Sarah Statz, CIPM


American Express

VP, Senior Counsel

Sarah Statz joined Amex in May 2015 and is a member of the Technology & Digital Law Group. She is responsible for global cybersecurity and third party lifecycle management legal issues. In this role, Sarah works with technology, procurement and information security teams to ensure compliance with regulatory requirements, respond to cyber and third party related regulatory examinations, review and develop information security policies and procedures, engage in breach response and preparedness planning, negotiate information security-related contractual provisions, engage in lobbying efforts related to cybersecurity legislation and advise on cybersecurity insurance issues.

Prior to joining Amex, Sarah was a Senior Associate at King & Spalding in Atlanta. While at King & Spalding, Sarah was member of the firm’s Business Litigation Practice Group and the Privacy & Information Security Practice.  In this role, she advised clients on requirements for compliance with state and federal data security and privacy laws; advised clients on cyber insurance matters; drafted privacy policies for client websites and mobile applications; developed comprehensive data security and privacy programs and training resources; managed investigations of data breaches; assisted clients with investigations by state and federal regulators; and defended litigation, including class action litigation, arising out of data breach and privacy incidents. 

Sarah is a member of the International Association of Privacy Professionals (IAPP) and is a Certified Information Privacy Manager (CIPM). She received her law degree from Vanderbilt University and a B.S.B. in actuary science and finance from the University of Minnesota. She is originally from Wisconsin.

Sarah is based in New York and can be reached at 212-640-5051 or