John Pilch

Get To Know John

With 25 years of experience in global privacy, data protection, and internal control at two Fortune 500 companies, John connects with teams developing and executing privacy and data security programs, both within and outside the legal organization. He assists clients in complying with privacy laws such as GDPR, UK GDPR, PIPEDA, CCPA, and Virginia’s Consumer Data Protection Act. John also has expertise in identifying cybersecurity and data privacy risks, applying control frameworks (NIST, COSO, CMMC) to organize and communicate concerns to executive management, and in developing and implementing corrective actions.

John is a Certified Information Systems Security Professional (CISSP) and a Certified Information Privacy Professional for the U.S. and Europe (CIPP/US, E).

John came to Woods Rogers looking for a broader range of cybersecurity and data privacy experiences than he had faced in his prior career. Woods Rogers and their clients have provided that, and more.

Experience

Worked with a global company to comply with GDPR requirements by implementing Standard Contractual Clauses between 250+ legal entities in more than 35 countries.
Drafted Privacy Policies and Notices for small internet-based businesses, a mid-sized construction company, a large utility, and several global manufacturing firms.
Drafted Data Protection Agreements, Transfer Impact Assessments, Data Protection Impact Assessments, and Data Subject Access Request procedures for various clients.
With other members of the Woods Rogers team, provided data breach support to local government entities, schools systems, and manufacturing, retail, and technology companies.
Prior to Woods Rogers, led the privacy function for a company with 50,000 employees across more than 30 countries, including those in the European Union, the United Kingdom, Canada, and Brazil, as well as California, Virginia, and other states in the United States.
Prior to Woods Rogers, developed, implemented, and led programs to ensure global compliance with the IT-oriented requirements of the Sarbanes-Oxley Act (SOX).

Credentials

Recognition

Certified Information Systems Security Professional (CISSP)

Certified Information Privacy Professional for the U.S. and Europe (CIPP/US, E).

Education

University of Michigan, M.B.A., with High Distinction

University of Virginia, B.A.

News & Insights

Speaking Engagement
Cybersecurity & Data Privacy
9-1-1 Cyber Summit (2024 Virginia APCO/NENA/Interoperability Fall Conference)
Article
Cybersecurity & Data Privacy, Health Law
HHS Updates Its Guidance on Online Tracking Technologies – Controversy Remains
Article
Cybersecurity & Data Privacy
Executive Order Prohibits Transfer of Sensitive Personal Data to “Countries of Concern”
Article
Cybersecurity & Data Privacy
Meta Fined €1.2 Billion in Facebook Data Privacy Case: Should US Companies Be Concerned?
Article
Cybersecurity & Data Privacy, Health Law
Reviewing Online Tracking Technologies Could Keep HIPAA-Regulated Entities Out of Hot Water

Publications

Virginia: CDPA requirements for data controllers | OneTrust DataGuidance | January 4, 2022

Virginia: The CDPA Work Group’s final recommendations | OneTrust DataGuidance | November 23, 2021

Virginia – Cookies & Similar Technologies | OneTrust DataGuidance | September 30, 2021

Virginia: CDPA Requirements and Vendors | OneTrust DataGuidance | April 29, 2021

Virginia: Assessment Requirements Under the CDPA | OneTrust DataGuidance | April 19, 2021

International: Comparing Virginia’s CDPA with the CPRA and the GDPR | OneTrust DataGuidance, February 2021

_{Matter results depend upon a variety of factors unique to each case. Past results do not guarantee or predict a similar result in any future matter. Some material on this site may be considered attorney advertising in some jurisdictions.}