Official website of the Department of Homeland Security
Privacy Office - DHS Data Privacy and Integrity Advisory Committee Membership
This is a listing of the membership of the DHS Data Privacy and Integrity Advisory Committee.
Sponsor: Jonathan Cantor, Acting Chief Privacy Officer
Executive Director: Sandra L. Taylor, Director of Administration, DHS Privacy Office
Biographies of Members
Chair: Lisa J. Sotto, managing partner of Hunton & Williams LLP’s New York office and chair of the firm’s top-ranked Global Privacy and Cybersecurity practice. Ms. Sotto was named among The National Law Journal’s “100 Most Influential Lawyers” in 2013. She was voted the world’s leading privacy advisor in Computerworld’s three most recent annual surveys and was recognized by Chambers and Partners as a “Star” performer for Privacy & Data Security; she was the only privacy lawyer in the U.S. to receive this distinguished ranking. Ms. Sotto also is recognized as a “leading lawyer” in the 2013 edition of The Legal 500 United States. She was named one of Ethisphere Magazine’s 2013 “Attorneys Who Matter,” listing attorneys who “have risen to the top.” She was featured as “The Queen of Breach” in an article by New York Super Lawyers Magazine. Ms. Sotto is the editor and lead author of the legal treatise entitled Privacy and Data Security Law Deskbook, published by Aspen Publishers, Wolters Kluwer Law & Business. She is a member of the family of a 9/11 victim.
Jim Adler, Vice President of Products and Chief Privacy Officer, Metanautix, Los Altos, CA. Metanautix is a big data startup focused on data management and analysis for large enterprises. Most recently, Mr. Adler served as the first Chief Privacy Officer and Vice President of Data Systems at Intelius, an organization that provides businesses and consumers with background checks, public record searches, and predictive intelligence. At Intelius, he led big data technology teams, privacy efforts, consumer advocacy outreach, and negotiations with the U.S. Senate and the Federal Trade Commission. Mr. Adler is a frequent public speaker and author on the power of data, privacy, security, and identity technologies.
Sharon A. Anolik, President, Privacy Panacea, San Francisco, CA. Ms. Anolik provides strategic privacy advisory services to companies. She has served as the Global Privacy Risk and Strategy Leader for a Fortune 15 healthcare company, the Chief Privacy Officer for a public technology company, and the legal counsel for numerous others where she has led privacy program governance and operations and advised on applications of big data and privacy innovation. Ms. Anolik clerked for the California Supreme Court and was an adjunct professor of Cyberlaw and Privacy at Golden Gate University School of Law. Ms. Anolik is a frequent industry speaker, co-inventor of a privacy indicator method patent (pending), and serves on several privacy advisory boards.
K. Suzanne Barber, Professor of Electrical and Computer Engineering at the University of Texas at Austin. Ms. Barber is Director of the University’s Center for Identity, an effort of federal and state government and private-sector entities to develop identity management applications, to conduct education and outreach, and to combat identity management threats and fraud.
Craig W. Bennett, Vice President, Chief Compliance and Privacy Officer at Lahey Health System, a non-for-profit integrated health care delivery system affiliated with Tufts University Medical School. Lahey Health provides care across the entire health care continuum through a robust and distributed network of acute care hospitals, ambulatory centers, physician practice sites (both employed and private practice), behavioral health facilities, home health organizations, and care management centers. Mr. Bennett is responsible for the day-to-day operations of the systems compliance and privacy program at Lahey Health to promote compliance and best business conduct practices and solutions to prevent occurrence of illegal, unethical, or improper conduct.
Allen Brandt is the Executive Director and Chief Privacy Officer at the Depository Trust and Clearing Corporation (DTCC), an organization processing securities and other transactions for the global financial markets. Previously, Mr. Brandt was the Director, Corporate Counsel and the Chief Privacy Official for the Graduate Management Admission Council®. He provided legal guidance and counsel on U.S. and global consumer privacy issues, created the organization’s data protection policies and procedures, and worked with regulators to enable enhanced exam security using new technologies. His experience includes integrating privacy awareness and implementation throughout the organization and has presented privacy programs to the European Commission and European Data Protection Supervisor, as well as to the U.S. Federal Trade Commission, U.S. Department of Commerce, and U.S. Department of State.
Alan Broder, Adjunct Professor of Computer Science at Yeshiva University, New York, and chair of the Department of Computer Science at Stern College for Women. Mr. Broder has over 30 years of experience designing and leading the development of large scale data exploitation systems on parallel architectures. Mr. Broder advises on technology policy and strategic issues related to entity disambiguation, privacy protection, and data quality in the context of Big Data analytics.
James M. Byrne, Chief Privacy Officer and Associate General Counsel for Lockheed Martin Corporation, Bethesda, MD. Prior to joining Lockheed Martin, Mr. Byrne was a career Senior Executive Service official with over 20 years of professional experience in the military and federal government, including several years as a federal international narcotics prosecutor and deployed Marine infantry officer. Prior to leaving the government Jim served as the Deputy Special Counsel with the Office of the U. S. Special Counsel. He also served overseas with the Office of the Special Inspector General for Iraq Reconstruction. Mr. Byrne serves on the board of directors for the International Association of Privacy Professionals.
Joshua Galper, Chief Policy Officer and General Counsel of Personal.com, Washington, D.C. Mr. Galper oversees legal, privacy, and public policy activities and is co-head of security for Personal, the industry-leading personal data vault, private networking, and identity management solution. He was previously a partner at Orrick, Herrington & Sutcliffe, where he co-led the legal crisis management and strategic response practice, handling high-profile litigation, investigations, and controversies for clients in the U.S. and abroad, and, before that, an associate in Sidley Austin’s privacy and internet law practice. Mr. Galper has been named a Privacy by Design ambassador, is a member of the World Economic Forum's Rethinking Personal Data Project, and has taught at Georgetown University Law Center.
Melodi (Mel) M. Gates, CIPP/US, Senior Legal Editor, Intellectual Property & Technology Service, Privacy & Data Security, Thomson Reuters Practical Law, Denver, CO. Previously, Ms. Gates was a senior associate at Squire Patton Boggs (US) LLP, practicing in the areas of cybersecurity, privacy, technology, and administrative law. Prior to practicing law, she worked for over twenty years in technical and leadership roles in the telecommunications industry, last serving as chief information security officer (CISO) for Qwest Communications International, Inc. (now part of CenturyLink) from 2002-2009.
Lynn Goldstein, Chief Data Officer, Center for Urban Science + Progress at New York University, Brooklyn, NY. Prior to joining New York University, Ms. Goldstein was the Chief Privacy Officer and Privacy General Counsel for JPMorgan Chase and the Chief Privacy Officer for Bank One. Also at Bank One, Ms. Goldstein was General Counsel for the credit card company and Head of Litigation. Prior to joining JPMorgan Chase and predecessor entities, Ms. Goldstein was in private practice and clerked for a federal judge. She is a lawyer, a Senior Scholar of the Information Accountability Foundation, a Certified Information Privacy Professional, and a frequent speaker on privacy topics.
Joanna L. Grama, Director of IT Governance, Risk, and Compliance and Cybersecurity Programs, EDUCAUSE, a nonprofit association committed to advancing higher education, Louisville, CO. Ms. Grama has experience in higher education information security policy and compliance activities related to the security and privacy of personally identifiable information. She was the former Information Security Policy and Compliance Director for Purdue University, IN.
Debbie Matties, Vice President, Privacy, CTIA-The Wireless Association, Washington, DC. Ms. Matties works with CTIA members on industry best practices and leads CTIA’s efforts to educate policymakers and consumers about the options wireless companies offer to protect personal information. She also serves as the association’s primary liaison with government agencies and their representatives on privacy issues. Before joining CTIA, Ms. Matties was the Senior Attorney Advisor for Consumer Protection to former Federal Trade Commission Chairman Jon Leibowitz. She played an integral role in Commission privacy policy reports, legislation, testimony, consumer and business education, and law enforcement. Ms. Matties has a Juris Doctor with highest honors from George Washington University Law School and a Bachelor of Arts cum laude in biology from the University of Pennsylvania.
Joanne McNabb, Director of Privacy Education and Policy, Privacy Enforcement and Protection Unit, California Department of Justice. The Unit protects Californians’ constitutionally guaranteed right to privacy, enforces state and federal privacy laws, educates consumers and businesses, and makes recommendations to the Attorney General on privacy matters. Ms. McNabb is a Certified Information Privacy Professional, with specializations in Government and Information Technology, and is a Fellow of the Ponemon Institute, a research center on privacy, data protection and information security policy. From 2001 until 2012, Ms. McNabb directed the California Office of Privacy Protection, which was a resource and advocate on privacy issues. Before that she worked in public affairs and marketing, in both the public and private sectors, including five years with an international marketing company in France. She attended Occidental College and holds a master’s degree in Medieval Literature from the University of California, Davis.
Sarah Morrow, HIPAA Privacy Officer for the University of New Mexico and the Health Sciences Center Chief Privacy Officer, where she is responsible to investigate non-compliance issues with HIPAA; HIPAA complaint investigations; Complaint resolutions; Breach notification; OCR correspondence; HHS reporting; and Business associate agreements and contracts privacy clauses review. She is also the university's subject matter expert in privacy and higher education and serve as a resource for the academic side, medical side, the clinics and hospitals, research and general administration.
Greg Nojeim, Director, Freedom, Security, and Technology Project, Center for Democracy and Technology, Silver Spring, MD. Mr. Nojeim is a former legislative counsel for the American Civil Liberties Union responsible for national security, immigration, and privacy.
Charles Palmer, Chief Technology Officer, Security and Privacy, Associate Director of Computer Science Research at IBM, Yorktown Heights, NY. Dr. Palmer manages the Security, Networking, and Privacy Departments at the IBM Thomas J. Watson Research Center, where various teams around the world are developing privacy-related technology and exploring how technology can help preserve privacy while improving data quality.
Julie Park, Manager, Data Privacy Office, The Church of Jesus Christ of Latter-day Saints, Salt Lake City, UT. Ms. Park manages the global privacy program for the Church and oversees compliance with global data privacy laws and regulations. Ms. Park is also an adjunct instructor at Weber State University, teaching Information Technology for the John B. Goddard School of Business & Economics.
Christopher Pierson, Executive Vice President, Chief Security Officer and Chief Compliance Officer for LSQ Holdings, Orlando, FL. Dr. Pierson oversees LSQ’s cybersecurity and compliance program and is also a Distinguished Fellow of the Ponemon Institute. Prior to joining LSQ, Dr. Pierson was the Senior Vice President and first Chief Privacy Officer for the Royal Bank of Scotland’s U.S. banking operations and a corporate attorney for Lewis and Roca. Dr. Pierson was President and Chairman of the Board of the InfraGard Phoenix Member’s Alliance, Inc., from 2003-2007 and served on the Arizona Office of Homeland Security’s Homeland Security Coordinating Council from 2003-2006.
Tracy Ann Pulito-Michalek, Executive Director, Global Privacy Compliance, JPMorgan Chase & Company, where she is responsible for JP Morgan’s privacy compliance approach and integration on how to protect sensitive and personal data relating to customers, clients, employees, and others. Tracy is responsible for the oversight and controls relating to safeguarding data from a privacy perspective to include developing JP Morgan’s framework for privacy compliance relating to data protection, developing privacy processes and tools, managing project workstreams and personnel (who may be drawn from multiple departments), running project action plans/deliverables, and raising risks to senior leaders.
Russell Schrader, Chief Privacy Officer and Senior Vice President for Visa, Inc., San Francisco, CA. Mr. Schrader has primary legal responsibilities for a broad range of complex enterprise risk, privacy, data protection, cybersecurity, technology, and payment systems policies and issues. He is a principal legal liaison with Visa system stakeholders and attorneys on worldwide regulatory issues. Mr. Schrader is also a Director of the Council of Better Business Bureaus and an advisor to a number of privacy and data security groups.
Jeewon Kim Serrato is a counsel and co-lead of the Global Privacy and Data Protection Practice at Shearman & Sterling. She handles a variety of counseling, litigation, crisis management and transactional matters for clients facing data privacy and cybersecurity issues. Prior to joining Shearman, Ms. Serrato served as the Chief Privacy Officer at Fannie Mae, where she led the organization’s privacy risk assessments, reviewed its operations from a privacy and cybersecurity perspective, and handled data security incidents. She is a member of the Chief Information Security Officer Group on the Dell Security Solutions Advisory Board.
Barry Steinhardt, Senior Advisor and Trustee, Privacy International. Now retired, Mr. Steinhardt served from 1993-2009 in various leadership roles in the American Civil Liberties Union, most recently as Director of the ACLU’s Technology and Liberty Project working on issues including airline passenger screening, video surveillance, database privacy, and border security.
C.M. Tokë Vandervoort, Vice President, Deputy General Counsel, Under Armour. Ms. Vandervoort has more than 20 years experience providing strategic legal counsel to major U.S. technology companies on intellectual property and technology development with additional responsibility to collaborate with technology teams to develop and operationalize privacy, network and information security policies, as well as related compliance program integration, training and incident management. Prior to joining Under Armour in early 2016, she was the Vice President and Assistant General Counsel for Technology, Privacy & Security at XO Communications, and served as Chief Privacy Officer, and preciously held senior legal positions at EDS and MCI.
Marjorie S. Weinberger, Legal Counsel to the Massachusetts Department of Transportation (MassDOT) and Information Security Officer for the MassDOT Registry of Motor Vehicles Division. Ms. Weinberger is responsible for development and implementation of policies and procedures for protecting personal information held in the State’s database of over five million licensing and registration records.
Richard Wichmann, Privacy and Risk Officer for Bupa Latin America, based in Miami, FL. Mr. Wichmann is responsible for the oversight, maintenance, and training on corporate compliance programs in the areas of Information Governance, Anti-money Laundering, and OFAC/Sanctions screening, in addition to corporate Risk Management. Mr. Wichmann was formerly Privacy Officer for Assurant Solutions and Assurant Specialty Property.