Maureen D. Feinroth

Maureen is a recognized privacy expert, providing clients with privacy consulting, training and education and data management services. She provides services across all industry sectors including: social media, publishing, insurance, aerospace, aviation, higher education and healthcare.

Maureen is a subject matter expert in international compliance, particularly cross border data transfer and has more than sixteen years’ experience in researching, analyzing and consulting on legal information security and privacy regulatory compliance issues. She has advised numerous clients on transfer options including Model Contracts, Binding Corporate Rules, Safe Harbor and exemptions. She is intimately knowledgeable on international laws and frameworks including the EU Directive, the Asia Pacific Economic Cooperative, (APEC) the Hong Kong Data Protection Ordinance and transborder data flow issues in the international marketplace. She has assisted clients develop compliance programs across the global landscape and has compiled a compendium of all international privacy and data protection laws. Domestically, she is experienced with the provisions of Do Not Track, DNC, FOIA, ECPA, FISMA, the Federal Privacy Act, Paperwork Reduction Act, Computer Security Act, OMB Circular A-130, FISCAM, HIPAA/HITECH, GLBA, FCRA, EFTA, COPPA, ECPA, PATRIOT Act and Sarbanes-Oxley. She assisted in development of NIST standards across information security including implementation measures for HSPD 12 compliance. Her consulting responsibilities and career information security privacy experience include the identification, research and analysis of all legislation at the state, federal and international levels, as well as the self-regulatory programs.

In 1997, Maureen worked with Dr. Alan Westin, Professor Emeritus at Columbia University on assisting US companies comply with the then recently enacted EU Data Protection Directive. That effort evolved into the first draft of the Model Contracts and was instrumental in the development of the EU-US Safe Harbor compliance mechanism for cross border data transfer.

Maureen has experience with analyzing complex software and manual business workflows for the purpose of identifying risk areas from the perspectives of process, policy, and technological controls. Maureen has then worked across Business User communities, IT and Legal to articulate the risks, and to drive the development of a holistic remediation strategy in alignment with her clients’ overall risk management strategy.

Maureen has substantial experience advising federal and commercial customers on industry best practices for using, disseminating, and protecting client, customer and employee information. She has devised information security and privacy policies and compliance strategies for implementation and enforcement and has done substantial Certification and Accreditation work for Federal agencies.

Maureen is currently serving as an Adjunct Professor at the University of Maryland Department of Cybersecurity and Information Assurance, Graduate School of Management and Technology. Maureen has taught at the University of Fairfax doctoral dissertation program for Information Technology and Security and is experienced in training and awareness. She prepares and presents Continuing Legal Education (CLE) courses and Continuing Privacy Education (CPE) courses for clients including The Washington Post Company, the Maryland State Bar Association, and The American Trial Lawyers Association. Maureen currently serves on the Education Advisory Board for the International Association of Privacy Professionals and has assisted in the development and drafting of the CIPP certifications in Government, Information Technology and European privacy.

Education

BS/BA Economics/Political Science Connecticut State University 1987

JD International Law Catholic University of America 1990

Professional Admissions

CIPP US/E/IT- Certified Information Privacy Professional

Employment History

Yarbrough Law Group – Data Privacy Expert Consultant

Capital Privacy Solutions – Founder and CEO

PwC – Manager, Health Information Privacy Service

IBM – Senior Managing Consultant, Privacy Lead, Cybersecurity and Privacy, GBS Public Sector

University of Maryland University College – Adjunct Professor

VMD Systems Integrators, Inc.,

Presentations

  • Considerations in Transborder Data Flows, Economic Summit, November 2013
  • ABA Seminar on Compliance Issues August 2013
  • Open Web Application Security Project (OWASP) InfoSec Conference March 2013
  • India’s New Privacy Law: Impact and Implications, June 2011
  • Evidentiary Issues in the Courtroom: Opportunities and Challenges Presented by New Media, Maryland Law Day, May 2010
  • Social Media for Human Resources Professionals: The Washington Post Co., February 2010
  • Social Media in Litigation: Evidentiary Issues and Authentication Strategies: Maryland Bar Association, January 2010
  • The Privacy Lifecycle: ISACA, November 2009
  • Social Engineering Tips and Techniques: National Science Foundation June 2009
  • Privacy and Security Issues for National Security Professionals (CPE accredited course), June 2009

Training Presentations

  • IBM New Hire Privacy Training (Annual)
  • Privacy Buzz (10 credit CPE course developed and presented annually)
  • Privacy in the Headlines (10 credit CPE course developed and presented annually)
  • Privacy 101: Preparing for the CIPP Exam (10 credit CPE course developed and presented as requested)