Listing of membership for the DHS Data Privacy and Integrity Advisory Committee.
Biographies of Members
Sharon Anolik
President and Founder, Privacy Panacea
Ms. Sharon Anolik is the President and Founder of Privacy Panacea where she provides practical and strategic advice to companies on how to design and execute “gold star” privacy and compliance programs that support enterprise-wide risk management and business strategy initiatives and exceed industry standards. In addition, she advises on and provides privacy and security reviews during (and in anticipation of) merger, acquisition, and strategic investment transactions. Ms. Anolik conducts data privacy due diligence on target companies to determine privacy-related risks and serves as an expert witness on privacy matters. Ms. Anolik has 20+ years of significant diverse experience in the fields of data protection, privacy and emerging technologies, education, and training.
Eric 'Rick' Buck
Executive Director and Data Privacy Officer, Ionis Pharmaceuticals
Mr. Rick Buck is the Executive Director and Data Privacy Officer at Ionis Pharmaceutical, a biotechnology company that specializes in discovering and development RNA-targeted therapeutics. In his capacity, Mr. Buck is charged to design, develop, and implement appropriate privacy program elements, including identifying appropriate policy frameworks, developing staff and contractor training plans, and monitoring and evaluating program efficacy; tracking and synthesizing emerging privacy trends, laws, and regulations across the U.S. and internationally; collaborating with internal and external stakeholders on programs and projects involving the handling and sharing of personal information within the company and with third parties, clients, suppliers, and partners, to ensure personal information protection obligations are met. In addition, Mr. Buck assists in capturing, maintaining, analyzing, and interpreting compliance data. He prepares regular reports for the senior leadership and the Board of Directors to ensure consistent and adequate privacy risk management. Mr. Buck is a privacy compliance expert with in-depth knowledge and multi-industry experience as a data controller and data processor in privacy laws, eCommerce, and omni-channel marketing.
Dennis Dayman
Resident Chief Information Security Officer, Proofpoint
Mr. Dennis Dayman has more than 30 years of experience working on security/privacy issues, data governance issues, and protecting and improving data through industry policy, regulatory policy relations, and technical solutions. Currently, he is the Resident Chief Information Security Officer for Proofpoint. Dennis is the co-author of Startup CXO: A Field Guide to Scaling Up Your Company’s Critical Functions and Teams at StartupCXO.com and is a longstanding member of several boards and advisory committees within the advertising and messaging industry. Dennis is also an IAPP CIPP/US, CIPP/E, CIPT, IAPP Fellow of Information Privacy, and Ponemon Institute Fellow. Dennis is always actively involved in creating current Internet and digital communication regulations, privacy/security policies, and anti-spam legislation laws for state and federal governments. He also sits on several advisory boards for Internet companies and is also a partner, mentor, and frequent investor in start-ups, mentorship-driven micro seed funds, and startup accelerators. He holds a B.A. in Criminal Justice from Stephen F. Austin State University in Texas.
Michael Fitzpatrick
Agency Privacy Officer, New York City Police Department
Mr. Michael Fitzpatrick is an Agency Privacy Officer at the New York City Police Department (NYPD). Since 2012, Michael has been practicing in the Legal Bureau of the NYPD and currently serves as the Agency Privacy Officer (APO). As NYPD APO, Michael is responsible for leading the NYPD privacy program for its over 50,000 employees, serving as the NYPD privacy law specialist, and providing strategic advice across all functions of the agency on privacy issues and risk mitigation. Michael represents the NYPD on the New York City Privacy Protection Committee and was appointed in 2021 to serve on the Executive Privacy Committee of the Counsel to the Mayor. Prior to serving as NYPD APO, Michael was an embedded attorney within the NYPD Intelligence Bureau where he advised complex criminal and counterterrorism investigations. Michael holds a J.D. from Fordham University School of Law, an M.S. from New York University in Cybersecurity Risk and Strategy, and a B.S. from Manhattan College in Business Administration. Michael also holds CIPP/US and CIPM certifications from the International Association of Privacy Professionals.
Mark H. Francis
Attorney, Holland & Knight LLP
Mr. Mark H. Harris is a tech and data partner at the law firm Holland & Knight LLP in New York, with a focus on cybersecurity, data privacy, intellectual property, and emerging technology. Mark’s practice spans counseling, legal compliance, investigations, litigation, and a wide array of transactions. In connection with his practice, Mark advises clients on information governance, third-party risk management, federal, state, and foreign privacy laws, artificial intelligence, AdTech, and data strategy. He frequently counsels clients in response to data breaches and other incidents, guiding them through internal investigations, regulatory inquiries, and legal disputes. Mark has a background in computer science and telecommunications and received his JD/MBA from Fordham University. He is a Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker (CEH), as well as an IAPP CIPP/US, CIPT, and Fellow of Information Privacy. Mark is currently serving on the board of the New York Metro InfraGard Members Alliance and the IAPP’s CIPP/US Exam Development Board.
Emily Frye
Data, Cyber Integration, MITRE
Ms. Emily Frye is Director for Integration at MITRE’s Center for Securing the Homeland. The Integration team identifies shared needs and demands across the civilian sponsor arena and serves as the connective tissue for catalyzing forward-looking solution development across MITRE’s diverse technical ecosystem. Priorities for the Cyber Integration team today include Software Risk, Supply Chain Risk Management, Election Security, Technology-Privacy intersections, and Web 3/Decentralized Finance. Her work has been recognized by the Fed100 and the Program Recognition Awards.
Joseph Hewitt
Privacy Director, AT&T
Mr. Joseph Hewitt has 20 years of broad data governance experience in IT operations, security, and privacy. He has worked across many critical industries, including healthcare, finance, manufacturing, advertising, media & entertainment, and telecommunications. Mr. Hewitt has substantial knowledge of the entire privacy governance “stack”, including regulatory readiness, risk, and privacy impact assessments, standards and guidelines, consumer consent, control frameworks, and assurance activities. He is recognized as a privacy “firefighter” for complex situations in large companies. His cross-industry experience gives him a unique view into new privacy issues and technologies, such as Artificial Intelligence and algorithm governance.
John W. Kropf
Corporate Privacy Executive, Northrop Grumman
Mr. John W. Kropf is the Corporate Privacy Executive at Northrop Grumman, where he built and matured the company’s first Privacy Office. Mr. Kropf developed, implemented, and oversaw the global privacy frameworks, including the European Union General Data Protection Regulation and the California Consumer Privacy Act. Mr. Kropf is an attorney with over twenty years of privacy and information governance experience in government and corporate cultures. Possesses an established record of creating and implementing privacy and information policies for complex, global organizations. Recognized as a thought leader and respected practitioner by regulators, lawyers, and peers. John also teaches privacy law as an adjunct professor at the American University Washington College of Law.
Roshal Marshall
Managing Chief Counsel, Global Privacy & Cybersecurity at McKesson Corporation
Ms. Roshal Marshall serves as Managing Chief Counsel, Global Privacy & Cybersecurity at McKesson Corporation, where she leads a team of lawyers providing advice to the enterprise and affiliated business units on a broad range of privacy and data protection matters related to patients, consumers, employees, data incident management, marketing, due diligence, mergers and acquisitions, third-party agreements, and business transactions. Ms. Marshall’s team is also charged with being the subject matter experts on all privacy-related federal, state, Canadian, British and European laws. Ms. Marshall also manages McKesson’s enterprise incident management program.
Ade Odutola
Managing Director and CEO, Solvitur Systems, LLC
Mr. Ade Odutola is the CEO of Solvitur Systems, LLC, an Information Technology (IT) consulting firm specializing in systems modernization, cybersecurity, privacy & data protection, governance, risk, and compliance (GRC), cloud computing, and analytics. Earlier in his career, Mr. Odutola held various positions of increasing responsibility at Deloitte for over a decade, where he led teams on multiple cybersecurity, privacy & data protection, and governance, risk, and compliance (GRC) projects nationally and internationally.
Prior to Deloitte, Mr. Odutola worked at Cap Gemini Ernst & Young, where he provided risk management and cybersecurity consulting services for a broad range of clients. He also served as an adjunct professor of Computer Information Systems (CIS) at a DC area local university, teaching graduate and undergraduate students.
Mr. Odutola earned his bachelor’s degree from the University of Lagos, and his MBA from Durham University in the United Kingdom. He holds multiple industry certifications including Certified Information Systems Security Professional (CISSP), Certified Information Privacy Professional (CIPP/US), Certified Information Privacy Professional /Government, (CIPP/G), Certified Data Privacy Solutions Engineer (CDPSE), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), and Certified Information Systems Manager (CISM). He has been an active member of the International Association of Privacy Professionals (IAPP) since 2005.
Mr. Odutola is active in the community; he currently serves as the Board Chair of the Parkinson Foundation of the National Capital Area (PFNCA).
Chris Pahl
Chief Privacy Officer, County of Santa Clara
As Chief Privacy Officer for the County of Santa Clara, Mr. Pahl brings more than two decades of experience in privacy and cybersecurity. Mr. Pahl is a seasoned privacy and compliance program executive who has led large teams focused on global data protection programs. His professional career demonstrates a history of effective oversight and adoption of new privacy standards for complex operations. He has deep expertise in a wide range of functions related to risk management, ranging from handling day-to-day incident responses to investigations of significant, complex privacy issues. He has also developed policies, training, communications, incident management, and monitoring and governance of compliance reporting. He is a Fellow of Information Privacy with the International Association of Privacy Professionals and is a Certified Information Privacy Professional.
Charles C. Palmer
Strategy & Solutions Consultant, IBM
Dr. Charles Palmer is a Strategy & Solutions Consultant at IBM where he is the focal point for IBM security and privacy research and technology, providing strategic guidance and representing customer technical interests in the security and privacy areas across IBM, and in government programs in particular. In addition, Dr. Palmer is an adjunct professor at Dartmouth College where teaches “Cognitive Computing with Watson”, “Security & Privacy”, “Software Design & Implementation”, and “Database System Design” courses for undergraduate and graduate students.
Michelle Richardson
Consultant
For over 20 years, Ms. Michelle Richardson has advocated for laws and policies that advance privacy, security, and civil rights. As part of cutting-edge teams at Apple, the American Civil Liberties Union, and the Center for Democracy and Technology, she advised product teams and policymakers on how to prioritize users and the public interest while encouraging the responsible use of data. She also shares her expertise as a frequent witness before Congress, federal agencies like the Federal Trade Commission and the National Institute of Standards and Technology, and state and local decision makers. With a focus on privacy, cybersecurity, and artificial intelligence, Ms. Richardson currently advises clients on how to understand and/or influence the evolving tech policy landscape.
Sasha Romanosky
Senior Policy Researcher, RAND Corporation
Dr. Sasha Romanosky is a Senior Policy Research at the RAND Corporation where he studies privacy, data security, national security, and law & economics. Dr. Romanosky is a faculty member of the Pardee RAND Graduate School, and an affiliated faculty in the Program on Economics & Privacy at the Antonin Scalia Law School, George Mason University. Dr. Romanosky has spent over a decade in the private sector performing cybersecurity and privacy functions. In addition, he holds a Ph.D. in Public Policy and Management from Carnegie Mellon University and a B.S. in Electrical Engineering from the University of Calgary, Canada. Dr. Romanosky is a former Cyber Policy Advisor in the Office of the Secretary of Defense for Policy (OSDP) at the Pentagon. He oversaw the Department's Vulnerability Equities Process (VEP), the Vulnerability Disclosure Program (VDP), and other cyber policy matters, for which he received the Defense Medal for Exceptional Public Service.
N. Cameron Russell
Director, Global Payments Privacy, eBay Inc.
Mr. N. Cameron Russell is the primary privacy advisor on all global payments privacy matters at eBay Inc. Prior to eBay, Mr. Russell was Western Union’s Data Protection Officer (DPO) in the EEA, U.K., and Balkans, as well as Director, Privacy Counsel and Initiatives with Western Union providing legal counsel to the company and serving as advisor, strategist, and chief of staff to the Deputy General Counsel and Chief Privacy and Data Governance Officer. In these roles, he has been responsible for building data privacy and security into large and complex programs on an international scale while working toward other societally beneficial objectives. His work also requires an ability to gauge risks and assess the interplay between data privacy, data and network security, law enforcement, and financial services obligations toward anti-money laundering, countering terrorism financing, and “Know Your Customer” aims.
Previously, Mr. Russell was the Executive Director of the Center on Law and Information Policy (CLIP) at Fordham Law School in New York, where he also taught trademark, information privacy, and copyright law courses as an adjunct professor. Mr. Russell has provided expert testimony on privacy matters in legislative proceedings in California, Connecticut, and Vermont and has articles published in the Washington University Law Review, Stanford Technology Law Review, Berkeley Technology Law Journal, and Virginia Journal of Law and Technology, among other venues. Formerly, Mr. Russell practiced law as a partner in the Wender Law Group in New York.
Daniel Shin
Cybersecurity Researcher and Adjunct Professor of Law, William & Mary Law School
Mr. Daniel Shin is a Cybersecurity Researcher for the Center for Legal & Court Technology at William & Mary Law School, and also serves as a Research Scientist for the Coastal Node Commonwealth Cyber Initiative. His research focuses on the intersection of emerging technology and law, including as it pertains to blockchain technology, the Internet of Things, and artificial intelligence, with an emphasis on cybersecurity and privacy. Mr. Shin has presented his research on deep fakes technology, cybersecurity, and the use of AI in the judiciary and the legal profession to judges, court personnel, and practicing attorneys. At William & Mary Law School, he teaches a cutting-edge course introducing law students to fundamental concepts of artificial intelligence and other supporting technologies. He is regularly invited to speak at conferences as a subject matter expert.
Mr. Shin is a licensed attorney in Virginia and a Certified Information Privacy Professional – United States (CIPP/US). He is a graduate of Northwestern University (B.A.), Mannheim Universität (M.A.), and William & Mary Law School (J.D.).
Lisa Sotto
Partner, Hunton Andrews Kurth, LLP
Ms. Lisa Sotto is a partner at Hunton Andrews Kurth where she chairs the firm’s top‐ranked global privacy and cybersecurity practice and is the managing partner of the firm’s New York office. Ms. Sotto has received widespread recognition for her work in the areas of privacy and cybersecurity. With more than 20 years of experience, Ms. Sotto advises clients on state privacy laws (such as the CCPA/CPRA, VCDPA, and CPA), GLB, HIPAA, COPPA, CAN‐SPAM, FCRA, VPPA, data breach notification laws, and other U.S. state and federal privacy and data security requirements (including HR rules), and global data protection laws (including those in the EU, Asia and Latin America). She provides extensive advice on cybersecurity risks, incidents, and policy issues, including proactive cyber incident readiness. Ms. Sotto regularly works with senior executives and corporate boards to help them understand and address their cybersecurity-related legal obligations.
Chris Teitzel
Chief Executive Officer, Cellar Door
Mr. Chris Teitzel is the Chief Executive Officer of Cellar Door where he focuses on delivering cutting edge cybersecurity technology and mobile/website development strategy. Mr. Teitzel organizes and oversees encryption support and privacy features for one of the world’s top content management platforms and has a long history of technology innovation. In addition, Mr. Teitzel created cloud security service, Lockr, after identifying the need within the industry for simple, yet secure, management of encryption and authentication keys and other application secrets.
Ray Thomas
Senior Counsel (Emerging Technology & Data Privacy), Walmart Inc.
Ray Thomas, Jr. is a seasoned attorney with over 21 years of varied experience. On appointment by the Secretary of the U.S. Department of Commerce, Ray served in a similar capacity as a member of the Trademark Public Advisory Committee (TPAC) of the United States Patent and Trademark Office (USPTO).
As Senior Counsel at Walmart, he advises and counsels clients across the enterprise on matters pertaining to emerging technology and data privacy. Additionally, Ray serves on the advisory boards at North Carolina Central University School of Law (Tech Law and Policy Center) and Cleveland State University College of Law (Center for Cybersecurity and Privacy Protection). His experience in legal academia also includes serving as Adjunct Professor at George Washington University Law School (data privacy) and Howard University School of Law (trademarks). During his 7 years with IBM Corporation, Ray held various data privacy-related positions (e.g., Chief Procurement Privacy Officer; and Resident Subject Matter Expert - IBM Watson Internet of Things Global Headquarters in Munich, Germany). As a member of the International Trademark Association (INTA), he served as Vice Chair of the Data Protection Committee. He is a Fellow of Information Privacy (FIP) who holds CIPP/US, CIPP/E, and CIPM certifications with the International Association of Privacy Professionals (IAPP).
Ray also holds an LL.M. in Law & Government from American University, Washington, College of Law, a J.D. from Cleveland State University, Cleveland-Marshall College of Law, and a B.S. in Criminal Justice from the State University of New York, College at Buffalo.
Ron Whitworth
Chief Privacy Officer, Truist
Mr. Ron Whitworth is the Chief Privacy Officer of Truist where he manages the Enterprise Privacy and Technology Office and oversees all privacy-related policies and procedures throughout the enterprise, including compliance, testing/monitoring, risk assessment and training plans. Mr. Whitworth serves as the primary subject matter expert for the enterprise on all issues related to privacy, and maintains ultimate accountability for the strategy, design, execution and success of the Privacy Program. Mr. Whitworth has 15 years in the privacy profession with a wide range of roles spanning from outside legal counsel to in-house counsel, to Compliance and Enterprise Risk Management.