TrustArc Privacy Consulting Team

Estella is the former Executive Director at the Office of the Information and Privacy Commissioner of Ontario (IPC), the independent body that oversees the privacy and access laws in Ontario, Canada. She supported the commissioner’s development of “Privacy by Design” – unanimously adopted an international framework for privacy and data protection in 2010.

Prior to this position, Estella was charged with developing and implementing a comprehensive privacy awareness program for the Ontario Government. The program was awarded a Public Sector Quality Award and has become the template for how to develop a culture of privacy in government departments.

Currently, Estella is providing consulting and research services to a number of private sector companies who do business with Europe and will need to demonstrate compliance with both the Privacy Shield Framework and the General Data Protection Regulation. Fluent in Spanish with an excellent working knowledge of French, she has shared her knowledge of access and privacy issues internationally.

In the recent past, Alex was the Global Privacy Principal and Lead for TrustArc’s certification team, leading clients through the certification process for various frameworks such as EU/Swiss Privacy Shield, APEC CBPR/PRP, and the European Interactive Digital Advertising Alliance (EDAA). He has advised clients on GDPR and CCPA requirements, teaming with various departments to create, implement and streamline processes. In addition, he has worked with companies to develop and modify product offerings to ensure regulatory compliance.

Prior to joining TrustArc, Alex counseled start-ups and established businesses on data privacy, commercial contracts, mergers and acquisitions and intellectual property.

He is an active speaker, blogger and the author of the recently released “CISO REDEFINED,” focused on the globalization and digital transformation of business, and the protection and privacy of personal and company consequential data, domestic and global.

Over the past 10 years, Dama has advised and worked with companies on diverse topics such as employee privacy, health privacy, cross-border data transfer mechanisms, risk assessments, privacy by design, and information security best practices. She has helped multiple organizations comply with a range of laws and standards including GDPR, CCPA, LGPD, HIPAA, Privacy Shield, as well as ISO27001/2, ISO 9001, CIS20, etc.

Dama brings a blend of business, technology and privacy expertise to her clients. She holds an MBA and an MS degree. She is a CIPP/E certified privacy specialist as well as a PRINCE2 certified Project Manager. She has worked with companies of all sizes, from startups to Fortune 500, across a wide range of industries (Software and Services, Electronics, Health Care, Government, Education; and Hospitality).

She has held a variety of IT/Data Protection leadership positions, including serving as AVP Global Public Policy/Privacy for AT&T; VP Corporate Information Security for Wachovia; and Information Security Officer for SACU. She received her Master’s degree from Vanderbilt University and holds four privacy and security certifications: CIPP/US, CIPP/E, CISM, and CISSP.

Prior to joining TrustArc, Betty worked extensively with healthcare privacy for her former client, the U.S. Department of Health & Human Services. Betty has also routinely worked with data privacy for the financial services industry. While working across these industries, she provided guidance regarding data breaches, risk assessments, implementing data protection measures and cybersecurity controls, and protecting the privacy rights of individuals. Betty’s accomplishments include partnering with organizations ranging from sole proprietors to Fortune 100 companies to resolve defects and compliance gaps in their privacy programs.

Jamie earned her Bachelor’s degree and MBA from Texas Tech University and her JD from the Southern Methodist University Dedman School of Law. She is a frequent speaker on HIPAA, HITECH, and information privacy and security.

She has worked in the healthcare industry as Chief Privacy and Security Officer and In-house Counsel for a multi-state behavioral healthcare provider. She was responsible for HIPAA/HITECH privacy and security strategy and program development/implementation including enterprise-wide data governance framework, policies and procedures, workforce training and awareness programs, complaint and breach investigation and notification processes, business associate and vendor management processes and risk audit/ risk management processes. Her experience also includes HiTRUST Scoping, as well as FERPA, RedFlag, GLBA, FINRA assessments. She also served as the organization’s in-house legal counsel.

Since 2012, Pat has been consulting in the areas of risk assurance and risk advisory services, and advising clients building compliant and accountable Data Privacy and Cybersecurity programs. Typical projects include risk analysis and gap assessment procedures, gap remediation and on-going consultancy services to ensure required implementation. She also worked with companies defining and building their data governance frameworks and supporting team development responsibilities for data privacy and security programs.

A strong focus of her consultancy services has been HIPAA/HITECH, GDPR and other international data privacy regulations as well as CCPA compliance and implementation. Clients include healthcare providers and insurers, pharma, medical devices and healthcare solutions companies, business associates of various types of service providers, cloud services providers, employment services providers, international professional credentialing organizations, financial services providers and real estate investment companies.

Ralph is a trusted advisor on Global Privacy and Security compliance, practices and management for the past two decades. He believes good information governance adds business value to achieve business objectives and return on investment. His role includes acting as a senior level “translator” between IT, business and compliance professionals, thought leadership, business development, partnerships and product development. His experience includes strategic Privacy Management and GDPR adoption programs, advisory services and assurance delivery in global multinational environments.

Prior to that, he has been an experienced Product and Services business development lead, Principal Consultant and Manager, delivering training, consultancy and audit of data protection, business continuity and information security – Management of consultancy and audit teams across multiple topics, responding to tenders and delivering solutions proposals.

He has worked in a wide variety of industry sectors including the with a focus on Defense, Public Sector, Technology, Pharma and Financial Services, representing both multinational corporations and boutique specialist consultancies.

He continues to be a hands-on practitioner, combining business level consultancy with training and technical experience across ISO/IEC 27001, BS 10012, ISO 9001 and ISO 22301 standards through to certification. He was responsible for the first global joint 27001/25999 management system to be certified and sits on the international and British committees responsible for ISO 27001, BS 10012 and ISO 27701.

With a focus upon business processes and the protection of information, and an ethos of management assurance, risk management and knowledge transfer he continues to ensure effective protection of assets appropriate to the business needs of the client.