Kenneth P. Mortensen, CIPP/US, CIPP/G, CIPM, Secretary
Vice President, Assistant General Counsel & Chief Privacy Officer
CVS Caremark Corporation
Kenneth P. Mortensen is vice president, assistant general counsel and chief privacy officer at CVS Caremark Corporation, where he provides leadership for enterprise-wide information governance, including the corporate privacy and security strategy to address operational and data management needs through an approach that protects individual privacy and assures compliance with federal, state and local privacy laws and regulations by building a culture of privacy within CVS Caremark. Mortensen serves as chief privacy and security counsel to the CVS Caremark’s internal Business Policy Council, which consists of the most senior CVS Caremark executives who have oversight responsibility of core business units and are charged with setting the long-term strategic vision and determining key business initiatives. Additionally, he spearheads corporate efforts to drive awareness of obligations and industry best practices concerning privacy and security.
Prior to coming to CVS Caremark, Mortensen was the first global chief privacy officer for Boston Scientific Corporation and had worldwide responsibility to implement a corporate privacy program at the medical device manufacturer. He guided the company through the programmatic and systemic changes necessary in response to the HITECH Act, which enhanced the privacy protections of HIPAA.
Earlier, Mortensen served as the chief privacy and civil liberties officer for the U.S. Department of Justice, where he was the primary counsel and policy advisor to the attorney general and deputy attorney general on privacy and civil liberties matters and worked to create the newest independent office in the department, the Office of Privacy & Civil Liberties. He coordinated the departmental oversight concerning privacy and civil liberties in all aspects of the department’s mission, especially with regard to national security and foreign intelligence. Mortensen represented the department in inter-governmental discussions about all aspects of privacy and civil liberties protections, including the interface between differing privacy authorities, such as U.S. privacy law and EU data protection frameworks, including leading the U.S. government delegation to negotiate agreements with other countries for the exchange of criminal identification information, such as fingerprints.
Mortensen also served as the inaugural agency chair of the federal CIO Council's Privacy Committee, where he organized this group of federal privacy officials to promote adherence to the letter and the spirit of laws advancing privacy, including the Privacy Act of 1974 and the E-Government Act of 2002, as well as widely accepted concepts of fair information principles and practices. Additionally, he coordinated efforts to ensure widely available education and outreach efforts to create a culture of privacy and to enhance the respect for fair information principles across the federal government in order to minimize the impact on the individual's privacy, particularly the individual's personal information and dignity, in the design, development and operation of agency collections of data.
Before that, Mortensen had the position of deputy chief privacy officer for the U.S. Department of Homeland Security. He advised the DHS chief privacy officer and DHS senior leadership about privacy matters concerning the use, harmonization and implementation of technologies using risk assessment management techniques.
Formerly, Mortensen was a founding and managing partner of the law firm Harvey & Mortensen. As part of his private practice, Mortensen served as outside counsel to Pennsylvania Attorney General Mike Fisher regarding technology and Internet matters. As part of that role, he designed, developed and operated the Pennsylvania Do Not Call website on behalf of the attorney general.
Before going into private practice, Mortensen was a teaching fellow at Villanova University School of Law, where he taught computer and information law. In addition, at Villanova he managed the Center for Information Law and Policy, headed by Dean Henry H. Perritt, Jr., as the director of operations. Mortensen began his career at Burroughs Corporation, as an electrical engineer performing large system design for mainframes.
Mortensen is the co-author with Nuala O’Connor Kelly, the senior counsel for information governance and chief privacy leader for General Electric Corporation and former chief privacy officer of the Department of Homeland Security, of the chapter entitled “The Privacy Act of 1974 and Its Progeny,” in the legal treatise published by the Practicing Law Institute called “Proskauer on Privacy.” In addition, he is a co‐author of the chapter entitled “Civil Litigation: Security,” in the book Data Security and Privacy Law: Combating Cyberthreats, which discusses civil actions and claims that may be brought in legal actions arising from data breaches, cyber intrusions and security incidents.