Data Privacy Day at Duke 2024

Data Privacy Day Logo

In honor of Data Privacy Day 2024

Please join us on

Feb 2, 2024

Beyond HIPAA: Mental Health Apps, Health Data, and Privacy

Data Privacy Day Logo

Event Overview

Twenty-first century technologies, in particular the apps we use on our mobile devices, combined with the lack of effective, privacy protective laws in our information economy, create risks for data related to our health. Duke’s Data Privacy Day 2024 event, “Beyond HIPAA: Mental Health Apps, Health Data, and Privacy” will address the vast category of health information that is not covered by the Health Insurance Portability and Accountability Act and the urgent need for privacy law and policy to regulate the commercial collection and use of this data.


In a fireside chat, Marc Groman and David Reitman will introduce our topic by discussing mental health apps and the privacy implications of these services. In addition to the data generated by our increasing pursuit of mental and physical health, fitness, and wellbeing in a digital environment, sensitive information about our health can be inferred from our online and digital interactions and subsequently monetized or used for unanticipated purposes. In an extended discussion with a panel of experts, we will explore the meaning of health data and the ways it is collected and used as well as legal and policy solutions to the multi-faceted challenges generated by the commercial use of this data. Please see below for more information about our esteemed panelists - Maneesha Mithal, Justin Sherman, Tim Sparapani, Dr. Rachele Hendricks-Sturrup, Marc Groman and David Reitman. We hope you will plan to join us for Data Privacy Day at the Duke Law School on Friday, February 2!



Feb. 1, 2024

Welcome Dinner for Panelists (invitation only)

February 2, 2024

Duke Law School, Room 3041

8:30 - 9:00 am: Check-in and Breakfast

9:00 - 9:15 am: Opening Remarks and Welcome (Jolynn Dellinger and David Hoffman)

9:15 - 10:00 am: Fireside Chat: Mental Health Apps and Privacy (Marc Groman and David Reitman - moderated by Jolynn Dellinger)

10:00 - 10:15 am: Break

10:15 am - 12:00 pm: Panel on Healthcare Data - Technical, Legal, Policy, and Regulatory Solutions (Rachele Hendricks-Sturrup, Maneesha Mithal, Justin Sherman, and Tim Sparapani)

12:15 - 1:15pm: Panelist Lunch (invitation only)

Panel Recordings


Speaker Biographies

jdellinger -Dellinger, Jolynn SQ

Jolynn Dellinger

Jolynn Dellinger is a Senior Lecturing Fellow at Duke Law and also at the Duke Initiative for Science and Society where she works in the area of privacy, ethics and technology. She is also a Kenan Senior Fellow at the Kenan Institute for Ethics, where she formerly served as the Stephen and Janet Bear Visiting Lecturer (2020-23), At the law school, Dellinger teaches Privacy Law and Policy and a seminar about privacy and surveillance in the post-Dobbs landscape. She is a member of the Board of Directors for the Triangle Privacy Research Hub, and a member of the Future of Privacy Forum Advisory Board. She also recently served as Special Counsel for Privacy Policy and Litigation for the North Carolina Department of Justice and taught privacy law and consumer privacy as an adjunct at UNC Law from 2018-2020.

From 2007-2013, Dellinger worked as the founding program manager for Data Privacy Day, a globally recognized event designed to raise awareness about privacy and create mechanisms for dialogue, collaboration and privacy solutions among nonprofits, academics, businesses and government entities. She has worked as a privacy lawyer at Intel Corporation, at The Privacy Projects, and at the National Cyber Security Alliance.

Prior to working for Intel, Dellinger worked as a staff attorney for Judge W. Earl Britt in the U.S. District Court for the Eastern District of North Carolina (1998-2007), as a Bristow Fellow in the Solicitor General’s Office in the U.S. Department of Justice (1994-95), and as a clerk for Judge Francis D. Murnaghan, Jr. in the U.S. Court of Appeals for the Fourth Circuit (1993-94). She has also practiced at law firms in Washington, D.C. and North Carolina, and taught Family Law at Duke Law School and Legal Writing at UNC School of Law. Dellinger received her BA in English from Columbia University (’89) where she also focused on Religion and Women’s Studies. She received her JD from Duke Law School (‘93), where she graduated Order of the Coif and was an editor on the Duke Law Journal, and her MA in Humanities/Women’s Studies from Duke University (’93).

Marc Groman

Marc Groman, an internationally recognized expert in privacy and information risk management, advises senior leaders in both business and government on complex, data-driven initiatives. Marc helps clients implement global privacy programs, launch new products and services, conduct due diligence on potential partners, assess privacy risk, and respond to data security incidents. He also advises clients on policy, compliance, and enforcement matters related to the Federal Trade Commission and other government agencies. In addition, Marc teaches data breach response at Georgetown Law School, and is actively engaged in the policy debate on federal privacy legislation in the U.S.

Marc's expertise in privacy has deep roots: as Senior Advisor for Privacy in the White House, he had government-wide responsibility for privacy policy. He chaired the Federal Privacy Council established by President Barack Obama, and was the privacy lead on the President's Cybersecurity National Action Plan. Prior to his stint in the Obama Administration, Marc was President and CEO of the Network Advertising Initiative, the first Chief Privacy Officer of the U.S. Federal Trade Commission, and Counsel to the Energy and Commerce Committee of the U.S. House of Representatives.

Marc currently serves on the Privacy Advisory Panel of the National Security Agency, the Information Security and Privacy Advisory Board of the National Institute of Standards and Technology, and several other boards. He has received numerous awards and honors in the field of privacy, including the International Association of Privacy Professionals' 2017 Leadership Award. He is a graduate of Tufts University and Harvard Law School.

Marc is a frequent speaker on issues relating to privacy, technology, and innovation, and conducts highly customized seminars and tabletop exercises for executives. In 2018, Marc launched a highly successful, original podcast, Their Own Devices. This weekly podcast tackles the diverse challenges MTV parents face raising YouTube kids.
Rachele Hendricks-Sturrup

Rachele Hendricks-Sturrup

Dr. Rachele Hendricks-Sturrup is the Research Director of Real-World Evidence (RWE) at the Duke-Margolis Center for Health Policy in Washington, DC, strategically leading and managing the Center's RWE Collaborative. As an engagement expert, researcher, bioethicist, and policy practitioner, her work centers on addressing implementation and ethical, legal, and social implications issues at the intersection of health policy and innovation. She also partners with Duke University faculty, scholars, students, and external health experts to advance the Center's biomedical innovation work.

She is presently adjunct faculty at rural Ohio University, teaching graduate courses in the Department of Interdisciplinary Health Science's Health Policy Certificate program, and has taught graduate courses within the Masters of Health Care Innovation program at the University of Pennsylvania's Perelman School of Medicine. As of January 2023, she serves on the Board of Directors for Public Responsibility in Medicine and Research (PRIM&R) and is part of executive leadership for the National Alliance Against Disparities in Patient Health (NADPH).

Prior to joining Duke-Margolis, Dr. Hendricks-Sturrup was Health Policy Counsel and Lead at the Future of Privacy Forum (FPF), leading the organization's health and genetic data initiatives and workgroup. Prior to FPF, she served in several administrative and scientific roles at various industry, health care, and academic institutions. To date, she has published several commentaries and original research papers in high-quality, peer-reviewed journals. Dr. Hendricks-Sturrup is also an accomplished health and science journalist, having completed a comparative effectiveness research fellowship with the Association of Health Care Journalists in 2017.

Dr. Hendricks-Sturrup received her Bachelor of Science in Biology from Chicago State University, her Master’s in Pharmacology and Toxicology from Michigan State University, her Master’s in Legal Studies from the University of Illinois, and her Doctor of Health Science from Nova Southeastern University. She completed a predoctoral internship with the National Health Service in London, UK, and postdoctoral research training within the Department of Population Medicine at Harvard Pilgrim Health Care Institute and Harvard Medical School.

David Hoffman

David Hoffman is the Steed Family Professor of the Practice of Cybersecurity Policy at the Sanford School of Public Policy and holds a Senior Lecturing Fellow appointment at the Duke University School of Law. He also formerly was the Associate General Counsel, Director of Security Policy and Global Privacy Officer for Intel Corporation where he spent 23 years as part of the legal department.

Hoffman currently chairs the Civil Liberties and Privacy Panel for the Director's Advisory Board for the US National Security Agency. He also chairs the board of the Center for Cybersecurity Policy and Law, and serves on the Board of the Future of Privacy Forum and the Advisory Board of the Israel Tech Policy Institute. Hoffman also founded and chairs the board for the Triangle Privacy Research Hub, which highlights and fosters cybersecurity and privacy academic research done in the North Carolina Research Triangle.

Hoffman previously served on the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee and the Board of Directors of the National Cyber Security Alliance. He has also served on the U.S. Federal Trade Commission’s Online Access and Security Committee, the Center for Strategic and International Studies Cyber Security Commission, the Steering Committee for BBBOnline, the TRUSTe Board of Directors and the Board of the International Association of Privacy Professionals. He is the author of many papers and articles on cybersecurity and privacy and has testified to Congress on these topics. Hoffman's research and teaching has been aided by funding from Intel Corporation, The Crypsis Group, The Media Trust, and Mine.

Hoffman has a JD from Duke Law School, where he was a member of the Duke Law Journal. He received an AB from Hamilton College.

Maneesha Mithal

Maneesha Mithal is a partner in the privacy and cybersecurity practice in the Washington, D.C., office of Wilson Sonsini Goodrich & Rosati, where she advises clients on privacy, cybersecurity, and consumer protection matters and represents companies in regulatory investigations. She is also one of the founding members of Wilson Sonsini’s AI group.

Maneesha is an internationally recognized expert on privacy and data security, having led the Federal Trade Commission’s (FTC’s) Division of Privacy and Identity Protection prior to joining the firm. In this capacity, Maneesha oversaw a team of 40 lawyers responsible for the enforcement of privacy and security laws and the development of policy positions in areas such as artificial intelligence, facial recognition, biometrics, and connected cars, as well as health privacy, children’s privacy, ransomware, and the intersection of privacy and competition. She was also responsible for enforcing the Fair Credit Reporting and Gramm-Leach-Bliley Act Safeguards Rule. She led the negotiation of numerous privacy and data security settlements and managed the first litigated FTC decisions on cybersecurity issues. Maneesha also worked with congressional staff on federal privacy legislation, with state attorney general offices on joint investigations, and with other federal and international agencies on a variety of initiatives.

Earlier in her career, as a manager with the FTC’s International Consumer Protection Division, Maneesha worked on European privacy issues and served as a U.S. delegate to the privacy committees of the OECD and APEC.

Maneesha previously served as Chief of Staff and Senior Counsel in the Bureau of Consumer Protection (BCP), where she reviewed advertising cases and financial consumer protection matters, and held various positions in BCP’s International Division, including as Acting Associate Director. She began her legal career as a litigator at Covington & Burling.

Maneesha is a frequent speaker at industry events, including IAPP- and ABA-led panels.
D14_343_December_Main_Campus_OS nfs
David_Reitman, OCL, staff

David Reitman

David S. Reitman, MD, MBA, FSAHM, FAAP, is a board-certified adolescent medicine specialist at Georgetown University Hospital and he is the medical director at the American University Student Health Center. Dr. Reitman attended Tufts University School of Medicine and completed a pediatric residency at Massachusetts General Hospital in Boston. Following residency, Dr. Reitman completed a fellowship in Adolescent and Young Adult Medicine at Children's National Medical Center, and he joined the adolescent medicine team at Georgetown University Hospital in 2010. His special areas of expertise include general male adolescent health, male reproductive health issues, mental health issues in teenagers, as well as LGBTQ+ issues in adolescents and young adults. Dr. Reitman has lectured nationally and published extensively on these topics. He is active in the Society for Adolescent Health and Medicine and holds leadership positions at the national level.

Justin Sherman

Justin Sherman is an adjunct professor at Duke University’s Sanford School of Public Policy, where he runs its research program on data brokerage. He is also the founder and CEO of Global Cyber Strategies, a Washington, DC-based research and advisory firm; a nonresident fellow at the Atlantic Council; a contributing editor at Lawfare; and an op-ed columnist at Slate. His work focuses on cybersecurity and data privacy, technology and internet policy, and geopolitics.

He has testified to both houses of Congress; spoken at the White House, NATO, and the UN's Internet Governance Forum; and briefed White House officials, members of European Parliament, and policymakers around the world on technology, policy, and geopolitics issues. He consults for nonprofits, startups, Fortune 500 companies, law firms, and other organizations. He has written and spoken widely about data brokers, data privacy, and data security and had his work featured on HBO's "Last Week Tonight with John Oliver."

He earned his M.A. in Security Studies from Georgetown University and his B.S. in Computer Science and his B.A. in Political Science from Duke University. He earned his M.A. in Security Studies from Georgetown University and his B.S. in Computer Science and his B.A. in Political Science from Duke University.


Tim Sparapani

Tim Sparapani, Principal at SPQR Strategies, PLLC, is a legislative, legal and strategic consultant who helps companies and consumer and privacy advocates understand and respond to the pressures created for businesses, consumers and governments by emerging technologies. Tim’s specialties are privacy, online safety, content moderation, and constitutional law. Tim’s clients are a diverse mix of industry leading companies, dynamic technology startups, and thought leading advocacy organizations.

He is also a frequent startup founder, key employee, or entrepreneur with numerous successful exits. Tim is the co-founder of Blue Run Spirits, an ultra-premium whiskey company from Kentucky. Tim invested in Mezzobit, acquired by OpenX in 2016, and helped build and lead PrivacyMate, acquired by Aura in 2019. Tim served as outside General Counsel for Smyte, acquired by Twitter in 2018.

Tim is a frequent public speaker on topics related to emerging technologies. He has testified before Congress five times and given more than 500 TV, radio and print interviews.

Tim’s SPQR Strategies clients have asked him to undertake important, ongoing responsibilities. For example, Tim served for 3 years as the Vice President, Policy, Law & Government Affairs for the Application Developers Alliance, a trade association serving more than 30,000 application “app” developers and 200 member companies. Tim has also served as General Counsel for several tech startups. He advises other start-up tech companies on a range of policy matters including privacy, content moderation, and online safety and security.

Tim was the first Director of Public Policy at Facebook. Tim was responsible for developing and implementing the company’s interaction with the federal, state, local and foreign governments and with opinion and policy makers. He managed these roles as the company grew from 150 million to more than 1 billion active users. Prior to joining Facebook, Tim was Senior Legislative Counsel at the American Civil Liberties Union, where he helped advance the constitutional principle of the right to privacy, representing the ACLU before Congress, the Executive Branch and the media. For the more than four years preceding his time at the ACLU, Tim served as an associate at the law firm of Dickstein Shapiro where he helped clients navigate interconnecting constitutional, statutory, political and policy challenges. Tim holds a bachelor’s degree with honors from Georgetown University and a J.D. from the law school at the University of Michigan.

About Data Privacy Day

History of Data Privacy Day and Data Privacy Week

Data Privacy Day began in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. Data Protection Day commemorates the Jan. 28, 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. Until 2021, Data Privacy Day was observed annually on Jan. 28 and is the signature event in a greater privacy awareness and education effort.

In 2021, the NCA (National Cybersecurity Alliance) expanded Data Privacy Day into Data Privacy Week with the goal of increasing awareness about online privacy.

Year-round, NCSA educates consumers on how they can own their online presence and shows organizations how privacy is good for business. NCSA’s privacy awareness campaign is an integral component of STOP. THINK. CONNECT.


Excerpt from Professor David Hoffman's Policy@Intel blog post:

"Data Privacy Day began with a conversation at my dinner table eight years ago, when Leonardo Cervera Navas and Jolynn Dellinger joined my family for dinner.

Leonardo had the idea first that it would be wonderful if there was a day when people could recognize those shared values and promote transatlantic cooperation. Data Protection Day had already been recognized in Europe and held on January 28th, which is the anniversary of the Council of Europe’s signing of Convention 108. It is Convention 108 which first recognized privacy as a fundamental human right. I have a vivid memory of Jolynn then saying, “We shouldn’t just talk about it, we should do it.” By the end of dessert, Data Privacy Day was born.

Data Privacy Day has come a long way since that dinner. Jolynn, the initial project manager for the event, turned our idea into a reality. Leonardo secured the participation of then European Data Protection Supervisor Peter Hustinx, and representative of the Italian Garante Giovanni Buttarelli for an event at Duke University Law School. Now thousands of organizations recognize Data Privacy Day and participate in events to build privacy awareness."

Full Story at:


This event is sponsored by: