TrustArc Privacy Consulting Team

TrustArc has a team of privacy experts and practitioners ready to help you build, implement, and manage your privacy program.

The TrustArc Privacy Consulting Team has privacy experts all over the world, including the United States, Canada, Europe and Asia-Pacific. With over 200 years of collective privacy experience at globally recognized companies, our Team has a wealth of practical and hands-on experience with corporate executives, legal, information technology, marketing, sales, and other business functions to share. In addition, our Team has completed nearly a thousand successful engagements for companies at all levels of privacy maturity as we help them to build, implement and manage privacy compliance programs. Most team members have CIPP and security certifications, while some have the prestigious Fellow of Information Privacy (FIP) standing.

The TrustArc Consulting Advantage

TrustArc’s unique offering of both an award-winning technology platform AND practical consulting expertise creates an opportunity for us to partner with any size business, from start-ups to multinational corporations, and deliver a practical approach to establishing and maintaining a privacy compliance program that is suited to your requirements. Our approach is centered around four core benefits:

 

  • Consultant Expertise – Every TrustArc consultant has experience working as a privacy practitioner, most with a decade or more of direct experience inside some of world’s largest companies and most respected brands across a wide range of industries. Every one of the consultants you will work with is a true subject matter expert with direct personal experience solving the most challenging data privacy issues.
  • Consulting Flexibility, Fixed Budget – Our consulting services flex to meet your business needs as your privacy program matures, priorities shift, and internal resources change. At the same time, most of our engagements are delivered on a no-surprises, fixed-price basis.
  • Reliable Engagement Management – Over the course of more than 1000 consulting engagements, TrustArc has built a time-tested set of project-based consulting offerings with defined levels of effort and realistic delivery timelines that help ensure projects come in on-time and on-budget.
  • Consulting plus Technology – Our unique mix of technology-based solutions and tailored consulting services help companies identify best-of-breed solutions that are right-sized for today and scalable for your future privacy program needs.

Consulting Leadership

Beth Sipula

Beth Sipula

CIPM, CIPP/US, FIP
Director, North America
Arizona, USA
FIP_Image

Beth leads TrustArc’s North America team (including Asia-Pacific). She has two decades of experience as a privacy and compliance professional working in various leadership roles focusing on data privacy, data security and risk. She is a Fellow of Information Privacy (FIP) with the IAPP and also holds their Privacy Professional and Certified Information Privacy Manager credentials and was one of the original members of TrustArc’s Consulting team. Beth is very hands-on in her approach and is most passionate about helping organizations use privacy as a differentiator to build trust as they grow.

READ MORE

Beth worked for Citrix Systems, Inc. from 2004-2015 and during that tenure she led global data privacy assessments, implemented privacy by design programs, created and conducted privacy training, monitored and analyzed legislation, provided digital marketing/CRM data guidance, evaluated new and emerging technologies, and managed PCI-DSS compliance programs. Her last role with the company was as Senior Director, Privacy and Compliance.

 

Prior to joining Citrix, Beth worked for Expertcity.com (technology start-up) where she built the Company’s privacy program, managed call center operations and supervised customer support and for Charter Communications where she managed customer care for the corporate office and supported the company’s call center operations.

North America

Nadya Elizabeth Aswad

Nadya Elizabeth Aswad

CIPM, CIPP/US/E, FIP, J.D.
Senior Privacy Consultant
Arizona and Wisconsin, USA
FIP_Image

Nadya is a senior-level certified privacy professional with advanced degrees in law and technology. She has twenty years of experience as a privacy professional for global companies in various industries, and has built, implemented, and led information management and privacy compliance programs. Nadya’s in-house positions include Chief Privacy Officer and other privacy roles at a Fortune 25 Corporation, Fannie Mae, and Privacy Director, and Director of Governance, Risk, and Compliance in the financial services, healthcare, and hospitality sectors. As a consultant, Nadya was a Director in the Cybersecurity and Privacy Practice at PriceWaterhouseCoopers and held similar positions with other privacy and security consulting firms.

READ MORE

Nadya has specialized experience developing and executing privacy strategies and reporting results. She has a mastery of privacy and information management laws, regulations and industry standards, including the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), process and data flows, data and system inventories, risk assessment and management, data breach response, data loss prevention, frameworks, and privacy policies.

Estella Cohen

Estella Cohen

CIPM, CIPP/C, FIP
Senior Privacy Consultant
Ontario, Canada
FIP_Image

Estella holds dual designations from the International Association of Privacy Professionals (IAPP) as a Certified Information Privacy Professional (CIPP/C), and a Certified Information and Privacy Manager, (CIPM) and just recently was accepted as an IAPP Fellow of Information Privacy (FIP).

READ MORE

Estella is the former Executive Director at the Office of the Information and Privacy Commissioner of Ontario (IPC), the independent body that oversees the privacy and access laws in Ontario, Canada. She supported the commissioner’s development of “Privacy by Design” – unanimously adopted an international framework for privacy and data protection in 2010.

 

Prior to this position, Estella was charged with developing and implementing a comprehensive privacy awareness program for the Ontario Government. The program was awarded a Public Sector Quality Award and has become the template for how to develop a culture of privacy in government departments.

 

Currently, Estella is providing consulting and research services to a number of private sector companies who do business with Europe and will need to demonstrate compliance with both the Privacy Shield Framework and the General Data Protection Regulation. Fluent in Spanish with an excellent working knowledge of French, she has shared her knowledge of access and privacy issues internationally.

Estella Cohen

Alex Diamond

J.D., CIPM, CIPT, CIPP/US/E, FIP, Security+
Privacy Consultant
New York, USA
FIP_Image

Alex holds several privacy certifications including CIPP/US, CIPP/E, CIPM, and CIPT and has received the International Association for Privacy Professionals’ Fellow of Information Privacy (FIP) designation. Alex brings a unique combination of legal, technology and business acumen to help companies reach the delicate balance between the needs of the business and applicable laws and regulations.

READ MORE

In the recent past, Alex was the Global Privacy Principal and Lead for TrustArc’s certification team, leading clients through the certification process for various frameworks such as EU/Swiss Privacy Shield, APEC CBPR/PRP, and the European Interactive Digital Advertising Alliance (EDAA). He has advised clients on GDPR and CCPA requirements, teaming with various departments to create, implement and streamline processes. In addition, he has worked with companies to develop and modify product offerings to ensure regulatory compliance.

 

Prior to joining TrustArc, Alex counseled start-ups and established businesses on data privacy, commercial contracts, mergers and acquisitions and intellectual property.

Rob Gilbert

Rob Gilbert

CIPM, CIPT, CIPP/C/E
Senior Privacy Consultant
Ontario, Canada

Rob, CIPP/C/E, CIPT, CIPM has worked as a senior-level privacy professional since 2009. An expert in government relations and regulatory affairs, Rob became the Canada Border Services’ Manager for Privacy Policy in 2009. In 2014, as Manager for Privacy Operations with the Treasury Board of Canada Secretariat, Rob trained other privacy professionals on the complexities of Canada’s privacy legislation and policies. In 2017, working for the Department of Justice, Rob led national consultations on modernizing Canada’s Privacy Act.

READ MORE

Following 30 years of service Rob retired from government in 2018 to start his own consultancy, and has since helped public and private sector clients around the world strengthen their privacy programs and meet their compliance obligations. An IAPP Canadian Advisory Board member, Rob is a strong advocate of privacy rights at the national and international level. A digital nomad, Rob lives and works in Ottawa, Canada but follows the sun whenever he can.

Martin Gomberg

Martin Gomberg

CIPP/E, CISSP
Senior Privacy Consultant
Florida, USA

Martin, CISSP, CIPP/E, has spent over thirty years in information technology, as Vice President of Technical Strategies for a major bank, CIO for a major cable television and media brand, and as SVP and Global Director of Information Security, Privacy, Data and Business Protection. He served as the Data Systems Protection officer for an Italian affiliate. As a consultant and ‘Ask an Expert’ advisor he has provided guidance to numerous companies in conforming to GDPR and CCPA requirements.

READ MORE

He is an active speaker, blogger and the author of the recently released “CISO REDEFINED,” focused on the globalization and digital transformation of business, and the protection and privacy of personal and company consequential data, domestic and global.

Damayanthi Jakubowski

Damayanthi Jakubowski

CIPM, CIPP/E, PRINCE2
Privacy Consultant
California, USA
FIP_Image

Damayanthi (Dama) is a privacy consultant with the US western region consulting team. Drawing upon her knowledge and experience in global privacy compliance, data security and risk management (GRC), she loves helping organizations navigate the complex and constantly shifting data privacy landscape.

READ MORE

Over the past 10 years, Dama has advised and worked with companies on diverse topics such as employee privacy, health privacy, cross-border data transfer mechanisms, risk assessments, privacy by design, and information security best practices. She has helped multiple organizations comply with a range of laws and standards including GDPR, CCPA, LGPD, HIPAA, Privacy Shield, as well as ISO27001/2, ISO 9001, CIS20, etc.

 

Dama brings a blend of business, technology and privacy expertise to her clients. She holds an MBA and an MS degree. She is a CIPP/E certified privacy specialist as well as a PRINCE2 certified Project Manager. She has worked with companies of all sizes, from startups to Fortune 500, across a wide range of industries (Software and Services, Electronics, Health Care, Government, Education; and Hospitality).

Sharon Kamowitz

Sharon S. Kamowitz

CIPP/US, J.D.

Senior Privacy Consultant

Massachusetts, USA

Sharon is an accomplished attorney and Certified Information Privacy Professional, (CIPP/US) with a broad background in corporate, private practice, and government settings, including over two decades of experience developing, implementing, and managing privacy and compliance programs, and advising on related issues.

READ MORE

Before beginning her consulting career, Sharon was Assistant Privacy Officer at Fresenius Medical Care North America and previously, Director and Associate General Counsel at Coverys, a provider of medical professional liability insurance. In these roles she developed comprehensive privacy programs designed to reduce risk and address applicable regulatory requirements arising under HIPAA, GLBA, GDPR/Privacy Shield, and state data protection laws. Sharon has advised on privacy issues pertaining to clinical healthcare and research, mobile technology, web-based applications and websites, software development, marketing, information governance, and cyber-liability and other insurance coverages. She has worked with publicly traded, privately held, and not-for-profit organizations.

 

Sharon is consistently recognized for technical expertise, thorough preparation, and the ability to explain legal concepts in the context of broader business implications. Over the years, she has conducted numerous risk assessments; developed a variety of easy-to-understand policies, procedures, and awareness materials; drafted and negotiated HIPAA business associate, data processing and other confidentiality agreements; conducted interactive training sessions for diverse audiences; and managed hundreds of potential security incidents and breaches

James Koons

James Koons

CIPP/US
Senior Privacy Consultant
Pennsylvania, USA

James is a data privacy and data protection expert with over 28 years of experience in privacy, security, information systems management and digital marketing. He has worked in various industries including healthcare, education, security, retail and ecommerce. James most recently served as Chief Privacy Officer for a large digital marketing automation firm, where he served over 3,500 companies with marketing compliance, risk assessment and data privacy consultation. During his career as an international privacy professional, he has developed, implemented and maintained global privacy programs, introduced streamlined processes using privacy technology, created privacy policies and data protection agreements, and helped major organizations foster a culture of data protection.

READ MORE

James has served as a member of the board of directors for an impressive number of industry organizations and is a very active member of the International Association of Privacy Professionals (IAPP), serving on multiple boards. He has also been a featured speaker at both marketing and privacy events such as the DMA, IAPP, and IRCE. He has testified in US Senate committee hearings as a witness on both data privacy and information security matters as well as serves as an active member of the FBI’s InfraGard focusing on data privacy matters. James is a decorated US Army veteran and is a Certified Information Privacy Professional (CIPP/US).

Wendy Lozada-Smith

Wendi Lozada-Smith

CIPP/US/E, CISM, CISSP
Senior Privacy Consultant
Texas, USA

Wendi is a global privacy and ethics leader with a unique combination of experience in Global Privacy, Information Security, and IT for Fortune 100 financial services and telecommunications companies. With specialized expertise in CCPA, GDPR, health and financial privacy, and Internet of Things (IOT), she has led teams large and small and provided data protection guidance to global business units operating in more than 60 countries. She has consulted on a broad range of privacy issues including privacy program and policy development, information security best practices, cross border data transfers, risk assessment, and privacy by design.

READ MORE

She has held a variety of IT/Data Protection leadership positions, including serving as AVP Global Public Policy/Privacy for AT&T; VP Corporate Information Security for Wachovia; and Information Security Officer for SACU. She received her Master’s degree from Vanderbilt University and holds four privacy and security certifications: CIPP/US, CIPP/E, CISM, and CISSP.

Philip Pyburn

Philip Pyburn, Ph.D.

CIPP/E, CAMS, CSSMBB
Senior Privacy Consultant
Massachusetts, USA

Dr. Philip Pyburn is a senior consultant and technology innovator with 25 years hands-on experience leading digital transformation and regulatory compliance programs in financial services, insurance, healthcare, distribution and technology services. His work combines a detailed understanding of global privacy regulations (including CCPA and GDPR) with an in-depth knowledge of the process and technology capabilities needed to operationalize privacy and ensure compliance.

READ MORE

Phil is a Certified Six Sigma Master Black Belt as well as a Certified Information Privacy Professional (CIPP/E) and Anti Money Laundering Specialist (CAMS). He is also a Certified Scrum Master who brings agile project management principles to each engagement.

 

Phil holds a Master of Science degree in Finance from the MIT Sloan School of Management and a Doctorate in IT and Operations from the Harvard Business School. In addition, he has completed several certificate programs in Cybersecurity, Artificial Intelligence, and Distributed Ledger Technology at the MIT Computer Science and AI Lab (CSAIL.)

Betty Robinson

Betty Robinson

J.D.
Senior Privacy Consultant
Texas, USA

Betty is an attorney and compliance professional with over 10 years of experience providing data privacy and security solutions for clients in both the government and private sectors. She obtained her Juris Doctor and Bachelor’s degrees from the University of Arkansas. Betty is well-versed with both U.S. and global privacy laws including GDPR, PIPEDA, HIPAA, CCPA, GLBA and FERPA as well as industry standards such as PCI DSS.

READ MORE

Prior to joining TrustArc, Betty worked extensively with healthcare privacy for her former client, the U.S. Department of Health & Human Services. Betty has also routinely worked with data privacy for the financial services industry. While working across these industries, she provided guidance regarding data breaches, risk assessments, implementing data protection measures and cybersecurity controls, and protecting the privacy rights of individuals. Betty’s accomplishments include partnering with organizations ranging from sole proprietors to Fortune 100 companies to resolve defects and compliance gaps in their privacy programs.

Kristy Sawyer

Kristy Sawyer

CIPP, CIPT, J.D.
Senior Privacy Consultant
Florida, USA

Kristy is responsible for creating and operationalizing Privacy Programs across several industries. She develops and implements data protection and privacy policies in accordance with local government laws and best practices. She advises her clients on how to identify and manage privacy and information security risks across the enterprise. With 10+ years of Privacy experience, Kristy brings broad global legal expertise to her clients. Notably, her partnerships include consulting with clients to create a global initiative focused on standardizing a scalable privacy program that conforms with cross-jurisdictional legislation and mitigates the risk of a data breach.

READ MORE

Prior to joining TrustArc, Kristy worked for the for the Department of Homeland Security where she served many roles, lastly as a Verification and Biometrics Division Privacy Officer. In that position, she managed all Privacy Office functions, including developing privacy policies, conducting initial and periodic privacy risk assessments, responding to data incidents and developing privacy policies and procedures. She played a critical role in the negotiation and development of information sharing arrangements with domestic and foreign partners ensuring compliance with domestic and foreign laws. This innovative practice set a new standard for the industry.

 

Kristy’s clients span industries and sectors, including, Accounting, Entertainment, Web Publishing, Customer Relationship Management, Technology and Artificial Intelligence. She is a recognized thought leader in her field and within the privacy community.

 

Kristy has a JD from the University of Cincinnati College of Law and a Bachelor of Science degree from George Washington University. She is a member of the International Association of Privacy Professionals, a Certified Information Privacy Professional (CIPP/CIPT) and is licensed to practice law in Virginia and Ohio.

Jamie Sorley

Jamie Sorley

CIPM, CIPP/US, J.D.
Senior Privacy Consultant
Texas, USA

Jamie advises clients of all sizes on effective privacy compliance programs and helps them navigate data breaches, security incidents and government investigations. As an attorney and Certified Information Privacy Professional with more than 15 years’ experience in the healthcare and information privacy and security fields, Jamie works with clients to understand the changing requirements and to develop and implement solutions. A former supervisor for the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), Jamie served as the lead HIPAA breach investigator for the Southwest Region and worked with the Health Information Privacy Division in Washington, D.C. on policy issues stemming from the passage of the HITECH Act. Jamie also served in the U.S. Department of Justice as a Special Assistant United States Attorney. Prior to law school, Jamie worked in healthcare administration.

READ MORE

Jamie earned her Bachelor’s degree and MBA from Texas Tech University and her JD from the Southern Methodist University Dedman School of Law. She is a frequent speaker on HIPAA, HITECH, and information privacy and security.

Patricia Wynne

Patricia D. Wynne

CIPP/US, J.D.
Senior Privacy Consultant
Pennsylvania, USA

Pat is a subject matter specialist in the areas of data privacy, cybersecurity and regulatory compliance with both industry and consulting experience.

READ MORE

She has worked in the healthcare industry as Chief Privacy and Security Officer and In-house Counsel for a multi-state behavioral healthcare provider. She was responsible for HIPAA/HITECH privacy and security strategy and program development/implementation including enterprise-wide data governance framework, policies and procedures, workforce training and awareness programs, complaint and breach investigation and notification processes, business associate and vendor management processes and risk audit/ risk management processes. Her experience also includes HiTRUST Scoping, as well as FERPA, RedFlag, GLBA, FINRA assessments. She also served as the organization’s in-house legal counsel.

 

Since 2012, Pat has been consulting in the areas of risk assurance and risk advisory services, and advising clients building compliant and accountable Data Privacy and Cybersecurity programs. Typical projects include risk analysis and gap assessment procedures, gap remediation and on-going consultancy services to ensure required implementation. She also worked with companies defining and building their data governance frameworks and supporting team development responsibilities for data privacy and security programs.

 

A strong focus of her consultancy services has been HIPAA/HITECH, GDPR and other international data privacy regulations as well as CCPA compliance and implementation. Clients include healthcare providers and insurers, pharma, medical devices and healthcare solutions companies, business associates of various types of service providers, cloud services providers, employment services providers, international professional credentialing organizations, financial services providers and real estate investment companies.

Europe, Middle East & Africa

Xavier Alabart

Xavier Alabart

CIPP/E, CIPT, IGP, PMP
Senior Privacy Consultant
Switzerland

Xavier is a well-recognized professional with more than two decades experience in advisory and program management in various fields of information governance. His education as a telecom engineer and as a business administrator has led him through a maze of data-related and business disciplines: privacy and data protection as well as information governance, auditing, information security, records and information management, data scientist, systems development, quality management and corporate compliance.

READ MORE

In the recent past, Xavier served as a group data protection officer, a privacy program manager and a privacy consultant in the healthcare and banking industries where he deployed and maintained corporate programs to ensure that Data Protection and Privacy are present in the corporate agenda. In doing so he has dealt with requirements from many jurisdictions and sectors around the world.

 

Xavier holds several relevant certifications such as CIPP/E, CIPT, International Governance Professional (IGP) and PMP.

Richard Kilpatrick

Richard Kilpatrick

CIPM, CIPT, CIPP/E, CISSP, CCSK
Senior Privacy Consultant
United Kingdom

Richard is a consultant with over three decades of global experience as a privacy and security professional working in various technical, leadership and program roles focused on data privacy, data security, and data governance.

READ MORE

Skilled in EU General Data Protection Regulation compliance and alignment, and other global privacy and cybersecurity regulations and standards such as Australian privacy, ISO27k, PCI-DSS, and NIST.

 

He has in-depth experience across many sectors including banking, finance, insurance, telecommunications, property, and media industries.

 

Richard holds IAPP certifications for CIPP/E, CIPM, and CIPT and also ISC2 CISSP and CSA CCSK, and occasionally delivers IAPP CIPP/E and CIPM training.

 

With a technical background, Richard knows electronics, computing and radio systems down to their individual component/chip level.

Ralph O'Brien

Ralph T. O’Brien

CIPM, CIPT, CIPP/E, BSi LA, CISMP (Dis), FIP
Senior Privacy Consultant
United Kingdom
FIP_Image

Ralph has spent over two decades working at the intersection of privacy, security and risk management. Ralph is an experienced consultant, speaker, trainer, auditor, negotiator and manager. His key passion is in using his knowledge of privacy laws and information governance standards to help businesses develop and grow, engaging stakeholders, and delivering complex projects within the information governance sphere.

READ MORE

Ralph is a trusted advisor on Global Privacy and Security compliance, practices and management for the past two decades. He believes good information governance adds business value to achieve business objectives and return on investment. His role includes acting as a senior level “translator” between IT, business and compliance professionals, thought leadership, business development, partnerships and product development. His experience includes strategic Privacy Management and GDPR adoption programs, advisory services and assurance delivery in global multinational environments.

 

Prior to that, he has been an experienced Product and Services business development lead, Principal Consultant and Manager, delivering training, consultancy and audit of data protection, business continuity and information security – Management of consultancy and audit teams across multiple topics, responding to tenders and delivering solutions proposals.

 

He has worked in a wide variety of industry sectors including the with a focus on Defense, Public Sector, Technology, Pharma and Financial Services, representing both multinational corporations and boutique specialist consultancies.

 

He continues to be a hands-on practitioner, combining business level consultancy with training and technical experience across ISO/IEC 27001, BS 10012, ISO 9001 and ISO 22301 standards through to certification. He was responsible for the first global joint 27001/25999 management system to be certified and sits on the international and British committees responsible for ISO 27001, BS 10012 and ISO 27701.

 

With a focus upon business processes and the protection of information, and an ethos of management assurance, risk management and knowledge transfer he continues to ensure effective protection of assets appropriate to the business needs of the client.

Asia Pacific

Annelies Moens

Annelies Moens

CIPP/E, CIPT, FAICD, CMgr FIML, FIP
Senior Privacy Consultant
New South Wales, Australia
FIP_Image

With close to 20 years’ experience, Annelies is a widely recognized global privacy expert and thought leader, trusted by business executives, government and privacy professionals. She works with clients globally to uplift privacy maturity.

READ MORE

She has held several senior leadership roles in privacy and related fields. Annelies’ career in privacy started in 2001 at the Australian privacy regulator where she managed privacy audits and investigations. Annelies co-founded the International Association of Privacy Professionals in Australia and New Zealand in 2008. She held elected roles during her six-year Board term, including as President.

 

Annelies has been a Group Manager and Chief Privacy Officer at a copyright licensing agency, External Relations Manager at an online legal publisher, and Deputy Managing Director of a privacy consultancy. In the latter role she directed and led a team of consultants and supervised hundreds of client deliverables, including privacy strategies, privacy health checks, privacy impact assessments, data breach notifications, cross-border data flows, cloud, and privacy by design. She also helped transform a major New Zealand government agency with the lowest trust and confidence score to being a lead agency exemplifying privacy best practices.

 

Annelies has presented at many national and international forums (including APEC, APPA, IAPP, CIPL, AICD, AISA) on the convergence of competition and privacy regulation, artificial intelligence and privacy, data breaches, and the cross-border privacy rules system.

Learn how TrustArc Privacy Consulting can help you build and manage your privacy program