Summary
Overview
Work History
Education
Websites
Certification
Affiliations
Timeline
Generic

ASHLEN CHERRY

Austin

Summary

Executive with 20+ years of dedicated privacy experience developing and operationalizing global privacy compliance programs. Certified Information Privacy Professional (CIPP) with proven ability to influence and achieve success in fast-paced, results-driven high-tech, financial services and advertising industries. Led key initiatives to address requirements under EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and CPRA, including consent requirements, data subject access, deletion, Privacy by Design (PbD), and Data Privacy Impact Assessments (DPIAs). Comprehensive knowledge of and experience operationalizing laws and principles on privacy and data protection, including US federal and state privacy laws (CCPA; GLBA; FCRA; CAN-SPAM; COPPA), EU data protection and AI laws, and similar laws in UK, Canada, South America, Australia.

Overview

27
27
years of professional experience
1
1
Certification

Work History

Principal Privacy Leader, Amazon Privacy Services

Amazon
07.2024 - Current
  • Joining a newly formed organization leading global privacy compliance initiatives with impact pan-Amazon, I lead the team of privacy subject matter experts responsible for setting compliance strategy and policy that drive implementation of requirements of new and existing privacy and AI laws.

Senior Manager, Ads Privacy

Amazon Ads
06.2020 - 07.2024
  • As a leader for the Amazon Ads global privacy program, I led teams responsible for complex compliance initiatives and managed a growing team of privacy, risk and compliance specialists and program managers. Through various projects, I led cross-functional teams that designed and implemented privacy controls across the Amazon Ads organization. I led Amazon Ads’ high-priority project to achieve compliance with new US state comprehensive privacy laws, including the California Privacy Rights Act (CPRA), effective January 1, 2023. Leadership praised the approach and results of this project as bar-raising for an Amazon compliance project. Working closely with Advertising policy, product teams, and engineering, as well as business, legal, and privacy leaders across Amazon, I supported the development of the right tools to create automated and scalable solutions where possible. I led initiatives to resolve areas of higher risk and address additional US state requirements and new laws going into effect in 2024, including the WA My Health My Data Act.

Chief Privacy Officer

Epsilon-Conversant
10.2018 - 02.2020
  • As Chief Privacy Officer, supporting both Epsilon and its Conversant business (Epsilon), I oversaw all ongoing activities related to the global development, implementation, maintenance of and adherence to privacy and data protection programs. My team was responsible for ensuring Epsilon’s compliance with policies covering online and offline consumer data, as well as its readiness with respect to applicable federal, state, and international laws and practices pertaining to privacy. I was the privacy lead throughout the acquisition due diligence process, which commenced shortly after I joined, and then led integration efforts post-sale to Publicis.
  • Led team that managed multiple projects across complex organization to assess impact and implement requirements of the California Consumer Privacy Act (CCPA).
  • Leveraged the work driven by CCPA initiatives to mature the existing privacy program, including processes to support privacy by design, further enhance GDPR compliance, and raise awareness of security breach incident prevention and response.
  • Supported divestiture of Epsilon as the lead for data privacy through responses to detailed questionnaires and participation in numerous interviews with potential investors.
  • Through active participation in industry trade associations and government affairs, led government affairs efforts related to privacy, as the face of Epsilon’s public position as an industry expert. This included monthly in-person meetings with Congressional staff.

Global Privacy Manager, Global Data Protection & Privacy Office

Dell Technologies
01.2009 - 09.2018
  • Managed complex project related to data subject rights granted under the General Data Protection Regulation (GDPR). The project hit all key milestones to ensure compliance by GDPR implementation deadline. Redesigned and simplified overall data subject rights procedure while also ensuring there was a thorough, repeatable process documented. Created new controls and tools to facilitate compliance and make it easier to track and document responses to requests.
  • Designed and oversaw development of internal, automated privacy impact assessment (PIA) tool. The new tool improved efficiencies for users and privacy managers by flagging potential privacy issues requiring review and establishing a centralized, searchable database for managing and storing PIAs. The project advanced efforts to meet the privacy by design and PIA requirements of GDPR at a time when there were no adequate ‘off-the-shelf’ solutions.
  • Provided compliance support for game-changing online behavioral advertising initiatives, including detailed legal analysis and execution planning in an area of emerging technology subject to rapidly evolving legal requirements. Created repeatable execution process for phase one later used for roll-out in added countries in the Americas and several countries throughout the APJ region.
  • Designed and documented Dell’s privacy incident response program, establishing processes for receiving, investigating, and responding to global internal or external complaints regarding potential misuse or mishandling of customer personal information.

Senior Vice President, Enterprise Privacy

Bank of America Corporation (post acquisition of Countrywide Financial Corporation)
08.2008 - 01.2009
  • Post-acquisition, “promoted” into executive position as leader of team responsible for reviewing, integrating, and polishing internal enterprise privacy policies.
  • Led team that conducted FCRA Red Flags Rule risk assessment and gap analysis across all legacy Countrywide business units. Documented project plan to close gaps.
  • Appointed interim manager of the legacy Countrywide Records Management team during the transition, while still acting as Enterprise Privacy executive. Under my oversight, the team identified and resolved some previously overlooked, significant risks related to unauthorized storage. The team established processes to prevent similar problems moving forward, including new methods for monitoring for noncompliance.

First Vice President, Enterprise Data Security and Privacy Office

Countrywide Financial Corporation
04.2005 - 08.2008
  • Led and managed staff responsible for ensuring that all business units across the Countrywide Financial Corporation enterprise operated in compliance with applicable laws and regulations related to Information Sharing, Employee Privacy, Outsourcing, Regulatory Safeguards, and Identity Theft, and all international laws governing areas of operation.
  • Directed compliance initiatives related to company’s use, storage, and access to personally identifiable information, such as compliance project.to create risk-based, tiered, customer-friendly authentication strategy used by customer-facing teams to comply with new banking regulations.

Consultant
02.2004 - 04.2005
  • Developed Countrywide’s first incident response plan to contain and investigate potential security breaches and, when required, notify regulators and consumers. Created and led incident response training for Countrywide compliance professionals.
  • Working with Chief Privacy Officer, led GRC effort to identify key privacy risk areas and document controls for privacy laws for more than two dozen business units. Led review of and identification of gaps in divisions’ compliance with existing privacy regulations relevant to US financial institutions.

Director, Privacy and Government Affairs

Digital Impact, Inc.
04.2000 - 01.2004
  • As Corporate Privacy Officer, established Digital Impact’s first privacy program. Digital Impact, now Acxiom Digital, is a leading provider of integrated digital marketing solutions for Global 2000 enterprises. Oversaw all activities related to the development, implementation, maintenance, and compliance with the company’s policies and procedures on data use, collection, and sharing.
  • Within the first days of starting, identified and eliminated internal risk that could have cost the company more than $10,000 per violation per day. Partnered with engineering organization and legal counsel to evaluate potential issues and implement effective safeguards.
  • Launched and managed government affairs office. Recognized by legislative leaders as “industry expert,” established industry trade group with industry peers and successfully influenced proposals to regulate email marketing that resulted in passage of federal legislation (CAN-SPAM).

Government Relations Director

Tri-County Apartment Association (TCAA)
12.1999 - 04.2000
  • Within territory covering three counties and 43 cities, functioned as primary contact for elected officials and their staff, property owners, and members of the media with questions on rental housing industry positions on public policy and Association programs. Authored monthly column on public affairs issues and contributed feature articles to Association magazine with estimated circulation of 20,000 readers. Regularly testified before City Councils and led successful lobbying campaigns in 20+ Bay Area cities.

Public Policy Director

Tri-County Apartment Association (TCAA)
05.1999 - 12.1999

Government Relations Coordinator

Tri-County Apartment Association (TCAA)
01.1998 - 05.1999

Education

Master of Public Administration - undefined

University of Southern California
Washington, DC

Bachelor of Arts - Government

College of William and Mary
Williamsburg, Virginia

Websites

Certification

  • Artificial Intelligence (AI) Governance Certificate, AI Tech & Privacy Academy, December 2024
  • Certified Information Privacy Professional (CIPP), International Association of Privacy Professionals October 2004 (Inaugural class)

Affiliations

  • Member of the International Association of Privacy Professionals (IAPP) since 2000
  • Founding member of and participant in the Email Service Providers Coalition (ESPC)

Timeline

Principal Privacy Leader, Amazon Privacy Services

Amazon
07.2024 - Current

Senior Manager, Ads Privacy

Amazon Ads
06.2020 - 07.2024

Chief Privacy Officer

Epsilon-Conversant
10.2018 - 02.2020

Global Privacy Manager, Global Data Protection & Privacy Office

Dell Technologies
01.2009 - 09.2018

Senior Vice President, Enterprise Privacy

Bank of America Corporation (post acquisition of Countrywide Financial Corporation)
08.2008 - 01.2009

First Vice President, Enterprise Data Security and Privacy Office

Countrywide Financial Corporation
04.2005 - 08.2008

Consultant
02.2004 - 04.2005

Director, Privacy and Government Affairs

Digital Impact, Inc.
04.2000 - 01.2004

Government Relations Director

Tri-County Apartment Association (TCAA)
12.1999 - 04.2000

Public Policy Director

Tri-County Apartment Association (TCAA)
05.1999 - 12.1999

Government Relations Coordinator

Tri-County Apartment Association (TCAA)
01.1998 - 05.1999

Master of Public Administration - undefined

University of Southern California

Bachelor of Arts - Government

College of William and Mary

Similar Profiles

CREATE PROFILE
ASHLEN CHERRY