TrustArc Privacy Consulting Team TrustArc has a large team of privacy experts ready to help you build, implement, and manage your program. A large and growing team of privacy experts covering the world from bases in the US, Canada, Latin America, Europe and Asia, the team has over 200 years of collective privacy experience at globally recognized companies. This team has completed hundreds of successful engagements for companies at all levels of privacy maturity to help build, implement, and demonstrate privacy compliance programs. The team has deep knowledge and rich experience with corporate executive, legal, and business experience. Most team members have several CIPP certifications, law degrees, and Fellow of Information Privacy standing.Schedule a Consultation The TrustArc Consulting Advantage For more than 20 years, TrustArc has worked with the world’s largest and most successful brands to find innovative solutions to data privacy challenges. Headquartered in San Francisco, and backed by a global team, we help clients worldwide demonstrate compliance, minimize risk, and build trust. Using a combination of consulting expertise and advanced technology, TrustArc will help your team address privacy issues and meet global compliance requirements. From our pioneering TRUSTe website certification to our award-winning technology platform for privacy compliance and risk management, TrustArc offers a practical approach to establishing and maintaining a privacy compliance program that is suited to your requirements. Our approach is centered around three core benefits: Consulting plus Technology – Our unique mix of technology-based solutions and tailored consulting services help companies identify best-of-breed solutions that are right-sized for today and scalable for the future. Senior-level Consultants – Every TrustArc consultant has extensive experience working as a privacy practitioner, many with a decade or more of direct experience inside some of world’s largest companies and most respected brands across a wide range of industries. Every one of the consultants you will work with is a true subject matter expert with direct personal experience solving the most challenging data privacy issues. Reliable Engagement Management – Over the course of more than 500 consulting engagements, TrustArc has built a time-tested set of fixed price, project-based consulting offerings with defined levels of effort and realistic delivery timelines that ensure projects come in on-time and on-budget. TrustArc Privacy Consulting Team Margaret AlstonCIPP/G/C/M, FIP Consulting Program Director San FranciscoMore › K RoyalJD, FIP, CIPP/US/E, CIPM Privacy Consulting Director, US West PhoenixMore › Paul IagnoccoPrivacy Consulting Director, US East MichiganMore › Xavier AlabartCIPP/E, CIPT, IGP, PMP, MBA Senior Privacy Consultant EuropeMore › Nadya Elizabeth AswadJD, CIPP/E/US Senior Privacy Consultant Central Time ZoneMore › Naheed BleeckerCIPM, CISA, CISM, ISO 27001 Lead Implementer, PMP, Six Sigma Black Belt Senior Privacy Consultant WisconsinMore › Darlene CedrésJD, CIPP, CISM Senior Privacy Consultant New Jersey More › Estella CohenCIPM, CIPP/C, FIP Senior Privacy Consultant (Canada) TorontoMore › Rob GilbertCIPP/C/E, CIPM, CIPT Senior Privacy Consultant Canada More › Martin GombergCISSP, CIPP/ESenior Privacy Consultant FloridaMore › Juan Luis Hernandez CondeSenior Privacy Consultant (Latin America) Mexico CityMore › Jim KeeseFIPSenior Privacy Consultant ColoradoMore › James KoonsCIPP/US Senior Privacy Consultant LancasterMore › Wendi Lozada-SmithCIPP/US/E, CISM, CISSPSenior Privacy Consultant DallasMore › Amedeo MaturoSenior Privacy Consultant SpainMore › Ralph O'BrienCIPP/E, CIPM, ISO27001:2013 Lead Assessor, First 100 Fellow of Information Privacy (FIP) Senior Privacy Consultant LondonMore › Luckner Saint-DicSenior Privacy Consultant SwitzerlandMore › David SandovalM. EngSenior Privacy Consultant AustinMore › Kristy SawyerSenior Privacy Consultant BostonMore › Janalyn SchreiberCIPP Senior Privacy ConsultantWashington, D.C.More › Beth SipulaFIP, CIPM, CIPP/US Senior Privacy ConsultantPhoenixMore › Jamie SorleyCIPP/US Senior Privacy ConsultantMore › Joseph SroujiSenior Privacy ConsultantEU/ParisMore › Vanessa StoutCIPM, RIM Senior Privacy ConsultantTexasMore › José TabuenaSenior Privacy Consultant TexasMore › Deborah Cook WellsCIPP/US Senior Privacy Consultant IllinoisMore › Dick WongCIPM, CIPT, CISSP, ISO27001:2005 Auditor, CISM, CRISC Senior Privacy Consultant (Asia-Pacific) SingaporeMore › Pat WynneCIPP US Senior Privacy Consultant PennsylvaniaMore › Learn how TrustArc Privacy Consulting can help you build and manage your privacy program. Schedule a Consultation Privacy Compliance Resources × Margaret AlstonCIPP/G/C/M, FIPConsulting Program Director San Francisco Margaret has more than 15 years of Privacy experience, much of that at the VP level. She started out in the consulting world, managing a privacy boutique firm’s consulting organization, Privacy Council. She scoped, bid, planned, resourced, managed, and in some cases performed hands-on for EU, HIPAA, GLBA, COPPA, and Web site privacy projects. She is IAPP certified for basic, Government, Program Management, and Canadian privacy, she has covered a broad range of data stewardship issues in the US, India, EU, Australia, and Canada. Most recently employed as a Senior Privacy Manager for Intuit, as well as Intuit’s Canadian Privacy Officer, Margaret helped create privacy sensitive strategies, business models, and products. She also has set up and managed privacy by design and privacy compliance programs in both the technology realm as well as for specific sets of rules, such as HIPAA, 7216, Safe Harbor, and GLBA. × Xavier AlabartCIPP/E, CIPT, IGP, PMP, MBASenior Privacy Consultant Europe Xavier Alabart has more than two decades of experience in advisory and program management, primarily in the technology, healthcare and financial services industry. His expertise includes compliance, privacy, data protection, information governance, records and information management, auditing, systems development and quality management. × Nadya Elizabeth AswadJD, CIPP/E/USSenior Privacy Consultant Central Time Zone Nadya Elizabeth Aswad JD, CIPP/E/US, is a senior-level certified privacy professional with advanced degrees in law and technology. She has more than fifteen years of experience as a privacy professional for global companies in various industries, and has built, implemented, and led information management and privacy compliance programs. Nadya’s in-house positions include Chief Privacy Officer and other privacy roles at a Fortune 25 Corporation, Fannie Mae, and Privacy Director, and Director of Governance, Risk, and Compliance in the financial services, healthcare, and hospitality sectors. As a consultant, Nadya was a Director in the Cybersecurity and Privacy Practice at PwC and held similar positions with other privacy and security consulting firms. Nadya has specialized experience developing and executing privacy strategies and reporting results. She has a mastery of privacy and information management laws, regulations and industry standards, process and data flows, data and system inventories, risk management, data breach response, data loss prevention, frameworks, and privacy policies. × Naheed BleeckerCIPM, CISA, CISM, ISO 27001 Lead Implementer, PMP, Six Sigma Black BeltSenior Privacy Consultant Wisconsin Naheed Bleecker has over 25 years’ experience in IT, with a focus on Information Security in variety of leadership roles. She has led PCI DSS certification efforts and HIPAA assessments. In the world of Privacy she has not only played the role of vendor and customer, and but has also managed the vendor assessment process as an objective stakeholder. Naheed has worked in many industries, including finance, manufacturing, higher education and process outsourcing. Naheed’s passion is highlighting the importance of securing the most critical endpoint in the organization: the human. She has been a featured speaker on the topics of social engineering and building quality into information security programs. Naheed is a Ponemon Fellow, and holds the following certifications: CIPM, CISA, CISM, ISO 27001 Lead Implementer, PMP and Six Sigma Black Belt. × Darlene Cedrés JD, CIPP, CISMSenior Privacy Consultant New Jersey Darlene has over twenty-five years’ experience holding various leadership roles for global companies across various industries. She is a lawyer, privacy practitioner, and a “techie” who was a software engineer in another life. During her career, Darlene has developed privacy/security governance programs, and has deep expertise in data breach prevention and crisis management. In addition, Darlene conducts controls and performs impact assessments for compliance with HIPAA/HiTech, GLBA, ISO27001/2, GDPR, PCI-DSS, among others. Driven by her passion of technology, law and data, Darlene regularly speaks to young people about ethical and safe digital practices. Formerly senior legal counsel and the first Chief Privacy Officer for Samsung Electronics America, she was previously in similar positions with Wyndham Hotel Group and MasterCard. × Estella CohenCIPM, CIPP/C, FIPSenior Privacy Consultant (Canada) Toronto Estella holds dual designations from the International Association of Privacy Professionals (IAPP) as a Certified Information Privacy Professional (CIPP/C), and a Certified Information and Privacy Manager, (CIPM) and just recently was accepted as an IAPP Fellow of Information Privacy (FIP). Estella is the former Executive Director at the Office of the Information and Privacy Commissioner of Ontario (IPC), the independent body that oversees the privacy and access laws in Ontario, Canada. She supported the commissioner’s development of “Privacy by Design” – unanimously adopted an international framework for privacy and data protection in 2010. Prior to this position, Estella was charged with developing and implementing a comprehensive privacy awareness program for the Ontario Government. The program was awarded a Public Sector Quality Award and has become the template for how to develop a culture of privacy in government departments. Currently, Estella is providing consulting and research services to a number of private sector companies who do business with Europe and will need to demonstrate compliance with both the Privacy Shield Framework and the General Data Protection Regulation. Fluent in Spanish with an excellent working knowledge of French, she has shared her knowledge of access and privacy issues internationally. × Rob Gilbert CIPP/C/E, CIPM, CIPTSenior Privacy ConsultantCanada Robert Gilbert is a privacy professional with extensive experience helping organizations meet their compliance obligations. As Privacy Manager for the Canada Border Services Agency, Rob and his team worked with legal, IT, business units and regulators to balance legal and policy responsibilities with program requirements. As Privacy Operations Manager with the Treasury Board of Canada Secretariat, Rob advised and trained other privacy experts from Canada’s 200-plus federal departments. Most recently, as Project Manager for the Department of Justice’s Privacy Act Reform Initiative, Rob brought “hands-on” experience to this update to Canada’s public sector privacy law. A past Canadian Advisory Board member with the IAPP, Rob has deep roots in the profession, and is a keen proponent of the General Data Protection Regulation. × Martin GombergCISSP, CIPP/ESenior Privacy ConsultantFlorida Martin Gomberg, CISSP, CIPP/E, has spent over thirty years in information technology, as Vice President of Technical Strategies for a major bank, CIO for a major cable television and media brand, and as SVP and Global Director of Information Security, Privacy, Data and Business Protection. He served as the Data Systems Protection officer for an Italian affiliate. As a consultant and ‘Ask an Expert’ advisor he has provided guidance to numerous companies in conforming to GDPR requirements. He is an active speaker, blogger and the author of the recently released CISO REDEFINED, focused on the globalization and digital transformation of business, and the protection and privacy of personal and company consequential data, domestic and global. × Paul IagnoccoPrivacy Consulting Director, US East Michigan As Kellogg’s first Chief Privacy Officer from August 2015 – January 2017, Paul was responsible for implementing a global privacy program that covers both consumer and employee privacy, including policies, procedures, contracts, assessments, training and education. In his prior 10 years at Kellogg, Paul served as senior director of global digital operations at Kellogg. In this capacity, he was responsible for identifying and leading the development and integration of marketing capabilities, including consumer product data initiatives, as well as corporate equity protection services around the globe. In addition, he has served as director for global digital strategy where he provided the vision and leadership in the building of a global digital marketing team, and as director of e-business where he was responsible for launching Kellogg’s initial e-commerce initiatives back in 2005. Prior to joining the Kellogg Company, Paul was employed by Biggs|Gilmore agency in Kalamazoo, Michigan. There he co-created the Agency’s digital strategy discipline serving as senior digital strategist and digital account supervisor. In this capacity, he developed digital strategies and user experiences for Fortune 500 clients including, Brunswick Marine (consumer goods), Pfizer (healthcare), DuPont (automotive), Zimmer, Inc. (healthcare) and Kellogg’s (consumer packaged goods). In addition to the above, he has served as director of Student Affairs Information Services (divisional CIO), and assistant dean of student life at Western Michigan University. Paul has a secondary social studies teacher certification and Bachelor of Arts degrees in both Political Science and Public Administration from Western Michigan University. × Juan Luis Hernandez CondeSenior Privacy Consultant (Latin America) Mexico City Juan Luis specializes in tech law, privacy and venture capital with over six years of experience helping companies develop their privacy policies in compliance with Mexican Law; representing them in related litigation in Mexican Courts and; has recently advised the Mexican Supreme Court on the subject. He is passionate about the Law and Policy frameworks of privacy in the Latin American region and their application to international transactions. × Jim KeeseFIPSenior Privacy Consultant Colorado Jim is a proven and quantified privacy specialist with over 20 years’ experience in building, implementing and managing international data privacy, information governance and security programs for Fortune 500 Companies. He has the vision to define a multiyear strategic and operational framework that encompass regulatory requirements, external and internal risks, business objectives and data protection technology. Competence in defining and driving corporate requirements related to domestic and international data breaches and information governance. His leadership as a forerunner in the privacy field has resulted in successful and highly rated global privacy and data protection programs as the Chief Privacy Officer for Western Union and Eastman Kodak. He has knowledge for various sectors to include: healthcare, cloud services, pharmaceutical, medical, financial services, and retail. Published multiple articles related to privacy and data protection. As the Chief Managing Officer for Privacy International, LLP, he has assisted many international companies in data breach obligations, privacy program enhancements, GDPR assessments and implementation plans. His comprehensive regulatory, operational and consulting experience that enables organizations and clients to approach privacy/data protection and data governance holistically from advisory perspective, based on practical implementation that enhances organizational governance and compliance. × James KoonsCIPP/USSenior Privacy Consultant Lancaster James is a data privacy and data protection expert with over 28 years of experience in privacy, security, information systems management and digital marketing. He has worked in various industries including healthcare, education, security, retail and ecommerce. James most recently served as Chief Privacy Officer for the dotDigitalGroup (dotmailer), one of the EU’s largest digital marketing automation firms, where he served over 3,500 companies with marketing compliance, risk assessment and data privacy consultation. During his career as an international privacy professional, he has developed, implemented and maintained global privacy programs, introduced streamlined processes using privacy technology, created privacy policies and data protection agreements, and helped major organizations foster a culture of data protection. James has served as a member of the board of directors for an impressive number of industry organizations and is a very active member of the International Association of Privacy Professionals (IAPP). He has also been a featured speaker at both marketing and privacy events such as the DMA, IAPP, and IRCE. He has testified in US Senate committee hearings as a witness on both data privacy and information security matters as well as serves as an active member of the FBI’s InfraGard focusing on data privacy issues. James is a decorated US Army veteran and is a Certified Information Privacy Professional (CIPP/US). × Wendi Lozada-Smith CIPP/US/E, CISM, CISSPSenior Privacy Consultant Dallas Lozada-Smith is a global privacy and ethics leader with a unique combination of experience in Global Privacy, Information Security, and IT for Fortune 100 financial services and telecommunications companies. With specialized expertise in the new EU Privacy legislation (GDPR), employee privacy, health, and financial privacy, and Internet of Things (IOT), she has provided guidance to global business units operating in more than 60 countries. She has consulted on privacy program and policy development, information security best practices, cross border data transfers, risk assessment, and privacy by design. Lozada-Smith has held a variety of IT/Data Protection leadership positions, including serving as AVP Privacy for AT&T; VP Corporate Information Security for Wachovia, and Information Security Officer for SACU. She received a Master's degree from Vanderbilt University and holds three privacy and security certifications: CIPP/US/E, CISM, and CISSP. × Amedeo MaturoSenior Privacy Consultant Spain As a Privacy Lawyer, Amedeo has more than 13 years experience in the area of Security of Information and in the Privacy field. He covers almost every aspect of Privacy implementation programs; from the definition of the scope, to the design, implementation and testing of the legal and technical compliance measures. Member of the ISACA, he is a volunteer in the Privacy/Data Protection community. He also develops privacy awareness programs for adolescents, in collaboration with the Spanish Privacy Professionals Association (APEP). As CISA, he rolled out several IT Audit projects for e-commerce start ups as well as for multinational companies, helping redesign security procedures and processes. Professor of Legal aspects in the e-commerce projects in Elche Univ. Master, he has developed almost his whole career in Spain. × Ralph O’Brien, CIPP/E, CIPM, ISO27001:2013 Lead Assessor, First 100 Fellow of Information Privacy (FIP) Senior Privacy Consultant London Ralph T O’Brien has spent nearly two decades advising global businesses, working at the intersection of privacy, security and risk management. Ralph is an experienced consultant, speaker, trainer, auditor, negotiator and manager. His key passion is in using his knowledge of Privacy laws and information governance standards to help businesses develop and grow, engaging stakeholders, and delivering complex projects within the information governance sphere. Ralph is a qualified ISO 27001:2013 Lead Assessor, and has successfully navigated many organizations through to certification, and contributed to many national information governance standards. He is currently writing and blogging on privacy and security issues, is Vice Chair of the UK’s Data Protection Forum, and is on the committee rewriting the British Standard for Personal Information management BS 10012-2. × K RoyalJD, FIP, CIPP/US/E, CIPMPrivacy Consulting Director, US West Phoenix K Royal is an attorney and compliance professional with 25 years of experience in the legal and health-related fields, which provides her a thorough perspective when implementing or overseeing programs globally. She is skilled in privacy laws, breach management, compliance, training, and program development. K has a particular interest in technology along with its challenges and opportunities. K is an adjunct professor at the Sandra Day O’Connor College of Law and is currently in the dissertation phase of her PhD in Public Affairs. As an attorney, she has been recognized as a Forty-under-40 honoree for Phoenix, as an educational leader through the YWCA, one of the top pro bono attorneys in Arizona, a finalist in the Silicon Valley Corporate Counsel awards for the Rising Star category, and most recently awarded Member of the Year for the Association of Corporate Counsel (out of 40k members globally). Her areas of work mainly center around privacy and regulatory compliance while her personal loves are civic education, youth outreach, diversity initiatives, and leadership training. × Luckner Saint-DicSenior Privacy Consultant Switzerland Luckner has more than 15 years experiences in Risk Management. He started in the consulting world as a Technology Risk Consultant and Auditor at Arthur Andersen. A certified Lead Auditor ISO/ IEC 27001:2013 he helps organizations to set information security governance strategy and data privacy as well as risk prioritization based on recognized standards such as COSO, ISO 31000 and EU directives in data privacy. Luckner has expertise in data protection and risk management which he uses to set clear risk management strategies, risk analysis and remediation roadmaps with solid business and financial foundations. He helps organizations review their risk exposure from an Access and Segregation of Duties perspective and major ERP (SAP) Business Processes with a strategic plan for remediation based on environment and risk exposure. × Kristy SawyerSenior Privacy Consultant Boston Kristy has over a decade of Privacy experience in the private and federal sectors. In her most recent role, she managed overall coordination and development of privacy and data protection strategies and policies for her clients. To ensure on-time project roll-outs, she worked with clients from day one and supported each project to the end. In her role as the Verification and Biometrics Division Privacy Officer for the Department of Homeland Security, US Citizenship Immigration Service, she managed all Privacy Office functions including developing privacy policies; conducting initial and periodic privacy risk assessments; responding to data incidents and breaches; and developing privacy statements, privacy impacts assessments and system of records notices. She played critical roles in the negotiation and development of information sharing arrangements with domestic and foreign partners ensuring compliance with domestic and foreign law. × Janalyn SchreiberCIPM, CISSPSenior Privacy Consultant Washington, D.C. Janalyn brings 20 years of experience consulting with Fortune 500 companies in the Financial Services, Healthcare, and Oil & Gas sectors on the complexities of managing privacy, protecting data and responding to high profile investigations and litigations. As a leader in top global consulting firms, Janalyn led teams in conducting risk assessments, building comprehensive data management and protection frameworks, and establishing policies and controls for adhering to complex global privacy and regulatory standards; in systematizing data retention and archiving practices; and in forensic collection and investigation responses in over 20 countries. Janalyn also approached global privacy and data management issues with technology solutions, leading development of a custom regulatory compliance application; and partnering with Data Analytics teams developing machine learning solutions to rapidly analyze, categorize, and retain/cull structured and unstructured data. A regular presenter on Global Privacy Strategy and Analytics in Investigation Response, Janalyn is a testifying Expert Witness in the Fourth Judicial District Court, and has spoken extensively in meetings with DOJ, SEC, HHS, FBI and contentious opposing parties to fully articulate her clients’ defensible practices. Before joining TrustArc, Janalyn was a Managing Director at Navigant Consulting, a Principal at Deloitte, and a Vice President at Xerox Corporation. Her certifications include: Information Privacy Manager Certificate (CIPM) from the International Association of Privacy Professionals (IAPP), Certified Information Systems Security Professional (CISSP) from (ISC)2, and Security+ and Network+ from CompTIA. × David SandovalM. EngSenior Privacy Consultant David is a global privacy and cybersecurity leader with a combination of experience in Global Privacy and Security for Fortune 100 & 500 companies. David has developed experience across various industries including Federal, Government, Consumer Products, Cybersecurity Software Companies, Universities, Hospitals, and Pharmaceuticals. David has supported several engagements surrounding the European Union’s General Data Protection Regulation (GDPR), HIPAA, NIST Cyber Security Framework, and ISO 27002. He has consulted with clients to assess and design global privacy programs, develop privacy and security operational models and risk management frameworks, designed privacy and security related policies and procedures, and created data flow maps focusing on the lifecycle of personal data. David has held a variety of Privacy and Data Risk leadership positions. Also, David retired from the U.S. Navy after 26 wonderful years of service as a Senior Enlisted Leader. He received a Master of Engineering degree (Cybersecurity Policy and Compliance) from George Washington University and Executive Senior Leadership Certification from the U.S Naval War College. × Beth Sipula FIP, CIPM, CIPP/USSenior Privacy Consultant Phoenix Beth Sipula is a Senior Privacy Consultant at TrustArc. Beth has spent the last fifteen years focusing on a broad range of data privacy, data security and risk management areas. She has extensive experience in leading global data privacy assessments, SaaS, implementing privacy by design programs, creating and conducting privacy training, evaluating new and emerging technologies, product lifecycle support, mobile applications, web site and offline data collection, use, transfer and storage of data, M&A assessments and support, marketing/CRM data best practices, and leading PCI-DSS compliance programs. Beth’s last role was as the privacy leader at Citrix Systems, Inc. where she oversaw all aspects of global privacy, PCI-DSS and data protection for the company. × Jamie SorleyCIPP/USSenior Privacy Consultant Jamie joins us from private practice where she advised clients on health care privacy compliance and helped them navigate data breaches, security incidents and government investigations. A former supervisor for the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), Jamie served as the lead investigator for HIPAA breaches in Texas, New Mexico, Arkansas, Oklahoma and Louisiana and worked with the Health Information Privacy Division in Washington, D.C. on policy issues stemming from the passage of the Health Information Technology for Economic and Clinical Health (HITECH) Act. Jamie also served in the U.S. Department of Justice as a Special Assistant United States Attorney in the Northern District of Texas, where she investigated and prosecuted civil cases involving violations of Stark Law, Anti-kickback laws, and the False Claims Act. Jamie earned her Bachelor’s degree and a MBA from Texas Tech University and her JD from the Southern Methodist University Dedman School of Law. She is a member of the American Bar Association, the American Health Lawyers Association and the International Association of Privacy Professionals and is a CIPP/US. She is also the Chair of the Dallas Bar Association Health Law Section and is a frequent speaker on HIPAA, HITECH, and information privacy and security. × Joseph SroujiSenior Privacy ConsultantEU/ParisJoseph Srouji is a member of the Paris bar. He is former Senior Counsel for Data Protection & Regulatory Affairs at GE Capital where he worked for over 11 years based in Paris as a specialist in data protection, financial and banking regulation and compliance. As Data Protection Officer to the French Data Protection Authority (CNIL), he managed the data protection program for both the GE Corporate group and Capital businesses in Europe. In addition, he teaches graduate law students in Common Law, International Law and Technology Law at Université Paris 2 Panthéon - Assas. He completed his law degrees from Université Paris 2 Panthéon Assas, his MBA from The George Washington University and his B.A. from the University of Dayton. × Vanessa StoutCIPM, RIMSenior Privacy ConsultantTexasVanessa Stout has over 15 years experience in project management, incident response operations, privacy and eDiscovery strategy with time spent in both the legal and professional services industries. Vanessa has diverse experience consulting in risk and solution assessment with proven success in litigation readiness, privacy assessment and strategic project planning, primarily focusing on international and cross-border border clients. She believes in adapting to the needs of the client, measuring and mitigating risks, providing transparency, and enhancing team dynamics for an approach that adapts to the client’s current business reality. Vanessa holds the following certifications: CIPM, ARMA (RIM) Certification, Goethe Institute Certification. She is also a certified Business Chemistry Facilitator and former lecturer at the University of Houston’s Paralegal Certification on E-Discovery. × José TabuenaSenior Privacy Consultant Texas José is an attorney and compliance professional experienced in the direct involvement of challenging privacy and data security matters issues with multiple industries and perspectives ranging from serving as an organization’s privacy officer and attorney, to leading multidisciplinary teams on engagements as an external consultant at Big 4 firms. He combines legal expertise with the understanding of emerging technologies, and brings hands-on experience in applying audit controls to work flow processes. José served as Chief Privacy Officer for a major academic medical center developing approaches for data sharing controls and population health activities with affiliates and network partners. He has performed comprehensive assessments of privacy program particularly in the health care and life sciences industry sectors. His experience encompassing clinical research activities, health information Exchange development, and guidelines on secondary uses of sensitive health and personal data. In the role of privacy counsel, he focused on technology transactions and data privacy including negotiation of cloud license and service agreements, as well as emerging areas of information technology such as mobile health applications. José is a graduate of the University of California Berkeley School of Law. He is a published author including a stint as a regular columnist for Compliance Week, and is currently an adjunct professor teaching at Widener Delaware Law School and Southern New Hampshire University. × Deborah Cook WellsCIPP/USSenior Privacy Consultant Illinois Deborah Cook Wells has worked in the Financial Sector for over 25 years, the past 7 focusing on global incident response with one of the largest financial firms in the world. She has managed large, cross-Line of Business incidents, including discovery, assessing impact, developing a response strategy, coordinating approvals, and providing customer contact and executive reporting. She also has managed the team providing Privacy reporting on a firm-wide basis. She has developed policies, procedures, controls, onboarding documents and training. In her career, Deborah has built and managed training groups and call centers, worked in Branch Banking and Personal Trust, developed eCommerce strategies for corporations, and led many diverse projects. She has led successful process improvement projects in both large and small organizations. × Dick WongCIPM, CIPT, CISSP, ISO27001:2005 Auditor, CISM, CRISCSenior Privacy Consultant (Asia-Pacific) Singapore Dick Wong, CIPP/A, CIPM, CIPT, CISSP, Certified ISO27001:2005 Auditor, CISM, CRISC, is a Senior Consultant for Compliance Solutions at TrustArc. Dick is an information security and privacy professional with nearly 20 years of experience split between these two professions. He has worked in industries that include aviation, retail, technology, government, education, real estate and financial services where he drove and managed information security and privacy programs. As a privacy practitioner, Dick has led change in organizations with the understanding of global and local best practices in order to meet their legal, cultural and personal expectations. His customised privacy approach allows internal and external clients to meet privacy challenges that include the translation of the laws and regulations, enforcement activities and processes, while taking into account the monitoring of all legal compliance factors for both local and global markets. In validating his understanding, experiences and practices through the various professional certifications and networks, Dick is able to demonstrate a consistent view and keep abreast with the privacy norms regardless they are in legal, risk, compliance, security and technology as well as operational matters leading to consumer experience. He holds a Bachelor of Computer Science (Digital Systems Security) from University of Wollongong, Australia, and is involved with the Information Systems Audit and Control Association [ISACA®], the International Information System Security Certification Consortium [(ISC)2®] and the International Association of Privacy Professionals [IAPP]. × Pat WynneCIPP USSenior Privacy Consultant Pennsylvania Pat worked in the healthcare industry as Chief Privacy and Security Officer and In-house Counsel for a multi-state behavioral healthcare provider. She was responsible for HIPAA privacy and security strategy and program development including enterprise-wide policies and procedures, workforce training and awareness programs, complaint and breach investigation, management and notification processes, business associate and vendor management processes, data governance, and risk audit and risk management processes. As a consultant, her risk assurance and advisory services included conducting risk analysis and risk assessment procedures mandated by HIPAA, HITECH, FERPA, Red Flag, GLBA, FINRA and related financial industry regulations and advising clients in building compliant and accountable Data Privacy and Cybersecurity programs. She also led HITRUST scoping and readiness assessments, and security risk analysis required for EHR meaningful use certification. Clients included healthcare providers and insurers, pharmacy and healthcare solutions companies, business associates, cloud services providers, financial services and real estate investment companies. She brings this experience to TrustArc and looks forward to expanding her expertise particularly in the areas of Privacy Shield certifications and GDPR compliance.