Board of Advisers
Our exclusive board of advisers guides this site’s coverage of security, fraud, privacy, risk management
and other key issues. These experts provide input about the latest hot topics and contribute insight for news
coverage, podcast interviews and guest blogs. They regularly offer expert advice about regulatory compliance and the
current threat landscape, as well as provide insights about risk management strategies and security technologies.
Vice President, Experian Data Breach Resolution
Michael Bruemmer is Vice President, ExperianÂ® Data Breach Resolution at Experian Consumer Services, the leading provider of online consumer credit reports, credit scores, credit monitoring, other credit-related information, and protection products. With more than 25 years in the industry, Michael brings a wealth of knowledge related to business operations and development in the identity theft and fraud resolution space where he has educated businesses of all sizes and sectors through pre-breach and breach response planning and delivery, including notification, call center and identity protection services.
former Regulator, U.S. Department of Health and Human Services; Partner, Davis Wright Tremaine LLP
Greene is a partner in the Washington, D.C. office of Davis Wright Tremaine and co-chair of its Health Information Group. He primarily counsels health care providers, technology companies, and financial institutions on compliance with the HIPAA privacy, security, and breach notification rules. Previously, Greene was a regulator at the U.S. Department of Health and Human Services, where he played a fundamental role in administering and enforcing the HIPAA rules. At HHS, he was responsible for determining how HIPAA rules apply to new and emerging health information technologies and was instrumental in the development of the current HIPAA enforcement process. Greene is the Chair of the HIMSS Cloud Security Workgroup and is a frequent speaker and author on health information privacy and security issues.
Rebecca Herold is partner and co-founder of SIMBUS360 Security and Privacy Services. She is also CEO of the privacy and security consulting firm The Privacy ProfessorÂ®, and author of 17 books on information security and privacy. She has more than two decades of information privacy, security and compliance experience.
Co-Founder and CEO, CynergisTek, Inc.
McMillan is co-founder and CEO of CynergisTek Inc., a firm specializing in information security and regulatory compliance. He has more than 30 years of federal and private sector experience in managing and delivering information security services and is chair of the HIMSS Privacy and Security Steering Committee.
Partner, Co-Chair - Data Protection, Privacy & Access to Information (US), Norton Rose Fulbright
David Navetta is a U.S. Co-Chair of Norton Rose Fulbright's Data Protection, Privacy & Cybersecurity practice group. Navetta focuses on technology, privacy, information security and intellectual property law. His work ranges from compliance and transactional work to breach notification, regulatory response and litigation. Navetta has served a wide range of clients from large Fortune 500 multinationals, retailers, healthcare companies and financial institutions, to sophisticated technology companies, traditional brick-and-mortar companies, energy companies and startups. He is a Certified Information Privacy Professional through the International Association of Privacy Professionals and previously served as a Co-Chair of the American Bar Association's Information Security Committee.
Partner, Cybersecurity, Information Governance and Privacy, and Financial Services Litigation practices, Troutman Sanders
Raether is a partner in the Cybersecurity, Information Governance and Privacy, and Financial Services Litigation practices at Troutman Sanders. He is known as the interpreter between the business and information technology, guiding both parties to the best result. In this role, he has assisted companies in navigating federal and state privacy laws for almost 20 years. His experience with technology related issues, including data security, patent, antitrust, and licensing and contracts, helps bring a fresh and creative perspective to novel data compliance issues. Raether has been involved in seminal data compliance cases, assisting one of the first companies required to provide notice of a data breach and successfully defending companies in over 50 class actions. He also has represented companies in over 200 individual FCRA cases involving CRAs, resellers, furnishers, users, and public record vendors. He has developed a reputation for assisting companies not traditionally viewed as subject to the FCRA or with FCRA compliance questions where the law remains uncertain or unresolved.
Raether not only works with companies which have experienced unauthorized access to consumer data or have been named defendants in class actions and before regulators, but also has advised companies in developing compliance programs to proactively address these issues. As a thought leader, he speaks nationally and publishes frequently on cutting-edge compliance issues. He is also a Certified Information Privacy Professional.