John provides experienced insight into data privacy programs and data breach response issues for organizations large and small.
Get To Know John
With 25 years of experience in global privacy, data protection, and internal control at two Fortune 500 companies, John connects with teams developing and executing privacy and data security programs, both within and outside the legal organization. He assists clients in complying with privacy laws such as GDPR, UK GDPR, PIPEDA, CCPA, and Virginia’s Consumer Data Protection Act. John also has expertise in identifying cybersecurity and data privacy risks, applying control frameworks (NIST, COSO, CMMC) to organize and communicate concerns to executive management, and in developing and implementing corrective actions.
John is a Certified Information Systems Security Professional (CISSP) and a Certified Information Privacy Professional for the U.S. and Europe (CIPP/US, E).
John came to Woods Rogers looking for a broader range of cybersecurity and data privacy experiences than he had faced in his prior career. Woods Rogers and their clients have provided that, and more.
Experience
- Worked with a global company to comply with GDPR requirements by implementing Standard Contractual Clauses between 250+ legal entities in more than 35 countries.
- Drafted Privacy Policies and Notices for small internet-based businesses, a mid-sized construction company, a large utility, and several global manufacturing firms.
- Drafted Data Protection Agreements, Transfer Impact Assessments, Data Protection Impact Assessments, and Data Subject Access Request procedures for various clients.
- With other members of the Woods Rogers team, provided data breach support to local government entities, schools systems, and manufacturing, retail, and technology companies.
- Prior to Woods Rogers, led the privacy function for a company with 50,000 employees across more than 30 countries, including those in the European Union, the United Kingdom, Canada, and Brazil, as well as California, Virginia, and other states in the United States.
- Prior to Woods Rogers, developed, implemented, and led programs to ensure global compliance with the IT-oriented requirements of the Sarbanes-Oxley Act (SOX).
Credentials
Recognition
Certified Information Systems Security Professional (CISSP)
Certified Information Privacy Professional for the U.S. and Europe (CIPP/US, E).
Education
University of Michigan, M.B.A., with High Distinction
University of Virginia, B.A.
News & Insights
Publications
Virginia: CDPA requirements for data controllers | OneTrust DataGuidance | January 4, 2022
Virginia: The CDPA Work Group’s final recommendations | OneTrust DataGuidance | November 23, 2021
Virginia – Cookies & Similar Technologies | OneTrust DataGuidance | September 30, 2021
Virginia: CDPA Requirements and Vendors | OneTrust DataGuidance | April 29, 2021
Virginia: Assessment Requirements Under the CDPA | OneTrust DataGuidance | April 19, 2021
International: Comparing Virginia’s CDPA with the CPRA and the GDPR | OneTrust DataGuidance, February 2021
Matter results depend upon a variety of factors unique to each case. Past results do not guarantee or predict a similar result in any future matter. Some material on this site may be considered attorney advertising in some jurisdictions.
