A portrait of Rebecca Herold

Rebecca Herold & Associates, LLC

Your trusted source for effective information security,
privacy and compliance tools, education and consulting.
The Privacy Professor

2018 Privacy Heroes

Throughout 2018, we recognized an individual or team who has gone over and above to advance data security and/or privacy in their corner of the world. We had many nominations! Here are the ones we featured in each of our monthly issues:

February 2018: Meredith Leitch at Intel Corporation

Meredith has found a unique, fun and totally relevant way to engage employees in privacy awareness. A communications manager for Intel, Meredith is taking privacy awareness mainstream in the corporate world through her beautifully created series of innovative and humorous videos. She partnered with a company in the UK called Twist and Shout to produce the brief, completely relatable mini films that remind workplace viewers "Privacy is everyone's responsibility."

If you're interested in learning how Meredith created the series, take a listen to this Twist and Shout podcast episode.

Meredith, from all of us at The Privacy Professor, thank you for being a privacy advocate and champion! Your special effort to raise awareness of the small things we do each day that can endanger our privacy and security is worthy of much greater attention, and we hope you receive it. Kudos!


March 2018: Mari J. Frank

Mari Frank, CIPP, is an attorney and author who has devoted her career to raising awareness of data security and privacy threats facing consumers and businesses.

She is the author of several books, including The Complete Idiot's Guide to Recovering From Identity Theft and Safeguard Your Identity. She hosts her own radio show, Privacy Piracy, and was the host of the nationwide broadcast of the PBS Television special, Protecting Yourself in the Information Age. Mari has appeared on dozens of national TV programs and has been quoted by many journalists for their stories on data security and privacy issues.

In addition to her work to educate, she has donated countless hours to help victims of fraud and identity theft. Her devotion to this work is among the reasons she was named to Money Magazine's list of Money Heroes.

Mari has a keen understanding of the influence government officials have in protecting citizens from harm in our increasingly connected world. She has testified many times in Congress and the California legislature, as well as spoken at the White House, on important issues related to data security and privacy.

Several industries have come to rely on Mari's expertise. She has chaired the California State Bar Privacy Committee, and she advises 3M's Visual Privacy Council. She serves as a Fellow for the Ponemon Institute and was advisor to the California Office of Privacy Protection.

Want to hear some of Mari's advice? Listen to this Voice America show episode for a recent, insightful and wholly educational conversation we had about identity theft.


April 2018: Pauline Reich

Pauline has spent the past sixteen years as a tenured full professor in Japan teaching, founding and directing the Asia-Pacific Cyberlaw, Cybercrime and Internet Security Research Institute, speaking at conferences and collaborating with law, policy and tech experts across the globe about cybersecurity and privacy laws, regulations and other legal matters. She recently retired after 22 years as a tenured full professor at Waseda University School of Law in Tokyo, Japan.

Pauline has been sole editor of the long-running privacy and cybersecurity law publication Cybercrime and Security (Thomson Reuters/West/Westlaw), updated quarterly for three consecutive U.S. law publishers since 2003. The three volume law treatise includes among its contributors former White House cyber officials.

Another publication, co-authored with the late Dr. Eduardo Gelbstein, formerly of the United Nations, is Law, Policy and Technology, published by IGI Global in 2012. She continues to be a frequent speaker at conferences throughout U.S., Europe and Asia and a consultant.

In 2017, Pauline was named an Information Security Educator honoree by (ISC)2. She is an incredible example of how much awareness can truly be created when a career is devoted to opening eyes and minds to the important data security and privacy issues we face today.


June 2018: Tara Taubman-Bassirian

Tara goes by many titles: lawyer, advocate, mediator, researcher, consultant, speaker and writer. With incredible expertise in areas like privacy, intellectual property and data protection, she has made a name for herself in several areas of the world, most notably the UK, France and the US.

An early adaptor of emerging technologies, Tara makes it her business to understand intimately the challenges presented by regulations in the era of high connectivity. This is how she has become a trusted advisor to individuals and businesses looking to navigate the legal pathways to justice in the internet age. Over the past couple years, Tara has been very active in raising awareness of the new EU General Data Protection Regulation (GDPR), advising businesses on the relevant compliance requirements.

Tara is heavily involved raising awareness around privacy issues, rights and regulations. She is a member of ICANN's Noncommerical Users Constituency, the European Network and Information Security Agency (ENISA) and Society for Computers Law. She co-authored "Online as Soon as It Happens" and is a volunteer mediator for Mediation North Surrey where she extends community mediation to copyright conflict resolution.

A few years back, Tara and I co-founded a Facebook group, Fly A Kite, dedicated to coping with and eradicating cyber-bullying, something near and dear to the two of us.


July 2018: CVS Security Awareness Team

Led by Julie Rinehart and Nicole Thibault (in the picture), CVS Health's annual Information Security conference is an internal effort aimed at continuing to grow the company's culture of security.

The team also leverages October's National Cyber Security Awareness Month for a company-wide event that hosts speakers who address topics of interest to a wide audience. The topics apply both at home and work.

Julie tells us that CVS Health believes privacy and cyber security go together. That is why they so adeptly blend the two issues throughout their programs. Support from CVS Health's leadership helps make each of their events possible year after year.

I was honored to be a part of CVS Health's 2017 Information Security conference. It was an impressive effort by a company with a large circle of influence. I was especially impressed by the obvious attention to detail and planning, and it sure paid off. The event attracted a large turnout of employees who had really great questions.

Julie, Nicole and the leadership of CVS Health are to be commended!


August 2018: Drs. Katina & M.G. Michael

Professors Katina and M.G. Michael have been working to shine a light on privacy concerns for nearly their entire careers. The pair has co-authored numerous papers and books, most recently "Uberveillance and the Social Implications of Microchip Implants: Emerging Technologies".

A recent guest of my radio show, Data Security & Privacy with the Privacy Professor, Dr. Katina joined us to talk about the uberveillance threat, a term her husband and co-collaborator M.G. coined in 2006. Dr. Katina is currently a Professor in the School of Computing and Information Technology at the University of Wollongong in Australia. Prior to joining the university, she was Senior Network Engineer at Nortel Networks.

Dr. M.G. brings a unique, cross-disciplinary perspective to the international conversation around privacy, as he is a theologian and a historian. Also posted at the University of Wollongong's School of Computing and Information Technology, Dr. M.G. is an Associate Professor. Previously, he was coordinator of Information & Communication Security Issues for the university.

The focus of Dr. Katina & Dr. M.G.'s research, writing and speaking touches on a number of fascinating topics, from cryptography and the auto-ID trajectory to biometrics and chip implants. If you ever get the chance to attend a talk by either of these very bright, very passionate and very educated individuals, take it. They are doing great things to put the international community of consumers, business and governments on the right path to protecting our most precious digital assets, among them, our identities!


September 2018: Dr. Larry Ponemon and Susan Jayson

Dr. Larry Ponemon and his wife Susan Jayson are co-founders of the Ponemon Institute, a research think tank dedicated to advancing privacy, data protection and information security practices.

They were the first researchers to collect and maintain privacy statistics, as well as perform analysis on those statistics. It was an incredibly important contribution to the field. The data has been instrumental to the creation of a rich history, detailing how privacy trends in many different industries and areas of life have evolved over time.

I've personally relied on Ponemon Institute stats and research for years, and have seen firsthand how so many organizations depend on Dr. Ponemon's and Ms. Jayson's work to guide their privacy and information security decisions.

Dr. Ponemon is considered a pioneer in privacy auditing and the Responsible Information Management (RIM) framework. Security Magazine named him one of the "Most Influential People for Security." In addition to being a researcher and advocate, Dr. Ponemon is an educator. He is an adjunct professor for ethics and privacy at Carnegie Mellon University's CIO Institute and a fellow at the Center for Government Innovation at the Unisys Corporation.

With more than 20 years of experience in financial communications, Ms. Jayson now serves as executive director of the Ponemon Institute. She has worked in investor relations and communications for The Financial Relations Board (FRB) in New York and Qorvis Communications in Washington D.C. Ms. Jayson was also the technical editor of Management Accounting magazine for more than 10 years.

Please join me in celebrating another dynamic duo the security and privacy industry. We are so fortunate to count them among our community's leadership!


October 2018: Daniel J. Solove

Daniel Solove is the John Marshall Harlan Research Professor of Law at the George Washington University Law School. He founded TeachPrivacy, which provides privacy and data security training to businesses, schools, health care institutions and other organizations.

One of the world's leading experts in privacy law, Daniel is the author of 10 books and more than 50 articles. As a long-time expert in privacy law, he has contributed so much to the business community. I am the proud owner of several Daniel Solove books. And, I know many business leaders who also use his books as an important legal resource when they are confronting privacy issues.

Over the many years I've known Dan, I've always been impressed by his dedication to increasing awareness of privacy laws and related risks. He does so much to raise awareness of privacy issues through his many speeches, events and his own training business.

Please take the time to poke around his website. It's full of great information and inspiring educational pointers and take-aways. The Privacy+Security blog is especially rich with content.


November 2018: Joanne McNabb

As the former chief of the California Office of Privacy Protection, Joanne McNabb has been front and center for some of the United States' most meaningful advances in privacy legislation. She was involved in the first U.S. state breach notice law, SB 1386, which became the de facto model for most subsequent U.S. state and territory breach notice laws. In fact, she wrote the first breach notice ever (before the law had even taken effect). It was for the breach of state employee data that inspired the legislation.

Under her leadership from 2001 to 2012, Joanne's office continued to research consumer privacy issues and weigh in on additional privacy laws for California. Many of these laws became models for other states, and in many ways, federal regulations emerging during that time.

When Joanne became Director of Privacy Education and Policy for the California Department of Justice, she created an entirely new online resource. Yet again, her efforts set the stage for the development of the many important privacy rights, laws and awareness websites and digital resources that exist today.

In 2017, Joanne retired from state service. Today, she is a consultant for California Privacy Consultants, providing a variety of organizations with research and recommendations on privacy issues and practices.

Considering the consumer privacy rights, education and legal protection trails she blazed, Joanne is a privacy hero to so many. The impact of her passion and effort expands far beyond California, throughout the U.S., and in other parts of the world that have often looked to California for examples of privacy education and legal protections.


December 2018: Philip Zimmermann

The first personal encryption tool I ever used back in the early 1990s was PGP, developed by Philip R. Zimmermann. The free solution effectively democratized high security for individuals and small businesses, which prior to PGP's development simply couldn't afford to encrypt sensitive and personal data.

Philip is also the author of a favorite quote of mine: "If privacy is outlawed, only outlaws will have privacy."

In 1991, after Philip published PGP for free on the Internet and it began to spread worldwide, he became the target of a three-year criminal investigation. The U.S. government alleged he had violated U.S. export restrictions on cryptographic software. Thankfully, the case was dropped in early 1996.

Philip went on to become an advisor and consultant to PGP Corporation, which was ultimately acquired by Symantec in 2010. For the last 15+ years, his focus has been on secure telephony for the Internet. He developed the ZRTP protocol, as well as Silent Phone and Zfone, and co-founded Silent Circle, a provider of secure communications services.

Rightfully so, Philip has received numerous honors and awards. In 2014, he was inducted into the Cyber Security Hall of Fame, and Foreign Policy Magazine named him one of the Leading Global Thinkers of 2014. The next year, Philip received the U.S. Privacy Champion Award from the Electronic Privacy Information Center.