9 a.m. Keynote

[Your Data] Here, There and Everywhere: Why Privacy Starts with Engineering

Privacy should not be confined to policy documents or consent screens. It lives in code, interfaces, applications and products. As technology evolves faster than regulation, the future of privacy depends on how well we can engineer it into the systems we design. This keynote examines how privacy engineering is redefining what it means to “do privacy” in a changing world. We’ll discuss its evolution as a discipline, the frameworks and methods shaping application privacy today and the contextual gaps that demand attention from researchers, regulators, and industry leaders. 

Dr. Kim Wuyts is a leading privacy engineer with close to 20 years of experience in security and privacy. Before joining PwC as Manager Cyber & Privacy, Kim was a senior researcher at KU Leuven where she led the development and extension of LINDDUN, a popular privacy threat modeling framework. Her mission is to raise privacy awareness and get organizations to embrace privacy engineering best practices. She is a guest lecturer, experienced speaker, trainer and invited keynote at international privacy and security conferences such as OWASP Global AppSec, RSA, Troopers, CPDP and IAPP DPC. Kim is also a co-author of the Threat Modeling Manifesto, and program co-chair of the International Workshop on Privacy Engineering.  

10 a.m.

From Theory to Practice: Building an AI Compliance Program Using DOJ Guidance and Ohio State’s Compliance Framework

Explore the practical journey of designing and implementing an artificial intelligence compliance program at Ohio State, guided by DOJ principles and the university’s own framework. Attendees will gain insights into real-world challenges, strategic priorities, and lessons learned in managing AI risks, regulatory pressures, and operational controls. The presentation highlights actionable steps for building effective governance, training, and issue response processes that support responsible and ethical AI innovation. 

Rob Moormann serves as Privacy Lead at The Ohio State University, overseeing the creation and implementation of the Privacy Program and ensuring compliance with state, federal, and international regulations. Additionally, Rob reviews, drafts and develops policies, conducts risk assessments and privacy impact assessments, and collaborates across the entire university and medical center enterprise on privacy issues.  Before his current role, Rob served as Director of Compliance within the university’s Office of University Compliance and Integrity, defining, rating and reporting compliance risks and building processes to mitigate those risks through controls and imbedded testing and monitoring. Rob collaborated with leaders throughout the university and supported colleagues in proactive compliance planning, including collecting, analyzing, and reporting on trending regulations/litigation and investigations/issue response data.  Rob joined Ohio State in 2015 as the university’s second Director of Public Records. In this role he advised the entire university community on state and federal freedom of information regulations, processed thousands of information requests and helped solve complex issues often requiring a delicate balance between privacy and transparency.  

From Confidentiality to Collaboration: Evolving Threat Assessment Practices in a Changing World 

Threat assessment is not just about data—it’s about people. Every piece of information we gather belongs to someone, and how we use it can profoundly impact lives. In this session, we’ll explore how the Office of Threat Assessment navigates the evolving landscape of privacy, technology, and political polarization while maintaining ethical integrity. Attendees will learn strategies for balancing confidentiality with confidence-building, fostering collaborative relationships and human-centered prevention efforts in an AI-driven world. 

Moni Marcelo serves as the director of the Office of Threat Assessment at the University of Illinois Urbana-Champaign, where she oversees behavioral threat assessment and management efforts across the main campus, a primary and laboratory high school, and a regional commuter airport. In this role, Moni provides consultation to reporting parties and leads coordination and outreach efforts to ensure concerns are appropriately assessed and monitored. She is a Certified Master Trainer through the U.S. Department of Homeland Security and an active member of the Association of Threat Assessment Professionals (ATAP), currently serving as Secretary for the ATAP Great Lakes Chapter. Moni is also the co-founder and current President of the Higher Education Threat Assessment Alliance (HETAA), an international network of professionals dedicated to advancing threat assessment practices in higher education. 

11 a.m.

Under the Hood: Unmasking the Privacy and Security Crisis in Connected Vehicles 

Modern vehicles have evolved far beyond transportation, they’re now sophisticated IoT endpoints collecting vast amounts of personal data. We will discuss what personal data companies collect and what they do with it, data security and privacy risks modern cars pose to individuals and companies—from data leakage and data breaches to the 4th amendment exception, device-centric universal opt out mechanisms, car-specific IoT recommendations from the IoT Advisory Board to the U.S. Dept of Commerce disabling remote access technology and more.
This session will not be recorded.

Merry Marwig is a pro-consumer, pro-business privacy advocate who is optimistic about what data privacy rights mean for everyday people—and for the companies they do business with. At Privacy4Cars, the world’s leading authority on vehicle privacy and data security, she helps protect driver and passengers’ personal data while creating business opportunities for automotive companies. Merry holds three IAPP certifications (FIP, CIPP/US, CIPM), is certified in Logical AI Governance, and earned a master’s degree from the University of Illinois Urbana-Champaign. 
This session will not be recorded.

Overview of University of Illinois System Data Strategy with a Privacy Lens

Get an overview of the University of Illinois System Data Strategy including achievements and focus for this fiscal year, and the privacy aspects of the strategy. We will close by asking for your feedback and ideas so we can continue to be effective in helping you be successful. 

Dimuthu Tilakaratne is chief data officer for the University of Illinois System and leads the implementation of data strategy across our three universities and the system offices. His focus is on delivering key goals in data services, literacy, governance, privacy, and data capabilities. As a key advocate for data management and analytics, he works to enhance our data-informed culture by fostering cross-functional relationships, facilitating appropriate data access, and building confidence and trust in the quality, integrity, and privacy of our data. Dimuthu is a value-centric leader with over 15 years of experience delivering data and analytics capabilities for universities. He has contributed to ERP modernization efforts and delivered enterprise level data and analytics services for multiple universities. 

Stephen Collette manages the Privacy Operations team within the Office of the CIO at University of Illinois Urbana-Champaign. His focus is enabling data usage at the university while encouraging a privacy principle-based method of doing so, centered around the individual and potential impacts to them. Prior to joining University of Illinois, Stephen worked at a large, international corporation where he led both its Records and Information Management program and their multinational privacy program for its headquarters organization and the nine distinct institutions it owned. 

LUNCH BREAK

1 p.m.

Privacy’s Paradox: More Awareness, More Abuse

We live in a paradox: privacy awareness has never been higher, privacy legislation has never been more robust, yet personal data exploitation has never been more pervasive. For privacy professionals, this disconnect breeds cynicism. But I argue that this paradox itself contains reasons for hope. The gap between our values and our reality isn’t evidence of failure—it’s the space where change becomes possible. And our ability to see that possibility may be our profession’s greatest asset. 

Michael Corn is an executive strategic consultant at Vantage. Bringing more than 25 years in the field to this role, Michael’s areas of interest include research security, AI security, identity management, and organizational resilience. Michael works with higher education institutions to enhance and evolve their cybersecurity posture while making security and privacy principles accessible and useful for the entire campus community. He also leverages his knowledge and experience to help clients discover strategic opportunities and harness innovation to advance institutional priorities. 

Prior to joining Vantage, Michael served as the cybersecurity advisor for research infrastructure at the National Science Foundation. He also brings a long career in higher education to the team, having previously served as CISO at the University of California at San Diego; the CISO, CPO and Deputy CIO of Brandeis University; CISO of the University of Illinois system and the CISO and Chief Privacy and Security Officer of the University of Illinois at Urbana-Champaign. 

From Frameworks to Frontlines

The session connects big-picture privacy principles with the realities of daily decision-making in higher education IT.  In the first segment, we’ll explore how to keep privacy “in motion” as automation, analytics and AI reshape how student and institutional data are collected and used. We’ll talk about how to turn compliance frameworks into flexible, everyday habits that build trust.  In the second segment, we’ll put those ideas to the test through a live “Privacy Fire Drill”. We’ll respond to a realistic, AI driven data exposure scenario – surfacing blind spots, applying recent enforcement trends and walking away with a repeatable framework to strengthen the university’s privacy readiness. This session will not be recorded.

Erica Irvin is a visionary legal executive and seasoned strategist with nearly 30 years of experience guiding complex commercial, technology, and innovation-driven legal matters across Fortune 50 companies and high-growth industries. As a Senior Vice President in the Legal Department at Lowe’s Companies, Inc., Erica leads enterprise legal support for commercial operations, digital innovation, and emerging technologies—embedding legal foresight and ethical design into the company’s transformation strategy. Known for building high-performing legal teams from the ground up, Erica blends deep regulatory expertise with business acumen to help companies scale responsibly in a data-driven world. Her career spans leadership roles at Albertsons, Adtalem Global Education, BrightView, and major telecom and fintech companies, where she’s steered privacy, AI governance, and operational resilience, including leading emergency evacuations and developing school-at-sea programs in the wake of natural disasters. Erica brings a rare combination of legal insight, digital fluency, and leadership presence to every table she joins. She has served as a panelist and faculty member for the Practising Law Institute and ANA Masters of Advertising Law, the Interactive Advertising Bureau and had a great time judging the Future is Female Awards for the Ad Club of New York (where she also received an Innovator Award). She is also an advocate for neurodiversity in the workplace through her board work with Creative Spirit. 

2 p.m.

“I Have this Data. What Is it and Where Do I Put it?”
Making Data Classification and Storage Decisions Accessible to Uninitiated Users 

Higher education institutions manage vast and diverse data sets every day, ranging from student records to cutting-edge research. Ensuring that this data is properly classified and stored in compliance with evolving regulations can be daunting. In this session, we will share how Arizona State University tackled this challenge by creating a streamlined, self-service wizard that assists users in accurately classifying their data and identifying the applicable regulations. Beyond classification, we’ll demonstrate how regulatory requirements can be directly mapped to approved storage solutions, offering a clear, actionable pathway for anyone handling institutional data.

Ben Archer, MBA, PMP, CIPP/US, CIPT, FIP, is a privacy and data governance leader with extensive experience in higher education and compliance. As Privacy Manager at Arizona State University, he drives enterprise-wide privacy strategy, ensuring alignment with a variety of regulations. Ben specializes in privacy program development, risk assessment and regulatory compliance. A frequent presenter, he has developed and delivered trainings on topics including privacy fundamentals, GDPR and data governance. 

Bri Mascheri is a seasoned cybersecurity professional with nearly a decade of experience across government and higher education sectors, specializing in security, incident response and audits. With a talent for transforming chaos into actionable strategies, she also excels in mentoring the next generation of cyber defenders. In the Matrix, everyone asks, “What is real?” and Bri asks, “What does accurate data really mean?” 

Why Privacy Professionals Need to be “Paranoid”

Privacy work is challenging work. It’s about the details. It’s about specifics. It’s about nuance. There’s a lot to think about in a world where change is the only constant, where relentless data collection, evolving regulations, and sophisticated cyber threats mean vigilance isn’t optional, it’s essential.

In this session, Stephen Collette, manager of the Privacy Team at the University of Illinois Urbana-Champaign, along with special guests, will explore these areas and why privacy professionals are often seen as paranoid when it comes to data use. They’ll dive into the increasing rate of data collection and use, global privacy challenges, and the impact of Artificial Intelligence. Attendees will gain insights on what to watch for, how to mitigate risks, and the key questions everyone concerned about privacy should be asking. 

Stephen Collette manages the Privacy Operations team within the Office of the CIO at University of Illinois Urbana-Champaign. His focus is enabling data usage at the university while encouraging a privacy principle-based method of doing so, centered around the individual and potential impacts to them. Prior to joining University of Illinois, Stephen worked at a large, international corporation where he led both its Records and Information Management program and their multinational privacy program for its headquarters organization and the nine distinct institutions it owned. 

Jennah Graham received her undergraduate degree in psychology with a minor in business management. She subsequently attended Northern Illinois University College of Law where she received her Juris Doctorate. Jennah worked as a law clerk in private practice during law school. After receiving her law license, she continued in private practice as an attorney focusing on family law, residential real estate and general civil litigation. Jennah joined the University Ethics and Compliance Office in November of 2023 as a senior coordinator of compliance responsible for assisting the Associate Director of University Compliance with maintaining, enhancing, and evaluating the System level compliance program. 

Mike Cervone is a product owner for Technology Services. He is currently involved in bringing AI technologies to the Illinois campus, including Microsoft Copilot, ChatGPT, Zoom AI Companion and Google Gemini.

3 p.m.

Fight AI with AI: Navigating Privacy and Security in an Era of Accelerating Change 

Today’s threat landscape has been transformed by AI-powered adversaries—lowering the barrier to entry, accelerating attack speed and increasing sophistication. As AI reshapes both attack and defense, organizations must secure at machine speed without sacrificing privacy. Join industry leaders for an interactive panel discussion on how adversaries are weaponizing AI, where AI delivers real defensive gains, and how to design privacy-preserving security operations that balance security and privacy demands. We’ll discuss tactics to raise security maturity while respecting privacy in an era of accelerating change. 

Matt Singleton is an executive strategist at CrowdStrike, professor of cybersecurity at the University of Oklahoma and former chief information security officer for the State of Oklahoma, where he completely rebuilt Oklahoma Cyber Command into a world-class program and launched the Oklahoma Information Sharing and Analysis Center. Previously, Matt served as chief operations officer for the state’s information services division, state CIO for Education and in multiple leadership roles for the University of Oklahoma. Matt holds a master’s degree from Georgetown University in Applied Intelligence, specializing in Cyber Intelligence, Homeland Security and Counterterrorism. He also holds a bachelor’s from OU and multiple industry certifications. 

Maria S. Thompson is the state and local government executive government advisor – cybersecurity for Amazon Web Services. In this role, she brings over 20 years of experience in information technology, strategic planning, computer network defense and risk management. Prior to her role with AWS, Maria served as North Carolina’s first state chief risk and security officer.

Privacy in Practice: A Multi-Institution Q&A Session with Registrar Staff 

Join registrar staff from several institutions for an interactive Q&A session exploring practical strategies for protecting student privacy. Panelists will compare approaches, share lessons learned, and discuss how universities can navigate evolving policies, technologies, and expectations while safeguarding sensitive student information. 

Helen Garrett became the University of Washington’s inaugural university registrar and chief officer of enrollment information services in February 2016. She has an extensive background in admissions, registration, student affairs, and enrollment management systems from Lane Community College (OR), University of Oregon, Whittier College, University of Southern California and Michigan State University. She has served as president of the Pacific Association of Collegiate Registrars and Admissions Officers, and has held additional leadership positions in state, regional, and national professional organizations. She is a national trainer on FERPA and presents at conferences on issues related to professional development.  

Meghan Hazen has been the registrar at the University of Illinois Urbana-Champaign since 2016. Her time at Illinois began in 2001 as an academic advisor before transitioning to advising administration roles in the Division of Exploratory Studies and the Gies College of Business. She began her career in student affairs at South Dakota State University and Arizona State University. Meghan holds a BA in the teaching of social studies from the University of Illinois Urbana-Champaign and an M.Ed. in adult and higher education administration from Arizona State University.

Christopher Sayre serves as the University Registrar at the University of Illinois Chicago, where he oversees Records, Registration Services, Transcripts, Course Management and Academic Space Scheduling (CMASS), Medical Immunization, and Athletic Compliance. A forward-thinking leader with extensive experience in higher education administration, Chris is dedicated to advancing institutional efficiency and enhancing the student experience through technology and process innovation. 

Lea Smith is the director Records and Registration/Registrar at the University of Illinois Springfield. The Office of Records and Registration (also known as the Office of the Registrar) is responsible for catalog, course scheduling, degree audits, grading, student records, transcripts, registration, tuition & fees, transfer articulation and graduation, all of which Lea oversees. She brings a wealth of experience to her role as a higher education professional, drawing from her multifaceted background in retail management, team leadership, customer service, and operational efficiency. Her career at UIS began in the Fall of 2018 with Admissions, then transitioned to Records and Registration to her current role. Lea is a proud University of Illinois Springfield alumna, earning her Bachelor of Business Administration and her Master of Business Administration degrees. 

Kathryn Stoltenberg is director of Data, Reporting, and Compliance at the University of Iowa. She leads the Academic Data Team and serves as on the FERPA compliance team for the Registrar’s Office, guiding institutional policy and training on student privacy. Kathryn oversees multiple functional teams, including tuition and fees, athletic eligibility, and alumni data management, and collaborates with state and national working groups on privacy and access issues.