150 North Riverside Plaza, Suite 2400
Chicago, IL 60606
Mir Ali is a Senior Director at Ankura based in Chicago, focused on supporting clients in cybersecurity and data privacy matters. He specializes in data privacy (inventory and mapping requirements), third-party risk, records and information management, e-discovery, data governance, data analytics, and compliance matters that support the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and European Union General Data Protection Regulation (GDPR), as well as other various jurisdictional regulations.
A certified OneTrust professional, Mir has worked extensively to support clients across various industries including life sciences, healthcare, manufacturing, and financial services. He recently supported a large financial institution as a lead for information governance and as a fractional manager for the third-party risk management team. He has held roles in which he was responsible for managing third-party risk, information governance regulatory and compliance matters, and developing policies and procedures alongside training employees. Additionally, Mir has completed a certification program at Seton Hall School of Law in healthcare compliance, as well as the information privacy professional certification program.
Mir’s professional experience includes:
- Records and Information Management Modernization: Led the team modernizing the RIM function for a for a top five global automaker. Assessed current RIM capabilities through interviews with over 20 functions and the collection, analysis, and standardization of over 350 departmental records retention schedules. Partnered with the global privacy office to cross-reference the records retention schedule with categories of personal and sensitive personal information to support privacy reporting requirements in the U.S. and EU.
- Data Minimization: Part of the team implementing a data minimization program for a top five U.S. hospital group. Built a business case that quantified cost savings associated with divested facilities, upcoming data center move, and risk mitigation for e-discovery and HIPAA compliance. Identified annual savings of over $10 million and gained approval for the hospital group’s enterprise data minimization program. Assisted with all elements of the program design, including developing policies, procedures, change management, and technology selection.
- Records and Information Management Modernization: Part of a team helping a top 10 fast food chain modernize its RIM function to support improved privacy compliance. Developed an updated RIM policy, and based on interviews with over 40 departments, created a retention schedule for all corporate data types. Using the existing asset inventory developed by the privacy office, risk ranked key data repositories and defined a data cleanup policy and process to support scalable data minimization.
- Data Minimization: Led the team delivering a series of engagements to assist a global telecommunications conglomerate with its data minimization efforts in support of complying with CPRA. Working with information governance, records management, privacy, legal, IT, and data governance, defined the retention period process to enable technical system owners for approximately 10,000 systems to determine retention requirements for their systems. Acted as program team member to support client resources in assisting TSOs to define retention.
- Information Governance and Privacy Program Development: Led the team developing a privacy program and information governance function for a global derivatives exchange to support its U.S. and international privacy compliance efforts. Performed annual privacy assessments using the NIST-P framework, managed the team building and extending core privacy control elements (data inventory, data protection impact assessments, data subject access requests, and vendor risk management), and acted as information governance lead building and managing the exchange’s information governance function.
- Privacy Program Development: Part of the team that developed a data inventory for a global private equity firm. Built asset and processing activity templates, conducted pilots with end users, and oversaw the distribution of data inventory questionnaires to stakeholders across all functions.
- Privacy Management Software Implementation: Part of the team designing and implementing the OneTrust data privacy platform for a Fortune 500 liquid natural gas (LNG) organization. Defined the processes for data inventory, data subject access requests, and data protection impact assessments and configured OneTrust modules to support operationalizing them. Also managed the distribution and evaluation of data inventory questionnaires to IT system owners and business data owners to support the build out of an enterprise data inventory.
- MA, Trinity School of Medicine
- Certified Information Privacy Professional U.S. (CIPP/US)
- International Association of Privacy Professionals