| Biography | Voted Number 1 in Computerworld Poll of Global Privacy Lawyers, 2006, 2007 and 2008; Individually ranked by Chambers as Band 1 on Privacy and Data Security; Selected as New York Super Lawyer, 2006 - 2009; Author and Editor, Privacy and Data Security Law Deskbook, Aspen Publishers, July 2010; Co-chair, PLI's Eleventh Annual Institute on Privacy and Data Security Law, 2010; Member, Board of Directors, International Association of Privacy Professionals, 2010 - 2015; Awarded Champion of Justice Award by the New York City Bar, 2000. Speaker Testimony before CSIS Commission on Cyber Security for the 44th Presidency, April 2008; Testimony before U.S. House of Representatives, Committee on Small Business, Subcommittee on Regulatory Reform and Oversight, Data Protection and the Consumer: "Who Loses When Your Data Takes a Hike?," May 2006; Testimony before U.S. Department of Health and Human Services' Subcommittee on Privacy and Confidentiality of the National Committee on Vital and Health Statistics regarding RFID Use in Health Care, January 2005; Chair, New York Privacy Officers Forum, 2007 - present; Speaker, Security Breaches: Notification Challenges and Liability Risks, Practicing Law Institute's Eleventh Annual Institute on Privacy and Data Security Law, June 2010; Data Privacy in a Global Era, Barclays Wealth, May 2010; Privacy: A Global Overview, Minnesota State Bar Association's In-House Counsel Crash Course, May 2010; Privacy and Data Protection: Global Developments and Insights for the Future, The Cross Border Group, May 2010; Privacy: A Global Perspective, Northwestern Law Attorneys General Education Program, Second Annual Public Policy Conference, May, 2010; Privacy, Confidential Information and Intellectual Property, ECOA Law School, May 2010; Privacy Law in Latin America, Zurich Services of the Americas, May 2010; Data Privacy: Global Risks and Opportunities, McKesson Corporation Law Department Meeting, April 2010; Speaker, Safe Harbor, the Tenth Anniversary: What was, What is, and What will be . . ., IAPP 2010 Global Privacy Summit, April 2010; Data Privacy in a Global Era, Polo Ralph Lauren Corporation, March 2010; Data Privacy in a Global Era, Zurich North America, March 2010; Google Case Italy: Could it Happen to You?, DataGuidance Emergency Webinar, March 2010; Virtual World - Real Crime, 2010 NAAG Presidential Initiative, National Association of Attorneys General, February 2010; UBM: EU Data Transfer Mechanisms, UBM Inc., February 2010; Preparing for and Responding to a Data Breach: Assessing Breach Scope, Notification Requirements, Appropriate Responses and Mitigation, ACI's 9th National Advanced Forum on Privacy and Security of Consumer and Employee Information, January 2010; Data Privacy and Intellectual Property, Ethics & Compliance Officer Association, ECOA Law School, January 2010; Data Privacy: Global Risks and Opportunities, McKesson Corporation, January 2010; The Conflict Between U.S. E-Discovery and EU Data Protection Law, Judicial Education Program's Fourth Annual Civil Justice Symposium, Northwestern University School of Law, December 2009; Data Privacy in a Global Era, Time Inc., December 2009; Clash of Laws and Cultures: Cross Border E-Discovery and International Data Management, 6th Annual Advanced E-Discovery Institute, November 2009; American Recovery and Reinvestment Act of 2009, American Insurance Association, October 2009; Speaker, Data Security and Privacy: A Global Perspective on Law and Regulation, Association of General Counsel Fall Meeting, October 2009; Overview of Global Privacy and Data Security Law, General Dynamics Privacy Summit, October 2009; Keynote Speaker, The 50,000-Foot View — The Current Legal Landscape and the Biggest Areas of Exposure in Data Privacy & Security, Minnesota Data Privacy & Security for In-House Counsel, September 2009; Moderator and Speaker, Cloud Computing: Are the Security Risks Real or Exaggerated?, Civitas Group, September 2009; Speaker, Information Security Breaches: The Legal Implications, Chubb Advanced Cyber Security Seminar, July 2009; Privacy Developments in the Workplace: Monitoring, Surveillance, Background Checks and Remote Computing, Privacy Law Institute's Tenth Annual Institute on Privacy and Data Security Law, June, 2009; Federal Breach Notification, Debix Systems, Inc., June 2009; Information Security Breaches: The Legal Implications, Willis HRH, June 2009; Data Breaches: The Cost of Being Unprepared, Information Security Breaches: The Legal Implications, Affinion Security Center and CSO Magazine, May 2009. Panelist: Strategic Information Management: Beyond Personal Information, IAPP Webinar, May 2009; Information Security Breaches: The U.S. Experience, London, England, May 2009; Dealing with Security Breaches, Brussels, Belgium, May 2009; Privacy Issues in Marketing, Association for Financial Professionals Retail Treasury Forum, May 2009; When Things Go Wrong — Planning for and Responding to Data Breaches, FTC Workshop, April 2009; Information Security Breaches: The Legal Implications, Navigant Consulting, April 2009; Privacy Update: Managing Global Data Flows, ACC Committee, April 2009; HIPAA Federal Breach Notification in Stimulus Legislation, March 2009; Strategic Information Management: Beyond Personal Information, IAPP Privacy Summit, March 2009; U.S. E-Discovery & EU Data Privacy, Data Guidance Webinar, January 2009; ABA's Privacy Update Webinar, December 2008; Information Security Breaches: The Legal Implications, American Petroleum Institute, November 2008; International Information Security Breaches, ACC Annual Meeting, October 2008; Information Security Breaches: The Legal Implications, IBM IT Services Legal Summit Meeting, October 2008; Presenter, Data Breach Boot Camp, October 2008; Information Security Breaches: The Legal Implications, Debix Systems, Inc., October 2008; Global Privacy Management: Convergence of Privacy Into Compliance, ECOA's 2008 Annual Business Ethics and Compliance Conference, September 2008; Marketing and Technology: Where Are We Headed?, IAPP 2008 Privacy Academy Summit, September 2008; Setting Up Your Systems: International E-Discovery, The Conflict Between E-Discovery and EU Data Protection Law, BNA Advisory Board and Digital Discovery Electronic Evidence Report, September 2008. Moderator: IAPP Navigate Program, A Think-Tank Forum of Privacy Leaders, August 2008; The Identity Protection Network, The Legal Implications of a Data Breach and Building an Optimal Breach Response Plan, Debix, August 2008; The Conflict Between U.S. E-Discovery and EU Data Protection Law, July 2008; Ninth Annual Institute on Privacy and Security Law, Law of Workplace Privacy: U.S. and Global Developments, June 2008; Privacy: A Legal Compliance Issue? SAI Global Privacy Webcast, May 2008; Best Practices for Managing Data Security Breaches, 21st Annual Technology Law Conference of the University of Texas School of Law, May 2008; U.S. Discovery Obligations vs. European Data Protection Law, presentation to Hewlett-Packard, May 2008; Privacy Update: The Red Flags Rule and Proposed Amendments to Regulation S-P, CLIP Seminar, April 2008; Best Practices for Minimizing Risk and Protecting Information Provided to Third Parties, BITS Vendor Management Spring Roundtable, April 2008; How to Minimize Risk When Using Third Party Data Processors: An International Overview, IAPP Privacy Summit 2008, Washington, DC, March 2008; Data Breach and Crisis Management: Initial Response, ALI-ABA Advanced Course of Study on Privacy Law: Developments, Planning and Litigation, March 2008; PCI Data Security Standard, The Estee Lauder Companies Inc., March 2008; Employee Privacy, New York State Bar Association's International Employment Law Conference, March 2008; Data Privacy in a Global Era, Columbia University School of Continuing Education, February 2008, April and December 2007, and November, 2006; How to Protect Yourself from Identity Theft, Hunton & Williams, February 2008; Best Practices for Minimizing Risk and Protecting Information Provided to Third Parties, Seventh National Symposium on Privacy and Security of Consumer and Employee Information, American Conference Institute, January 2008; Privacy and Security in the Workplace, General Dynamics Labor and Employment Law Council, November 2007; How to Protect Against Identity Theft, Jewish Center of the Hamptons, November 2007; Privacy Update, ACC's 2007 Annual Meeting, October 2007; Information Security Breaches: The Legal Landscape, International Association of Privacy Professionals, San Francisco, California, 2007 IAPP Privacy Academy, October 2007; Information Management Issues in the Corporate Enterprise, The Hartford Privacy Council, October 2007; Security Breaches: The Legal Landscape, Kraft Foods Global Compliance Meeting, September 2007; Security Breaches: The Legal Landscape, GE Privacy Leadership Team Audio Conference, August 2007; Privacy 101, GE Privacy Leadership Team Audio Conference, July 2007; E-Discovery: Bridging the Gap Between Legal and IT, Privacy Considerations in Outsourcing, ACC America, July 2007; Understanding the Bad Guys, IAPP's Practical Privacy Series - Data Breach, June 2007; Privacy and Security in the Workplace: Employees as the Problem and Employees as the Victim, PLI's Eighth Annual Institute on Privacy and Security Law: Pathways to Compliance in a Global Regulatory Maze, June 2007; Hot Topics in U.S. Privacy Law, GE Commercial Finance Privacy Summit, June 2007; Security Breaches: The Legal Landscape, IBM Americas Attorney Conference, May 2007; Hot Topics in Privacy and Information Security: Monthly Update, ABA Section of Anti-Trust Law, American Bar Association, May 2007; Responding to Privacy Breaches, 2007 California Identity Theft Summit, April 2007; Data Privacy and Security in a Global Era, The Conference Board's 2007 Antitrust Conference, March 2007; The Privacy Implications of Outsourcing, MBA's CREF Convention, February 2007; Security Breach Notification Requirements, Policies and Benchmarking, ACI, January 2007; Data Breaches: The U.S. Perspective, Hunton & Williams, November 2006; Data Breaches: The U.S. Perspective, Association of Corporate Counsel, November 2006; Security of Guest Data: What Do You Need To Know About Consumer Data?, American Hotel and Lodging Association, November 2006; Recent Developments in U.S. Privacy Law, Philips Electronics North American Region Attorneys' Meeting, November 2006; New and Evolving Challenges for CEOs: Corporate Governance and IT Security, Information Systems Security Association and Georgetown University Law Center, November 2006; Data Breaches: How the U.S. Experience and Forthcoming European Laws Affect Your Company, Hunton & Williams, London, England, November 2006; Responding to a Data Breach, Journal of International and Comparative Law Symposium, Cardozo School of Law, October 2006; The Privacy Implications of Outsourcing: Defining the Issues, 2006 IAPP Privacy Academy, Toronto, Canada, October 2006; U.S. Privacy Law, 2006 HR Legal Department, Pitney Bowes Inc., October 2006; Responding to a Data Breach, GE Global Privacy Summit 2006, September 2006; Overview of Global Privacy Laws, Society for Information Management, September 2006; Protecting Customer Information: What Duties and Liabilities Do Financial institutions Have?, A.S. Pratt & Sons, August 2006; Information Security: A Legal Primer, IQPC, Washington, DC, June 2006; Workplace Privacy and Monitoring: New Developments Affecting the Rights of Employers and Employees, PLI, June 2006; Privacy and Data Security: Emerging Risks and Future Trends, International Association of Privacy Professionals, Charlotte, North Carolina, May 2006; Recent Developments in U.S. Privacy and Information Security, AIJA/ABA, May 2006; Data Breaches: Will You Know What to Do When it Happens to You?, May 2006; Data Breaches: Identification, Investigation, and the Lessons Learned, May 2006; Global Privacy and Information Security, ABA International Section 2006 Spring Meeting, April 2006; Life Under an FTC Order, ABA Antitrust Section 2006 Spring Meeting, March 2006; Cyber Security and Data Breaches, New York City Bar Association, March 2006; Privacy, Security and Data Breaches: Three Perspectives, New York City Bar Association, March 2006; Information Security: Avoiding the Next Data Breach, March 2006; Privacy and Information Security, Law Seminars International, March 2006; Data Breach 101: Will you know what to do when it happens to you?, February 2006; New Developments in Email and Text Message Marketing, Law Seminars International, January 2006; International Privacy Laws and Enforcement: What's New in the EU?, American Conference Institute, January 2006; Privacy in the Workplace, Society for Human Resource Managers, January 2006; Information Management: What Every Lawyer Should Know, Washington Metropolitan Area Corporate Counsel Association, December 2005; Privacy for the 21st Century, National Press Club, December 2005; Privacy and National Security, InfoSecurity Conference, December 2005; Do We Have To Turn Off Our Hotline? SOX vs. European Privacy, Ethics Officer Association, October 2005; Security Risks in 2006, Security Leadership Council Conference, September 2005; The New Role of Records Coordinators: The Connection to Discovery, Compliance Governance and Oversight Counsel, September 2005; The BJ's Wholesale Case and Your New Information Security Requirements, IAPP Audio Conference, September 2005; Conflict Between Sarbanes-Oxley Whistleblower Requirements and EU Data Protection Law, Ethics Officer Association, August 2005; Managing Privacy and Information Security Breaches, The Centre for Information Policy Leadership at Hunton & Williams, June 2005; Privacy: What Every Lawyer Should Know, Practicing Law Institute's 6th Annual Institute on Privacy Law, June 2005; Privacy and Records Management for Financial Institutions, Hunton & Williams, June 2005; Information Management, Metropolitan Life Insurance Company, May 2005; Privacy Issues Arising from Legal Requirements in U.S. and Foreign Jurisdictions, The Association of the Bar of the City of New York, May 2005; Beyond Privacy: Moving Toward Comprehensive Information Policies, Harte-Hanks Forum, May 2005; Managing Privacy and Security Breaches, Nippon Keidanren: Japanese Business Federation, April 2005; Developments in Privacy and Records Management: Is Your Company Ready?, Hunton & Williams and ACC America, February 2005; Developing a Comprehensive, Global Records Management Program, Compliance, Governance and Oversight Council, January 2005; Privacy Overview in the Global Marketplace, Holtzbrinck Publishers, January 2005; Privacy of Health Information in the United States, INSIGHT Information, January 2005; The Intersection of Privacy Law and Records Management, Compliance, Governance and Oversight Council, November 2004; Ethical Concerns in Privacy Law: The New Face of Corporate Governance, New York State Bar Association, October 2004; Outsourcing Symposium: Privacy Issues, Institutional Investor, September 2004; The Privacy Implications of Outsourcing, Law Seminars International, Stamford, Connecticut, June 2004; Privacy Concerns in the Health Care Industry, PLI's Annual Institute on Privacy Law, New York, New York, 2001-2004; HIPAA Overview, HIPAA Privacy Notices, and HIPAA's Security Rule, Lorman Education Services' HIPAA for Employers, New York, March 2004; The Good, Bad and Ugly of Short Form Privacy Notices, International Association of Privacy Professionals Audio Conference, March 2004; Homeland Security: Privacy and Information Security Issues, Pipeline Legal Issues and Policy Conference, Baltimore, Maryland, July 2003; Privacy Issues in Health Care, The Association of the Bar of the City of New York, June 2003; Implementing HIPAA 'Layered' Privacy Notices, Sixth National HIPAA Summit, Washington, DC, March 2003; Layered Privacy Notices, IAPP's Third Annual Privacy and Data Security Summit, Washington, DC, February 2003; Post Enron/Sarbanes-Oxley Records Retention Policies, EH&S Legal Council, Washington, DC, September 2002; The Short Notices Project: Notices that Build Understanding and Trust, Direct Marketing Association, April 2002; Privacy Workshop for Insurance Companies, First Consulting, Kansas City, Missouri, March 2001; Personal Privacy in the 21st Century, Women's Networking Forum, Richmond, Virginia, March 2001; Privacy in Cyberspace, ABA Business Law Section Annual Meeting, Philadelphia, Pennsylvania, March 2001. Author Author and editor, Privacy and Data Security Law Deskbook, Aspen Publishers, July 2010; Author, "Emerging Privacy Issues in Bankruptcy," New York Law Journal, June 2010; "Consumer Groups Say Proposed Privacy Bill is Flawed," The New York Times, May 2010; "Privacy and Data Security Risks in Cloud Computing," Electronic Commerce & Law Report, February 2010; "Preservation and Monitoring of Corporate Messaging," New York Law Journal, November 2009; "FTC's Red Flags Rule: Delays Suggest Confusion on the Part of the Industry," Privacy & Data Security Law Journal, July 2009; "Behavioural Advertising: Legislative Steps," dataprotectionlaw&policy, Volume 6, Issue 7, July 2009; "Proposed HHS Guidance on HITECH Act Breach Notice Obligations," Privacy Law Watch, April 2009; "Proposed HHS Guidance on HITECH Act Breach Notice Obligations," BNA Privacy & Security Law Report and Privacy Law Watch, April 2009; "New Jersey Publishes Pre-Proposal of Rules Protecting Personal Information," Privacy & Data Security Law Journal, April, 2009; "FTC Publishes Red Flags Rule Compliance Guide; Confirms Broad Interpretation of the Rule," Privacy & Information Law Report, Volume 10, April 2009; Interview, "Do you Know Where your Data Is?," Corporate Governance, March 2009; "Massachusetts Revises Information Security Regulations and Extends Compliance Deadline," Privacy & Information Law Report, March 2009; "Massachusetts Revises Information Security Regulations and Extends Compliance Deadline," Lexology/ACC Newsstand, February 2009; "The Stimulus Package and Health Privacy Breaches," Lawdragon, February 2009; "Privacy Enters the Mainstream," IAPP Privacy Advisor, December 2008 - January 2009; "Identity Theft Red Flags and Address Discrepancies Rule,"Our Viewpoint, SAI Global, November 2008; "European Union Data Protection,"Chapter 11 in West's Data Security and Privacy Law: Combating Cyberthreats, 2008; "Surviving an FTC Investigation After a Data Breach," New York Law Journal, September 2008; "Data Security Handbook, ABA Section of Antitrust Law," Data Security Handbook, 2008; "Strategic Information Management," BNA, Inc. Privacy and Security Law Report, September 2008; "U.S. Commerce Department Develops Safe Harbor Certification Mark," IAPP, The Privacy Advisor, September 2008; "Views from Beyond the Beltway: Cyber Security Recommendations from the Experts," CSIS's Commission on Cyber Security for the 44th Presidency, Hunton & Williams Client Alert, May 30, 2008; "The New CAN-SPAM Rule," Hunton & Williams Client Alert, May 29, 2008; "Data Security in 2008," IAPP Privacy Advisor, January 2008; "Keep Your Guard Up: Privacy & Information Management Trends for 2007," Insurance and Technology, December 19, 2006; "Data Protection and the Consumer: Who Loses When Your Data Takes a Hike?" Privacy and Data Security Law Journal, July 2006; "An RFID Code of Conduct," RFID Journal, May 30, 2005; "Remarks to the Data Privacy and Integrity Committee of the Department of Homeland Security," April 5, 2005; "The US CAN-SPAM Act - Is it Working?" Privacy Laws and Business International Newsletter, Issue 76, February 17, 2005; "New Federal Rule on the Disposal of Consumer Information," Privacy Officers Advisor, January 2005; "Testimony on Privacy Issues Associated with the Use of RFID Technology in Health Care Settings," United States Department of Health and Human Services Hearing, January 2005; "Testimony before U.S. Department of Health & Human Services' Subcommittee on Privacy and Confidentiality of the National Committee on Vital and Health Statistics regarding RFID use in Health Care, January 2005; "New Rule on the Disposal of Consumer Information," December 2004; "For the Record - New Risks in Record Management Require New Procedures," NYSBA's Inside, December 2004; "New Security Standards for Businesses that Maintain Personal Information," CGOC Review, October 1, 2004; "California Online Privacy Protection Act of 2003: New Requirements for Online Privacy Policies," June 2004; "The CAN-SPAM Act's Impact on Legitimate Business," New York Law Journal, March 1, 2004; "New Federal Anti-Spam Law: The CAN-SPAM Act," January 2004; "Sending Commercial E-mail: How CAN-SPAM Impacts Your Business," October 1, 2003; "For the Record - New Risks in Records Management Require New Procedures," New York Law Journal, August 12, 2003; "Document Retention Programs: Managing New Risks," May 2003; "Using Layered HIPAA Notices to Build Trust, In Confidence," March 1, 2003; "New California Law Requires Companies to Notify Customers of Computer Security Breaches," February 2003; "The Impact of HIPAA's Privacy Rule on Employers," June 2002; "The Impact of Privacy Requirements on Health Plans," On Managed Care, October 1, 2001; "New Privacy Requirements for Health Information," The Practical Lawyer, September 1, 2001; "The Push for Privacy," Best's Review, June 1, 2001. Chapter Co-Author: "European Union Data Protection, Data Security and Privacy Law-Combating Cyberthreats," West 2007. Co-Author: "Data Breach! Correct Response Crucial," New York Law Journal, May 29, 2007; "A How-To Guide to Information Security Breaches, Privacy and Information Law Report," IAPP Privacy Advisor, BNA's Privacy and Security Law Report, May 2007; "Do-Not-Mail Bills Introduced in 10 States," Hunton & Williams Client Alert, April 2007; "Nationwide Building Society is Fined 980,000 ($1.9 Million): Has the European Data Protection Enforcement Framework Suddenly Changed?" BNA's Privacy and Security Law Report, March 5, 2007; Nationwide: Movements Towards a Notification Regime," Data Protection Law and Policy, February 2007; "An Employer's Guide to U.S. Workplace Privacy Issues," The Computer and Internet Lawyer, January 2007; "Privacy Primer: An Overview of Global Data Protection Laws, 2006; "Sounding the Alert on Data Breaches," New York Law Journal, July 20, 2006; "What Every U.S. Employer Should Know About Workplace Privacy (Part Two)," ALM's Privacy and Data Protection Legal Reporter, June 2006; "What Every U.S. Employer Should Know About Workplace Privacy (Part One)," ALM's Privacy and Data Protection Legal Reporter, May 2006; "Company Had No Duty to Encrypt Personal Information on Stolen Laptop," ALM's Privacy & Data Protection Legal Reporter, April 2006; "Workplace Privacy: What Every U.S. Employer Should Know," Practicing Law Institutes Seventh Annual Institute on Privacy Law; "New Guidance on Whistleblower Hotlines in the EU," ALM's Privacy and Data Protection Legal Reporter, April 2006; "Court Finds Company Had No Duty to Encrypt Personal Information on Stolen Laptop," March 2006; "New Guidance on Authentication," Privacy and Data Security Law Review, February 2006; "Retailer Liable for Failing to Protect Customer Data," December 2005; "The Whistleblower Hotline Quandary, Financial Executive," October 1, 2005; "Defusing the Privacy Bomb," Executive Counsel, May 2005; "Forge a Master Lock for Data," Electronic Banking Law and Commerce Report, March 2005; "Partnering with Terrorists? Are You Sure?" Franchising World, February 2005; "Privacy Considerations for Stored Value Cards," Journal of Payment Systems Law, February 2005; "Forge a Master Lock for Data," Legal Times, January 17, 2005; "Preserving Electronic Evidence: Is Zubulake V a Gift or a Bomb?" Expert Evidence Report, August 23, 2004; "Expected Modifications to HIPAA's Privacy Requirements," Advance for Health Information Professionals, October 26, 2001. Keynote Speaker: The Evolution of Global Privacy Law, IBM's 2006 Security and Privacy Day, November 2006; The State of U.S. Privacy Law, CSO Privacy Seminar, June 2006. Panelist: When Things Go Wrong: Planning for and Responding to Data Breaches, Federal Trade Commission Public Workshop on Protecting Personal Information, Best Practices for Business, April 2008; Information Ethics in a Web 2.0 World, Microsoft and Ponemon Institute Roundtable, April 2008; Data Protection and Employee Monitoring: A Transatlantic Perspective, ABA International Spring Meeting, April 2008. Moderator, Model Privacy Notices: What You Need to Know; 8 Federal Agencies Ask for Industry Engagement, IAPP Audio Conference, April 2007. Co-Chair and Speaker, A Global Perspective on Data Security Breaches and Enforcement, IAPP Privacy Summit 2007, March 2007. Co-Chair: American Conference Institute's 6th National Forum on Privacy and Security of Consumer Information, January 2007; Ensuring Privacy and Security of Consumer Information, American Conference Institute, January 2006. Memberships Member, DataGuidance Panel of Experts, 2008; Vice Chairperson, Department of Homeland Security's Data Privacy and Integrity Advisory Committee, 2005 - 2009; Appointee Department of Homeland Security's Data Privacy and Integrity Advisory Committee, 2010; Past Chair, Hunton & Williams New York Office Pro Bono Committee, 1994 - 2005. Co-Chair, International Privacy Law Committee, New York State Bar Association, 2007; Member, Law and Ethics Advisory Board, SAI Global, 2005. |