IAPP announces 2025 board of directors and executive committee members

Appointees include preeminent leaders at Volkswagen Group, Google, GE Healthcare and Hintze Law

PORTSMOUTH, N.H. – 30 Jan. 2025 – The IAPP, the professional home for privacy, AI governance and digital responsibility globally, today announced the addition of four new directors to its board for 2025, including Volkswagen Group Chief Privacy Officer Oliver Draf, Google Data Protection Officer Kristie Chon Flynn, GE Healthcare Chief Privacy and Data Trust Officer Lara Liss and Hintze Law and Hintze Data Advisors Susan Hintze, CIPP/US, CIPT, FIP. Mastercard Chief Privacy and Data Responsibility Officer Caroline Louveaux, CIPP/E, CIPM, has been elected chair.

“The IAPP has experienced significant growth and development over the past year,” said IAPP President and CEO J. Trevor Hughes, CIPP. “Our 2025 board of directors reflects the depth of knowledge and expertise required to lead our growing profession through the evolving landscape of digital governance, while advancing our mission to define, promote and improve the professions of privacy, AI governance and digital responsibility globally.”

Oliver Draf joined Volkswagen Group in 2018 to oversee its privacy management program. Before that, he served as a DPO for some 30 companies of Allianz Germany Group. Oliver has more than 20 years of professional experience in data protection. He read law at the universities of Passau and Freiburg, earning his Juris Doctorate. He also earned a doctorate at the University of Marburg University and a Master of Laws at McGill University. Oliver is admitted to the bar in Munich.

Kristie Chon Flynn leads Google's central privacy engineering team and serves as the company's DPO. Her team partners with product and engineering teams across Google to develop and implement technical guidance and privacy-enhancing technologies, ensuring privacy is embedded in Google's products and services. Kristie also serves on the board of directors for Google Korea, Fitbit Korea, Google Cloud Korea and Google Payment Korea. Prior to Google, Kristie was the CPO at PayPal, where she led a global team responsible for building and implementing privacy solutions. She served on the board of directors for PayPal (Europe) S.à r.l. et Cie, S.C.A, a bank in Luxembourg, and at Tradera AB, an e-commerce marketplace in Sweden. Kristie holds a Bachelor of Arts from Fordham University and a Juris Doctorate from the Benjamin N. Cardozo School of Law at Yeshiva University.

Lara Liss is the chief privacy and data trust officer for GE HealthCare, which partners with customers to fulfill health care's greatest potential through groundbreaking medical technology, intelligent devices and care solutions. GE HealthCare operates in more than 160 countries and serves more than 1 billion patients annually. GE HealthCare also leads the medical device industry in deployment of AI with 80 AI enabled devices on the market in 2024 covering a range of applications, including advanced medical imaging, precision diagnostics and treatment planning. Lara co-leads GE HealthCare's Responsible AI Council.

Prior to joining GE Healthcare, Lara was global CPO for Walgreens Boots Alliance, a Fortune 20 global retail, pharmacy and health care company. There she led the team responsible for maintaining the privacy of more than 1 billion customers' prescription information per year and advised the company on cybersecurity incident response, privacy legal and compliance issues, and reproductive health privacy. In addition, she founded and co-led the company's Responsible AI initiative.

Prior to joining Walgreens Boots Alliance, Lara was senior counsel for global privacy at Abbott Laboratories, privacy officer and assistant general counsel of a regional health system, and an attorney in the health care group at Sidley Austin, where she represented pharmaceutical companies, medical device manufacturers and health care providers in internal investigations, regulatory compliance counseling and privacy matters. Lara has her Juris Doctorate and Master of Public Policy from the University of Michigan and an MBA from Northwestern's Kellogg School of Management.

Susan Hintze is the managing Partner and founder of Hintze Law and Hintze Data Advisors, both dedicated to AI, data protection, and online safety and ethics. Recognized by Chambers, Legal 500 and Best Lawyers, Susan and her firm are leaders in their field. She is also honored as a Westin Emeritus Fellow by the IAPP.

Susan has provided legal counsel to Fortune 500 clients for over 25 years, of which over 20 years have been dedicated to data protection and online safety. She has defended clients in regulatory matters before the U.S. Federal Trade Commission, state attorneys general, and regional data protection regulators in the EU and beyond. Her expertise advising on the intersection of technology and its impact on individuals and society spans the e-commerce, technology, analytics, advertising, AI, educational technology, financial technology, media, travel, automotive, gaming and mobile industries.

Previously, Susan co-chaired the privacy group of Cooley and co-led the privacy group at Perkins Coie. She also served as privacy counsel with Microsoft, advising on information technology security, global sales and marketing, Xbox, human resources, research, and legislative policy teams on privacy, data security and online safety issues. Before Microsoft she served as lead privacy counsel at Dell.

Additionally, the IAPP welcomes its newly elected executive committee for 2025, including:

  • Chair: Caroline Louveaux, CIPP/E, CIPM, chief privacy and data responsibility officer at Mastercard
  • Vice Chair: Barbara Cosgrove, CIPP/E, vice president and CPO at Workday
  • Treasurer: Christina Montgomery, AIGP, vice president, chief privacy and trust officer at IBM
  • Secretary: Travis LeBlanc, partner at Cooley; Privacy and Civil Liberties Oversight Board member
  • Past Chair: Faith Myers, CIPP/E, CIPP/US, CIPM, FIP, privacy officer and vice president at McKesson Corporation

“In an era where technological innovation is rapidly advancing and geopolitical landscapes are shifting, the importance of privacy professionals has never been more paramount,” said Louveaux. “Our expertise in navigating the complexities and opportunities of the global digital economy is essential for building trust within our society and paving the way for a secure and confident future.”

About the IAPP

The IAPP is the professional home for privacy, AI governance and digital responsibility globally. We are a resource and gathering place for professionals who work at the intersections of data, technology and humanity. We provide members with the tools, resources, training, credentials and networking needed to thrive in today's digital economy. For details, visit iapp.org.