Human-centered by Design
Friday, January 24, 2025, 9:00 a.m. – 4:00 p.m. CST
Beckman Institute for Advanced Science and Technology, 405 N. Mathews Ave. Urbana, IL and Online
Free | Lunch available for in-person attendees
Decisions about privacy impact every aspect of our professional, educational, and personal lives. This in-person conference, with streaming available, explores a human-centered approach to privacy—balancing innovation with privacy rights and ethical data use. Sessions will cover critical topics, including human-centric data systems, privacy by design, the ethical challenges of data collection, the intersection of privacy and public safety in police surveillance technology and the role of AI in privacy. Attendees will gain insights into privacy principles from legal, ethical, and industry perspectives, leaving equipped to implement human-centered privacy practices in higher education and beyond.
Registration for conference with lunch closes January 13. Registration for in person or online attendance without lunch closes January 23.
Schedule
The views and opinions expressed in these sessions are those of the individual presenters and do not necessarily represent the official policies or positions of the University of Illinois, its colleges, units, or employees. While some speakers may be affiliated with the University, their participation does not imply endorsement by the University of Illinois.
Session descriptions and speakers
9:00 a.m. CST
Keynote: Human-Centricity in Data Systems: Data Privacy and Ethical Data Use in a Rapidly Evolving Technological Age
In an era where technological advancements outpace regulation, maintaining trust, transparency, and ethical data use has never been more critical. In this keynote, Debbie Reynolds, a leading voice in Data Privacy and Emerging Technologies, will explore the importance of human-centered data systems in today’s interconnected world. She will explore strategies for balancing innovation with consumer rights, ensuring organizations prioritize the individuals as part of business data fundamentals. Attendees will gain actionable insights on implementing privacy strategies that resonate legally and ethically, creating a foundation of trust with users.
Debbie Reynolds, “The Data Diva” is a world-renowned technologist, thought leader, and advisor at the forefront of data privacy and emerging technology. With more than 20 years of experience, Debbie is a highly sought-after keynote speaker, having graced prestigious platforms such as The Berkeley Forum, Coca-Cola, PayPal, Uber, and Johnson & Johnson. Her insights have been featured in such media outlets as The New York Times, Wired, Business Insider, Protocol, USA Today, New Statesman, Dark Reading, Morning Brew, Lifewire, CMSWire, Bloomberg and Digiday, further solidifying her position as a thought leader.
Debbie’s contributions have been honored with numerous awards and accolades, a testament to her trailblazing work. Her influence extends beyond industries, as she hosts the #1 award-winning “The Data Diva” Talks Privacy Podcast and has been recognized as one of the Global Top Eight Privacy Experts by Identity Review. The European Risk Policy Institute has also acknowledged her as one of the Global Top 30 CyberRisk Communicators. She was appointed by the U.S. Department of Commerce to the Internet of Things (IoT) Advisory Board, and she currently serves as the IEEE Committee Chair for Cyber Security for Next Generation Connectivity Systems at IEEE for Human Control & Flow.
Debbie is truly dedicated to advancing the field of Data Privacy and Emerging Technology, and she continues to be a driving force in shaping the future of this ever-evolving industry. She is Founder, CEO, and Chief Data Privacy Officer of Debbie Reynolds Consulting LLC.
10:00 a.m. CST
Health Data Privacy in the Age of Big Data: Lessons from HIPAA and Dinerstein v. Google
This presentation examines the Health Insurance Portability and Accountability Act (HIPAA)’s role in safeguarding health data privacy and its limitations in addressing challenges posed by big data. As data collection expands to include fitness trackers, wellness apps, and technology platforms, many entities and data types fall outside HIPAA’s scope, raising key questions about data privacy and responsible use. The session also explores the Dinerstein v. Google case, focusing on the legal and practical implications of hospitals sharing electronic health record data with technology companies. Drawing lessons from this case, it offers practical insights for hospitals, physicians, researchers, and policymakers on navigating data-sharing partnerships and addressing privacy concerns.
Sara Gerke is an Associate Professor of Law and Richard W. & Marie L. Corman Scholar at the University of Illinois College of Law. Her current research focuses on the ethical and legal challenges of artificial intelligence and big data for health care and health law in the United States and Europe.
Professor Gerke is leading several research projects funded by the NIH and the European Union. She has more than 60 publications in health law and bioethics, especially AI and digital health. Her work has appeared in leading law, medical, scientific and bioethics journals, including JAMA, Science, and Nature Medicine.
Before joining Illinois, she was an Assistant Professor of Law at Penn State Dickinson Law and was promoted early to Associate Professor of Law in 2024. Previously, she served as a Research Fellow in Medicine, Artificial Intelligence, and Law at the Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics at Harvard Law School, where she oversaw the day-to-day work of the Project on Precision Medicine, Artificial Intelligence, and the Law (PMAIL).
10:00 a.m. CST
Big Ten Academic Alliance Privacy Panel
Privacy professionals from the Big Ten will discuss our various privacy programs and how we implement privacy principles at our universities. We’ll touch on our available resources and strategies we have used for expanding a culture of privacy awareness. In this panel session, privacy professionals in the BTAA will also give recommendations for how anyone-regardless of their role-can incorporate privacy best practices into their daily work. This session will be on Zoom and broadcast live.
Joe Gridley, Chief Data Privacy Officer, University of Maryland leads the privacy program at The University of Maryland, the University System of Maryland’s flagship university. Prior to his time at UMD, Joe worked at Penn State as an Assistant Chief Privacy Officer, HIPAA Security Officer, and IT Compliance manager. Before his career in higher education, Joe was an attorney in the software and finance industries, where he built and supported several data governance and compliance programs for SaaS solutions.
Lauren Popp, Chief Health Information Compliance Officer and Director, University of Minnesota, has 17 years of experience in the health care industry, with 14 years of experience specifically in legal and compliance. She has run multiple successful privacy programs and participated in multiple high-profile government investigations and litigations. She has also assisted with and led programs to implement international compliance in multiple countries and regions, including Australia, South Africa, the Middle East, India, Singapore, the Caribbean, Canada and the European Union. Lauren has experience running gap analysis, researching regulations, data mapping, data classification, interacting with government officials in both an investigatory and client relationship, negotiating contracts with both governmental and private businesses, running risk assessments and building compliance and privacy programs for large and small companies. She has a Juris Doctorate from Hamline University with specializations in Healthcare Compliance and International Business Negotiation as well as a Certification in Healthcare Privacy Compliance from the Healthcare Compliance Association.
Rob Moormann currently serves as Privacy Lead at The Ohio State University, overseeing the creation and implementation of the Privacy Program and ensuring compliance with state, federal, and international regulations. Additionally, Rob reviews, drafts, and develops policies, conducts risk assessments and privacy impact assessments, and collaborates across the entire university and medical center enterprise on privacy issues. Rob’s prior roles at the university include Director of Compliance and Director of Public Records. Before his work in higher education, Rob began his legal career at the Office of the Ohio Attorney General.
Stephen Collette, Manager, Privacy Operations, manages the Privacy Operations team within the Office of the CIO at University of Illinois Urbana-Champaign. Prior to joining University of Illinois, Stephen worked at a Fortune 1000 company where he led both its Records and Information Management program and their multinational privacy program for its headquarters organization and the nine distinct institutions it owned.
11:00 a.m. CST
Designing for Trust: Avoiding the ‘Creepiness Factor’ with Human-Centered Privacy
In an era where hyper-personalization is the norm, companies and systems face the challenge of balancing user convenience with privacy concerns. When designs cross into “creepy” territory, where users feel uncomfortably monitored or manipulated, trust and engagement can quickly erode. This session explores real-world case studies that highlight the risks of over-customization and examines how Human-Centered Design can provide a framework for understanding user needs, establishing clear privacy principles and designing experiences that build trust rather than discomfort. Attendees will gain actionable insights into using Human-Centered-Design to prioritize transparency, user control, and ethical data practices, ensuring designs are innovative but never invasive.
Rachel Switzky is the inaugural director of the Siebel Center for Design at the University of Illinois Urbana-Champaign, a position she has held since 2018. The Siebel Center for Design is dedicated to practicing, modeling, and teaching design thinking, leveraging human-centered design principles to reimagine the campus, community and the world at large. She also leads the education and outreach work at the Molecule Maker Lab Institute–an NSF-funded AI Institute based at the University of Illinois.
Before her current role, Rachel spent more than two decades as a global design leader, collaborating with Fortune 100 companies. Most recently, she served as an executive director at IDEO, the company that pioneered the concept of design thinking. Throughout the last decade in this capacity, Rachel aided teams in envisioning futures and translating those visions into tangible actions, with a particular emphasis on digital design, emerging technologies and achieving impact at scale.
11:00 a.m. CST
Getting Privacy Right, by Design
Why do companies struggle with privacy? Is there a magic button where companies can get privacy right? Join Jason Cronk, president of the Institute of Operational Privacy Design and Akhilesh Srivastava, Principal Technical Privacy Manager at Amazon, for this discussion on where companies go wrong, where they can go right and an introduction to the new privacy standard from the Institute of Operational Privacy Design.
R. Jason Cronk is a seasoned privacy engineer, author of the IAPP textbook “Strategic Privacy by Design” and holds CIPT, CIPM, CIPP/US, and FIP designations. His unique background includes various entrepreneurial pursuits, strong information technology and cybersecurity experience, and privacy law. Currently, Cronk serves as President of the Institute of Operational Privacy Design. He is also president and principal consultant with boutique consulting and training firm Enterprivacy Consulting Group.
Akhilesh Srivastava is a strategic senior leader with a wealth of experience as a Product Technical PM in large tech companies like Meta, Amazon, Capital One, and FINRA. Over his 19-year journey, he has been at the forefront of innovation across diverse domains, including Privacy, Fin-Tech (Payments, Regulation), Ads, Insurance, and e-commerce. Passionate about privacy-enhancing technologies, governance, ethics, and GenAI, Akhilesh has driven multi-million-dollar impacts across various product suites, serving billions of customers globally on a large scale. He volunteered as the Chair of the Risks & Controls Committee at the Institute of Operational Privacy Design and is an executive volunteer member of Tejas Cyber Security Professionals Network. Additionally, he actively volunteers in various nonprofit community initiatives, providing mentorship to C-suite leaders. He is certified in MIT Sloan’s AI-Implications for Business Strategy.
1:00 p.m. CST
Privacy: To Be Determined
Hear from the inaugural Chief Privacy Officer at UC San Diego, who leads the enterprise’s privacy program with a focus on ethical privacy practices that go beyond legal compliance and respect the rights and interests of individuals and institutional assets. Her core competencies include data ethics, AI governance, privacy law, research data and information security.
Pegah Parsi, JD, MBA, CIPP/EU/US, CIPM, is the Inaugural Chief Privacy Officer for the UC San Diego campus where she spearheads the privacy and data protection efforts for the research, educational, and service enterprise. She is passionate about data ethics and privacy as human rights and civil liberties issues and is an advocate for the idea that privacy requires much more than legal compliance. She provides thought leadership on privacy values, ethical frameworks and philosophy.
She manages a complex portfolio of privacy initiatives related to employees, students, applicants, alumni, and research participants and provides guidance on privacy laws and regulations, such as the GDPR, FERPA, HIPAA, PIPL, California privacy laws and research privacy/Common Rule. Her day may involve anything from a consult about license plate readers to research involving smart devices to using AI and predictive analytics to support student success.
Prior to San Diego, Pegah was a privacy manager at Stanford University, focusing on medical studies and international collaborations. She is an attorney and holds an MBA. In her spare time, she advises clients on human rights and asylum matters. She is a Veteran, who, among other things, was an Honor Grad of Army Truck Driver school!
1:00 p.m. CST
Police Surveillance Technology: The Balance Between Privacy and Public Safety
More than 4,000 live camera feeds monitor and record activity on the campus of the University of Illinois at Urbana-Champaign. With the recent additions of Unmanned Aircraft Systems (Drones) and Automated License Plate Recognition (ALPR) cameras, what policies and practices have been implemented to protect an individual’s right to privacy, while allowing police the tools to effectively prevent and solve crimes?
Detective Pete Milinkovic and Sergeant Nick Perrine are both active and sworn Police Officers at the University of Illinois Police Department. They have a combined over 25 years of law enforcement experience and are currently assigned to the department’s Community Outreach and Support Team (COAST). COAST provides educational programming, to give students, faculty and staff the tools they need to keep themselves and other safe.
2:00 p.m. CST
Trust, Because You Can’t Verify: Privacy and Security Hurdles in Education Technology Acquisition Practices
The EdTech landscape is expanding rapidly in higher education institutes (HEIs). This growth brings enormous complexity. Protecting the extensive data collected by these tools is crucial for HEIs as data breaches and misuses can have dire security and privacy consequences for the data subjects, particularly students, who are often compelled to use these tools. This urges an in-depth understanding of HEI and EdTech vendor dynamics, which is largely understudied.
To address this gap, we conducted a semi-structured interview study with 13 participants who are in EdTech leadership roles at seven HEIs. Our study uncovers the EdTech acquisition process in the HEI context, the consideration of security and privacy issues throughout that process, the pain points of HEI personnel in establishing adequate protection mechanisms in service contracts, and their struggle in holding vendors accountable due to a lack of visibility into their system and power-asymmetry, among other reasons. We discuss certain observations about the status quo and conclude with recommendations for HEIs, researchers, and regulatory bodies to improve the situation.
Easton Kelso is a senior undergraduate researcher at Arizona State University studying Computer Science with a concentration in cybersecurity, set to graduate this year and starting to pursue a master’s degree in the same area. They got started in research during their first year at university and have focused on security and privacy issues that HEIs face with the growing technological landscape, especially in the use of EdTechs.
Rakibul Hasan is an assistant professor in the School of Computing and Augmented Intelligence at ASU.
2:00 p.m. CST
A More Equitable Digital Future: The Role of Diversity in Privacy Law
As technology continues to evolve, privacy laws and policies must reflect the needs and concerns of all individuals, but how do they get there? This panel session will explore the intersection of diversity, equity, and inclusion in the realm of privacy law.
Adonne Washington serves as Mobility, Location and Data Policy Counsel at the Future of Privacy Forum. With four years of experience dedicated to the privacy and technology space, her current role applies the knowledge of various technologies to a more specific sector: mobility and location. Adonne provides scholarship, guidance, and analysis for various policy and privacy issues related to emerging technologies.
Before joining FPF, Adonne served as the Digital Justice Associate Counsel with the national branch of the Lawyers’ Committee for Civil Rights Under Law, working on matters at the intersection of racial justice, technology, and privacy. Adonne received her J.D. from the Howard University School of Law and received her BA in social relations and policy with a minor in public relations from Michigan State University in 2017.
Beth Do is the Christopher Wolf Diversity Law Fellow at the Future of Privacy Forum, where her work focuses on AI governance, legislative analysis and risk management. Before FPF, she was in-house counsel at USAA, where she analyzed complex issues related to consumer privacy and data incident response. Beth received her J.D. from St. John’s University and was a 2019 Don H. Liu Scholar (a national scholarship program that empowers AAPI students to become leaders in the legal profession).
Ritu Narula maintains a strategic privacy, security and data optimization practice at Loeb & Loeb/Ford. She counsels clients with respect to emerging technology and data-related products and services, including issues related to privacy and data optimization and Internet of Things and connected devices. She has experience developing privacy programs and operationalizing privacy laws through practical solutions. She helps clients bring new products and services to market, and to leverage data, technology and connectivity and mobility across their evolving businesses.
Previously, Ritu served as the Operations Lead within the presidential transition team for President Joe Biden and Vice President Kamala Harris.
3:00 p.m. CST
The Human Side of AI: Privacy, Ethics and Equity in Higher Education
AI is transforming higher education, but how do we ensure it serves people, not just data? This panel, featuring key leaders from the Generative AI Solutions Hub, will explore essential ethical practices for implementing AI across campus. Join us for an engaging discussion about how we can responsibly leverage AI technology in a human-centered way, prioritizing privacy, equity and transparency in academic environments.
Chris Tidrick, Chief Information Officer and Senior Director, IT Partners, Gies College of Business, is a seasoned technology leader with over 30 years of experience driving digital transformation in higher education. As the Chief Information Officer at Gies College of Business, he leads strategic initiatives to enhance data-driven decision-making, student success, and operational efficiency. He currently chairs the Generative AI Solutions Hub at University of Illinois Urbana-Champaign and regularly shares his insights through his podcast, speaking engagements, and writing. More info at christophertidrick.link.
Pattricia (Patty) Jones, Assistant Vice Chancellor for Research & Innovation in Compliance, University of Illinois Urbana-Champaign
Michael Curtin, Innovation Coordinator, University of Illinois Urbana-Champaign
Nick Vance, Assistant Director Data Innovation, University of Illinois Urbana-Champaign
Ece Gumusel, Privacy Analyst, University of Illinois Urbana-Champaign (moderator)
3:00 p.m. CST
Applying Privacy by Design
This presentation will discuss the principles of Privacy by Design and how they may apply to higher education privacy programs.
Stefan Wahe is the HIPAA Privacy and Security Director for the UI System. In this role, he manages and updates the HIPAA Privacy and Security Program. Stefan previously served as the Deputy Chief Information Security Officer at the University of Wisconsin-Madison, has a master’s in legal studies focused on cybersecurity and data privacy law and maintains his Certified Information System Security Professional certifications.
Questions?
Contact privacy@illinois.edu