TrustArc’s Expert Data Privacy Consultant Team

TrustArc has a team of privacy experts and practitioners ready to help you build, implement, and manage your privacy program.

The TrustArc Privacy Consulting Team has privacy experts all over the world, including the United States, Canada, Europe and Asia-Pacific. With over 200 years of collective privacy experience at globally recognized companies, our team of data privacy experts have a wealth of practical and hands-on experience with corporate executives, legal, information technology, marketing, sales, and other business functions to share. In addition, our Team has completed nearly a thousand successful engagements for companies at all levels of privacy maturity as we help them to build, implement and manage privacy compliance programs. Most team members have CIPP and security certifications, while some have the prestigious Fellow of Information Privacy (FIP) standing.

Advantages of TrustArc’s Data Privacy Consulting

TrustArc’s unique offering of both an award-winning technology platform AND practical consulting expertise creates an opportunity for us to partner with any size business, from start-ups to multinational corporations, and deliver a practical approach to establishing and maintaining a privacy compliance program that is suited to your requirements. Our approach is centered around four core benefits:


  • Consultant Expertise – Every TrustArc data privacy consultant has experience working as a privacy practitioner, most with a decade or more of direct experience inside some of the world’s largest companies and most respected brands across a wide range of industries. Every one of the data privacy consultants is a true subject matter expert with direct personal experience solving the most challenging data privacy issues.
  • Consulting Flexibility, Fixed Budget – Our consulting services flex to meet your business needs as your privacy program matures, priorities shift, and internal resources change. At the same time, most of our engagements are delivered on a no-surprises, fixed-price basis.
  • Reliable Engagement Management – Over the course of more than 1000 consulting engagements, TrustArc has built a time-tested set of project-based consulting offerings with defined levels of effort and realistic delivery timelines that help ensure projects come in on-time and on-budget.
  • Consulting plus Technology – Our unique mix of technology-based solutions and tailored consulting services help companies identify best-of-breed solutions that are right-sized for today and scalable for your future privacy program needs.

Data Privacy Consulting Leadership

Beth Sipula

Beth Sipula


Director, North America

Arizona, USA


Beth leads TrustArc’s North America team (including Asia-Pacific). She has two decades of experience as a privacy and compliance professional working in various leadership roles focusing on data privacy, data security and risk. She is a Fellow of Information Privacy (FIP) with the IAPP and also holds their Privacy Professional and Certified Information Privacy Manager credentials and was one of the original members of TrustArc’s Data Privacy Consulting team. Beth is very hands-on in her approach and is most passionate about helping organizations use privacy as a differentiator to build trust as they grow.


Beth worked for Citrix Systems, Inc. from 2004-2015 and during that tenure she led global data privacy assessments, implemented privacy by design programs, created and conducted privacy training, monitored and analyzed legislation, provided digital marketing/CRM data guidance, evaluated new and emerging technologies, and managed PCI-DSS compliance programs. Her last role with the company was as Senior Director, Privacy and Compliance.


Prior to joining Citrix, Beth worked for (technology start-up) where she built the Company’s privacy program, managed call center operations and supervised customer support and for Charter Communications where she managed customer care for the corporate office and supported the company’s call center operations.

Data Privacy Experts for North America

Nadya Elizabeth Aswad

Nadya Elizabeth Aswad


Senior Privacy Consultant

Arizona and Wisconsin, USA


Nadya is a senior-level certified privacy professional with advanced degrees in law and technology. She has twenty years of experience as a privacy professional for global companies in various industries, and has built, implemented, and led information management and privacy compliance programs. Nadya’s in-house positions include Chief Privacy Officer and other privacy roles at a Fortune 25 Corporation, Fannie Mae, and Privacy Director, and Director of Governance, Risk, and Compliance in the financial services, healthcare, and hospitality sectors. As a consultant, Nadya was a Director in the Cybersecurity and Privacy Practice at PriceWaterhouseCoopers and held similar positions with other privacy and security consulting firms.


Nadya has specialized experience developing and executing privacy strategies and reporting results. She has a mastery of privacy and information management laws, regulations and industry standards, including the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), process and data flows, data and system inventories, risk assessment and management, data breach response, data loss prevention, frameworks, and privacy policies.

Martin Gomberg

Martin Gomberg


Senior Privacy Consultant

Florida, USA

Martin, CISSP, CIPP/E, has spent over thirty years in information technology, as Vice President of Technical Strategies for a major bank, CIO for a major cable television and media brand, and as SVP and Global Director of Information Security, Privacy, Data and Business Protection. He served as the Data Systems Protection officer for an Italian affiliate. As a consultant and ‘Ask an Expert’ advisor he has provided guidance to numerous companies in conforming to GDPR and CCPA requirements.


He is an active speaker, blogger and the author of the recently released “CISO REDEFINED,” focused on the globalization and digital transformation of business, and the protection and privacy of personal and company consequential data, domestic and global.

Damayanthi Jakubowski

Damayanthi Jakubowski


Privacy Consultant

California, USA


Damayanthi (Dama) is a data privacy consultant with the US western region consulting team. Drawing upon her knowledge and experience in global privacy compliance, data security and risk management (GRC), she loves helping organizations navigate the complex and constantly shifting data privacy landscape.


Over the past 10 years, Dama has advised and worked with companies on diverse topics such as employee privacy, health privacy, cross-border data transfer mechanisms, risk assessments, privacy by design, and information security best practices. She has helped multiple organizations comply with a range of laws and standards including GDPR, CCPA, LGPD, HIPAA, Privacy Shield, as well as ISO27001/2, ISO 9001, CIS20, etc.


Dama brings a blend of business, technology and privacy expertise to her clients. She holds an MBA and an MS degree. She is a CIPP/E certified privacy specialist as well as a PRINCE2 certified Project Manager. She has worked with companies of all sizes, from startups to Fortune 500, across a wide range of industries (Software and Services, Electronics, Health Care, Government, Education; and Hospitality).

Sharon Kamowitz

Sharon S. Kamowitz


Senior Privacy Consultant

Massachusetts, USA

Sharon is an accomplished attorney and Certified Information Privacy Professional, (CIPP/US) with a broad background in corporate, private practice, and government settings, including over two decades of experience developing, implementing, and managing privacy and compliance programs, and advising on related issues.


Before beginning her consulting career, Sharon was Assistant Privacy Officer at Fresenius Medical Care North America and previously, Director and Associate General Counsel at Coverys, a provider of medical professional liability insurance. In these roles she developed comprehensive privacy programs designed to reduce risk and address applicable regulatory requirements arising under HIPAA, GLBA, GDPR/Privacy Shield, and state data protection laws. Sharon has advised on privacy issues pertaining to clinical healthcare and research, mobile technology, web-based applications and websites, software development, marketing, information governance, and cyber-liability and other insurance coverages. She has worked with publicly traded, privately held, and not-for-profit organizations.


Sharon is consistently recognized for technical expertise, thorough preparation, and the ability to explain legal concepts in the context of broader business implications. Over the years, she has conducted numerous risk assessments; developed a variety of easy-to-understand policies, procedures, and awareness materials; drafted and negotiated HIPAA business associate, data processing and other confidentiality agreements; conducted interactive training sessions for diverse audiences; and managed hundreds of potential security incidents and breaches

James Koons

Mandy Lit


Senior Privacy Consultant

Vancouver, BC, Canada

Mandy is a senior-level data privacy consultant and holds a Masters in Applied Legal Studies degree from the Simon Fraser University, the CIPP-C Professional designation with the International Association of Privacy Professionals (IAPP), and a Lean Six Sigma Green Belt designation.


Over the past 15 years, Mandy has advised and worked with both public sector and private sector organizations in compliance matters with a range of laws and standards including FIPPA. PIPA, PIPEDA, ISO27001, as well as GDPR. Driven by her passion, Mandy helps support organizations to create a privacy aware culture as well as customized solutions unique to their business needs.

Wendy Lozada-Smith

Janalyn Schreiber

CIPM, CISSP, Security+ & Network+

Senior Privacy Consultant

Washington, DC, USA

Janalyn brings 20 years of experience consulting with Fortune 500 companies in the Financial Services, Healthcare, and Oil & Gas sectors on the complexities of managing privacy, protecting data and responding to high profile investigations and litigations.


As a leader in top global consulting firms, Janalyn led teams in conducting risk assessments, building comprehensive data management and protection frameworks, and establishing policies and controls for adhering to complex global privacy and regulatory standards; in systematizing data retention and archiving practices; and in forensic collection and investigation responses in over 20 countries.


Janalyn also approached global privacy and data management issues with technology solutions, leading development of a custom regulatory compliance application; and partnering with Data Analytics teams developing machine learning solutions to rapidly analyze, categorize, and retain/cull structured and unstructured data.


A regular presenter on Global Privacy Strategy and Analytics in Investigation Response, Janalyn is a testifying Expert Witness in the Fourth Judicial District Court, and has spoken extensively in meetings with DOJ, SEC, HHS, FBI and contentious opposing parties to fully articulate her clients’ defensible practices.


Before joining TrustArc, Janalyn was a Managing Director at Navigant Consulting, a Principal at Deloitte, and a Vice President at Xerox Corporation. Her certifications include: Information Privacy Manager Certificate (CIPM) from the International Association of Privacy Professionals (IAPP), Certified Information Systems Security Professional (CISSP) from (ISC)2, and Security+ and Network+ from CompTIA.

Wendy Lozada-Smith

Wendi Lozada-Smith


Senior Privacy Consultant

Texas, USA

Wendi is a global privacy and ethics leader with a unique combination of experience in Global Privacy, Information Security, and IT for Fortune 100 financial services and telecommunications companies. With specialized expertise in CCPA, GDPR, health and financial privacy, and Internet of Things (IOT), she has led teams large and small and provided data protection guidance to global business units operating in more than 60 countries. She has consulted on a broad range of privacy issues including privacy program and policy development, information security best practices, cross border data transfers, risk assessment, and privacy by design.


She has held a variety of IT/Data Protection leadership positions, including serving as AVP Global Public Policy/Privacy for AT&T; VP Corporate Information Security for Wachovia; and Information Security Officer for SACU. She received her Master’s degree from Vanderbilt University and holds four privacy and security certifications: CIPP/US, CIPP/E, CISM, and CISSP.

Betty Robinson

Betty Robinson


Senior Privacy Consultant

Texas, USA

Betty is an attorney and compliance professional with over 10 years of experience providing data privacy and security solutions for clients in both the government and private sectors. She obtained her Juris Doctor and Bachelor’s degrees from the University of Arkansas. Betty is well-versed with both U.S. and global privacy laws including GDPR, PIPEDA, HIPAA, CCPA, GLBA and FERPA as well as industry standards such as PCI DSS.


Prior to joining TrustArc, Betty worked extensively with healthcare privacy for her former client, the U.S. Department of Health & Human Services. Betty has also routinely worked with data privacy for the financial services industry. While working across these industries, she provided guidance regarding data breaches, risk assessments, implementing data protection measures and cybersecurity controls, and protecting the privacy rights of individuals. Betty’s accomplishments include partnering with organizations ranging from sole proprietors to Fortune 100 companies to resolve defects and compliance gaps in their privacy programs.

Kristy Sawyer

Kristy Sawyer


Senior Privacy Consultant

Florida, USA

Kristy is responsible for creating and operationalizing Privacy Programs across several industries. She develops and implements data protection and privacy policies in accordance with local government laws and best practices. She advises her clients on how to identify and manage privacy and information security risks across the enterprise. With 10+ years of Privacy experience, Kristy brings broad global legal expertise to her clients. Notably, her partnerships include consulting with clients to create a global initiative focused on standardizing a scalable privacy program that conforms with cross-jurisdictional legislation and mitigates the risk of a data breach.


Prior to joining TrustArc, Kristy worked for the for the Department of Homeland Security where she served many roles, lastly as a Verification and Biometrics Division Privacy Officer. In that position, she managed all Privacy Office functions, including developing privacy policies, conducting initial and periodic privacy risk assessments, responding to data incidents and developing privacy policies and procedures. She played a critical role in the negotiation and development of information sharing arrangements with domestic and foreign partners ensuring compliance with domestic and foreign laws. This innovative practice set a new standard for the industry.


Kristy’s clients span industries and sectors, including, Accounting, Entertainment, Web Publishing, Customer Relationship Management, Technology and Artificial Intelligence. She is a recognized thought leader in her field and within the privacy community.


Kristy has a JD from the University of Cincinnati College of Law and a Bachelor of Science degree from George Washington University. She is a member of the International Association of Privacy Professionals, a Certified Information Privacy Professional (CIPP/CIPT) and is licensed to practice law in Virginia and Ohio.

Michael Witt


Senior Consultant

Detroit, Michigan, USA

Michael is a senior data privacy consultant on TrustArc’s consulting team. He has 18 years of experience in information governance, privacy, cyber security, and compliance. Michael tailors his consulting approach to clients’ unique business needs and culture to facilitate successful engagements throughout their enterprise.


Prior to consulting, Michael worked in finance, accounting, and corporate IT departments to foster the adoption of technology and promote information governance. He has served as a data privacy and information security consultant for most of the past decade helping clients to understand and mitigate risk, develop compliance programs, and streamline technical processes to support information governance across cloud, on-premise, and third-party environments. These roles have included Principal Risk Auditor
at Blue Cross Blue Shield of Michigan and Interim CISO for a large, national health care system.


Michael has specifically helped clients understand privacy compliance and prepare their operations to support CCPA, GDPR, HIPAA, IPEDA, and POPIA. He is also a former PCI-QSA (Qualified Security Assessor).

Patricia Wynne

Patricia D. Wynne


Senior Privacy Consultant

Pennsylvania, USA

Pat is a subject matter specialist in the areas of data privacy, cybersecurity and regulatory compliance with both industry and consulting experience.


She has worked in the healthcare industry as Chief Privacy and Security Officer and In-house Counsel for a multi-state behavioral healthcare provider. She was responsible for HIPAA/HITECH privacy and security strategy and program development/implementation including enterprise-wide data governance framework, policies and procedures, workforce training and awareness programs, complaint and breach investigation and notification processes, business associate and vendor management processes and risk audit/ risk management processes. Her experience also includes HiTRUST Scoping, as well as FERPA, RedFlag, GLBA, FINRA assessments. She also served as the organization’s in-house legal counsel.


Since 2012, Pat has been consulting in the areas of risk assurance and risk advisory services, and advising clients building compliant and accountable Data Privacy and Cybersecurity programs. Typical projects include risk analysis and gap assessment procedures, gap remediation and on-going consultancy services to ensure required implementation. She also worked with companies defining and building their data governance frameworks and supporting team development responsibilities for data privacy and security programs.


A strong focus of her consultancy services has been HIPAA/HITECH, GDPR and other international data privacy regulations as well as CCPA compliance and implementation. Clients include healthcare providers and insurers, pharma, medical devices and healthcare solutions companies, business associates of various types of service providers, cloud services providers, employment services providers, international professional credentialing organizations, financial services providers and real estate investment companies.

Europe, Middle East & Africa

Xavier Alabart

Xavier Alabart


Senior Privacy Consultant


Xavier is a well-recognized professional with more than two decades experience in advisory and program management in various fields of information governance. His education as a telecom engineer and as a business administrator has led him through a maze of data-related and business disciplines: privacy and data protection as well as information governance, auditing, information security, records and information management, data scientist, systems development, quality management and corporate compliance.


In the recent past, Xavier served as a group data protection officer, a privacy program manager and a privacy consultant in the healthcare and banking industries where he deployed and maintained corporate programs to ensure that Data Protection and Privacy are present in the corporate agenda. In doing so he has dealt with requirements from many jurisdictions and sectors around the world.


Xavier holds several relevant certifications such as CIPP/E, CIPT, International Governance Professional (IGP) and PMP.

Ralph O'Brien

Ralph T. O’Brien


Senior Privacy Consultant

United Kingdom


Ralph has spent over two decades working at the intersection of privacy, security and risk management. Ralph is an experienced data privacy consultant, speaker, trainer, auditor, negotiator and manager. His key passion is in using his knowledge of privacy laws and information governance standards to help businesses develop and grow, engaging stakeholders, and delivering complex projects within the information governance sphere.


Ralph is a trusted advisor on Global Privacy and Security compliance, practices and management for the past two decades. He believes good information governance adds business value to achieve business objectives and return on investment. His role includes acting as a senior level “translator” between IT, business and compliance professionals, thought leadership, business development, partnerships and product development. His experience includes strategic Privacy Management and GDPR adoption programs, advisory services and assurance delivery in global multinational environments.


Prior to that, he has been an experienced Product and Services business development lead, Principal Consultant and Manager, delivering training, consultancy and audit of data protection, business continuity and information security – Management of consultancy and audit teams across multiple topics, responding to tenders and delivering solutions proposals.


He has worked in a wide variety of industry sectors including the with a focus on Defense, Public Sector, Technology, Pharma and Financial Services, representing both multinational corporations and boutique specialist consultancies.


He continues to be a hands-on practitioner, combining business level consultancy with training and technical experience across ISO/IEC 27001, BS 10012, ISO 9001 and ISO 22301 standards through to certification. He was responsible for the first global joint 27001/25999 management system to be certified and sits on the international and British committees responsible for ISO 27001, BS 10012 and ISO 27701.


With a focus upon business processes and the protection of information, and an ethos of management assurance, risk management and knowledge transfer he continues to ensure effective protection of assets appropriate to the business needs of the client.

Asia Pacific

Annelies Moens

Annelies Moens


Senior Privacy Consultant

New South Wales, Australia


With close to 20 years’ experience, Annelies is a widely recognized global privacy expert and thought leader, trusted by business executives, government and privacy professionals. She works with clients globally to uplift privacy maturity.


She has held several senior leadership roles in privacy and related fields. Annelies’ career in privacy started in 2001 at the Australian privacy regulator where she managed privacy audits and investigations. Annelies co-founded the International Association of Privacy Professionals in Australia and New Zealand in 2008. She held elected roles during her six-year Board term, including as President.


Annelies has been a Group Manager and Chief Privacy Officer at a copyright licensing agency, External Relations Manager at an online legal publisher, and Deputy Managing Director of a privacy consultancy. In the latter role she directed and led a team of consultants and supervised hundreds of client deliverables, including privacy strategies, privacy health checks, privacy impact assessments, data breach notifications, cross-border data flows, cloud, and privacy by design. She also helped transform a major New Zealand government agency with the lowest trust and confidence score to being a lead agency exemplifying privacy best practices.


Annelies has presented at many national and international forums (including APEC, APPA, IAPP, CIPL, AICD, AISA) on the convergence of competition and privacy regulation, artificial intelligence and privacy, data breaches, and the cross-border privacy rules system.

Learn how TrustArc Security and Privacy Consulting Team can help you build and manage your privacy program.