Brian Segobiano is a Managing Director based in Chicago. Brian brings more than 12 years of experience with data privacy and cybersecurity issues, data analytics, eDiscovery, and digital forensics, as well as supporting complex disputes and investigations. He specializes in helping clients identify risks associated with global data protection laws and to develop technological and business programs for compliance and risk management, with expertise in the European Union General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). He has handled aspects of data privacy and cybersecurity ranging from data mapping, to developing policies and procedures, training employees, managing third-party risks, selecting and implementing new software, and providing support as an interim Data Protection Officer.
Brian joined Ankura from Navigant Consulting, where he led the data privacy solution team. Over the course of nine years he worked on life science compliance, healthcare analytics, international banking investigations, fraud detection, anti-money laundering, expert witness, and commercial dispute engagements. He began his professional career with Huron Consulting Group where he focused on forensic accounting investigations and prepared exhibits presented in United States Tax Court.
Brian’s professional experience includes:
- GDPR Program Development, Healthcare and Life Science Sector: Led engagements focused on the development and operationalization of GDPR compliance for clients including medical device manufacturers, biotechnology, medical research, pharmaceutical manufacturers, and digital health which ranged from pre-commercial organizations conducting clinical trials to established global organizations with complex supply chains as well as extensive customer and patient interactions.
- CCPA Compliance, Financial Institution: Assessed gaps in the current privacy risk management structure, developed data inventories and mapping or personal information, and developed a roadmap for program development and implementation for a top 25 US financial institution.
- CCPA Data Mapping, Retailer: Led the data inventory and mapping exercise for an $8 billion private retail and hospitality company with four separate legacy retail companies and large resort operations. Identified high risk processing activities and third parties and developed roadmap to implement consumer rights management system.
- Data Protection Impact Assessment, Digital Health: Conducted DPIA for digital health company launching a new connected device product in the European Union. Worked with counsel and technical subject matter experts to document the lifecycle and uses of personal data and the associated risks for the organization.
- GDPR Program Development, Manufacturing: Supported global manufacturing client with over $9 billion in annual revenue across 30 operating companies and over 100 unique brands to develop a GDPR compliance program roadmap and create a global data inventory.
- GDPR Program Development, Food and Aerotech: Supported global client to conduct an privacy gap assessment, execute a roadmap operationalizing compliance, and implement privacy management software.
- GDPR Program Development, Transportation: Led the engagement for the US group entity of an EU-based global transportation organization to assess their current state of privacy management, execute a roadmap for operationalizing compliance, and develop an inventory of personal data processing activities and current data retention periods.
- Forensic Health Insurance Portability and Accountability Act (HIPAA) Investigation, Healthcare Provider: Assessed user activity in the client’s electronic health records system to determine whether HIPAA violations occurred during transition from legacy to new system.
- Benchmarking Analysis, Pharmaceutical Company: Analyzed historical Food and Drug Administration (FDA) review and approval data for a client involved in shareholder lawsuit.
- Biometric Information Privacy Act (BIPA) Lawsuit, eCommerce Retailer: Oversaw the collection and analysis of image processing under the BIPA of Illinois. Supported expert review of application code to determine level of exposure for client.
- Loan Origination and Underwriting Analysis, Financial Institution: Oversaw the collection, review, and production of more than one billion pages of documents for a client involved in numerous disputes related to subprime mortgage-backed securities.
- Global Wire Transfer Analysis, International Banking Institution: Led the analysis of worldwide wire transfer activity related to claims of money laundering and tax evasion.
- Sexual Misconduct Investigation, eCommerce Retailer: Led the collection and analysis of vendor complaint data as part of the client’s investigations of vendors and suppliers.
- Anti-Money Laundering, Regional Bank: Developed a custom transaction monitoring and reporting system for investigation into potentially suspect transactions and high-risk accounts.
- Risk and Compliance Data Visualization, Life Science Industry: Created an application that used public and client data to identify transactions and customers at high risk for government investigations under the False Claims Act, Anti-Kickback Statute or high-risk opioid prescription.
- Business Intelligence Dashboard, Healthcare Industry: Led the development of a commercial application that allowed healthcare systems to analyze their commercial reimbursements against others at the metropolitan, facility, payer, and service-line levels.
- News & events
- CBI MedTech Compliance Congress, “Practical Approaches to Ensure Data Privacy and Mitigate Cybersecurity Risks,” 06/2019
- American Health Lawyers Association Webinar: GDPR Series, 05/2019
- Podcast: Data Privacy and the Changing Landscape of Global Privacy Regulations, 04/2019
- Duane Morris Webinar, “Understanding the CCPA,” 04/2019
- Pillsbury Winthrop Shaw Pittman Webinar: Introduction to the CCPA
- Podcast: Impact of the GDPR on Healthcare, West Coast Compliance Congress: GDPR Panel, 10/2018