Ilya Smith

Ilya’s expansive regulatory compliance and program-building experience as a former Chief Compliance Officer and Chief Privacy Officer at two public higher education institutions provides Ilya with a deep foundation for advising clients in a full array of compliance matters, policy, and conducting organizational risk-based assessments.

Ilya appreciates the long-term impact and disruption a regulatory agency investigation or a data breach causes by an organization and its constituents.  Her experience includes advising executives and boards in regulatory and transactional matters, managing hundreds of data security incidents, and representing clients before regulators.  From whistleblower claims related to compliance matters and policy violations to major cyberattacks, Ilya is skilled at conducting investigations, leveraging forensics, deploying remediation plans, drafting notices, and advising clients’ responses to impacted individuals’ concerns.

Recognizing that the best defense to a regulatory investigation is the proactive mitigation of risk, Ilya advises clients in policy, procedures, and preventative measures to maintain the trust of organizational constituents and customers including establishing privacy and data governance programs business impact assessments, and addressing evolving global regulatory compliance requirements.  Ilya has extensive experience assisting clients manage and transfer privacy, data security, and regulatory risk to third-parties in contracting and in implementing vendor management programs to minimize privacy and data security risks associated with the collection, processing, use, monetization, and protection of personal data.

Understanding systems, change management strategies, and complex organizational structures, Ilya is adept at navigating organizational interdependencies when assisting clients to operationalize policy and best practices.  Clients value Ilya’s distinctive ability to quarterback cross-functional regulatory compliance and legal strategies to support business objectives.

In addition to the full array of regulations that institutions of higher education are subject to, Ilya is proficient in privacy and data security regulations including the European Union’s General Data Protection Regulation (GDPR,) the California Consumer Privacy Act (CCPA), Family Educational Rights and Privacy Act (FERPA), the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), and the Children’s Online Privacy Protection Act, among others.