Chicago | Privacy Regulations and the Role of the Board

Tuesday, October 22, 2019
07:00 AM - 09:00 AM CST
Crowe LLP
225 West Wacker Drive, 4th Floor
Chicago, IL 60606



It has been over one year since the EU’s General Data Protection Regulation (GDPR) became law on May 25, 2018. Since then there has been a near constant stream of new privacy regulations across the globe, from Germany to Brazil to California.

  • How have these regulations changed?
  • How do organizations manage privacy and security risks?
  • How are business models changing in light of new restrictions on how personal data can be collected, processed and monetized?
  • What is the role of the board in helping organizations achieve compliance and avoid costly fines and penalties?

This panel discussion will address the basic requirements of recent privacy regulation, enforcement actions and a discussion of how boards can help their organizations assess and manage privacy risks. Case studies will be offered describing the experiences of organizations implementing new privacy controls as well as current and planned compliance activities of companies.



Josh Britten
Senior Manager
Crowe LLP

Josh Britten is a regulatory compliance specialist with over 10 years of experience. He joined Crowe’s Consulting group in 2012 and has worked with companies of all sizes on implementation of complex regulations and legal settlement consent orders. Josh assists organizations with matters related to operationalization of privacy and data protection programs and third party risk management. Prior to joining Crowe, Josh practiced law, specializing in employment law and business-related litigation.


Lisa Vandesteeg
Sugar Felsenthal Grais & Helsinger LLP

Lisa Vandesteeg is the chair of both the Litigation and Dispute Resolution and the Data Security and Privacy groups at Sugar Felsenthal Grais & Helsinger LLP in its Chicago office. She concentrates her practice in the areas of bankruptcy, commercial litigation, business disputes, and privacy and data security issues. Lisa is a Certified Information Privacy Professional for the U.S. Private Sector, as qualified by the International Association of Privacy Professionals, which is the world’s largest information privacy organization. Lisa assists clients with developing and implementing information security programs that are reasonable and appropriate for their specific business needs and risks, and she also advises clients on their various cybersecurity compliance and regulatory issues.


Robert Brose
Blue Marble Payroll

Robert Brose has been in IT for over 20 years serving in roles ranging from Software Engineer, Lead Architect, to DevOps. In his role as CIO at Blue Marble Payroll, Robert oversees Product Development, IT, Security and cloud operations.

Prior to joining Blue Marble Payroll, Robert served as Lead Architect at Allscripts where he was responsible for the architecture and day-to-day operations of the Care Management product. He also served as lead to the department’s worldwide product development teams.

Robert has also served as one of the first development team members for the startup Extended Care Information Network (ECIN), the first software-asa- service Internet accessible healthcare IT application to automate the discharge planning process from a hospital to post-acute care providers. Robert has a bachelor’s degree in Computer Graphics Technology from Purdue University.



Jan Hertzberg
V.P., Third Party Vendor Information Security Consultant
Bank of America

Jan is a senior compliance leader with more than 30 years of experience providing cyber security and privacy assessment and auditing expertise for a variety of industries, including the banking, financial services, healthcare and higher education industries. He has extensive experience identifying and managing internal control and technology risks as well as
recommending solutions that apply cybersecurity and privacy frameworks to implement leading practices.

Jan has held IT risk management roles with leading organizations including the Bank of America, IBM, Abbott and Ernst & Young. He has conducted numerous cybersecurity and privacy assessments, System and Organization Control (SOC) attestations and network security vulnerability assessments.

Jan is a frequent speaker and moderator on cybersecurity and privacy topics and has written and lectured on the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and cybersecurity/privacy risk mitigation.