• Lead the privacy and data protection practice• Provided practical, risk-based advice on privacy and data protection matters grounded in an understanding of Shipt’s business strategies and regulatory obligations• Monitored and assessed the latest privacy and data protection regulatory developments and supported readiness efforts with new and existing privacy law requirements, including the CCPA/CPRA, CPA, VCDPA, CTDPA, UCPA, MHMDA, FTC Act, TCPA and CAN-SPAM• Managed numerous priorities simultaneously while building a new Privacy Program at Shipt • Partnered cross-functionally, engaged relevant stakeholders at all levels of the organization, and drove data governance, privacy, and information security issues, policies, and processes• Reviewed and negotiated privacy and information security related provisions in contracts• Worked closely with IT and engineering teams to implement solutions consistent with privacy by design principles• Drafted and updated public facing documents, notices, and disclosures• Supported cybersecurity team, including incident response efforts, to address issues such as potential liability and other legal aspects related to privacy compliance and risk mitigation• Created and delivered self-help tools, best practices guidance, and training• Served as the HIPAA Privacy Officer

• Served as a legal advisor on global privacy matters in a multi-jurisdictional company and drove data privacy compliance across the organization • Efficiently handled multiple privacy projects in a rapidly changing environment• Kept pace with changes in global privacy laws, regulations and best practices and implemented privacy requirements for compliance with global privacy and data protection laws, including GDPR, PIPEDA, CAN-SPAM, CASL, CCPA, PIPL and LGPD• Developed strong partnerships and worked closely with business partners across the enterprise, including Product Development, IT, Marketing, Sales and Human Resources, to develop and implement privacy risk mitigation strategies, practices and procedures that support compliance objectives• Designed, drafted, and implemented company-wide privacy policies, privacy notices and procedures tailored to legal, business, and regulatory requirements • Advised business partners on implementing privacy by design• Developed extensive privacy playbook for Sales and Marketing Teams and trained business partners on data privacy requirements related to marketing• Evaluated privacy implications of mergers and acquisitions• Reviewed data protection agreements with customers and third-party vendors including procurement arrangements, data acquisition and cross border transfer agreements

• Developed processes for sustainable consent management to enhance marketing capabilities in compliance with privacy laws and industry best practices • Found solutions to complicated data problems to ensure compliance with privacy laws that also supported business strategies• Engaged in deep dive interviews with multiple business partners to better understand the organization’s data landscape to build a personal data inventory• Created easy-to-understand privacy requirements as part of a privacy playbook and embedded them into existing business processes• Consulted on various business initiatives involving the collection, use, sharing, retention, and disposal of personal information • Created and delivered comprehensive privacy training• Conducted privacy risk assessments and facilitated the remediation process to identify and reduce privacy risk for the organization while enhancing business initiatives • Evaluated security and privacy practices to ensure compliance with HIPAA

• Led the Retail Privacy by Design and Canada Privacy Teams • Built the Canada Privacy Program and developed strong relationships with Canadian leaders to mature the program• Used privacy by design methodology to partner on groundbreaking projects to identify and evaluate opportunities to implement privacy guidance throughout the organization• Developed unique privacy solutions that enabled the creation of data driven products and solutions while ensuring compliance with privacy laws and internal business standards• Proactively identified and addressed privacy risks by conducting Privacy Impact Assessments for new and existing projects in the US and Canada• Analyzed applicable US and Canada privacy laws including GLBA, CAN-SPAM, TCPA, HIPAA/HITECH, COPPA, PIPEDA, Alberta’s Personal Information Protection Act, British Columbia’s Personal Information Protection Act, Quebec’s An Act Respecting the Protection of Personal Information in the Private Sector, Ontario’s Personal Health Information Protection Act and CASL• Designed and delivered privacy training to help team members better understand privacy obligations and how those obligations apply to their work• Implemented process improvements to manage personal data throughout the enterprise• Identified and implemented marketing consent solutions and conducted training for marketing and database teams on how to manage consent• Cultivated a strong culture of privacy and accountability while working toward innovative solutions to meet business objectives and mitigate legal risk

• Provided subject matter expertise on US and international data privacy laws, international data transfers, and country-specific employment screening laws and regulations including FCRA, PIPEDA, and the EU Data Protection Directive• Proactively followed pending changes in statutes and regulations which impacted products and services provided by Verifications• Served as a subject matter expert on international compliance presentations and other interactions with clients and prospects• Developed white papers, presentations, training, and other materials addressing various international compliance topics• Developed and managed over 1000 new international screening products and services• Set up and managed multiple international vendor relationships• Designed and delivered privacy and information security awareness training initiatives to all employees• Provided input on information source contracts and agreements and ensured Verifications’ processes and products conformed to contractual requirements

• Provided legal advice to the installation commander, 7 wings, and over 45 associate unit commanders on military justice, civil law, labor law, medical law and environmental law• Supervised a staff of 6 paralegals in the busiest claims office in the Air Force• Served as hospital legal counsel, advising medical group commanders on various medical legal issues including HIPAA compliance and defending the US Government in multi-million-dollar medical malpractice claims• Successfully prosecuted numerous courts-martial resulting in lengthy prison terms and discharges from the military• Drafted and reviewed various real estate documents, including leases, easements, and licensing agreements• Performed environmental compliance inspections as part of the Air Force ECAMP team, serving as an auditor for water quality and wastewater protocols