
Privacy
Remaining connected in today's virtual world comes easy. However, keeping your personal information, photos and finances private does not come as easy. Hear from industry leaders on how to keep your personal information safe as well as how to safeguard the privacy of those using your services.
Privacy

Ginger Armbruster
Chief Privacy Officer, City of Seattle
As the City of Seattle's Chief Privacy Officer, Ginger Armbruster leads a team of privacy specialists in the execution of the City's Privacy Program, following a principles-based approach to the City's management of the public's personal and sensitive information. Prior to this role, she worked for Microsoft on an international team of privacy specialists to resolve issues associated with multi-million-dollar marketing initiatives. Before moving into privacy, she spent the first 20 years of her career working in sales and marketing for Fortune 500 companies such as IBM, Hewlett-Packard and Johnson & Johnson, as well as several medical technology startup companies.

Sadia Mirza
Attorney, Cybersecurity, Information Governance and Privacy Practice Group, Troutman Pepper
Sadia Mirza is part of the Cybersecurity, Information Governance and Privacy practice group at Troutman Sanders, and is also part of the Financial Services Litigation practice group. She provides strategic privacy compliance counseling, and defends, counsels and represents companies on matters relating to data privacy, data use, and incident response and investigation, with an eye towards helping clients avoid litigation. Additionally, she has experience with the California Consumer Privacy Act of 2018 (CCPA), the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA), as well as various other laws concerning privacy and cybersecurity. Mirza's in-house background allows her to understand the issues and concerns clients have and guide them toward resolution in a clear and efficient way. She has worked with clients from a variety of industries, including financial institutions, consumer reporting agencies, insurance companies, healthcare providers, and data and analytics providers. Prior to becoming an attorney, Mirza worked for JPMorgan Chase and Washington Mutual Bank. Her ongoing interest in the financial services industry led her to pursue an LL.M. in banking and finance after graduating from law school.

Randy Sabett
Special Counsel, Cyber/Data/Privacy Practice Group, Cooley LLP
A former NSA crypto-engineer, Sabett brings to Cooley LLP his extensive experience in data security, privacy, licensing and IP. Sabett has managed numerous data breach responses involving major retailers, financial and healthcare organizations, and on-line service providers. He served on the Commission on Cybersecurity for the 44th Presidency and has been recognized as a leader in privacy and data security in the 2007-2014 editions of Chambers USA. Sabett is a member of the board for the Georgetown Cybersecurity Law Institute and the Northern Virginia chapter of ISSA. He also is a frequent lecturer and author, and has appeared on or been quoted by a variety of national media sources.

Randy Sabett
Special Counsel, Cyber/Data/Privacy Practice Group, Cooley LLP
A former NSA crypto-engineer, Sabett brings to Cooley LLP his extensive experience in data security, privacy, licensing and IP. Sabett has managed numerous data breach responses involving major retailers, financial and healthcare organizations, and on-line service providers. He served on the Commission on Cybersecurity for the 44th Presidency and has been recognized as a leader in privacy and data security in the 2007-2014 editions of Chambers USA. Sabett is a member of the board for the Georgetown Cybersecurity Law Institute and the Northern Virginia chapter of ISSA. He also is a frequent lecturer and author, and has appeared on or been quoted by a variety of national media sources.

Ilker Taskaya
Principle Solutions Engineer, Delphix
Ilker Taskaya currently serves as Principle Solutions Engineer for Delphix. Having begun his career 25 years ago as a database analyst in the financial services sector, he has specialized in financial services and healthcare industry data security solutions and holds a number of patents in the data security field. Prior to 2006 Taskaya consulted in data warehousing for clients in financial services, insurance, and health care.

Ginger Armbruster
Chief Privacy Officer, City of Seattle
As the City of Seattle's Chief Privacy Officer, Ginger Armbruster leads a team of privacy specialists in the execution of the City's Privacy Program, following a principles-based approach to the City's management of the public's personal and sensitive information. Prior to this role, she worked for Microsoft on an international team of privacy specialists to resolve issues associated with multi-million-dollar marketing initiatives. Before moving into privacy, she spent the first 20 years of her career working in sales and marketing for Fortune 500 companies such as IBM, Hewlett-Packard and Johnson & Johnson, as well as several medical technology startup companies.

Kelsey Finch
Senior Counsel, Future of Privacy Forum
Kelsey Finch, currently serves as Senior Counsel at the Future of Privacy Forum. She leads the FPF Smart Cities Working Group, and serves as an expert and thought leader across the country through speaking engagements, media interviews, and interaction with state and federal regulators and strategic partners. Before joining FPF, Finch was an inaugural Westin Fellow at the International Association of Privacy Professionals, where she produced practical research on a range of privacy topics and edited the FTC Privacy Casebook.

Chris Niggel
Senior Director of Security and Compliance, Okta
Chris Niggel currently serves as the Senior Director of Security and Compliance at Okta, where he is responsible for corporate compliance, application assessment, and responding to customer security inquiries. Prior to Okta, Niggel spent 6 years leading the adoption of Cloud Technologies at LinkedIn, helping them grow from 350 to over 6,800 employees. He started his career designing, developing, and delivering content management, system administration, and messaging solutions for customers such as Nestle, Cisco, AMD, Telus, and the US Department of Defense.

Randy Sabett
Special Counsel, Cyber/Data/Privacy Practice Group, Cooley LLP
A former NSA crypto-engineer, Sabett brings to Cooley LLP his extensive experience in data security, privacy, licensing and IP. Sabett has managed numerous data breach responses involving major retailers, financial and healthcare organizations, and on-line service providers. He served on the Commission on Cybersecurity for the 44th Presidency and has been recognized as a leader in privacy and data security in the 2007-2014 editions of Chambers USA. Sabett is a member of the board for the Georgetown Cybersecurity Law Institute and the Northern Virginia chapter of ISSA. He also is a frequent lecturer and author, and has appeared on or been quoted by a variety of national media sources.

Aravind Swaminathan
Global Co-Chair Cyber, Privacy & Data Innovation Orrick, Herrington & Sutcliffe LLP
Aravind Swaminathan currently serves as the Global Co-chair of Orrick's internationally recognized Cyber, Privacy & Data Innovation practice which "combines strategic thinking with a proactive approach" to address global data privacy requirements and proactively reduce security risk, while protecting clients when their future is on the line. As a strategic cybersecurity advisor, Aravind collaborates with his clients to proactively plan for a crisis and develop strategies to protect their business and brand. He guides everyone from large public company financial institutions to start-up technology companies to critical infrastructure providers through incidents, and develops business- and brand-centric tactics to mitigate and manage risk. He has directed more than 150 cybersecurity and data breach investigations, including those with national security implications. With extensive trial and litigation experience, he also defends his clients when cyber, privacy, and payments issues lead to regulatory investigations by the SEC, DOJ, FTC, and state Attorneys General and other litigation, including class action litigation and shareholder derivative suits. Aravind's background as an Assistant United States Attorney and Computer Hacking and Intellectual Property Section gives him first-hand understanding of federal agencies that allows him to swiftly navigate the system, partner with investigators and find creative solutions for his clients.

James Lloyd
Privacy Investigations & Disputes Lawyer, PwC
James Lloyd is a lawyer in PwC's Contentious Data Privacy team. He help clients faced with disputes over data privacy, whether as the result of a regulatory investigation, a dispute with a third party, or in connection with a cyber breach. He has led the response to investigations by various regulatory bodies and parliamentary select committees and have extensive experience bringing and defending associated civil litigation against private parties and public bodies. Lloyd has particular expertise helping clients who are subject to regulatory action by the UK's Information Commissioner's Office, whether as a result of enforcement, or as the consequence of a notification following a cyber breach.

Polly Ralph
Barrister and Solicitor, UK Data Protection Strategy, Legal and Compliance Services, PwC
Polly Ralph currently serves as a Director and member of the leadership team in PwC's Data Protection Strategy, Law and Compliance Services practice. She started her career in data protection/privacy in 2004, as an Investigations Lead at the New Zealand Privacy Commission. Since then, she has worked as a Privacy lawyer at the New Zealand Police National Headquarters, Senior Privacy Counsel at the BBC, and Group DPO at Domestic & General (a UK-headquartered insurance company). Since joining PwC UK in January 2016, Ralph has led large-scale GDPR projects and advised on ePrivacy, marketing, outsourcing, technology and international transfer issues. She has deep experience leading GDPR training sessions, including for PwC's international network of firms.

Miguel Jacinto
Chief Information Security Officer & Data Protection Officer no EuroBic - Banco BIC Português, SA

Pedro Machado
Country Senior Director | Data Protection Officer, Grupo Ageas Portugal

Jaymin Desai
Offering Manager, OneTrust
Desai serves as the Offering Manager at OneTrust VendorpediaTM - part of the largest and most widely used technology platform to operationalize third-party risk, security, and privacy management. In his role, Desai is responsible for driving the development and delivery OneTrust's third party risk management product as well as driving the refinement of the toolset and offerings. He works with clients to centralize their vendor information across business units, assess risks based on use cases and relevant standards like CSA, CAIQ, SIG, GDPR and CCPA while also monitoring threats to seamlessly mitigate vendor risks throughout the engagement lifecycle. Desai takes a customer-based approach to product development and derives the majority of his backlog from customer feedback and direction.

Michelle Dennedy
Chief Privacy Officer, Cisco
Michelle Finneran Dennedy is Vice President and Chief Privacy Officer at Cisco. Throughout her career, she has led security and privacy initiatives, ranging from regulatory compliance, privacy engineering, advocacy and education efforts, and litigation at companies including Cisco, and previously McAfee/Intel Security, Oracle, and Sun Microsystems. She founded The iDennedy Project, which seeks to change how people think about information and data, and co-authored The Privacy Engineer's Manifesto: Getting from Policy to Code to QA to Value.

Robert Waitman
Director, Data Valuation, Cisco
Robert Waitman is a Director in Cisco's Privacy Office, where he specializes in quantifying the business benefits of privacy policy and helping organizations better value and manage their information assets. Over his 16-year career at Cisco, he has helped many organizations improve their use of network-based applications and delivered over $100 million in improvement opportunities. He also led Cisco's Wealth Management Practice, helping drive innovative changes at wealth management firms and gaining media attention for his research findings in The Wall Street Journal, Barron's, and American Banker. Previously, Waitman was an Associate Principal at McKinsey & Company, where he focused on strategy, technology, and payment issues facing financial institutions and authored numerous articles in The McKinsey Quarterly.

Vinit Goenka
Member Governing Council, CRIS - Center for Railway Information System, Organisation Under Ministry of Railways
Vinit Goenka currently serves as a member of the Governing Council, CRIS - Center for Railway Information System Organisation Under Ministry of Railways. He is an active politician with expertise in the field of Information Technology, Transportation & Infrastructure and Agriculture. He is a Member of the Task force IT in the Ministry of Road, Transport & Highways and Shipping, Government of India where he works on the several nationwide IT initiatives in the context of Minimum Government Maximum Governance. Goenka has served the BJP as its National Co-convener of the BJP central IT Cell where he spearheaded the Digital Strategy of the party in the run up to the general elections of 2014 & various other elections since 2006. His contribution in the land slide victory of the BJP has been widely recognized by various sections of the party, media and the society.

Matthew Maglieri
CISO, Ruby, parent company of Ashley Madison
Matthew Maglieri is the Chief Security Officer at Ruby, the parent company to several leading online dating brands including AshleyMadison.com. He is responsible for leading the architecture, development, and ongoing operation of Ruby's enterprise security program. Prior to joining Ruby, he served in a leading role developing Mandiant's Canadian practice and delivering a diverse range of strategic and technical consulting services including offensive red team operations, security operations center enhancement, and strategic transformation engagements.

Shivangi Nadkarni
Co-Founder & CEO, Arrka Consulting
Nadkarni has over 20 years of experience in the domains of information risk & privacy, e-commerce & networks. She has handled multiple roles over the years at Sify and Wipro - which include heading the global application security & identity management practice at Wipro, setting up India's first licensed certifying authority for digital signatures in collaboration with Verisign at Sify, launched and managed the first enterprise IP network services in India at Sify, etc. She set up Arrka Consulting - her own venture - a few years ago. Arrka provides consulting, advisory and training services in the information risk & privacy domain, Nadkarni has recently authored the first book on Data Privacy in India for DSCI, as part of their new privacy certification program - DCPP.

Vicky Shah
Advocate, Data Privacy Professional
Vicky D. Shah looks after Cyber Security Initiatives and National Skills Registry (NSR Initiative) at NASSCOM, the premier trade body and the 'Chamber of Commerce' for the IT and ITES-BPO industry in India. Having spent over four years in this role, he is responsible for initiatives focused at creating an enabling environment in India for information security and compliance. The ongoing programmes at NASSCOM towards this objective include creating awareness about the Information Security Issue using the public private partnership platform.

Venkatesh Subramaniam
Global CISO & Privacy Head, Olam International, Singapore
Subramaniam is the global CISO of Olam International where he is responsible for all aspects of the security program. He has more than 27 years of experience in information security and management, and has worked in critical sectors including finance and telecom, and in Fortune 50 companies globally. He is also the global head of privacy and is responsible for ICS/OT Security for over 80 factories globally.

Anuj Tewari
CISO, HCL Technologies
Anuj Tewari currently serves as CISO for HCL Technologies. Prior to joining HCL, he was Head of Managed Cybersecurity Services and Risk Management Services at CSC. Throughout his career, Tewari has focused on cybersecurity strategy and risk management of large-scale, global service operations.
Cybersecurity and Patient Privacy in Healthcare: The Balancing Act
Jennings Aske - New York-Presbyterian , Steve Chabinsky - White & Case , Joshua Corman - Healthcare Sector , Mark Eggleston - Health Partners Plans , Marianne Kolbasuk McGee - HealthcareInfoSecurity , Dave Summitt - H. Lee Moffitt Cancer Center and Research Institute • •
Start this Session
Jennings Aske
CISO, New York-Presbyterian
Aske is the CISO for New York-Presbyterian. Prior to this he was VP Information Security & Chief Security Officer of Nuance Communications as well as Chief Information Security and Privacy Officer of Partners HealthCare. Prior to Partners, Aske was the Chief Information Security Officer for UMass Memorial Hospital. Aske was also the Chief Information Security Officer for the Commonwealth of Massachusetts's Executive Office of Health and Human Services, responsible for coordinating information security across the 16 state agencies. Aske is a licensed attorney in the Commonwealth of Massachusetts.

Steve Chabinsky
Global Chair of Data, Privacy and Cybersecurity, White & Case
Steve Chabinsky is an attorney and global chair of data, privacy and cybersecurity, White & Case, commissioner of the President's Commission on Enhancing National Cybersecurity, and former deputy assistant director for cyber at the FBI. He serves as a commissioner on the President's Commission on Enhancing National Cybersecurity, is the cyber columnist for Security magazine, and holds an adjunct faculty position at George Washington University. Chabinsky is a frequent corporate speaker on cyber risk mitigation, and has testified numerous times before the House and Senate on cybersecurity matters. His career includes having served in the Federal Bureau of Investigation as deputy of the Bureau's Cyber Division and Chief of its Cyber Intelligence Section. He can be followed on Twitter @StevenChabinsky.

Joshua Corman
CISA, Chief Strategist, Healthcare Sector
Joshua Corman is a Founder of I am The Cavalry (dot org), and serves as Chief Strategist for CISA regarding COVID, healthcare, and public safety. He previously served as CSO for PTC, Director of the Cyber Statecraft Initiative for the Atlantic Council, CTO for Sonatype, and other senior roles. He co-founded RuggedSoftware and IamTheCavalry to encourage new security approaches in response to the world’s increasing dependence on digital infrastructure. His unique approach to security in the context of human factors, adversary motivations, and social impact has helped position him as one of the most trusted names in security. He also serves as an Adjunct Faculty for Carnegie Mellon’s Heinz College, and was a member of the Congressional Task Force for Healthcare Industry Cybersecurity.

Mark Eggleston
VP, CISO and CPO, Health Partners Plans
Eggleston is vice president, CISO and chief privacy officer at Health Partners Plans, a Philadelphia-based HMO. He leads the maturation of various security technologies and privacy initiatives and manages a business continuity and disaster recovery program. Eggleston started his professional career serving as a program manager and psychotherapist at a hospital serving children and adolescents. Later, he helped develop a HIPAA privacy and security compliance program for a geographically dispersed healthcare provider organization and later at a local health plan, before moving to his current role.

Marianne Kolbasuk McGee
Executive Editor, HealthcareInfoSecurity, ISMG
McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Dave Summitt
CISO, H. Lee Moffitt Cancer Center and Research Institute
Summitt is CISO of the H. Lee Moffitt Cancer Center and Research Institute, Tampa, Fla. Summit has more than 25 years of experience in IT across the federal and private sectors with a focus on information systems, network and engineering operations and cybersecurity initiatives. Before entering the healthcare sector, Summitt had a 21-year federal career with the Department of Defense where he held various roles including the Naval Sea Systems Command's Technical Representative for a major missile defense program, security data custodian, Information Systems Security Officer, Data and Configuration manager and Change Control chairman for several military programs.
The Evolving Regulatory Environment and Its Impact on Privacy and Security of Online Medical Records
Vikrant Arora - Hospital for Special Surgery , Marianne Kolbasuk McGee - HealthcareInfoSecurity , Mitch Parker - Indiana University Health System , Iliana Peters - Polsinelli , Anahi Santiago - Christiana Care Health System • •
Start this Session
Vikrant Arora
CISO, Hospital for Special Surgery
Vikrant Arora is a credentialed business leader with more than 15 years of experience in developing enterprise security and risk management programs in the healthcare, government and education sectors in North America and Asia. In his former role as the assistant vice president and chief information security and risk officer at NYC Health & Hospitals, an integrated system of 11 hospitals, clinics, nursing homes and home care in New York City, Arora is focused on security strategy, business risks, regulatory compliance and securing clinical systems as well as biomedical devices.

Marianne Kolbasuk McGee
Executive Editor, HealthcareInfoSecurity, ISMG
McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Mitch Parker
CISO, Indiana University Health System
Parker is CISO at University of Indiana Health, based in Indianapolis. He formerly served as CISO at the four-hospital Temple University Health System as well as CISO for Temple's clinical faculty practice plan, Temple University Physicians. Previously, he was an information security consultant to the Defense Logistics Agency and others.

Iliana Peters
Shareholder, Healthcare Security, Polsinelli
Iliana Peters currently serves as a shareholder at Polsinelli, charged with championing healthcare security on behalf of the firm. She previously served as the Acting Deputy Director of Health Information Privacy at the Department of Health and Human Services' Office for Civil Rights. In this role, she is the national lead for OCR enforcement of the HIPAA Rules, and works closely with OCR's ten regional offices to promote compliance with and enforcement of the HIPAA Rules. Additionally, Peters supports many other OCR policy and outreach initiatives, including rule-makings, compliance initiatives with other federal agencies, and training, including of the State Attorneys General. Prior to joining the team in D.C., she worked as an investigator in Region VI in Dallas, Texas. Prior to joining OCR, Peters worked in private practice in Texas.

Anahi Santiago
CISO, Christiana Care Health System
As Christiana Care Health System's Chief Information Security Officer, Anahi Santiago is charged with providing strategic direction and oversight to a comprehensive security program, policy development, standards and controls implementation, training and awareness, regular risk assessment and mitigation, as well as partnerships with internal and external auditors. She also regularly collaborates with state and federal regulatory bodies and actively contributes to proposed state and federal regulations that govern privacy and information security. Before joining Christiana, Santiago provided similar support for the Albert Einstein Healthcare Network at a director level.

Jack Lewin, MD
Founder and Principal, Lewin and Associates LLC; Chairman, National Coalition on Health Care
John C. (Jack) Lewin, MD is Principal and Founder of Lewin and Associates LLC, a consulting organization focused on launching health start-up companies and on developing policy and advocacy positions for health sector companies and government. He also currently serves as Chairman of the National Coalition on Health (NCHC) of Washington DC, a highly respected national advocacy organization representing 90+ national health sector organizations with collectively over 150 million members. His prior roles include serving as President and Chief Executive Officer of the Cardiovascular Research Foundation (CRF). He has advised two Presidents of the United States as part of a rewarding career in health care, public health, and public policy. Lewin has also served as CEO of the American College of Cardiology (ACC), CEO of the California Medical Association (CMA), where he also advised two Governors and the state legislature on health policy. He was also Hawaii's Director of Health, and a Commissioned Officer in the United States Public Health Service.

Ron Ross
Fellow, National Institute of Standards and Technology (NIST)
Ross is a Fellow at NIST. His focus areas include cybersecurity, systems security engineering, cyber resiliency, security architecture, privacy, and risk management. Ross leads the FISMA Implementation Project and the Systems Security Engineering Initiative, which includes the development of cybersecurity and privacy standards and guidelines for the federal government, contractors, and the U.S. critical infrastructure.
Session Contributors
former Regulator, U.S. Department of Health and Human Services; Partner, Davis Wright Tremaine LLP
Read BioGlobal Co-Chair Cyber, Privacy & Data Innovation Orrick, Herrington & Sutcliffe LLP
Read Bioformer Dir. of Incident Response, Expedia; Principal Consultant, Public Sector Cyber Security Contracting Services
Read BioPartner, Co-Chair - Data Protection, Privacy & Access to Information (US), Norton Rose Fulbright
Read BioFormer Deputy Director of Health Information Privacy, Department of Health and Human Services' Office of Civil Rights
Read BioSenior Director, E-Infrastructure and Internet Governance, Meity, Govt.of India
Read BioProfessor - Information Systems & Cybersecurity; Director, Center for e-Learning Security Research (CeLSR), Nova Southeastern University
Read BioFounder and Principal, Lewin and Associates LLC; Chairman, National Coalition on Health Care
Read BioClinical Asst Professor of Management, Kelly School of Business - Indiana University-Bloomington
Read BioVice President, Strategy & Corporate Development, Enterprise Business Unit, Synchronoss
Read BioChief Information Security Officer & Data Protection Officer no EuroBic - Banco BIC Português, SA
Read BioCountry Senior Director | Data Protection Officer, Grupo Ageas Portugal
Read BioBarrister and Solicitor, UK Data Protection Strategy, Legal and Compliance Services, PwC
Read BioAttorney, Cybersecurity, Information Governance and Privacy Practice Group, Troutman Pepper
Read BioMember Governing Council, CRIS - Center for Railway Information System, Organisation Under Ministry of Railways
Read Bio