Ponemon Institute Fellows
Alessandro Acquisti, Ph.D.
Jerry L. Archer, CISSP
Ann Cavoukian, Ph.D.
Alan Chapell, CIPP
Harry C. Chapman, CMC
Nick Copping, Ph.D.
Margaret P. (Peggy) Eisenhauer, CIPP
Mari J. Frank, Esquire, CIPP
D. Reed Freeman, Jr. CIPP
Jean-Paul Hepp, Ph.D., CIPP
Priscilla Hill-Ardoin
Chris Jay Hoofnagle
James M. (Jim) Jordan III, CIPP
Matt Leonard, CIPP
Gail Magnuson, CIPP
Thornton A. May
Joanne McNabb, CIPP/G
Peter Milla
Richard Purcell, CIPP
John C. Reece
Greg Schaffer
Howard A. Schmidt
N. MacDonnell Ulsch
David A. VanderNaalt
Alan S. Wernick
Alessandro Acquisti is an assistant professor of information technology and public policy at the H. John Heinz III School of Public Policy and Management, Carnegie Mellon University, and a member of Carnegie Mellon Cylab.
He investigates the economic and social impact of information technology, particularly the interaction and interconnection of human and artificial agents in highly networked information economies. His current research focuses primarily on the economics of privacy and information security, but also on the economics of computers and artificial intelligence, agent’s economics, computational economics, e-commerce, cryptography, anonymity, and electronic voting.
Acquisti co-founded PGuardian Technologies, Inc., a provider of Internet security and privacy services.
He has received national and international awards, including a PET Award (privacy enhancing technologies) for Outstanding Research in Privacy Enhancing Technologies and an IBM Best Academic Privacy Faculty Award.
Jerry L. Archer, CISSP
Jerry Archer is senior vice president and chief security officer for Sally Mae. Mr. Archer's responsibilities include securing and protecting consumer privacy and for information security initiatives across the enterprise. Prior to this position, Mr. Archer was the chief information security officer for Intuit's global operations.
Prior to Intuit, Archer was managing director at Global Competitive Strategies, LLC, where he provided insight and validation in the areas of policy, technology, products and strategy to a broad array of firms and government. Previously, Mr. Archer was senior vice president for Global Interoperability at Visa International, where his team codified the policies, standards and best practices for Visa systems and networks globally. Before Visa, at the Fidelity Brokerage Company, he was senior vice president of information security and technical risk providing leadership for the brokerage company's operational and strategic security and risk programs.
Earlier his work in the U.S. Intelligence Community earned Mr. Archer the National Performance Review Hammer Award, a Distinguished Service Award from the Central Intelligence Agency and a Meritorious Unit Citation from the National Security Agency. Mr. Archer is a member of many professional and industry groups such as the ACM, IEEE, ISAC, ISC2, and ISSAC.
Ann Cavoukian, Ph.D.
Dr. Ann Cavoukian is recognized as one of the leading privacy experts in the world and is an avowed believer in the role technology can play in protecting privacy. Under her leadership, the Office of the Information and Privacy Commissioner of Ontario developed a number of tools and procedures to ensure privacy is protected in Ontario – and around the world.
Cavoukian was appointed Ontario’s Information and Privacy Commissioner in 1997 and is the only person to hold that position for two terms.
Noted for her seminal work on Privacy Enhancing Technologies in 1995, her mantra of “privacy by design” seeks to embed privacy into the design specifications of technology, thereby achieving the strongest protections.
Cavoukian’s published works include Who Knows: Safeguarding Your Privacy in a Networked World (1997), written with Don Tapscott, and The Privacy Payoff: How Successful Businesses Build Customer Trust (2002), written with Tyler Hamilton.
Alan Chapell, CIPP
Alan Chapell is the founder of Chapell & Associates, a premier research and consulting firm focusing on consumer privacy.
He established the privacy program at Jupiter Research, which targets the consumer Internet economy. Chapell created and implemented DoubleClick’s research product suite, which produced advertising effectiveness products that measure the brand impact of online advertising. He also worked with e-mail marketing firms, including Yesmail (now a division of Experian), where he assisted clients with privacy issues.
He is a regular contributor to the iMedia Connection, the DMNews, and the International Association of Privacy Professionals’ Privacy Officer Advisor.
Harry C. Chapman, CMC
Harry Chapman is a founder and principal of the San Francisco-based Bay Area Consulting Group LLC. His work with a division of Wells Fargo Bank in developing and implementing a balanced scorecard is now taught at the Harvard Business School. Chapman has helped large organizations develop balanced scorecards in the United States, Canada, and South Africa. He leads a two-day seminar on the Balanced Scorecard every six months in Rome.
Chapman has developed a balanced scorecard framework tailored to privacy. He is an expert in developing practical and effective performance measurement programs directed toward improving organizational performance.
He is a founder of the Bay Area Consultants Network, a non-profit organization dedicated to enabling consultants to become more effective.
Nick Copping, Ph.D.
Dr. Nick Copping is a technologist who began his career as a physicist at Cal Tech, later becoming a senior research director at JPL. Copping is a former director of corporate engineering for Hewlett-Packard and served as CEO of Atherton Technology and CRI. Copping started ZOOM Marketing with Ellie Victor in 1996. In 2004 he took a sabbatical from ZOOM to become a partner at Microsoft, where he developed the Microsoft Global SI strategy.
In his spare time, Copping builds and plays acoustic guitars, turns wild bowls in his woodshop, and sees just how long he can stay at the bottom chasing turtles in funny-looking scuba gear.
Margaret P. (Peggy) Eisenhauer, CIPP
Ms. Peggy Eisenhauer, Esq. is the founder of Privacy and Information Management Services – Margaret P. Eisenhauer P.C., an internationally recognized law firm. She helps companies develop and document privacy, security, and fair information programs, including policies and procedures governing the collection, use, and distribution of all types of personal information. Eisenhauer has extensive experience with U.S. and international privacy laws, as well as industry best practices for managing customer and employee information.
In addition to receiving a J.D. with honors from the University of Georgia School of Law, Eisenhauer holds a master’s of science in information and computer science from the Georgia Institute of Technology. She is a member of the International Association of Privacy Professionals and a member of the Certified Information Privacy Professional Advisory Board.
Mari J. Frank, Esquire, CIPP
Ms. Mari J. Frank, Esq. is a noted attorney and privacy consultant, and is the creator of the Identity Theft Survival Kit, the audiocassette series Identity Theft Prevention and Survival, co-author of Privacy Piracy, and the author of From Victim to Victor: A Step by Step Guide for Ending the Nightmare of Identity Theft and Safeguard Your Identity: Protect yourself with a Personal Privacy Audit. Frank is also the host of Privacy Piracy, a weekly radio show at KUCI 88.9 FM and www.kuci.org/privacypiracy, which deals with issues of privacy in the information age.
Frank consults with corporations and government agencies and provides professional training programs on privacy and identity theft issues. She serves on the Advisory Board of California’s Office of Privacy Protection, the Identity Theft Task Force of the L.A. County District Attorney, and California’s Department of Motor Vehicles Task Force on Privacy, and the advisory boards of the Privacy Rights Clearinghouse and the Identity Theft Resource Center. Frank is a member of the Orange County Sheriff’s Reserve, a certified trainer for the State Bar of California, and a law professor. She also teaches conflict management at the University of California, Irvine. She is a member of the International Association of Privacy Professionals.
D. Reed Freeman, Jr. CIPP
Reed Freeman is a partner
Mr. Freeman served as chief privacy officer and vice president for Legislative and Regulatory Affairs at Claria Corporation. He has also served as staff attorney in the Federal Trade Commission’s Bureau of Consumer Protection. Mr. Freeman is a former appointed member of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee and is an adjunct professor for advertising and privacy law at George Mason University School of Law. He is also a an author and a frequent speaker on issues related to advertising and marketing law.
Jean-Paul Hepp, Ph.D., CIPP
Dr. Jean-Paul Hepp is an accomplished business executive, strategist, and change agent. He has more than 24 years leadership experience working across multiple verticals in the highly regulated pharmaceutical industry.
Hepp engages global organizations with bold initiatives that transform the entire culture. At Pharmacia, he became the first in the industry to implement a corporate Internet strategy. His activities propelled Pharmacia to a leadership position. At Pharmacia, Hepp was again the first in the industry (along with Merck) to serve in the full-time Privacy Director/Corporate Privacy Officer position. He continued in this role with Pfizer after it acquired Pharmacia.
Priscilla Hill-Ardoin
Priscilla Hill-Ardoin retired from her position as chief privacy officer of AT&T, Inc., in 2007 after a distinguished career with the corporation and several of its subsidiaries. Hill-Ardoin founded the organization responsible for ensuring AT&T has policies and procedures in place to maintain full compliance with state and federal regulatory requirements governing telecommunications. She served as associate vice president-corporate services, chairman of the board for the AT&T Foundation, and the company’s director of diversity. She also held positions in strategic planning, marketing, and network operations.
A recognized leader in the communications industry, Hill-Ardoin supported the advancement of women and minorities in all areas of the business. In 2003, she was appointed by FCC Chairman Michael Powell to the Chairman’s Advisory Commission on Diversity in Communications in the Digital Age.
Chris Jay Hoofnagle
Mr. Chris Jay Hoofnagle, Esq. is senior staff attorney with the Samuelson Law, Technology and Public Policy Clinic and senior fellow with the Berkeley Center for Law and Technology. His focus is consumer privacy law. Previously, he was senior counsel to the Electronic Privacy Information Center and director of the organization’s West Coast office. He was also a non-residential fellow with Stanford University’s Center for Internet and Society for the 2005 academic year.
Among his recent academic publications are Identity Theft: Making the Unknown Knowns Known, in the Harvard Journal on Law and Technology; Putting Identity Theft on Ice: Freezing Credit Reports to Prevent Lending to Impostors, Stanford University Press; A Model Regime of Privacy Protection, in the University of Illinois Law Review (with J. Solove); and Big Brother’s Little Helpers: How ChoicePoint and Other Commercial Data Brokers Collect, Process, and Package Your Data for Law Enforcement, in the North Carolina Journal of International Law & Commercial Regulation.
James M. (Jim) Jordan III, CIPP
Mr. Jim Jordan III, Esq. is the founder of Jordan Legal Counsel, P.C., which assists companies with global compliance programs with particular emphasis on laws pertaining to personal data protection, information technology, and e-commerce. Previously, he spent six years as an in-house lawyer for General Electric, where he held the title of chief privacy leader and senior counsel for E-Commerce and Information Technology, was responsible for global privacy law compliance, and led the implementation of a pioneering Binding Corporate Rules program that has been formally approved by Data Protection Authorities in a number of EU member states as a basis for international transfers of employment data.
Prior to joining G.E., Jordan was a partner in the Intellectual Property Transactions Group of the law firm Alston & Bird, LLP. He is a member of the International Association of Privacy Professionals, a member of the IAPP’s Certified Information Privacy Professional Advisory Board, and teaches the Workplace Privacy module of the CIPP examination preparation program.
Matt Leonard, CIPP
Mr. Matt Leonard is a privacy and strategic marketing executive. His more than 25 years of experience managing direct marketing operations along with his experience developing and implementing privacy and information strategies, policies, and practices in complex organizations gives him a unique perspective on the issues surrounding responsible information practices.
Leonard directed privacy and information policy at Harte-Hanks, a major end-to-end direct marketing service organization. He spent ten years at IBM in Direct Marketing, Customer Information, and Privacy. He is an industry-recognized expert in all aspects of marketing, from Database Analytics to Product Development.
Leonard brings a depth of experience in marketing as well as specific expertise regarding privacy practices in marketing oriented organizations. He speaks frequently to organizations about privacy and marketing. He is an advocate of effective privacy and information practices as a basic business requirement.
Ms. Gail Magnuson is a well-respected Global Security, Privacy and Information Policy executive with more than ten years of experience integrating business goals, policy, compliance and governance disciplines as an international chief privacy officer, security and privacy consultant and portfolio manager, information management and process design executive and business ethics global eLearning leader. Gail is recognized as an expert in the security and privacy communities and in the financial services, business services, telecommunication, pharmaceutical and health care communities.
Gail’s background also includes more than 30 years in automation and operations as an agent of organizational change in information management, business process design, IT, new systems and operations development, innovative tools, mergers & acquisitions, strategic planning and systems architecture, primarily in the finance industry, working directly with both established and entrepreneurial companies.
Magnuson has a degree from Upsala College and BAI Wisconsin School of Banking. She is a Certified Information Privacy Professional.
Thornton A. May
Mr. Thornton May is one of the premier communicators in the information technology industry. He combines a scholar’s passion for empirical research, an entrepreneur’s capacity for opportunity identification, and a stand-up comic’s gift for storytelling in working with executives to figure out what comes after what comes next.
May is responsible for sculpting executive education information technology curricula at four major business schools: UCLA, UC-Berkeley, Arizona State, and Ohio State. He designed and delivered the information technology portion of the curriculum at the University of Amsterdam’s Controller’s Institute (special program for multinational chief financial officers). May co-founded the Director’s Institute, a program to improve board level technology decision-making.
May’s insights have appeared in the Harvard Business Review, the Financial Times, and the Wall Street Journal, among other publications. He also debated the future practice of strategy on National Public Radio.
Joanne McNabb, CIPP/G
Ms. Joanne McNabb is chief of the California Office of Privacy Protection. The organization is a resource and advocate on identity theft and other privacy issues. In addition to providing information and education for consumers, it publishes privacy practice recommendations for business and organizations.
McNabb is co-chair of the International Association of Privacy Professionals’ Government Working Group. She also serves on the Privacy Advisory Committee of the Department of Homeland Security. She is a frequent speaker at privacy conferences and seminars.
McNabb has more than 20 years experience in public affairs and marketing in both the public and private sectors, including five years with an international marketing company in France. Her marketing background contributes to her understanding of the commercial uses of personal information that have become a significant privacy concern.
Peter Milla
Mr. Peter Milla is a noted expert and consultant to the global research industry. He was the former Chief Information Officer for Survey Sampling International, a leading supplier of Internet, telephone, postal, and personal interview samples to market and survey research agencies in the United States, Canada, Europe, Latin America, Australia, and Asia. Milla has more than 25 years of experience in a wide range of information technology, market/survey research and data privacy and security activities, applying expertise in information technology and market/survey research methods. He has extensive experience with all computer assisted survey information collection technologies, specializing in Internet-based market/survey research.
Prior to joining SSI, Milla was executive vice president and chief information officer at Harris Interactive and senior vice president and chief information officer at Roper Starch Worldwide.
Milla is a member of the board of directors of the Council of American Survey Research Organizations, co-chair of its Internet Research Task force and chair of its Technology Committee.
Richard Purcell, CIPP
Mr. Richard Purcell is the chief executive officer of Corporate Privacy Group, an independent privacy consulting firm focused on establishing sustainable, affordable privacy programs in corporations, agencies, and institutions.
He was Microsoft’s first chief privacy officer and developed one of the earliest global privacy programs while at Microsoft.
Mr. Purcell is formerly the chairman of the board of directors of TRUSTe, and is chairman of the Department of Homeland Security’s Privacy Advisory Committee and of the International Association of Privacy Professionals Advisory Board for Privacy Certification.
He co-founded and sat on the Conference Board’s Council of Chief Privacy Officers, served on the IAPP Board of Directors, and was a member of the Federal Trade Commission’s Advisory Committee on Online Access and Security.
John C. Reece
John C. Reece is chairman and CEO of John C. Reece & Associates, LLC, the firm he founded to provide personal leadership assistance to corporate and government executives in resolving issues having high impact on their enterprises’ value creation performance. The firm assists private and public sector clients and enjoys a strong mix of new and repeat relationships.
Previously, Reece served as deputy commissioner for Modernization and chief information officer at the IRS. He was also vice president of Information Technology at Time Warner Inc., functioning as that company’s first CIO. Before moving to Time Warner, Reece created a CIO role at Alexander and Alexander Services, Inc., a global insurance broker.
He is a board member of Unysis’ Security Leadership Institute and InfraSi, Inc. and serves on Applied Identity and CloudShield, Inc.’s advisory boards. He has also served on advisory boards at AT&T, Oracle, Sun Microsystems and Bristol Myers-Squibb. Reece is a principal member of the Council for Excellence in Government and a participating member of the Industry Advisory Council.
.JPG)
Greg SchafferGreg Schaffer is the Assistant Secretary for Cybersecurity and Communication for the United States Department of Homeland Security. Formerly, Mr. Schaffer was the Chief Information Security Officer, Chief Security Officer and ultimately Chief Risk Officer for ALLTEL Communications, LLC., responsible for enterprise wide security and privacy strategy and policy development, implementation and execution as well as regulatory oversight and compliance process improvement.
Mr. Schaffer joined ALLTEL after serving as a Director in PricewaterhouseCoopers, LLP Cybercrime Prevention and Response (CPR) Practice for four years where he was responsible for managing a wide range of computer security, forensic, investigative and litigation support electronic discovery related projects for PwC clients. Prior to joining PwC Mr. Schaffer was a computer crime prosecutor at the United States Department of Justice Computer Crime and Intellectual Property Section. At the Justice Department Mr. Schaffer was responsible for day-to-day management of domestic and international investigations involving various crimes including computer hacking, illegal wiretaps and economic espionage.
Prior to joining DOJ Mr. Schaffer was a partner with the law firm of Manatt, Phelps & Phillips specializing in civil litigation related to computer technology issues. From 2001 to 2004, Mr. Schaffer also served as an adjunct professor at Georgetown University teaching a course on information security for international business.
Howard A. Schmidt
Mr. Howard A. Schmidt is president and CEO of R & H Security Consulting, LLC.
He served as vice president and chief information security officer and chief security strategist for eBay. Most recently, Schmidt was chief security strategist for the U.S. CERT Partners Program for the National Cyber Security Division in the Department of Homeland Security.
He retired from the White House after 31 years of public service in local and federal governments, including the Air Force Office of Special Investigations and the FBI National Drug Intelligence Center. He was appointed by President Bush as the vice chair (later becoming chair) of the President’s Critical Infrastructure Protection Board and as the special adviser for Cyberspace Security for the White House. Prior to the White House, Schmidt was chief security officer for Microsoft.
Schmidt is the international president of the Information Systems Security Association and was the first president of the Information Technology Information Sharing and Analysis Center. Schmidt has been appointed to the Information Security Privacy Advisory Board to advise the National Institute of Standards and Technology, the secretary of Commerce and the director of the Office of Management and Budget on information security and privacy issues.
MacDonnell Ulsch
Mr. MacDonnell Ulsch is President and Chief Risk Analyst of ZeroPoint Risk Research, LLC and the author of the book THREAT! Managing Risk in a Hostile World. His area of expertise is in privacy and counter-economic espionage. Mr. Ulsch has conducted many research studies in the subject area and advises a wide range of clients. He is widely published and has been quoted in the Wall Street Journal the New York Times, ForbesBusinessWeek, the Boston Globe, CNN.com, and many other publications. Mr. Ulsch has appeared on radio and television as a national security and risk analyst. Previously, he was Trusted Advisor to the United Secrecy Commission under Senators Jesse Helms and Daniel Patrick Moynihan and co-authored an information security policy paper with U.S. Senator Sam Nunn. He worked at the National Security Institute, focusing on economic and industrial espionage and advised the office of counter-intelligence of a U.S. President.
Mr. Ulsch currently serves on the board of the National Security Institute, and is a Distinguished Fellow of the Ponemon Institute. Mr. Ulsch is closely associated with The Institute of Internal Auditors Research Foundation. He has held executive positions at Pricewaterhouse Coopers, Gartner, Computer Intelligence, and Dun & Bradstreet. A frequent keynote speaker at industry events and for client seminars, he has also lectured at several universities, including Boston University and Boston College. Mr. Ulsch is the author of several learned books on cyber security and cyber terrorism.
David A. VanderNaalt
Mr. David A. VanderNaalt is a noted expert and consultant in the security industry. He is the former chief information security officer for the state of Arizona, leading the Statewide Information Security and Privacy Office. SISPO serves as the strategic planning, facilitation and coordination office for information technology security, privacy protection, and the protection of the technology critical infrastructure in the state.
Prior to assuming that position, VanderNaalt served the city of New York as director of the Department of Investigation, as director; Digital Forensic Investigations and director, NYC Citywide Information Security Program. VanderNaalt served for one year as the director of Citywide Continuance Planning at the Department of Information Technology in a cooperative role with the Office of Emergency Management. He served in several capacities at American Express, including director of worldwide network change and problem management; and led the creation of the worldwide Information Security group. VanderNaalt was the first corporate information security officer for AMEX worldwide operations.
Mr. Alan Wernick, Esq. is a member of the law firm FSB Leagl Counseil and brings more than 27 years of experience focused almost exclusively on technology, intellectual property, and data privacy/security transactions, and related legal matters. He has extensive contract negotiating and drafting experience, and has served as an arbitrator/mediator. That experience, coupled with a background in computer programming, technology and accounting, enables him to provide practical strategic advice and realistic risk assessments. His nationally recognized practice since 1982 focuses on providing sensible and tactical legal advice to clients on significant information technology, e-commerce, intellectual property, data privacy/security transactions, and dispute management. Mr. Wernick’s experience includes virtually every type of information technology contract and transaction, as well as serving as a counselor and advocate for his clients in the management and resolution of a wide range of legal disputes, including analysis of potential risks, dispute avoidance, negotiation of settlements, and guidance through litigation, appeals, and the arbitration/mediation processes. A frequent lecturer and writer, he has been selected as a Leading Lawyer in Computer & Technology Law, and is a Martindale‐Hubbell® AV rated attorney. Mr. Wernick’s professional activities include his serving on Advisory Boards for several publications, and as a member of the Alumni Board for the Fisher College of Business at The Ohio State University.
