California, Arizona and inactive New Mexico bar memberships
*Certified Information Privacy Professional (CIPP/US)
*Certified Information Systems Security Professional (CISSP)
*Consumer Data Industry Association FCRA Certificate Programs for Data Furnishers and Data Users
Senior Director, 01/2015
to Current SALESFORCE – San Francisco,
Build and manage a global, customer-driven regulatory compliance program and team that partners with customers, product development, marketing, sales and customer success to foster use of cloud services by financial services organizations.
Created a white paper to promote use of company products to meet a new customer compliance challenge, directly contributing to $10.05M in new total contract value within a single quarter.
Partner with customer success and solutions engineering teams to develop and document innovative strategies to enable customers' cross-border data transfers and global product implementations.
Worked closely with the product team to recommend 12 product compliance features in products to boost market share.
Review dozens of partner products against financial services regulatory requirements, enhancing customer confidence.
Initiated a data protection impact assessment to demonstrate compliance with the EU General Data Protection Regulation.
Source and hire consultants to assess company compliance with 60+ privacy and cybersecurity regulations in 15 countries, supporting contractual commitments and triggering positive feedback from customers, regulators and auditors.
Reviewed 4 M&A targets to determine privacy and data protection policies and prioritize requirements for integration.
Coordinate with Governmental Affairs to successfully influence financial services regulation in multiple jurisdictions.
Proposed requests for admission and requests for production of documents.
VP & Senior Counsel, 01/2013
to 01/2015 WELLS FARGO Global Cybersecurity and Privacy – San Francisco,
As a principal regulatory attorney for digital channels, supported online/mobile platforms for payments, lending and banking, and related money movement, privacy, security, fraud, anti-money laundering and accessibility issues.
Engaged with product development, data science, marketing, compliance and customer care to design and drive customer-focused financial services products, online services, ecommerce and mobile apps.
Created FCRA/FACTA decision trees to maximize data scientists' use of customer data in algorithms and analytical models.
Supported development, launch, marketing and sales of innovative digital financial products and features, such as digital wallets, online behavioral and locational advertising, and payment offers and rewards.
Developed terms, notices, disclosures and privacy policies, and advised on email/text alerts, electronic document delivery and signatures, for electronic/mobile banking, wire transfers, ACH, prepaid cards, debit cards and credit cards.
Advised clients on TILA/Reg Z, ECOA/Reg B, FCRA, GLBA, E-SIGN, UETA, EFTA/Reg E, UCC, CAN-SPAM, CASL, TCPA, card brand and NACHA operating rules, EU Data Privacy and E-Commerce Directives.
Co-sponsored a Payment Card Industry Data Security Standard gap analysis with Enterprise Information Security.
Guided the development of a real-time account status service for ACH, check and wire payments.
Advised on the development of global anti-money laundering procedures leveraging affiliate customer information, mobile device identifiers and location based services.
Partnered with The Clearing House to influence payment-related legislation and engage with policy makers.
Hired and trained a paralegal to assist with drafting and negotiating data protection agreements, achieving 50% cost savings.
Received 10 performance excellence awards from internal clients for a wide range of efforts.
Associate General Counsel & Privacy Officer, 01/2012
to 01/2013 ID ANALYTICS A LIFELOCK COMPANY – San Diego,
As division general counsel, managed all legal affairs: contracting, product clearance, marketing, merger integration, corporate governance, SEC reporting, employment, intellectual property, regulatory compliance and risk management.
Supported development of a new ecommerce platform with advice on electronic payment systems, payment processing, electronic funds transfers, electronic signatures and mobile payments.
Co-wrote white papers for Bank Secrecy Act/OFAC/anti-money laundering compliance products.
Evaluated fraud and credit risk products for compliance with EFTA, GLBA, FCRA, ECOA, FFIEC guidance, Dodd-Frank, COPPA and ADA.
Responded to FTC and CFPB investigations, customer security reviews and consumer complaints.
Supervised and trained a contracts manager, guided junior attorneys, managed outside counsel from initial budget to final billing, consolidated outside law firms from 10 to 6, and implemented new outside counsel billing policies.
Reduced contracting time by 50% and contributed to double-digit growth by introducing new contract forms and playbooks.
Led a cross-functional team to map customer data, conducted an FCRA/GLBA audit across multiple services, and drove design and implementation of privacy and security policies, gaining positive feedback from customers and regulator.
Security & Compliance Officer, 01/2012
to 01/2013 HEALTHTRIO – Tucson,
Designed and built a compliance program for a high-growth SaaS startup, including policies, product review, incident and breach management, investigations, training, risk assessment, monitoring and enforcement.
Reported to the CLO.
Recommended new features in online and mobile products to meet regulatory requirements related to ecommerce, privacy and security (GLBA, FERPA, HIPAA/HITECH), contributing to the company's double-digit growth.
Provided advice on electronic funds transfer, electronic signatures and privacy laws (EFTA, E-SIGN, FERPA, GLBA, HIPAA) relating to electronic health records and online billing and payment systems.
Developed strategic responses to federal adoption of electronic funds transfer standards under HIPAA/HITECH.
Led cross-functional teams in a company-wide HIPAA/HITECH risk assessment and policy implementation.
Implemented training, testing and checklists to incorporate Privacy by Design in the software development lifecycle.
Managed the annual FISMA audit process, achieving clean audits and gaining recognition from Health & Human Services.
Negotiated SaaS subscription, software licensing, vendor and partner agreements with Fortune 500 companies.
University Information Security Officer, 01/2006
to 01/2010 UNIVERSITY OF ARIZONA – Tucson,
Primary legal support for e-commerce, mobile commerce, online tuition billing and payment system, loan origination and servicing, the co-branded student prepaid/debit card program and the affinity credit card program.
Provided advice on electronic commerce and banking laws (BSA/KYC/OFAC/AML, EFTA/Reg E, NACHA rules, UCC, E-SIGN, UETA, GLBA, TILA, ECOA, FDCPA, FCRA, money transmitter and escheat laws).
Worked closely with the Financial Services Office to implement the GLBA Information Security Program, ID Theft Red Flags Program and USA PATRIOT Act anti-money laundering training for co-branded debit cards.
Negotiated agreements for merchant acquiring services and the co-branded campus card affinity program.
Promoted in 9/07 to create and manage a comprehensive information security program.
Led a team that drove information security strategy, policy, governance structure, incident response, investigations, training and awareness, vulnerability assessment, audits, risk assessment, metrics and board reporting.
Partnered with a cross-functional team and the merchant acquiring bank to implement policies, present PCI-DSS compliance training and provide consultation to 100+ brick-and-mortar and e-commerce merchants.
Served as lead business/IT lawyer until promoted in 9/07 to create the organization's first information security program.
Led a team that drove privacy and security strategy, policy, standards, governance structure, incident response, internal investigations, training, risk assessment, planning, budget, metrics and reporting.
Hired, trained and supervised staff.
Coordinated multiple wide-scale projects, including a PCI DSS initiative for 100+ merchants, risk assessments of 229 geographically-distributed units, data classification, SSN reduction, email encryption and GLBA Security Program.
Leveraged exceptional communication and interpersonal skills to gather a team of technologists from across the organization to act as designated experts, as well as for collaborative information sharing.
Implemented a new incident response plan with nuanced review processes, reducing breach notification by 80%.
Provided legal advice on privacy, data protection, IP, ecommerce, electronic payment processing and tech transactions.
to 01/2005 SUTIN, THAYER & BROWNE – Santa Fe,
Represented banks and public agencies in transactional and corporate matters at New Mexico's largest commercial law firm, including development of information governance systems, M&A due diligence and contractual aspects of privacy/security.
Represented banks and public agencies in transactional and corporate matters at New Mexico's largest commercial law firm, including debt financings, bank loans, equipment leases and regulatory compliance.
Played a lead role in due diligence, negotiation and financing of acquisitions valued from $4.3M-$150M.
Associate Attorney, 01/1991
to 01/1996 SIDLEY AUSTIN – San Francisco,
Counseled public and private sector clients on privacy, consumer protection and open records laws.
Supervised junior attorneys and paralegals in the hundreds of complex financial transactions of up to $200M.
Advised banks on compliance with payments, deposits, lending, advertising, privacy, consumer protection and anti-money laundering laws (including Regulation CC, TILA, FCRA, BSA, OFAC and state consumer protection laws).
Prepared and submitted regulatory filings and reports to the OCC, IRS and state financial regulators.
Associate Attorney, 01/1988
to 01/1991 MUDGE ROSE GUTHRIE ALEXANDER & FERDON – Los Angeles,
Represented public and private sector clients in transactional and corporate matters, including privacy and open records law.
Juris Doctor: 1988 UNIVERSITY OF CALIFORNIA, HASTINGS COLLEGE OF THE LAW - San Francisco,
CA Executive Editor, Hastings International & Comparative Law Review (1987-88). Eliminated a 2-year backlog in 1 year.
Author, Computer Technology Exports Under the Export Administration Amendments Act of 1985: Taking Competitive Advantage of China's Open Door, Hastings Int'l & Comp. L. Rev. (1986).
B.A: 1983 ARIZONA STATE UNIVERSITY - Tempe,
AZ magna cum laude