168th Commencement: Watch Live
Allen Brandt ’19 stumbled into the privacy industry when he worked for one of the early players in email marketing. He quickly realized the complexity of privacy concerns and protections—or lack thereof—surrounding electronic communication.
He parlayed his acquired knowledge of privacy laws and practices into the education field, helping public and private K-12 institutions as well as colleges protect data by writing policies, training employees, and working with vendors. He even served as chief privacy officer for the GMAT exams, widely used to assess applicants to graduate management programs.
Brandt then turned his privacy expertise to the financial sector. "I liked that there were new things to learn there," he said. In 2015 he became the chief privacy officer for the Depository Trust & Clearing Corporation (DTCC), a New York-based financial services firm that handles 100 million transactions per day on behalf of banks and stock exchanges. As executive director and associate general counsel, he works with the firm's attorneys in Jersey City, New Jersey, and manages employees in Tampa, Florida, and Manila, Philippines.
The same year he joined DTCC, Brandt was appointed by the secretary of the U.S. Department of Homeland Security to serve on the Data Privacy and Integrity Advisory Committee. This group has about 20 members and meets occasionally in Washington, D.C.
At DTCC, Brandt also served as lead technology counsel, a role that necessitated some professional growth. "I came in on the privacy side, so when they asked me to take on cybersecurity, I realized that with all my experience as an attorney, I had never had any formal training on the cyber side," he said.
He started looking for a graduate program and found Albany Law's emergent
online LL.M. degree in Cybersecurity and Data Privacy. He liked that the program was not geared toward technically trained people. "A lot of programs are in the technical field," he said. "To find a program that covers law and policy and talks about things from a different perspective is quite unique."
For more information on Cybersecurity and Data Privacy, visit the
Online Graduate Program website or
email the Graduate Admissions Office.
He also appreciated the asynchronous nature of the program, which allowed him to work it around his schedule. He enrolled in 2017, and because the program would enhance his work at DTCC, they contributed to the cost of the program.
A member of the program's first cohort, Brandt particularly enjoys the engagement in the discussion forums. "The mix of people—from attorneys to professionals with more than 20 years of experience in a technical field—is very interesting and makes the discussion a lot of fun," he said.
Although he admits that the program is hard work, Brandt is positive that the effort is well worth it. "The courses have been spot-on relevant to what I'm doing at my job," he said. "I have been able to apply material that I've learned in those courses almost immediately."
At DTCC, he is part of Vendor Risk Management, which in some fields is called supply chain. When he took a course on Supply Chain Management, he did a case study on a data breach by a third-party vendor and how that could be handled. At his job, he created a similar desktop exercise for employees so they could learn how to handle such a situation and who should be involved. "All those hours in the supply chain course helped me put that scenario together."
Brandt completes the
LL.M. program in May but has already been asked to join DTCC's Cyber Resiliency Committee and Technology Risk Management Committee. "Having a member who not only has legal knowledge but also understands how we might respond during a cyber event is helpful," he said.
Outside of the office, Brandt is a volunteer emergency medical responder through Jersey City Medical Center. He brings his privacy expertise to this arena as well, teaching first responders about how HIPAA laws apply in the field. In the event of a disaster, he explained, triage centers, shelters, and makeshift clinics don't have secure networks and private areas like hospitals and doctor's offices, so responders must improvise while making every effort to protect their patients' privacy.
Brandt and his fellow professionals certainly have their work cut out. Last year saw record-high HIPAA enforcement activity totaling $28.7 million in fines—"a lot of which was preventable," Brandt said. And the financial industry is particularly concerned about cyberattacks from nation-states and other entities. "We have to consider what it would look like if one of the stock exchanges was hacked, for example," he said. "That is why there is a lot of focus on cybersecurity."