Catherine Tomasi, CIPP/US, CIPM, FIP

Headshot

ConEdison

CPO

Catherine Tomasi, CIPP/US, CIPM, is Director and Chief Privacy Officer for Con Edison, one of the world’s largest energy delivery systems providing electric, gas, and steam service to the 10 million people who live and work in New York City and Westchester County. Catherine has more than 15 years of experience in the areas of privacy and compliance. Most recently, Catherine was Executive Director, Privacy, Fraud, & Data Governance, at Morgan Stanley’s US Banks where she was directly responsible for implementing and managing the first line privacy, fraud, and data governance risk management programs. Prior to that role, she worked for eight years in the roles of Assistant Vice President, Vice President, and Senior Vice President, Enterprise Privacy Compliance at Bank of America. In these roles, she was responsible for serving as privacy advisor to the Business Banking, Commercial Banking, Corporate & Investment Banking, Global Markets, and Merrill Lynch Wealth Management divisions. She led the design, development and execution of privacy compliance technology projects and initiatives, including the enterprise consumer preference intake and management platform, and the enterprise technology solution used for the tracking and resolution of privacy events and incidents. Earlier in her career, Catherine was the Assistant Vice President, Electronic Communications Compliance at Merrill Lynch where she was responsible for advice and guidance related to compliance with domestic and international rules and regulations for use of electronic communications, as well as information security and privacy. Catherine graduated summa cum laude from Saint Leo University with a bachelor’s degree in Psychology and is certified by the International Association of Privacy Professionals as a Certified Information Privacy Professional – US (CIPP/US) and a Certified Information Privacy Manager (CIPM). Catherine has served on the Rutgers University Advisory Board for Cyber Security, instructing the privacy module for the certification program, and volunteers and speaks regularly to advocate for personal data privacy and protection, online safety for children, and fraud prevention.

 

Contributions by Catherine Tomasi

  • Blackout: Preparing for a Critical Infrastructure Cyber Incident
    Speaker at IAPP Privacy. Security. Risk. 2022