Summary
Overview
Work History
Education
Skills
Accreditations
Certification
Timeline
Generic

Deborah Shita

Summary

Well-versed Privacy and Compliance Professional with extensive experience working in highly-regulated industries. With 15 years dedicated 100 percent to leading and providing key leadership, guidance, and awareness of data privacy and protection laws, principles, and best practices to internal and external stakeholders through ownership, accountability, and integrity.


Successfully lead strategic initiatives and day-to-day operations to mitigate risks, close gaps, and build trust; ensuring the business is compliant with existing laws as well as preparing for emerging laws impacting the collection, use, disclosure, transfer, and safeguarding of personal data.


I thrive on the ever-evolving landscape of data privacy and protection and enjoy collaborating with cross-functional teams as we work together to succeed.

Overview

22
22
years of professional experience
1
1
Certification

Work History

Senior Global Privacy Specialist

Calix, Inc.
09.2022 - 06.2023
  • Establish a privacy-program office within the legal department
  • Conduct maturity assessments utilizing ACIPA/CICA Privacy Maturity Model
  • Identify and oversee strategic initiatives to remediate compliance gaps to align with regulations and common accountability frameworks
  • Set cadence for cross-functional working groups to provide guidance and support to process owners
  • Develop and discuss privacy accountability reports and dashboards with cross-functional senior leadership regarding the status and progress of strategic initiatives outlining achieved milestones, next steps, and potential hurdles
  • Guide and oversee each business unit's privacy champion with their entries of data asset and system mapping, and RoPAs within the privacy platform
  • Review and approve, reject, or create treatment plans for submitted Threshold Impact Assessments (TIAs), Legitimate Interest Assessments (LIAs), Privacy Impact Assessments (PIAs/DPIAs)
  • Guide process owners on mitigating risk via privacy by design/default/re-design; minimizing data collection, use, and sharing; updating privacy notices if impacted, creating or revising internal procedural documentation; develop department-specific and enterprise-wide communications and training
  • Audit contracts with joint controllers, processors, third parties, and service providers for applicable clauses, e.g., EU or UK Standard Contractual Clauses, data privacy addendums
  • Streamline data subject rights requests procedures to reduce average handle times
  • Create and communicate an incident-response roadmap in collaboration with information security and business continuity
  • Review and revise privacy notices, statements, and policies to ensure continual compliance with applicable laws and demonstrate transparency
  • Monitored and assessed compliance risks associated with operational processes and procedures.
  • Collaborated with internal and external stakeholders, auditors and legal counsel to confirm compliance with applicable laws and regulations.
  • Investigated and documented all violations of compliance regulations to determine necessary improvements.

Senior Global Data Privacy Regulatory Analyst

Reinsurance Group Of America, RGA
09.2020 - 09.2022
  • Maintain EU Binding Corporate Rules (controller and processor) approved by the Irish Supervisory Authority through the continual development, integration, and execution of all aspects of the Privacy Office's policies, standards, controls, risks, procedures, training, and metrics
  • Apply for UK Binding Corporate Rules (controller and processor) and respond with additional supporting evidence to inquiries posed by the UK's Supervisory Authority (ICO)
  • Create action plans to remediate gaps identified by supervisory authorities, internal, and external auditors
  • Auditing controls for alignment with NIST Privacy Framework, ISO 27701, and the UK's GDPR Accountability Tracker

Interim Head of Privacy, DPO

MoneyGram International
04.2019 - 12.2019
  • Registered point-of-contact with data protection authorities, state attorneys general, Federal Trade Commission, Better Business Bureau, Consumer Financial Protection Bureau, and state examiners regarding audits, escalated data-subject complaints, notification of data privacy incidents
  • Present to executive leadership and board of directors global data privacy trends, risks to the business, potential gaps in compliance
  • Raise privacy awareness via internal SharePoint site, announcements, newsletters, roadshows
  • Facilitator of the data privacy committee
  • Engaged member of data governance and information security committees

Manager Global Privacy Program Office

MoneyGram International
10.2013 - 04.2019
  • Review intra-company, vendor, and third-party contracts associated with data protection addendums, and Standard Contractual Clauses to comply with cross-border and onward transfers of personal data
  • Work with the Belgium Supervisory Authority and outside counsel in the preparation of Binding Corporate Rules (BCRs) as a Controller
  • Collaborate with global functional business units (human resources, operations, finance, sales, marketing, corporate communications, compliance, information technology and security, product innovation, procurement) to provide guidance on regulations, identify opportunities and offer solutions to create a consumer-centric experience while mitigating the risks related to the use of personal data
  • Oversee the global data privacy program to ensure compliance with policies, procedures, and state, federal, and international laws and regulations, including, but not limited to, GDPR, PIPEDA, CCPA, GLBA, UDAAP, FCRA, TCPA, TSR
  • Manage the data privacy team in developing, implementing, and maintaining global policies, standards, procedures, templates, and process flows relating to data privacy, data use, data protection, data transfer, records of processing activities, data-subject access requests, data incidents and breaches
  • Manage internal regional data-protection representatives for Africa, Europe, Asia Pacific, and the Americas
  • Oversight of global requests, inquiries, and complaints from data subjects (workforce, consumers, agents).
  • Create and track mandatory privacy training for the workforce distributed at the time of onboarding and annual refreshers, and department-specific training, such as, call center privacy, loyalty programs, privacy-by-design (or re-design), data life-cycle management
  • Oversee enterprise-wide Data Protection Impact Assessments and Legitimate Interest Assessments
  • Review marketing and advertising campaigns, behavioral advertising, and communication channels; e.g., via email, SMS, Facebook look-a-like and custom audiences, direct mail to align with, for example, in the U.S. the FTCs TSR and CAN-SPAM, the FCC's TCPA; in Canada CASL, in the EU ePrivacy
  • Streamline internal-facing, consumer-facing privacy notices and policies for a global approach, and align U.S. privacy statement with the GLBA's Regulation P requirements for a financial institution; and the CFPB's alternative delivery method
  • Design and coordinate appropriate use and location of just-in-time notices, for instance, when capturing geolocation data
  • Work closely with the product team on new services and technology, such as the use of biometric data or artificial intelligence

Manager Case Management

MoneyGram International
01.2009 - 10.2013
  • Manage a team of 32 level-5 specialists and 2 team leads that operated in domestic and international locations and time zones
  • Ensure the business treats all consumers fairly, in line with the FTC's, CFPB's Unfair or Deceptive Acts and Practice
  • Adhering to jurisdiction-specific regulations in complaint-handling, such as, the Payment Services Directive, Financial Conduct Authority, Banco de Espana, Banco de Italia, Better Business Bureau, Federal Trade Commission, Consumer Financial Protection Bureau, State Attorneys General
  • Conduct full investigations to identify root causes, accountable units, and take corrective actions to reduce if not eliminate complaint trends
  • Audit cases for accuracy of handling; appropriate verdict selection of uphold, reject, or negotiated settlement; suitable redress considered
  • Create reports and dashboards to view and analyze reports and identify patterns of complaint types by region and business partners
  • Review, and sign off on process flows and procedural documentation
  • - Coordinate user acceptance testing during development, quality assurance, and production stages of CRM Dynamics
  • Trend volume to ensure optimal staffing 24x7x365
  • Study existing processes to identify sources of waste and variation. Testing new theories to gain efficiencies and minimize risks
  • Evaluate the effectiveness of new processes – determining whether to adopt, adapt, or abandon
  • Validate key performance indicators for measuring best practices and individual/team accountability

Supervisor Transaction Holds

MoneyGram International
01.2006 - 01.2009
  • Lead a team of escalated specialists in the review of money-wire transactions placed on hold via OFAC, global watch lists, internal deny lists, state and law enforcement initiated blocked funds

Supervisor Customer Care

MoneyGram International
01.2003 - 01.2006
  • Monitor and evaluate call quality for consumer experience and procedural accuracy
  • Conduct monthly one-on-ones to ensure open, continual communication and provide current job performance standing regarding attendance, call evaluations, key performance indicators, and service level agreements
  • Document and deliver personal improvement plans and disciplinary actions
  • Write and deliver annual performance appraisals
  • Recommend and communicate annual salary increases and award bonuses
  • Interview and recruit new team members
  • Terminate employees after exhaustion of mentoring and improvement plans

Product & Corporate Training Specialist

MoneyGram International
05.2001 - 01.2003
  • Conduct on-site product and compliance training to include: Wal*Mart : Patriot Act, Bank Secrecy Act, SARs, CTRs; Nash Finch : Money-wire transfers; Albertson's : Money-wire transfers; MGM Grand Las Vegas, New York-New York Hotel and Casino, Primm Valley Resorts, Ameristar Casinos, and Fitzgerald Casinos : Installed Game Cash teller equipment; trained casino staff on Game Cash products, credit card regulations, identifying fraudulent credit cards
  • Facilitate initial training launch of a European call center in Sofia, Bulgaria. Certify trainers and quality-assurance team at the Bulgarian Telecommunications Center
  • Design, develop, and maintain Microsoft Access databases to track employees' class transcripts, development path, disciplinary actions, schedule adherence
  • Responsible for the full training life cycle: assessment, design, development, implementation, and evaluation
  • Conduct company-wide needs assessments to ensure training is targeting high-impact areas of need
  • Administer mandatory classes for sexual harassment, always honest policy, violence in the workplace, writing performance appraisals
  • Continually evaluate the effectiveness of training materials, delivery methods, and testing measurements

Education

Non-degree Program - Communications

Regis University
Denver, CO

Associate - Business Administration

Barnes Business College
Denver, CO

Skills

    *Includes but is not limited to:

    Laws & Regulations

    GDPR, CCPA/CPRA, APP, PIPEDA, LGPD

    TCPA, CAN-SPAM, TSR, ePrivacy

    FCRA, UDAAP, GLBA, OFAC, FCA

    GRC Frameworks

    NIST Privacy Framework & SP 800-53 rev5

    ISO 27701

    ICO GDPR-UK Accountability Tracker

    AICPA Privacy Management Framework (GAPP)

    AICPA Privacy Maturity Model

    SOC 2 Privacy

    Assessments & Contracts

    PIA/DPIA, LIA, TIA

    RoPA/Data Mapping

    DSRs

    SCCs, BCRs, DPAs

Accreditations

2018: Panel speaker - Accountability and demonstrating Compliance under the GDPR

hosted by International Privacy and Security Forum, George Washington University


2018: Webinar speaker - Accountability and demonstrating Compliance under the GDPR

hosted by Nymity


2008: Recruiting High-Performance Team Members

presented by MoneyGram International: Special Achievement Award


2004: President of Employee Activity and Appreciation Committee (Kaleidoscope)

nominated and voted in by MoneyGram International peers

2002: Development of a global automated process for on-boarding/off-boarding workforce via MS Access

presented by MoneyGram International: Commitment to Excellence Award


Certification

IAPP

  • FIP
  • CIPM
  • CIPP/US
  • CIPP/E


OneTrust

  • ESG Professional
  • GRC Professional
  • Privacy Professional
  • PIA & DPIA Automation Expert
  • Privacy Rights Automation Expert
  • Cookie Consent Expert
  • Third-Party Risk Management Expert


Timeline

Senior Global Privacy Specialist

Calix, Inc.
09.2022 - 06.2023

Senior Global Data Privacy Regulatory Analyst

Reinsurance Group Of America, RGA
09.2020 - 09.2022

Interim Head of Privacy, DPO

MoneyGram International
04.2019 - 12.2019

Manager Global Privacy Program Office

MoneyGram International
10.2013 - 04.2019

Manager Case Management

MoneyGram International
01.2009 - 10.2013

Supervisor Transaction Holds

MoneyGram International
01.2006 - 01.2009

Supervisor Customer Care

MoneyGram International
01.2003 - 01.2006

Product & Corporate Training Specialist

MoneyGram International
05.2001 - 01.2003

Non-degree Program - Communications

Regis University

Associate - Business Administration

Barnes Business College

Similar Profiles

CREATE PROFILE
Deborah Shita