January 21, 2004

IAPP Announces Appointments to Board of Directors

Leaders from the Legal, Consumer Products, and Technology Communities Add Depth,
Perspective to World’s Foremost Privacy Industry Organization

Philadelphia, PA, January 21, 2004 – The International Association of Privacy Professionals
(IAPP), the world's largest association for individuals in the profession of privacy, today announced
three new appointees to its Board of Directors, including Kirk Nahra, Partner, Wiley Rein &
Fielding, Washington, DC; Sandra Hughes, Global Privacy Executive, Procter & Gamble; and
Barbara Lawler, Chief Privacy Officer, HP.

“The addition of Nahra, Hughes, and Lawler to the IAPP board is illustrative of our desire to
maintain a presence of strong leadership, while including representation from the broad spectrum
of industries and disciplines affected by privacy today,” said Chris Zoladz, Vice President
Information Protection, Marriott International, and IAPP Board President. “These three
individuals are experienced, effective advocates for privacy, and noted experts within their
respective fields. The IAPP has strengthened its voice with their addition.”

Kirk Nahra is a recognized legal expert on privacy and the Health Insurance Portability and
Accountability Act (HIPAA), a frequent speaker on privacy issues, and serves as the executive
editor of the IAPP’s monthly newsletter, the Privacy Officers Advisor. Sandra Hughes, responsible
for P&G’s ‘gold standard’ Global Privacy program across all data types, businesses and
geographies, co-leads an industry coalition of consumer product good manufacturer and retailer
representatives to implement Privacy Guidelines for RFID/Electronic Product Code Usage.
Barbara Lawler, a primary architect of HP’s Privacy programs, is a leader in designing best
practices and advocating practical privacy techniques. She has testified before the U.S. Congress
and Senate, and has published papers on ethics-driven privacy.

“Privacy is no longer a segmented issue, with specific rules affecting specific industries like
healthcare or financial services, but an issue that crosses industry lines, increasing the importance
of the IAPP by bringing a ‘total privacy’ perspective to the privacy community,” Nahra said.
“With issues like Gramm-Leach-Bliley, the Fair Credit Reporting Act, CAN-SPAM and others,
2004 will be an important year in the evolution of the privacy profession and I look forward to the
challenge of helping to guide the industry in the right direction.”

The IAPP is the world's leading association of privacy and security professionals. With more than
1,000 individual and corporate members, the IAPP defines and supports the profession of privacy
by being a forum for interaction, education, and discussion across industries. Further information
on the IAPP can be found at