Kenneth Mortensen

Kenneth P. Mortensen


BSEE, Drexel University
JD, Villanova University
MBA, Villanova University

Areas of Interest
Cybersecurity Law, Electronic Commerce, Intellectual Property, International Data Protection, Privacy

As an attorney and engineer, Kenneth P. Mortensen works to empower organizations to develop and implement a knowledge governance strategy treating information as a critical enterprise asset used to optimize risk and facilitate innovation through enhanced decision-making while incorporating protections for individual privacy and addressing cybersecurity risks.

Ken is currently the data protection officer leading Global Trust and Privacy at InterSystems, a leading technology innovator in the healthcare, finance, and government sectors. He is based in Cambridge, Mass. and works globally across the company to enhance information privacy, governance, and cyber risk processes not only in the development and deployment of InterSystems’ technology, but also the management of its operations and services. Ken focuses on enhancing trust throughout InterSystems to demonstrate to customers and clients InterSystems’ commitment to invest and grow these capabilities in order to stay in front of emerging risks for privacy and cybersecurity and to build in trust as a core competency for InterSystems.

Before InterSystems, Ken was a senior managing director for PwC working out of the Boston office with global responsibility to address client needs for knowledge governance and privacy compliance. He also expanded their healthcare privacy offerings into advanced, technology-enabled solutions and coordinated cross-border privacy and data protection compliance solutions.

Formerly, Ken was the vice president, assistant general counsel & chief privacy officer at CVS Health, a Fortune 7 company, where he had enterprise responsibility for information governance, including management of a legal team, privacy operations, and the enterprise information security and risk governance group. While there, he secured the first ever closure letter for a healthcare organization from HHS’s Office of Civil Rights for CVS’s Corrective Action Plan, and in less than the required three years. Additionally, he successfully developed the company’s first privacy and information security programs to ensure full compliance with CVS’s Consent Agreement with the FTC, the protection of patient data, and successful PCI compliance. Before to coming to CVS Health, he was Boston Scientific Corporation’s first ever chief privacy officer where he had responsibility for building a global corporate privacy and security program.

Prior to re-entering the private sector, Ken served in the administration of President George W. Bush as the associate deputy attorney general (Privacy & Civil Liberties) for the US Department of Justice, where he was the primary counsel and policy advisor to the US Attorney General and Deputy Attorney General on privacy and civil liberties matters, including support under the Foreign Intelligence Surveillance Act and drafting the Attorney General Guidelines for Domestic FBI Operations and EO 12333. He negotiated numerous international agreements with privacy and civil liberties safeguards, including the development of a common set of privacy principles through negotiation with the European Commission DG Justice as head of the US delegation (which included officials from the US Department of Justice, Department of State, and Department of Homeland Security) for the High Level Contact Group from 2007 to 2009. Ken led a US agency delegation that negotiated national cooperative agreements, the Preventing and Combating Serious Crime agreements, supporting foreign intelligence, national security and law enforcement issues in a transnational setting. Ken served as advisor counsel from the Department of Justice in the annual US-EU Safe Harbor meetings and coordinated the data protection segment of the semi-annual Justice troika with US federal security agencies, the European Commission, and the Presidency of the Council of the European Union. In addition, he was granted observer status by the Article 29 Working Party for the 29th and 30th International Conference of Data Protection and Privacy Commissioners. He was counsel to CFIUS providing advice related to OFAC and FinCEN for privacy concerns. Additionally, he worked closely with the privacy officers from agencies such as Social Security Administration, Health and Human Services, and the Office of Management and Budget and co-chaired the Federal CIO Council’s Privacy Committee, which is now the Federal Privacy Council.

Before coming to Justice, Ken joined the Department of Homeland Security early in its existence, first as a senior advisor and ending as the deputy chief privacy officer, counseling on privacy and security, including the development of information sharing for cybersecurity and critical infrastructure. He participated as a senior advisor in the negotiations between the US Department of Justice and the European Commission DG Justice regarding the Passenger Name Record accord. Additionally, he advised on compliance with and interpretation of the Privacy Act, e-Gov Act, DPPA, GINA, and IRTPA. While at DHS, Ken assessed the privacy issues with the collection, use, and disclosure of personal information in support of DHS programs, including REAL ID, SecureFlight, e-Verify, and the Visa Waiver program.

Formerly, Ken was founding law partner at Harvey & Mortensen and served as special counsel to Pennsylvania Attorney General Mike Fisher for Internet and cyber issues as well as designing and operating the Commonwealth’s initial Do Not Call website. Before private practice, Ken was a Teaching Fellow at Villanova University School of Law, where he taught computer and information law and managed the operations of a think tank, the Center for Information Law and Policy. Ken began his career at Burroughs Corporation as an Electrical Engineer performing large system design and test development for mainframe computers.

Ken is a former member of the board of directors for the International Association of Privacy Professionals (IAPP). Founded in 2000, the IAPP is the world’s largest association of privacy professionals across the globe. He currently serves on the advisory board of Shared Assessments, which is a standards organization focused on helping organizations address third party risk in privacy and information protection. Previously, he served on the board of the Health Information Trust Alliance (HITRUST), which is a security framework organization with the aim of addressing risk assurance for health information and compliance with the Health Insurance Portability and Accountability Act (HIPAA) through the Common Security Framework (CSF) and CSF Assurance program, and participated in the development of the privacy control category of the HITRUST CSF. In addition, he is serving a term as the privacy expert on the Aviation Security Advisory Committee for the Transportation Security Administration.

In addition to his Juris Doctorate from Villanova University School of Law, he has a Master in Business Administration (with a concentration in eEntrepreneurship) from Villanova University College of Commerce and Finance and a Bachelor of Science in Electrical Engineering (with a concentration in System and Semiconductor Design) from Drexel University. He also holds a Certificate in Foreign Intelligence Law from the Judge Advocate General’s School of Law. Ken is admitted to practice law in Commonwealth of Pennsylvania, the State of New Jersey, and before the Supreme Court of the United States. In addition, he holds certifications from the IAPP as a Certified Information Privacy Professional in US privacy (CIPP/US), a Certified Information Privacy Professional in Government privacy (CIPP/G), and a Certified Information Privacy Manager (CIPM).

View all profiles