Moderator: Zachary Kilhoffer, Dynatrace
Panelists: Hoang Bao, Axon; Masooda Bashir, University of Illinois at Urbana-Champaign; Debra Farber, Lumin Digital; Sarah Lewis Cortes, Netflix and NIST; Akhilesh Srivastava, IOPD
Privacy engineers often work on complex AI systems, and as such, many now find themselves playing a AI governance roles alongside their privacy engineering responsibilities. However, PEs are not only seeing their roles shaped by AI Governance; they also have an opportunity to shape it. Furthermore, PEs are at the forefront of regulatory compliance and as AI governance evolves and regulations take shape, PEs are uniquely positioned to lead in this domain. This panel explores the intersection of privacy engineering practice and the new wave of AI governance. As the EU AI Act ushers in a new era of AI regulation, reminiscent of GDPR's impact on privacy, we examine how privacy engineering practices and skills can inform and enhance AI governance strategies.
Dr. Zachary (Zak) Kilhoffer is a manager of AI governance at Dynatrace. His research focuses on the ethical, socio-economic, and political implications of emerging technologies, particularly artificial intelligence. With a multidisciplinary background spanning international relations, economics, tech and labor law, and computer science, Zak employs mixed methods and diverse theoretical lenses in his research. He has enriched his academic perspective through internships with the US House of Representatives, the OSCE, and the United Nations. From 2017 to 2021, at the Centre for European Policy Studies in Brussels, he focused on the intersection of technology and EU policy, authoring influential work on the platform economy, gig work, and algorithmic fairness—research that has notably shaped EU discourse on digital platform regulation.
Hoang Bao has two decades of experience in building and leading privacy and data governance programs. He is currently serving as Director, Global Head of Privacy and Data Privacy Officer for Axon, where he helps ensure Axon is always at the forefront in fulfilling its commitment to protecting privacy for all global Axon Customers and the communities they serve.
He is also a member of the IAPP Privacy Engineering Advisory Board. Additionally, he is a Principal at Virtual Privacy, focusing on empowering the privacy and data protection ecosystem through pro bono services and research about businesses, consumers, and trust in the digital space. Previously, he also served in senior leadership roles at Google, Twitch, Netflix, Walmart Global eCommerce, and Yahoo!. He was also a Senior Consultant at KPMG LLP.Hoang received his Master of Science in Computer Science from Cal Poly, San Luis Obispo and is currently a Master of Laws - LLM candidate. In addition, Hoang has privacy designations such as CIPP/US, CIPP/E, CIPT, and CIPM. He also has the ECPC-B Professional DPO Certification from the European Centre on Privacy and Cybersecurity, Maastricht University.
Dr. Masooda Bashir is an Associate Professor in the School of Information Sciences at the University of Illinois at Urbana-Champaign, where she conducts interdisciplinary research that bridges mathematics, computer science, and psychology. Her research sheds new light on digital trust, cybersecurity, and data ethics, positioning her as a respected expert in these critical fields. Dr. Bashir's career began in Silicon Valley, where she built a robust foundation in technology through roles as a systems analyst, technical trainer, manager, and global manager at companies including Lotus and IBM. Her hands-on industry experience laid the groundwork for her later scholarly pursuits, fueling her decision to earn a PhD from Purdue University. This unique combination of practical expertise and rigorous academic training informs her innovative approach in both research and teaching. In addition to her primary appointment, Dr. Bashir directs Social Sciences in Engineering Research and holds key affiliations with the Department of Industrial and Enterprise Systems Engineering, the Coordinated Science Laboratory, and the Information Trust Institute. Her extensive publication record includes over 100 scholarly papers on data privacy, cybersecurity, and human trust in automation, developed alongside her dynamic research team at UIUC. Her leadership extends to managing several NSF-funded research initiatives, including a decade-long commitment to the CyberSecurity Scholarship Program. Through her groundbreaking work and visionary leadership, Dr. Bashir continues to shape and advance the dialogue on technology's impact on society.
Debra J. Farber is a seasoned privacy executive and leader with over 20 years of experience operationalizing privacy across complex, data-driven environments. She spent the bulk of her career operationalizing privacy programs at companies large and small before shifting left into privacy engineering. She currently serves as Privacy Engineering Manager at Lumin Digital, where her team embeds privacy early into a cloud-native digital banking platform. Debra has led privacy and security programs at Amazon Prime Video, AWS, BigID, Visa, TrustArc, and IBM, and serves as Advisory Board member to several privacy tech startups, guiding them on product strategy, go-to-market messaging, and responsible data practices. In addition, with a strong interest and focus on responsible AI, she advocates for organizations to embed privacy and ethical guardrails throughout the AI lifecycle.
Debra is an active member of the privacy engineering community. A passionate advocate for shifting privacy left in the software development lifecycle to address privacy issues early, she created and hosted The Shifting Privacy Left Podcast, which published 63 episodes spotlighting how privacy engineers can integrate privacy early and effectively into the software development lifecycle before code is shipped and PII is ever collected. She's also a Member of the USENIX PEPR Conference's Programming Committee and is an Advisor to the Institute of Operational Privacy Design (IOPD). She holds a BA from Binghamton University, a JD from Brooklyn Law School, and a Certificate in Designing and Building AI Systems from Cornell University. She also holds multiple certifications, including the CISSP, CIPP/E, CIPP/EU, CIPT, and CIPM, among others. Her work sits at the intersection of privacy, security, engineering, and trust where she aims to consistently drive scalable, privacy-respecting outcomes.
Dr. Sarah Lewis Cortes (CISSP, FIP, CIPP/E (GDPR), CIPT, CISM, CISA, CRISC) is a leading expert with over 20 years of global-scale technology experience in domains including strategy and execution for Information Security, Privacy Engineering, Privacy Enhancing Technologies (PETs), Data Protection, and secure, privacy-aware AI/ML. She has a strong record of success creating robust privacy engineering and security solutions and programs. At firms such as Netflix, Salesforce, and Fidelity Investments, she has had responsibility for implementing global-scale, comprehensive privacy engineering and privacy-aware, secure AI/ML programs. She earned degrees at Harvard University and Boston University, studied Forensic Sciences at Boston University Medical School, and holds a PhD in Computer Science, Cybersecurity from Northeastern University. Her research and publications focus on the dark net, anonymous network communications, privacy and privacy law, and responsible AI/ML Sarah has served as an invited Team Leader for the NIST Privacy Workforce Working Group, where she helps shape national strategies for building privacy expertise and capacity, and has published NIST privacy framework crosswalks. She also serves on the Privacy Engineering Advisory Board of the International Association of Privacy Professionals (IAPP). A former analyst for the US Department of Energy, she led the NIST Cybersecurity Working Group on Privacy & Security sub-team as co-author, that created the security and privacy laws section of the 2014 NIST: Guidelines for Smart Grid Cyber Security: Vol. 2, Privacy and the Smart Grid. She also conducts training and research with the FBI, the Alameda County Sheriff’s Office Digital Forensics Crime Lab, and other Law Enforcement Agencies (LEAs). Prior to undertaking her PhD, Sarah was Senior Vice President for Security, Privacy, GRC and Disaster Recovery at Putnam Investments, where she led a team of over 150 staff, delivering privacy and security solutions and programs.
Akhilesh Srivastava is a strategic senior leader with a wealth of experience as a Product Technical PM in large tech companies like Meta, Amazon, Capital One, and FINRA. Over his 19-year journey, he has been at the forefront of innovation across diverse domains, including Privacy, Fin-Tech (Payments, Regulation), Ads, Insurance, and e-commerce.
Passionate about privacy-enhancing technologies, governance, ethics, and GenAI, Akhilesh has driven multi-million-dollar impacts across various product suites, serving billions of customers globally on a large scale. He volunteered as the Chair of the Risks & Controls Committee at the Institute of Operational Privacy Design and is an executive volunteer member of Tejas Cyber Security Professionals Network and Washington DC's CTO's Club. He speaks at privacy-related industry conferences. Additionally, he actively volunteers in various nonprofit community initiatives, providing mentorship to leaders.
He is certified in MIT Sloan's AI-Implications for Business Strategy.
author = {Zachary Kilhoffer and Hoang Bao and Masooda Bashir and Debra Farber and Sarah Lewis Cortes and Akhilesh Srivastava},
title = {Panel: How Privacy Engineers Can Shape the Coming Wave of {AI} Governance},
year = {2025},
address = {Santa Clara, CA},
publisher = {USENIX Association},
month = jun
}