Steven Stein

Steven Stein is a data privacy and information governance leader and former civil litigation attorney with more than 20 years of experience developing and implementing data risk and compliance programs. Mr. Stein focuses on serving clients in the financial services, healthcare and life sciences, and power and utilities industries. He advises in the areas of privacy, records management, information lifecycle, legal hold, defensible data disposition, data protection and litigation readiness.

Mr. Stein leads projects to implement technology for information governance, data privacy and data protection. He brings a strong focus on defensible data disposition to deliver significant cost savings, regulatory compliance and risk mitigation to clients. In close partnership with clients, Mr. Stein implements privacy and data governance policies, procedures, disclosures and related operating models to maintain the quality, integrity and security of company data. He regularly advises clients on controls implementation to support the use of large data stores and data lakes in artificial intelligence and other analytic initiatives.

His work has included developing records of processing activity, redesigning privacy impact assessment processes and analyzing gaps in privacy, security and compliance programs to drive long-term remediation and program improvements. In engagements with numerous power and utility companies, Mr. Stein has established policies and procedures to improve the management and retention of public safety records.

Prior to joining FTI Technology, Mr. Stein served as the Chief Confidentiality and Privacy Officer and HIPAA Privacy Officer at a Big Four accounting firm, where he implemented organizational redesign of privacy accountability and operations. He has also served as a technical consultant on discovery matters on behalf of clients involved in federal and state litigation.

Relevant Experience:

• Led multiyear effort at a global bank to defensibly dispose of over-retained data across repositories, applications and other data stores; this required remediation of the bank’s retention schedule, data and legal hold inventories, and development of a new disposition approval process, and the result of the effort was to bring the bank into compliance with its own policies and dispose of more than seven petabytes of electronic data plus physical stores
• Led effort at global bank with significant operations in Canada to comply with Quebec Privacy Law 25, including the uplift of its data retention and disposition program, with specific focus on deleting over-retained personal information
• Refreshed the data privacy program at a North American bank to account for significant acquisition of global banking assets from a bank domiciled in Japan
• Established a first-line retention and deletion function at a global credit card company and redesigned its global processes for privacy impact assessments