Shampa Chatterjee, CIPT



Director, Data Privacy

Starting my career as a programmer analyst at American Express almost 19 years ago, I have since worked in technologies as well as within business managing global implementation of capabilities and projects, having traveled to countries such as UK, Australia, Italy, Sweden, Taiwan, Thailand, Hong Kong, Singapore, Mexico, Canada and India to support rollout and training activities over these years.

I have managed Privacy data breach notifications and created data breach notification management and reporting programs for several disparate lines of businesses such as International proprietary card services, merchant and corporate services.

Over the last decade or so, I have been part of Risk and Compliance organization supporting the development, coordination and implementation of American Express’ global privacy program, ensuring adherence to our enterprise privacy risk appetite globally through effective privacy oversight and second line of defense challenge.

I have led audits and assessments of Privacy, Data Protection, Information Security and IT risks in our products and processes, providing direction on creating and maintaining a strong control environment within inherently Privacy risk areas.  Certified in CIPT in 2009 and CISSP in 2015, I have overseen complex global projects aimed at achieving compliance with regulations such as EU ePrivacy Cookies directive as well as GDPR.

Most recently, I am part of American Express Global Privacy Office, partnering with Legal, Compliance and other stakeholders in overseeing privacy legal/regulatory change management and fostering a culture of privacy at American Express by advocating for privacy-by-design, integration of the American Express Data Protection & Privacy Principles, accountability and sharing of best practices.