Kenneth Cheng, CIPP/E, CIPM, CIPT, FIP
Kenneth Cheng is responsible for privacy initiatives and controlled entity oversight at American Express. He has led all aspects of complex global initiatives (from strategy, policy and requirements definition, project management, training to go-live validation), to bring systems and processes into alignment with privacy and data protection laws across 20 countries. He successfully implemented data deletion and privacy choice technology capabilities and operational processes for American Express Payment Services Limited over four years, taking a pragmatic privacy by design approach. In the controlled entity oversight role he leads global data mapping; supports the development of an enterprise wide controls monitoring program; and provides oversight of privacy controls for processes, new products and third parties through on-going privacy advisory, education, and impact / risk assessment reviews.
Prior to joining Privacy, Kenneth helped develop and roll out the governance framework for the American Express Europe card issuing legal entity, where he facilitated the UK Governance committee and American Express Services Europe Limited Risk Committee reporting into the Board. He also has 12 years experience in the fields of Technology Audit and Risk, Information Security, and Project / Change Risk in both professional services and industry in the UK and US (San Jose). Where he led teams and delivered assurance and consulting reviews for international banking, insurance, retail, and manufacturing clients.
Kenneth is CIPP/E and CIPM certified, and holds a BA joint honours in Chinese and Business Studies from the University of Sheffield. He is also a Prince2 Practitioner and became CISA qualified in 2005, acting as a board member of the ISACA San Francisco chapter during 2008/9.
Contributions by Kenneth Cheng
The Evolution of PIA Best Practices
Speaker at IAPP Europe Data Protection Congress 2016