Certificate (CIPM) from the International Association of Privacy Professionals (IAPP), Certified Information Systems Security Professional (CISSP) from (ISC)2, and Security+ and Network+ from CompTIA. × Pat WynneCIPP USSenior Privacy Consultant Pennsylvania Pat worked in the healthcare industry as Chief Privacy and Security Officer and In-house Counsel for a multi-state behavioral healthcare provider. She was responsible for HIPAA privacy and security strategy and program development including enterprise-wide policies and procedures, workforce training and awareness programs, complaint and breach investigation, management and notification processes, business associate and vendor management processes, data governance, and risk audit and risk management processes. As a consultant, her risk assurance and advisory services included conducting risk analysis and risk assessment procedures mandated by HIPAA, HITECH, FERPA, Red Flag, GLBA, FINRA and related financial industry regulations and advising clients in building compliant and accountable Data Privacy and Cybersecurity programs. She also led HITRUST scoping and readiness assessments, and security risk analysis required for EHR meaningful use certification. Clients included healthcare providers and insurers, pharmacy and healthcare solutions companies, business associates, cloud services providers, financial services and real estate investment companies. She brings this experience to TRUSTe and looks forward to expanding her expertise particularly in the areas of Privacy Shield certifications and GDPR compliance.