Ken Mortensen, CIPP/G, CIPP/US, CIPM, PLS




Ken Mortensen, Esq., is the InterSystems’ Data Protection Officer building and leading Global Trust and Privacy. He is based in their Cambridge headquarters and works globally across the company to enhance information privacy, governance, and cyber risk processes not only in the development and deployment of InterSystems technology, but also in the management of operations and services. Ken focuses on enhancing trust and privacy throughout InterSystems demonstrating to customers and clients the commitment to investing and growing the capabilities of InterSystems in order to stay in front of emerging risks for privacy and cybersecurity.

Prior to joining InterSystems, Ken was a Senior Managing Director over at PwC for the past 2½ years specializing in data protection, privacy, and cybersecurity and led the expansion of PwC’s healthcare privacy offerings. Before that, Ken was the Vice President, Assistant General Counsel & Chief Privacy Officer at CVS Health, responsible for overseeing enterprise information governance to deliver privacy compliance as well as leading the information security risk management organization to address cyber risks. While at CVS, he oversaw compliance with CVS’ FTC Consent Decree, OCR Corrective Action plan, and PCI program. He was also the first Chief Privacy Officer for Boston Scientific responsible for implementing a global privacy and security program and introducing a governance emphasis for risk.

Prior to that, Ken served in the Administration of President George W. Bush as the Associate Deputy Attorney General for the U.S. Department of Justice, where he was the primary counsel and policy advisor to the Attorney General and Deputy Attorney General on privacy and civil liberties matters. While at Justice, he led the U.S. delegation to negotiate privacy and cybersecurity terms with the European Union as well as oversaw the privacy and civil liberties processes for numerous national security and foreign intelligence programs.
Prior to going to Justice, Ken served eventually as Deputy Chief Privacy Officer at the Dep’t of Homeland Security as part of the team that stood up the Privacy Office at the beginning of the agency.

Before his government service, Ken was a partner in his own law firm as one of the early practitioners of privacy and security law, he taught computer law and information policy at Villanova Law School, and he was a hardware design engineer at Burroughs (now Unisys) in the Large System Design division focusing on information assurance and system test.

Ken is a former member of the board of directors for the International Association of Privacy Professionals (IAPP).  He currently serves on the IAPP Research Advisory Board and the board of Shared Assessments, an organization focused on addressing third party information risks. Previously, Ken served on the board of the Health Information Trust Alliance (HITRUST) and participated in the development of the privacy control category of the HITRUST CSF.

Ken currently teaches privacy law at Boston University Law School and cybersecurity law at the University of Maine School of Law. Ken is co-author with Andy Serwin of the West Publishing book, Healthcare Security and Privacy Law, and has authored chapters and sections for other privacy, cybersecurity, and risk books and publications.  He is an internationally recognized expert on these topics and speaks globally.

Ken is admitted to the bars of Pennsylvania and New Jersey as well as the Supreme Court of the United States. He received his Juris Doctorate from Villanova University School of Law and his MBA from the Villanova University College of Finance. He also has a Bachelor’s of Science in Engineering degree in Electrical and Computer Engineering from Drexel University and a Certificate in Foreign Intelligence Law from the Judge Advocate General's School of Law.


Contributions by Ken Mortensen

  • Third-Party Privacy Risk—Beyond Your Organisation's Bounds for GDPR
    Speaker at IAPP Europe Data Protection Intensive 2018
  • Getting the C-Suite to Show You the Money
    Speaker at Practical Privacy Series 2016
  • Making Killer Privacy Presentations to the Board
    Speaker at Privacy. Security. Risk. 2015
  • Onboarding Offline Data: How Ads Are Served Online Based on Consumers? Offline Activity and the Privacy Issues to Watch For
    Speaker at Practical Privacy Series - New York 2014
  • IU CLEAR/IAPP Healthcare Privacy Clinic
    Speaker at IAPP Privacy Academy 2014
  • Keeping up with the Jones: U.S. v. Davis
    Privacy Tracker
  • Speaker at IAPP Global Privacy Summit 2013
  • Speaker at IAPP Global Privacy Summit 2013
  • Speaker at IAPP Practical Privacy Series D.C. 2008
  • Speaker at IAPP Academy 2007
  • Speaker at IAPP Practical Privacy Series D.C. 2011
  • 2011 Practical Privacy Series Atlanta
  • Speaker at IAPP Global Privacy Summit 2011
  • Speaker at IAPP Academy 2010
  • Speaker at IAPP Academy 2008
  • Speaker at IAPP Global Privacy Summit 2009
  • Speaker at IAPP Practical Privacy Series D.C. 2007
  • Speaker at IAPP Global Privacy Summit 2008
  • Speaker at IAPP Global Privacy Summit 2010
  • Speaker at Privacy Academy 2013
  • Speaker at Practical Privacy Series Chicago 2013