Student Spotlight

Online LL.M. Helps Privacy Expert Expand into Cybersecurity

Allen Brandt ’19

By Shannon Gorman
View Archives


Allen Brandt ’19 stumbled into the privacy industry when he worked for one of the early players in email marketing. He quickly realized the complexity of privacy concerns and protections—or lack thereof—surrounding electronic communication.

He parlayed his acquired knowledge of privacy laws and practices into the education field, helping public and private K-12 institutions as well as colleges protect data by writing policies, training employees, and working with vendors. He even served as chief privacy officer for the GMAT exams, widely used to assess applicants to graduate management programs.

Brandt then turned his privacy expertise to the financial sector. "I liked that there were new things to learn there," he said. In 2015 he became the chief privacy officer for the Depository Trust & Clearing Corporation (DTCC), a New York-based financial services firm that handles 100 million transactions per day on behalf of banks and stock exchanges. As executive director and associate general counsel, he works with the firm's attorneys in Jersey City, New Jersey, and manages employees in Tampa, Florida, and Manila, Philippines.

The same year he joined DTCC, Brandt was appointed by the secretary of the U.S. Department of Homeland Security to serve on the Data Privacy and Integrity Advisory Committee. This group has about 20 members and meets occasionally in Washington, D.C.

At DTCC, Brandt also served as lead technology counsel, a role that necessitated some professional growth. "I came in on the privacy side, so when they asked me to take on cybersecurity, I realized that with all my experience as an attorney, I had never had any formal training on the cyber side," he said.

He started looking for a graduate program and found Albany Law's emergent online LL.M. degree in Cybersecurity and Data Privacy. He liked that the program was not geared toward technically trained people. "A lot of programs are in the technical field," he said. "To find a program that covers law and policy and talks about things from a different perspective is quite unique."



Interested in Cybersecurity and Data Privacy?

Our program is designed to provide cybersecurity professionals with the skills and knowledge to navigate a rapidly changing legal, regulatory, and policy landscape. We offer a rigorous curriculum taught by faculty who are thought leaders in the fields of information security, data privacy, cybercrime, intellectual property law, and more!

Find More Here



He also appreciated the asynchronous nature of the program, which allowed him to work it around his schedule. He enrolled in 2017, and because the program would enhance his work at DTCC, they contributed to the cost of the program.

A member of the program's first cohort, Brandt particularly enjoys the engagement in the discussion forums. "The mix of people—from attorneys to professionals with more than 20 years of experience in a technical field—is very interesting and makes the discussion a lot of fun," he said.

Although he admits that the program is hard work, Brandt is positive that the effort is well worth it. "The courses have been spot-on relevant to what I'm doing at my job," he said. "I have been able to apply material that I've learned in those courses almost immediately."

At DTCC, he is part of Vendor Risk Management, which in some fields is called supply chain. When he took a course on Supply Chain Management, he did a case study on a data breach by a third-party vendor and how that could be handled. At his job, he created a similar desktop exercise for employees so they could learn how to handle such a situation and who should be involved. "All those hours in the supply chain course helped me put that scenario together."

Brandt completes the LL.M. program in May but has already been asked to join DTCC's Cyber Resiliency Committee and Technology Risk Management Committee. "Having a member who not only has legal knowledge but also understands how we might respond during a cyber event is helpful," he said.

Outside of the office, Brandt is a volunteer emergency medical responder through Jersey City Medical Center. He brings his privacy expertise to this arena as well, teaching first responders about how HIPAA laws apply in the field. In the event of a disaster, he explained, triage centers, shelters, and makeshift clinics don't have secure networks and private areas like hospitals and doctor's offices, so responders must improvise while making every effort to protect their patients' privacy.

Brandt and his fellow professionals certainly have their work cut out. Last year saw record-high HIPAA enforcement activity totaling $28.7 million in fines—"a lot of which was preventable," Brandt said. And the financial industry is particularly concerned about cyberattacks from nation-states and other entities. "We have to consider what it would look like if one of the stock exchanges was hacked, for example," he said. "That is why there is a lot of focus on cybersecurity."



All of Albany Law School's Online Graduate Programs

Our graduate programs include master’s degree, advanced certificate, and LL.M. degree tracks. Study around your schedule by enrolling in one of our 100% online programs.

  • Cybersecurity and Data Privacy
  • Financial Compliance and Risk Management
  • Health Law and Healthcare Compliance
  • Human Resources: Law, Leadership, and Policy
  • Government Affairs and Advocacy

Find More Here