Kenneth P. Mortensen

Lecturer

BSEE, Drexel University
JD, Villanova University
MBA, Villanova University

Areas of Interest
Electronic Commerce, Intellectual Property
Contact
Biography

As an attorney and engineer, Kenneth P. Mortensen empowers organizations to develop and implement enterprise governance strategy for the superior application of information as a critical enterprise asset used to optimize risk and facilitate innovation through enhanced decision-making while incorporating protections for individual privacy and also addressing cybersecurity risks.

Ken is currently the data protection officer leading Global Trust and Privacy at InterSystems, a leading technology innovator in the healthcare, finance, and government sectors. He is based in Cambridge, Mass. and works globally across the company to enhance information privacy, governance, and cyber risk processes not only in the development and deployment of InterSystems’ technology, but also the management of its operations and services. Ken focuses on enhancing trust and privacy throughout InterSystems to demonstrate to customers and clients InterSystems’ commitment to invest and grow these capabilities in order to stay in front of emerging risks for privacy and cybersecurity and to build in trust as a core competency for InterSystems. Before InterSystems, Ken was a senior managing director for PwC working out of the Boston office with global responsibility to address client needs for knowledge governance and privacy compliance. He also expanded their healthcare privacy offerings into advanced, technology-enabled solutions and coordinated cross-border privacy and data protection compliance solutions.

Formerly, Ken was the vice president, assistant general counsel & chief privacy officer at CVS Health, a Fortune 7 company, where he had enterprise responsibility for information governance, including management of a legal team, privacy operations, and the enterprise information security and risk governance group. While there, he secured the first ever closure letter for a healthcare organization from HHS’s Office of Civil Rights for CVS’s Corrective Action Plan, and in less than the required three years. Additionally, he successfully developed the company’s first privacy and information security programs to ensure full compliance with CVS’s Consent Agreement with the FTC, the protection of patient data, and successful PCI compliance. Before to coming to CVS Health, he was Boston Scientific Corporation’s first ever Chief Privacy Officer where he had responsibility for building a global corporate privacy and security program.

Prior to re-entering the private sector, Ken served in the administration of President George W. Bush as the associate deputy attorney general (Privacy & Civil Liberties) for the US Department of Justice, where he was the primary counsel and policy advisor to the US Attorney General and Deputy Attorney General on privacy and civil liberties matters, including support under the Foreign Intelligence Surveillance Act and drafting the Attorney General Guidelines for Domestic FBI Operations and EO 12333. He negotiated numerous international agreements with privacy and civil liberties safeguards, including the development of a common set of privacy principles through negotiation with the European Commission DG Justice as head of the US delegation (which included officials from the US Department of Justice, Department of State, and Department of Homeland Security) for the High Level Contact Group from 2007 to 2009. Ken led a US agency delegation that negotiated national cooperative agreements, the Preventing and Combating Serious Crime agreements, supporting foreign intelligence, national security and law enforcement issues in a transnational setting. Ken served as advisor counsel from the Department of Justice in the annual US-EU Safe Harbor meetings and coordinated the data protection segment of the semi-annual Justice troika with US federal security agencies, the European Commission, and the Presidency of the Council of the European Union. In addition, he was granted observer status by the Article 29 Working Party for the 29th and 30th International Conference of Data Protection and Privacy Commissioners. He was counsel to CFIUS providing advice related to OFAC and FinCEN for privacy concerns. Additionally, he worked closely with the privacy officers from agencies such as Social Security Administration, Health and Human Services, and the Office of Management and Budget and co-chaired the Federal CIO Council’s Privacy Committee, which is now the Federal Privacy Council.

Before coming to Justice, Ken joined the Department of Homeland Security early in its existence, first as a senior advisor and ending as the deputy chief privacy officer, counseling on privacy and security, including the development of information sharing for cybersecurity and critical infrastructure. He participated as a senior advisor in the negotiations between the US Department of Justice and the European Commission DG Justice regarding the Passenger Name Record accord. Additionally, he advised on compliance with and interpretation of the Privacy Act, e-Gov Act, DPPA, GINA, and IRTPA. While at DHS, Ken assessed the privacy issues with the collection, use, and disclosure of personal information in support of DHS programs, including REAL ID, SecureFlight, e-Verify, and the Visa Waiver program.

Formerly, Ken was founding law partner at Harvey & Mortensen and served as special counsel to Pennsylvania Attorney General Mike Fisher for Internet and cyber issues as well as designing and operating the Commonwealth’s initial Do Not Call website. Before private practice, Ken was a Teaching Fellow at Villanova University School of Law, where he taught computer and information law and managed the operations of a think tank, the Center for Information Law and Policy. Ken began his career at Burroughs Corporation as an Electrical Engineer performing large system design and test development for mainframe computers.

Ken is a former member of the board of directors for the International Association of Privacy Professionals (IAPP). Founded in 2000, the IAPP is the world’s largest association of privacy professionals with more than 15,000 members in 86 countries. He currently serves on the IAPP Research Advisory Board and board of Shared Assessments, which is a standards organization focused on helping organizations address third party risk in privacy and information protection. Previously, he served on the board of the Health Information Trust Alliance (HITRUST), which is a security framework organization with the aim of addressing risk assurance for health information and compliance with the Health Insurance Portability and Accountability Act (HIPAA) through the Common Security Framework (CSF) and CSF Assurance program, and participated in the development of the privacy control category of the HITRUST CSF.

In addition to his Juris Doctorate from Villanova University School of Law, he has a Masters in Business Administration (with a concentration is Entrepreneurship) from Villanova University College of Commerce and Finance and a Bachelors of Science in Electrical Engineering (with a concentration in System and Semiconductor Design) from Drexel University. He also holds a Certificate in Foreign Intelligence Law from the Judge Advocate General’s School of Law. Ken is admitted to practice law in the US for the Commonwealth of Pennsylvania, the State of New Jersey, and before the Supreme Court of the United States. In addition, he holds certifications from the IAPP as a Certified Information Privacy Professional in US privacy (CIPP/US), a Certified Information Privacy Professional in Government privacy (CIPP/G), and a Certified Information Privacy Manager (CIPM).

Courses

3 credits

Modern information technology and new information-intensive businesses and social practices have moved privacy concerns into the spotlight. And though privacy law has existed as a legal practice area for a generation or more, laws and practice in the area are increasingly complex and evolving rapidly. This course examines law and policy issues concerning personal information and privacy. Law enforcement, national security, and other public law topics will be considered, but the main focus will be civil law and the use of personally identifying information by businesses. We will consider privacy-related statutes and regulations; a variety of recent controversies drawing from Constitutional law, contract, and tort law; established privacy regimes in the EU and elsewhere; and emerging laws that have implications for the use and protection of personal information globally. LIMITED WRITING REQUIREMENT OPTION: A limited number of students may be permitted to satisfy the upper-class writing requirement with the approval of the Associate Dean for Academic Affairs. GRADING NOTICE: This seminar does not offer the CR/NC/H option. **A student who fails to attend the initial meeting of a seminar (designated by an (S) in the title), or to obtain permission to be absent from either the instructor or the Registrar, may be administratively dropped from the seminar. Students who are on a wait list for a seminar are required to attend the first seminar meeting to be considered for enrollment.

SPRG 2017: LAW JD 822 A1 , Jan 23rd to Apr 24th 2017
Days Start End Credits Instructors Bldg Room
Mon 4:20 pm 6:20 pm 3 Kenneth P. Mortensen LAW 420
SPRG 2018: LAW JD 822 A1 , Jan 22nd to Apr 23rd 2018
Days Start End Credits Instructors Bldg Room
Mon 4:20 pm 6:20 pm 3 Kenneth P. Mortensen
View all profiles