Four senior compliance practitioners share their views on the U.S. data privacy landscape and the actions their companies are taking to keep pace with new state laws set to hit the books in 2023. Today’s question:

Q: Who leads/is involved in data privacy compliance efforts at your company?

Meet the CCOs

Arthur Kirsten


U.S. Head of Compliance

Years in compliance: 20+



Victoria McKenney


Deputy General Counsel - Regulatory and Compliance and Deputy CCO

United States Steel Corporation

Years in compliance: 15



Kortney Nordrum


VP, Regulatory Counsel & CCO

Deluxe Corporation

Years in compliance: 9



Lisa Norris


Director of Compliance

ABB Optical Group

Years in compliance: 17



DISCLAIMER: The views reflected by the practitioners quoted are theirs alone and do not represent the views of their companies.

ARTHUR KIRSTEN: Since 2013, our sound approach to data security has helped offer a safer customer experience. We employ tenured compliance, legal, data protection, and IT security leaders to assess our internal and client-facing initiatives.

When every tech decision, interaction, or process carries a certain level of risk, we ensure all members of the organization have the tools they need to survive and thrive as ethical stewards of the crypto space. To that end, our rigorous anti-money laundering/know your customer (AML/KYC) procedures far exceed industry standards.

All employees undergo regular data privacy training to help keep user funds and information safe.


VICTORIA MCKENNEY: Privacy is a core area of responsibility for our compliance department.

We partner extensively with HR, IT, and cybersecurity to implement privacy protections for the personal data we handle, which revolves mostly around employment-related information and benefits. We’ve also worked with our internal business partners to identify and secure customer and supplier data.


KORTNEY NORDRUM: As the CCO, I own privacy at Deluxe.

We partner heavily with our IT, information security, and business teams to ensure the proper policies, controls, and training are in place to meet our privacy obligations.


LISA NORRIS: This is a shared responsibility between myself and the director of compliance and security.