Privacy Officer Call Center
Resume:
Dorene Stupski
******.*******@*****.***
Qualifications
Privacy Officer with over 20 years of experience managing regulatory compliance departments, coupled with graduate degrees in business and law and an in-depth knowledge of General Data Protection Regulation (GDPR), Personal Information Protection Law (PIPL), California Consumer Privacy Act (CCPA), Health Insurance Portability and Accountability Act (HIPPA), Gramm-Leach-Bliley Act (GLBA), Fair and Accurate Credit Transactions Act (FACTA), Telephone Consumer Protection Act (TCPA), Controlling the Assault of Non-Solicited Pornography And Marketing (CAN-SPAM), as well as other US and other national data protection laws.
Experience: July 2020- Current Elanco Animal Health, Greenfield IN
Chief Privacy Officer
Developed and matured an enterprise-wide privacy governance program to provide oversight and strategic guidance.
Created and managed Privacy Impact Assessment (PIA) and Data Protection Impact Assessment (DPIA) program.
Aligned the Privacy Program with the Elanco strategy, laws, and regulations that govern the business.
Lead a team of privacy professionals, to integrate the Global Privacy Program into the company culture.
Created HIPAA program, including training, notices, and procedures.
Serve as HIPAA Privacy Officer.
Work closely with Elanco’s data protection officers (DPO), works council.
Lead corporate-wide projects as needed.
Developed a multiyear privacy strategy which included, “right sizing”, maturing and flexibility.
Created a data governance program.
Monitor privacy laws and regulations to ensure organizational awareness and compliance and conducted gap analyses of Elanco’s privacy program.
Improve and update the Individual Rights Process.
Created regional privacy committees, appointed, and trained privacy champions. Coordinate with leaders and SME to ensure a culture of privacy by design.
Implemented an accountability compliance model, continuously assessing compliance and addressing gaps.
Drafted relevant and consumable policies/standards/procedures that align with privacy regulations, such as GDPR, CCAP, PIPL, and business objectives.
Defined parameters for Data Classification and Asset Categorization to enable the business to quickly understand control applicability.
Assess the risk profile with respect to compliance with data privacy laws and policies and support in the development of local measures to address and mitigate identified risks across Elanco.
Lead the Standard Contractual Clause and Intracompany Agreement update project, due to EU changes.
Oversee the development and implementation of privacy training.
Experience: 2010- July 2020 Marriott International, Bethesda MD
Senior Director of Information Protection & Privacy
Analyze, understand, and provide guidance on GDPR, CCPA, HIPAA and other national laws and regulations that apply to the business, ensuring communication to any impacted area is swift and concise.
Create HIPAA training and compliance program.
Served as HIPAA Privacy Officer.
Drive data privacy and security compliance: mapping data flows, conducting risk assessments and testing, product development reviews, vendor assessments and monitoring, and leading applicable training.
Strategically aligned company’s data transfer compliance with the invalidation of the US Safe Harbor Program and GDPR enactments, including a program to identify and document legal mechanisms for data transfers and legal basis for data processing.
Oversee data loss prevention program, coordinating with IT and Information Security.
Foster relationships and collaborate across multiple business lines to mature a culture that embraces Privacy by Design and Security by Design, training, awareness and implementing privacy and security best practices
Lead a team that provides timely, accurate, up to date privacy and security policies related to operational functions.
Work with business stakeholders and subject matter experts to assess documentation, understand high level business processes and apply regulatory (privacy & security) background/understanding in the development of policies, standards, procedures, workflows, and other documentation.
Reduce privacy risk through governance utilizing continental level Information Protection & Privacy Committees and Information Security & Privacy Governance Committee.
Direct and manage the information risk assessment process and third-party review programs, updating Data Mapping & Privacy Impact Assessments and creating a Data Protection Impact Assessments to ensure global compliance.
Work with cross functional continental teams on compliance efforts for privacy compliance requirements ensuring integration into business, processes, and procedures.
Maintain the Information Protection & Privacy Incident Response Plan, conduct internal investigations, assess, and manage situations and report to executive team and regulators as appropriate.
Work with continental teams to complete initial in country registrations with country specific data protection authorities.
Maintain in country registrations and notices to local data protection authorities regarding information privacy and related matters in all relevant jurisdictions and provide opinions on pending regulations
Work with continental teams to ensure programs are in place to comply with applicable US, European, Canadian, Asian, Middle East and Africa and Central American regulatory requirements and data protection laws
Directed and managed Binding Corporate Rules project, enhanced and implemented a global policy framework incorporating global, brand and business unit level policies, procedures, and standards acceptable to the European data protection authorities
2005-2010 Alliance Data, Columbus Ohio
Chief Privacy Officer
Oversee privacy compliance for entire corporation, including financial entities
Develop and implement regulatory training on a regular basis, corporate wide
Develop, maintain, and implement compliance policies for business
Chair the Alliance Data Privacy Committee, chartered and chair Line of Business Privacy Committees
Work with outside auditors and the OCC/FDIC examiners on privacy audits
Functional Risk Officer for Privacy, Law & Compliance
Monitor and ensure enforcement of all compliance policies and procedures
Responsible for Safe Harbor Certification with the DOC
Advise Business Unit heads of compliance matters as appropriate
Monitor, review, and report on applicable legislation
Work with Lines of Business on compliance
Created Incident Response Plan
Member of the Incident Response Team
Report regularly to the Board and Senior Management on privacy
Created privacy assessment plan
CIPP & CIPP/C certified
2003- 2005 Primary Payment Systems, Phoenix AZ
Compliance Manager
Designed and managed compliance program
Worked with general counsel performing strategic assessments of the company’s compliance risks
Developed, monitored, and tested compliance with company policies and procedures.
Monitored governmental compliance activities at state and federal levels
Implemented the operation and management of regulatory compliance activities for company, including the FCRA, FACT Act and GLBA
Collaborated with Product Department to ensure new products complied with state and federal regulations.
Managed the FCRA Consumer Support Call Center
2001-2003 Bank One Investment Mgt., Columbus Ohio
Compliance Specialist
Interpreted and processed all document compliance actions for Global Corporate Trust account in accordance with the terms of the operative trust documents
Reviewed compliance for redemptions, audit confirmations, UCC continuations and account terminations
Daily contact with Account Executives and trust clients
Managed various process improvement projects
Education
Capital University Law School
Juris Doctorate May 2001
Magna Cum Laude
Capital University Graduate School
MBA May 2001
Magna Cum Laude
Capital University
Bachelor of Arts, May 1997
CIPP & CIPP/C Certification
Projects
2021-2022 IAPP KnowledgeNet Chair: South Carolina
2019-2021 Columbus Smart City Board: Key Member of the drafting team on the Data Privacy Plan (DPP) for the Columbus Smart City Demonstration that was developed to satisfy the requirements of a Cooperative Agreement between the U.S. Department of Transportation and the City of Columbus. The DPP baselines privacy and security protocols to ensure that the Smart Columbus Demonstration will devote sufficient resources and develop and adhere to policies and procedures that ensure any and all privacy-risks stemming from the Smart City project deployments are mitigated appropriately.
2010: Advisory Board Member on an initiative of the International Association of Privacy Professionals to draft the first IAPP research publication: “How to Build a Privacy Department”
2008-2010 IAPP KnowledgeNet Chair: Ohio
2020-Current IAPP KnowledgeNet Chair: South Carolina
Contact this candidate