Listing of membership for the DHS Data Privacy and Integrity Advisory Committee.
Biographies of Members
President and Founder, Privacy Panacea
Ms. Sharon Anolik is the President and Founder of Privacy Panacea where she provides practical and strategic advice to companies on how to design and execute “gold star” privacy and compliance programs that support enterprise-wide risk management and business strategy initiatives and exceed industry standards. In addition, she advises on and provides privacy and security reviews during (and in anticipation of) merger, acquisition, and strategic investment transactions. Ms. Anolik conducts data privacy due diligence on target companies to determine privacy-related risks and serves as an expert witness on privacy matters. Ms. Anolik has 20+ years of significant diverse experience in the fields of data protection, privacy and emerging technologies, education, and training.
Vice President and Senior Counsel, Global Privacy, & Data Security, Marriott International
Ms. Courtney Barton is currently the Vice President and Senior Counsel, Global Privacy & Data Security at Marriott International where she works across disciplines and business lines to advise the company on data governance, privacy risk, commercial contracts, and data security laws, such as the NYDFS cyber law and global data breach notification requirements. She guides the company on global privacy and compliance regimes such as EU GDPR, CCPA, Virginia CDPA, LGPD, PCI-DSS, CAN-SPAM, FTCA, and the TCPA. In connection with the Global Privacy Officer, Courtney manages the Global Privacy Office and staff to ensure governance, policies, processes, and regulations are properly operationalized, to ensure Privacy by Design, privacy impact assessments and vendor due diligence are conducted, and that global company compliance training and education are implemented. She assists Government Relations with the review of legislation impacting privacy and emerging technologies and provides guidance to trade associations. Courtney works extensively with the marketing organization on self-regulatory frameworks, advertising, and marketing strategies, e-commerce and digital initiatives, interest-based advertising, social media campaigns, and emerging technologies such as geolocation, AI, and biometrics.
Resident Chief Information Security Officer, Proofpoint
Mr. Dennis Dayman has more than 30 years of experience working on security/privacy issues, data governance issues, and protecting and improving data through industry policy, regulatory policy relations, and technical solutions. Currently, he is the Resident Chief Information Security Officer for Proofpoint. Dennis is the co-author of Startup CXO: A Field Guide to Scaling Up Your Company’s Critical Functions and Teams at StartupCXO.com and is a longstanding member of several boards and advisory committees within the advertising and messaging industry. Dennis is also an IAPP CIPP/US, CIPP/E, CIPT, IAPP Fellow of Information Privacy, and Ponemon Institute Fellow. Dennis is always actively involved in creating current Internet and digital communication regulations, privacy/security policies, and anti-spam legislation laws for state and federal governments. He also sits on several advisory boards for Internet companies and is also a partner, mentor, and frequent investor in start-ups, mentorship-driven micro seed funds, and startup accelerators. He holds a B.A. in Criminal Justice from Stephen F. Austin State University in Texas.
Agency Privacy Officer, New York City Police Department
Mr. Michael Fitzpatrick is an Agency Privacy Officer at the New York City Police Department (NYPD). Since 2012, Michael has been practicing in the Legal Bureau of the NYPD and currently serves as the Agency Privacy Officer (APO). As NYPD APO, Michael is responsible for leading the NYPD privacy program for its over 50,000 employees, serving as the NYPD privacy law specialist, and providing strategic advice across all functions of the agency on privacy issues and risk mitigation. Michael represents the NYPD on the New York City Privacy Protection Committee and was appointed in 2021 to serve on the Executive Privacy Committee of the Counsel to the Mayor. Prior to serving as NYPD APO, Michael was an embedded attorney within the NYPD Intelligence Bureau where he advised complex criminal and counterterrorism investigations. Michael holds a J.D. from Fordham University School of Law, an M.S. from New York University in Cybersecurity Risk and Strategy, and a B.S. from Manhattan College in Business Administration. Michael also holds CIPP/US and CIPM certifications from the International Association of Privacy Professionals.
Mark H. Francis
Attorney, Holland & Knight LLP
Mr. Mark H. Harris is a tech and data partner at the law firm Holland & Knight LLP in New York, with a focus on cybersecurity, data privacy, intellectual property, and emerging technology. Mark’s practice spans counseling, legal compliance, investigations, litigation, and a wide array of transactions. In connection with his practice, Mark advises clients on information governance, third-party risk management, federal, state and foreign privacy laws, artificial intelligence, AdTech and data strategy. He frequently counsels clients in response to data breaches and other incidents, guiding them through internal investigations, regulatory inquiries, and legal disputes. Mark has a background in computer science and telecommunications and received his JD/MBA from Fordham University. He is a Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker (CEH), as well as an IAPP CIPP/US, CIPT, and Fellow of Information Privacy. Mark is currently serving on the board of the New York Metro InfraGard Members Alliance and the IAPP’s CIPP/US Exam Development Board.
Privacy Director, AT&T
Mr. Joseph Hewitt has 20 years of broad data governance experience in IT operations, security, and privacy. He has worked across many critical industries, including healthcare, finance, manufacturing, advertising, media & entertainment, and telecommunications. Mr. Hewitt has substantial knowledge in the entire privacy governance “stack”, including regulatory readiness, risk and privacy impact assessments, standards and guidelines, consumer consent, control frameworks, and assurance activities. He is recognized as a privacy “firefighter” for complex situations in large companies. His cross-industry experience gives him a unique view into new privacy issues and technologies, such as Artificial Intelligence and algorithm governance.
Chief Privacy Officer, Gilead Sciences, Inc
Ms. Sarah Knight is Chief Privacy Officer and Lead Counsel for Privacy, Cybersecurity, and Information Governance at Gilead Sciences, Inc. Ms. Knight is an accomplished attorney with over ten years of law firm, government, and corporate experience in the areas of data privacy, information governance, and eDiscovery counseling and litigation, including for the cybersecurity and the intelligence communities.
Corporate Privacy Executive, Northrop Grumman
Mr. John W. Kropf is the Corporate Privacy Executive at Northrop Grumman, where he built and matured the company’s first Privacy Office. Mr. Kropf developed, implemented, and oversaw the global privacy frameworks, including the European Union General Data Protection Regulation and California Consumer Privacy Act. Mr. Kropf is an attorney with over twenty years of privacy and information governance experience in government and corporate cultures. Possesses an established record of creating and implementing privacy and information policies for complex, global organizations. Recognized as a thought leader and respected practitioner by regulators, lawyers, and peers. John also teaches privacy law as an adjunct professor at the American University Washington College of Law.
Managing Chief Counsel, Global Privacy & Cybersecurity at McKesson Corporation
Ms. Roshal Marshall serves as Managing Chief Counsel, Global Privacy & Cybersecurity at McKesson Corporation, where she leads a team of lawyers providing advice to the enterprise and affiliated business units on a broad range of privacy and data protection matters related to patients, consumers, employees, data incident management, marketing, due diligence, mergers and acquisitions, third-party agreements, and business transactions. Ms. Marshall’s team is also charged with being the subject matter experts on all privacy-related federal, state, Canadian, British and European laws. Ms. Marshall also manages McKesson’s enterprise incident management program.
Managing Director and CEO, Solvitur Systems, LLC
Mr. Ade Odutola is the CEO of Solvitur Systems, LLC, an Information Technology (IT) consulting firm specializing in systems modernization, cybersecurity, privacy & data protection, governance, risk, and compliance (GRC), cloud computing and analytics. Earlier in his career, Mr. Odutola held various positions of increasing responsibility at Deloitte for over a decade, where he led teams on multiple cybersecurity, privacy & data protection and governance, risk, and compliance (GRC) projects nationally and internationally.
Prior to Deloitte, Mr. Odutola worked at Cap Gemini Ernst & Young, where he provided risk management and cybersecurity consulting services for a broad range of clients. He also served as an adjunct professor of Computer Information Systems (CIS) at a DC area local university, teaching graduate and undergraduate students.
Mr. Odutola earned his bachelor’s degree from the University of Lagos, and his MBA from Durham University in the United Kingdom. He holds multiple industry certifications including Certified Information Systems Security Professional(CISSP), Certified Information Privacy Professional (CIPP/US), Certified Information Privacy Professional /Government, (CIPP/G), Certified Data Privacy Solutions Engineer (CDPSE), Certified in Risk and Information Systems Control (CRISC),Certified Information Systems Auditor (CISA), and Certified Information Systems Manager (CISM). He has been an active member of the International Association of Privacy Professionals (IAPP) since 2005.
Mr. Odutola is active in the community; he currently serves as the Board Chair of the Parkinson Foundation of the National Capital Area (PFNCA).
Chief Privacy Officer, County of Santa Clara
As Chief Privacy Officer for the County of Santa Clara, Mr. Pahl brings more than two decades of experience in privacy and cybersecurity. Mr. Pahl is a seasoned privacy and compliance program executive who has led large teams focused on global data protection programs. His professional career demonstrates a history of effective oversight and adoption of new privacy standards to complex operations. He has deep expertise in a wide range of functions related to risk management, ranging from handling of day-to-day incident responses to investigations of significant, complex privacy issues. He has also developed policies, training, communications, incident management, and monitoring and governance of compliance reporting. He is a Fellow of Information Privacy with the International Association of Privacy Professionals and is a certified Information Privacy Professional.
Charles C. Palmer
Strategy & Solutions Consultant, IBM
Dr. Charles Palmer is a Strategy & Solutions Consultant at IBM where he is focal point for IBM security and privacy research and technology, providing strategic guidance and representing customer technical interests in the security and privacy areas across IBM, and in government programs in particular. In addition, Dr. Palmer is an adjunct professor at Dartmouth College where teaches “Cognitive Computing with Watson”, “Security & Privacy”, “Software Design & Implementation”, and “Database System Design” courses for undergraduate and graduate students.
Managing Partner, Pangiam
Mr. Tom Plofchan is Managing Partner at Pangiam, a public-private partnership technology company. Pangiam facilitates private industry's use of emerging technology to enhance customer experience and safety across a number of homeland security-adjacent industries such as aviation. Prior to Pangiam, Mr. Plofchan served as the Counterterrorism Counselor to the Secretary at the U.S. Department of Homeland Security, and as a national security advisor to the U.S. Department of Energy's Pacific Northwest National Laboratory. Mr. Plofchan is currently a Senior Advisor at the Center for Naval Analyses, the U.S. Department of the Navy's Federally Funded Research and Development Center.
Senior Policy Researcher, RAND Corporation
Dr. Sasha Romanosky is a Senior Policy Research at the RAND Corporation where he studies privacy, data security, national security, and law & economics. Dr. Romanosky is a faculty member of the Pardee RAND Graduate School, and an affiliated faculty in the Program on Economics & Privacy at the Antonin Scalia Law School, George Mason University. Dr. Romanosky has spent over a decade in the private sector performing cyber security and privacy functions. In addition, he holds a Ph.D. in Public Policy and Management from Carnegie Mellon University and a B.S. in Electrical Engineering from the University of Calgary, Canada. Dr. Romanosky is a former Cyber Policy Advisor in the Office of the Secretary of Defense for Policy (OSDP) at the Pentagon. He oversaw the Department's Vulnerability Equities Process (VEP), the Vulnerability Disclosure Program (VDP), and other cyber policy matters, for which he received the Defense Medal for Exceptional Public Service.
N. Cameron Russell
Director, Global Payments Privacy, eBay Inc.
Mr. N. Cameron Russell is the primary privacy advisor on all global payments privacy matters at eBay Inc. Prior to eBay, Mr. Russell was Western Union’s Data Protection Officer (DPO) in the EEA, U.K., and Balkans, as well as Director, Privacy Counsel and Initiatives with Western Union providing legal counsel to the company and serving as advisor, strategist, and chief of staff to the Deputy General Counsel and Chief Privacy and Data Governance Officer. In these roles, he has been responsible for building data privacy and security into large and complex programs on an international scale while working toward other societally beneficial objectives. His work also requires an ability to gauge risks and assess the interplay between data privacy, data and network security, law enforcement, and financial services obligations toward anti-money laundering, countering terrorism financing, and “Know Your Customer” aims.
Previously, Mr. Russell was the Executive Director of the Center on Law and Information Policy (CLIP) at Fordham Law School in New York, where he also taught trademark, information privacy, and copyright law courses as an adjunct professor. Mr. Russell has provided expert testimony on privacy matters in legislative proceedings in California, Connecticut, and Vermont and has articles published in the Washington University Law Review, Stanford Technology Law Review, Berkeley Technology Law Journal, and Virginia Journal of Law and Technology, among other venues. Formerly, Mr. Russell practiced law as a partner in the Wender Law Group in New York.
Chief Information Security Officer, Michigan State University
Tom Siu leads the Information Security Office at Michigan State University as CISO since October 2020. Prior to MSU, Tom served as the CISO for Case Western Reserve University, in Cleveland, OH. Tom has over 20 years of IT and Information Security experience in higher education, Federal government, and commercial industry. He has been actively involved leadership of security collaboration organizations, including the Northeast Ohio Cyber Consortium (an ISAO), the REN-ISAC, EDUCAUSE Higher Education Security Council, and InfraGrad. Most recently, Tom as part of the leadership team that prepared CWRU for successful execution of the First Presidential Debate in 2020. He holds a SANS GSEC Gold Certification, a SANS GSLC Certification, and serves on the GIAC Advisory Board..
Partner, Hunton Andrews Kurth, LLP
Ms. Lisa Sotto is a partner at Hunton Andrews Kurth where she chairs the firm’s top‐ranked global privacy and cybersecurity practice and is the managing partner of the firm’s New York office. Ms. Sotto has received widespread recognition for her work in the areas of privacy and cybersecurity. With more than 20 years of experience, Ms. Sotto advises clients on state privacy laws (such as the CCPA/CPRA, VCDPA and CPA), GLB, HIPAA, COPPA, CAN‐SPAM, FCRA, VPPA, data breach notification laws, and other U.S. state and federal privacy and data security requirements (including HR rules), and global data protection laws (including those in the EU, Asia and Latin America). She provides extensive advice on cybersecurity risks, incidents and policy issues, including proactive cyber incident readiness. Ms. Sotto regularly works with senior executives and corporate boards to help them understand and address their cybersecurity-related legal obligations.
Chief Executive Officer, Cellar Door
Mr. Chris Teitzel is the Chief Executive Officer of Cellar Door where he focuses on delivering cutting edge cybersecurity technology and mobile/website development strategy. Mr. Teitzel organizes and oversees encryption support and privacy features for one of the world’s top content management platforms and has a long history of technology innovation. In addition, Mr. Teitzel created cloud security service, Lockr, after identifying the need within the industry for simple, yet secure, management of encryption and authentication keys and other application secrets.
Senior Counsel (Emerging Technology & Data Privacy), Walmart Inc.
Ray Thomas, Jr. is a seasoned attorney with over 21 years of varied experience. On appointment by the Secretary of the U.S. Department of Commerce, Ray served in a similar capacity as a member of the Trademark Public Advisory Committee (TPAC) of the United States Patent and Trademark Office (USPTO).
As Senior Counsel at Walmart, he advises and counsels clients across the enterprise on matters pertaining to emerging technology and data privacy. Additionally, Ray serves on the advisory boards at North Carolina Central University School of Law (Tech Law and Policy Center) and Cleveland State University College of Law (Center for Cybersecurity and Privacy Protection). His experience in legal academia also includes serving as Adjunct Professor at George Washington University Law School (data privacy) and Howard University School of Law (trademarks). During his 7 years with IBM Corporation, Ray held various data privacy-related positions (e.g., Chief Procurement Privacy Officer; and Resident Subject Matter Expert - IBM Watson Internet of Things Global Headquarters in Munich, Germany). As a member of the International Trademark Association (INTA), he served as Vice Chair of the Data Protection Committee. He is a Fellow of Information Privacy (FIP) who holds CIPP/US, CIPP/E, and CIPM certifications with the International Association of Privacy Professionals (IAPP).
Ray also holds an LL.M. in Law & Government from American University, Washington, College of Law, a J.D. from Cleveland State University, Cleveland-Marshall College of Law, and a B.S. in Criminal Justice from the State University of New York, College at Buffalo.
Chief Information Security Officer, SRI International
Surbhi Tugnawat is the Chief Information Security Officer (CISO) for SRI International where she provides tactical oversight for identity management, security operations, and risk management. Ms. Tugnawat applies policies and standards across all technology projects, systems and services and directs and approves the design of security systems to protect against threats and reduce vulnerabilities. She holds both a Master of Business Administration (MBA) and a Master of Computer Management (MCM).
Chief Privacy Officer, Truist
Mr. Ron Whitworth is the Chief Privacy Officer of Truist where he manages the Enterprise Privacy and Technology Office and oversees all privacy-related policies and procedures throughout the enterprise, including compliance, testing/monitoring, risk assessment and training plans. Mr. Whitworth serves as the primary subject matter expert for the enterprise on all issues related to privacy, and maintains ultimate accountability for the strategy, design, execution and success of the Privacy Program. Mr. Whitworth has 15 years in the privacy profession with a wide range of roles spanning from outside legal counsel, to in-house counsel, to Compliance and Enterprise Risk Management.