Dorene Stupski

301-***-****

adr2kq@r.postjobfree.com

Qualifications

Privacy Officer with over 20 years of experience managing regulatory compliance departments, coupled with graduate degrees in business and law and an in-depth knowledge of General Data Protection Regulation (GDPR), Personal Information Protection Law (PIPL), California Consumer Privacy Act (CCPA), Health Insurance Portability and Accountability Act (HIPPA), Gramm-Leach-Bliley Act (GLBA), Fair and Accurate Credit Transactions Act (FACTA), Telephone Consumer Protection Act (TCPA), Controlling the Assault of Non-Solicited Pornography And Marketing (CAN-SPAM), as well as other US and other national data protection laws.

Experience: July 2020- Current Elanco Animal Health, Greenfield IN

Chief Privacy Officer

Developed and matured an enterprise-wide privacy governance program to provide oversight and strategic guidance.

Created and managed Privacy Impact Assessment (PIA) and Data Protection Impact Assessment (DPIA) program.

Aligned the Privacy Program with the Elanco strategy, laws, and regulations that govern the business.

Lead a team of privacy professionals, to integrate the Global Privacy Program into the company culture.

Created HIPAA program, including training, notices, and procedures.

Serve as HIPAA Privacy Officer.

Work closely with Elanco’s data protection officers (DPO), works council.

Lead corporate-wide projects as needed.

Developed a multiyear privacy strategy which included, “right sizing”, maturing and flexibility.

Created a data governance program.

Monitor privacy laws and regulations to ensure organizational awareness and compliance and conducted gap analyses of Elanco’s privacy program.

Improve and update the Individual Rights Process.

Created regional privacy committees, appointed, and trained privacy champions. Coordinate with leaders and SME to ensure a culture of privacy by design.

Implemented an accountability compliance model, continuously assessing compliance and addressing gaps.

Drafted relevant and consumable policies/standards/procedures that align with privacy regulations, such as GDPR, CCAP, PIPL, and business objectives.

Defined parameters for Data Classification and Asset Categorization to enable the business to quickly understand control applicability.

Assess the risk profile with respect to compliance with data privacy laws and policies and support in the development of local measures to address and mitigate identified risks across Elanco.

Lead the Standard Contractual Clause and Intracompany Agreement update project, due to EU changes.

Oversee the development and implementation of privacy training.

Experience: 2010- July 2020 Marriott International, Bethesda MD

Senior Director of Information Protection & Privacy

Analyze, understand, and provide guidance on GDPR, CCPA, HIPAA and other national laws and regulations that apply to the business, ensuring communication to any impacted area is swift and concise.

Create HIPAA training and compliance program.

Served as HIPAA Privacy Officer.

Drive data privacy and security compliance: mapping data flows, conducting risk assessments and testing, product development reviews, vendor assessments and monitoring, and leading applicable training.

Strategically aligned company’s data transfer compliance with the invalidation of the US Safe Harbor Program and GDPR enactments, including a program to identify and document legal mechanisms for data transfers and legal basis for data processing.

Oversee data loss prevention program, coordinating with IT and Information Security.

Foster relationships and collaborate across multiple business lines to mature a culture that embraces Privacy by Design and Security by Design, training, awareness and implementing privacy and security best practices

Lead a team that provides timely, accurate, up to date privacy and security policies related to operational functions.

Work with business stakeholders and subject matter experts to assess documentation, understand high level business processes and apply regulatory (privacy & security) background/understanding in the development of policies, standards, procedures, workflows, and other documentation.

Reduce privacy risk through governance utilizing continental level Information Protection & Privacy Committees and Information Security & Privacy Governance Committee.

Direct and manage the information risk assessment process and third-party review programs, updating Data Mapping & Privacy Impact Assessments and creating a Data Protection Impact Assessments to ensure global compliance.

Work with cross functional continental teams on compliance efforts for privacy compliance requirements ensuring integration into business, processes, and procedures.

Maintain the Information Protection & Privacy Incident Response Plan, conduct internal investigations, assess, and manage situations and report to executive team and regulators as appropriate.

Work with continental teams to complete initial in country registrations with country specific data protection authorities.

Maintain in country registrations and notices to local data protection authorities regarding information privacy and related matters in all relevant jurisdictions and provide opinions on pending regulations

Work with continental teams to ensure programs are in place to comply with applicable US, European, Canadian, Asian, Middle East and Africa and Central American regulatory requirements and data protection laws

Directed and managed Binding Corporate Rules project, enhanced and implemented a global policy framework incorporating global, brand and business unit level policies, procedures, and standards acceptable to the European data protection authorities

2005-2010 Alliance Data, Columbus Ohio

Chief Privacy Officer

Oversee privacy compliance for entire corporation, including financial entities

Develop and implement regulatory training on a regular basis, corporate wide

Develop, maintain, and implement compliance policies for business

Chair the Alliance Data Privacy Committee, chartered and chair Line of Business Privacy Committees

Work with outside auditors and the OCC/FDIC examiners on privacy audits

Functional Risk Officer for Privacy, Law & Compliance

Monitor and ensure enforcement of all compliance policies and procedures

Responsible for Safe Harbor Certification with the DOC

Advise Business Unit heads of compliance matters as appropriate

Monitor, review, and report on applicable legislation

Work with Lines of Business on compliance

Created Incident Response Plan

Member of the Incident Response Team

Report regularly to the Board and Senior Management on privacy

Created privacy assessment plan

CIPP & CIPP/C certified

2003- 2005 Primary Payment Systems, Phoenix AZ

Compliance Manager

Designed and managed compliance program

Worked with general counsel performing strategic assessments of the company’s compliance risks

Developed, monitored, and tested compliance with company policies and procedures.

Monitored governmental compliance activities at state and federal levels

Implemented the operation and management of regulatory compliance activities for company, including the FCRA, FACT Act and GLBA

Collaborated with Product Department to ensure new products complied with state and federal regulations.

Managed the FCRA Consumer Support Call Center

2001-2003 Bank One Investment Mgt., Columbus Ohio

Compliance Specialist

Interpreted and processed all document compliance actions for Global Corporate Trust account in accordance with the terms of the operative trust documents

Reviewed compliance for redemptions, audit confirmations, UCC continuations and account terminations

Daily contact with Account Executives and trust clients

Managed various process improvement projects

Education

Capital University Law School

Juris Doctorate May 2001

Magna Cum Laude

Capital University Graduate School

MBA May 2001

Magna Cum Laude

Capital University

Bachelor of Arts, May 1997

CIPP & CIPP/C Certification

Projects

2021-2022 IAPP KnowledgeNet Chair: South Carolina

2019-2021 Columbus Smart City Board: Key Member of the drafting team on the Data Privacy Plan (DPP) for the Columbus Smart City Demonstration that was developed to satisfy the requirements of a Cooperative Agreement between the U.S. Department of Transportation and the City of Columbus. The DPP baselines privacy and security protocols to ensure that the Smart Columbus Demonstration will devote sufficient resources and develop and adhere to policies and procedures that ensure any and all privacy-risks stemming from the Smart City project deployments are mitigated appropriately.

2010: Advisory Board Member on an initiative of the International Association of Privacy Professionals to draft the first IAPP research publication: “How to Build a Privacy Department”

2008-2010 IAPP KnowledgeNet Chair: Ohio

2020-Current IAPP KnowledgeNet Chair: South Carolina

Contact this candidate