Professional Biography

Overview

I am a seasoned technology attorney, focused on AI, privacy, and security, with 20+ years practicing law and wide-ranging substantive expertise on global regulatory compliance and technology policy strategy and advocacy. I have diverse experience in multiple settings in both the public and private sector, where I have held high-impact roles advising organizational leadership, including the CEO of a software industry association and the head of a federal government agency, and counseled Fortune Global 500 and Fortune 500 companies on key business priorities.

Notably, my rich experience includes roles at:

A global enterprise software industry association, where I currently represent 40+ technology companies, including entities throughout the AI stack – compute providers, LLM developers, “integrators,” and deployers; cybersecurity companies; video communications and ecommerce platforms; and data storage and analytics software providers offering innovative digital solutions across industries, including financial services and telecommunications;
The Federal Trade Commission (FTC), where I served for over a decade, including as an Attorney-Advisor to two commissioners, including the Chair;
In-house privacy legal department at a multinational Fortune 500 media and entertainment company; and
One of the 15 largest global law firms, where I handled intellectual property, international trade, and commercial litigation matters.

I include below a description of my experience in each of these roles.

Global Enterprise Software Industry Association

As a Senior Director, Policy for a global enterprise software industry organization – the Business Software Alliance – I have led global AI and privacy regulatory and policy portfolios, where I monitored, analyzed, and communicated implications of legal and policy developments on the industry’s strategic priorities and software services, developed and assessed practical frameworks for translating policies into governance solutions, and developed and executed strategies to influence policy outcomes.

In this role, I have examined and advanced the interests of a wide range of software companies to develop effective policy approaches to promote data-driven technological innovation, including leading AI large language model developers, industrial AI manufacturers, and cloud computing, multimedia software, video communications, ecommerce, data analytics, data storage, identity and access management, cybersecurity, and customer relationship management companies.

Regulatory and Legislative Analysis

As part of these efforts, I have advised businesses on risks, compliance obligations, practical challenges, and implementation of global AI and privacy laws and regulations, including the EU AI Act and codes of practice, Korea Basic AI Act, Japanese AI law, the EU General Data Protection Regulation (GDPR), Indian privacy legislation, and draft AI legislation in Canada and Brazil, and US laws and regulations, including California AI and privacy legislation, such as the California Consumer Privacy Act (CCPA), draft high-risk AI bills, and draft California Consumer Privacy automated decision-making system regulations, other state AI legislation, including in New York, New Jersey, Connecticut, and Washington, D.C., and draft federal AI and privacy legislation.

AI Governance and Risk Management—Translating Policies into Practice

I have also monitored and contributed to the development of AI and privacy standards and risk management frameworks, including the National Institute of Standards’ (NIST) Privacy Framework, AI Risk Management Framework (RMF), and generative AI profile; developed AI governance industry best practices and ethical principles on fairness and transparency to guide early AI adoption; created a crosswalk mapping BSA’s framework for AI data bias mitigation strategies against the NIST AI RMF, which NIST published on its trustworthy AI resources website; examined practical approaches for integrating an international AI management system standard – ISO/IEC 420001 – and the NIST AI RMF into existing data governance programs; and advised the BSA general counsel team on development of internal AI policy to ensure responsible employee use.

Policy Development and Advocacy

In addition to analyzing global legislation and regulations, counseling businesses, and advancing AI governance, I have also developed and implemented strategies to advance software industry objectives, including spearheading development of consensus positions among software companies with varying AI supply chain equities on priorities for AI and privacy legislation.

In support of these efforts, I executed a range of policy and communications strategies. For example, I developed policy briefs supporting industry positions, created educational materials explaining technical concepts to policymakers, published blogs highlighting key positions, and moderated a conversation on the benefits of open source with company executives to share on social media and video platforms.

I have also drafted over 20 formal comments to U.S. and global policymakers in consultations on AI and privacy, including on AI risk management, AI red teaming, AI standards development, open model weights, AI accountability, government use and procurement of AI, the G7 Hiroshima AI Process, Indian privacy legislation, and global data flows, which have been cited by both U.S. and foreign policymakers.

Executive Support

I routinely supported BSA’s CEO on varied policy engagements, including preparing testimony for congressional hearings on AI and privacy, preparing talking points, and conducting research. In addition, I worked on various interdisciplinary projects to support the CEO’s role on the President’s National AI Advisory Committee. I also prepared briefing materials for chief legal officers of software companies in advance of meetings with policymakers, including FTC Commissioners and Members of Congress.

Policymaker and Stakeholder Engagement

Importantly, a key part of my AI and privacy policy advocacy was interfacing with global policymakers, regulators, and external stakeholders to guide regulatory and legislative efforts, including White House officials in the Office of Science and Technology Policy (OSTP) and National Economic Council in Republican and Democratic administrations, congressional offices, federal agencies, state legislators and regulators, policy think tanks, and civil society organizations. I have also led a cross-sectoral initiative, including with media, telecommunications, and ecommerce companies, to develop common policy positions to advance shared objectives.

Presentations at Policy Dialogues

As part of this policy advocacy, I delivered presentations in numerous policy dialogues, including an AI briefing for Members of Congress, FTC hearing examining privacy approaches, policy forum in India, IAPP conference panels with FTC Chief Technologists and White House and EU officials, American Bar Association Antitrust Section conference panels on AI and privacy, Federal Communications Bar Association panels on AI and global data transfers, Future of Privacy Forum conference panel on state AI legislation, and a Center for Strategic and International Studies digital policy forum. Notably, I also collaborated with another industry association to coordinate an AI policy summit featuring the former White House Chief Technology Officer (who is now the OSTP Director), where I moderated a panel on AI and the workforce.

I have also moderated policy discussions with policymakers at internal dialogues for software companies, including meetings with federal agencies, including the FTC, NTIA, and NIST, and fireside chats with the former Chair of the European Data Protection Board at BSA’s General Counsel Forum and the former Director of the U.S. AI Safety Institute (now CAISI).

Global Policy Team Alignment

At BSA’s headquarters in Washington, D.C., I coordinated global policy development on AI and privacy for regional teams in the EU, India, Singapore, Japan, and Brazil to ensure alignment of policy positions, seek interoperable solutions, and provide subject matter expertise. In this capacity, I have contributed to numerous submissions to policymakers around the world, including the EU AI Office on development of the General-Purpose AI Code of Practice and guidelines for high-risk AI systems, comments on draft AI legislation in Brazil, consultations issued by various Indian agencies, Korean AI legislation, Singapore agencies’ industry guidance, and Australian AI policy consultations.

Federal Trade Commission

FTC Overview

During my 13+ year tenure at the FTC, I served in several influential roles, including as an Attorney-Advisor to two FTC commissioners, including the Chair, where I oversaw the agency’s privacy and security legal compliance and technology policy matters; a Counsel for International Consumer Protection in the Office of International Affairs for seven years, where I counseled attorneys on cross-border legal issues, contributed to global policy dialogues, and routinely interfaced with international policymakers and regulators; an attorney in the Division of Privacy and Identity Protection; and an attorney in the Division of Marketing Practices, where I litigated successful consumer protection cases, including an enforcement action against a payment processor resulting in a $1.5 million settlement and a case resulting in a $9 million summary judgment.

Legal Compliance

In these varied roles, I evaluated companies’ legal and regulatory compliance in over 70 enforcement actions, including privacy and security cases against software developers, computer hardware manufacturers, IoT device manufacturers, mobile apps, and mobile telecommunications carriers; consumer protection cases involving online marketing, advertising, and unauthorized mobile payments; and violations of laws governing credit reports and financial institutions, including the Gramm-Leach-Bliley Act, Fair Credit Reporting Act (FCRA) and Risk-Based Pricing Rule, and Equal Credit Opportunity Act (ECOA).

Policy and Regulatory Actions

I also oversaw issuance of FTC policy reports examining the implications of emerging technologies, including IoT, which recommended privacy-by-design and security-by-design principles, and big data, which analyzed the applicability of the FTC Act, FCRA, and ECOA to data analytics; preparation for congressional testimony, including on the privacy and security of autonomous vehicles; comments to other federal agencies, including on the Federal Communications Commission’s (FCC) proposed broadband privacy rules; review of federal regulations, including the GLB Safeguards Rule imposing data security requirements on financial institutions; and the issuance of 6(b) orders examining auditing practices of assessors evaluating compliance with Payment Card Industry Data Security Standards and security practices of mobile device manufacturers in a joint FTC-FCC initiative.

Supporting Agency Leadership

As an Attorney-Advisor to two Commissioners, I routinely prepared the agency’s leadership for meetings with senior business executives, official Commission meetings, heads of foreign agencies, speeches and presentations, and international engagements. In my role in the Chair’s office, I liaised with the White House on key issues, prepared the Chair for events with the President, including drafting opening remarks introducing the President at an FTC event where he delivered a speech, and White House meetings.

International Data Transfer Frameworks

In both my Attorney-Advisor and international roles, I facilitated creation, implementation, and enforcement of international data transfer frameworks, including collaborating with US and EU officials on negotiating the former EU-U.S. Privacy Shield, evaluating compliance with the former U.S.-EU Safe Harbor Framework, and advancing implementation of the APEC Cross-Border Privacy Rules.

Other International Policy Contributions

As a Counsel in the Office of International Affairs, I spearheaded several international initiatives, including:

Analyzing and advising foreign policymakers on legislative and regulatory proposals, including meeting with EU Members of Parliament and drafting comments to South African and Australian agencies;
Presenting at the Internet Governance Forum in Kenya, APEC meeting in China, and policy conferences in the EU and Nigeria;
Serving on the expert group for the review of the OECD Privacy Principles and contributing to OECD privacy and consumer protection policy papers;
Drafting FTC policy position document endorsed in New York Times and USA Today editorials;
Conducting trainings for foreign agencies at workshops in Latina America, Africa, and the EU; and
Spearheading, in collaboration with UK and Canadian officials, coordination of a public-private network of cybersecurity experts and global consumer, data protection, and telecommunications agencies.

FTC Awards

In recognition of my substantial contributions, I received the agency’s prestigious Paul Rand Dixon award in 2012, as well as four outstanding performance awards from three different management teams in 2006, 2007, and 2010, including for development of a global Internet policy position and leading the creation of an online employee training resource with legal analysis and practical guidance on implementation of new law.

Global Media and Entertainment Company

As a Senior Counsel, Privacy and Information Security at Warner Bros. Entertainment, I played a key role in both the development and implementation of global privacy compliance strategies and policy analysis and advocacy. Notably, I actively collaborated on a cross-functional team, including with technology and privacy operations groups, leading CCPA compliance readiness efforts, advising business units on conducting data inventories, counseling product and UX teams on privacy requirements for digital properties, and analyzing requirements and facilitating implementation of data sharing restrictions. I also played a key role in ongoing EU GDPR compliance, including overseeing escalation and directing resolution of GDPR data subject rights requests. In addition, I led the development of international privacy compliance strategies and facilitated alignment across a global team.

As the lead on privacy policy engagement, I monitored legislative developments, including participating in negotiations on CCPA amendments, interfaced with external stakeholders, including a think tank and industry associations, drafted position documents, aligned internal business stakeholders, including an ad tech company, within multinational conglomerate owned by a telecommunications company, met with several California lawmakers to advocate for the company’s business interests, and advised the business on the impact of legislative changes on development of a compliance program.

Global Law Firm

As an associate at the global law firm Hogan & Hartson (now Hogan Lovells), I worked on intellectual property, international trade, litigation, and corporate matters. I handled litigation cases in federal and state court, including trademark infringement, contractual disputes, and insurance cases, prepared foreign trade subzone applications for manufacturers, advised global industrial manufacturing group on global trade issues, handled International Trade Commission matters involving enforcement of trade remedy laws, and supported corporate acquisition by conducting due diligence reviews of contractual obligations in commercial agreements. During a rotation in the law firm’s Community Services Department, I worked on landmark initiatives, including supervising a team of summer associates on an award-winning policy report.

Professional Activities & Certifications

Current:

IAPP Certified Information Privacy Professional, CIPP/US
President, PolicyStack AI Global
Expert on Atlantic Council Transatlantic AI Task Force
Guest Law School Lecturer on International Privacy and AI
CCWC AI + Tech + Innovation Advisory Council
National Bar Association Privacy, Cybersecurity, & Technology Law Section
American Bar Association (ABA) Antitrust Section and International Law Section

Former Activities and Inactive Certifications: