FacultyFaculty/Author Profile

Shannon Orr

Intuit Inc.
Senior Counsel, Data Privacy
Mountain View, CA, USA

Shannon Orr

Director, Privacy & Data Security; privacy counsel at Gap, Inc.

  • Member, State Bar of California
  • Certified Information Privacy Professional (CIPP)
  • Instructor, Practising Law Institute
  • Selected as a "Top 10 30-Somethings" for 2014 by the Association of Corporate Counsel (ACC), recognizing ten global in-house counsel rising stars for their innovation, proactive practice, global perspectives, advocacy efforts, and pro bono and community service participation.


Director, Privacy & Data Security at Gap Inc.

June 2015 - Present

Corporate Counsel, Privacy and Data Protection at VMware

February 2012 - June 2015


On a team of 3 - managing virtually all privacy needs for VMware's global organization; Responsible for the creation and management of a scalable, business and customer friendly global privacy programs & privacy policies, including compliance with global privacy laws, cross-border transfers of information and third party vendor risk management.

Privacy-by-Design - work with virtually all products lines, including Betas & subsidiary products, (mobile device management, enterprise social media, Infrastructure-as-a-Service, Platform-as-a-Service, Softwareas-a-Service, mobile applications and End User Computing) during the design from design to market to customer negotiation; I ensure that product design, user interface, and back end configuration are compliant with global privacy laws, corporate privacy and security policies and the requirements of the multinational customer base;

Draft and negotiate terms of service, end user license agreements, administration guides, in-product consent language for all products and services; incorporate feedback from customers into updated terms and products to ensure efficient negotiations, faster sales transactions and products tailored to our customers' needs;

Advise on e-commerce and marketing issues, including the use of online advertising; collection and use of personal information for marketing purposes; configuration for back end marketing databases; direct email and telephone campaigns; use of cookies;

Manage programs collecting customer analytics and advise on legal issues associated with back end technical data collection, including customer concerns around PRISM and government surveillance;

Advise on employee privacy issues, including collection of employee benefit information & investigations;

Managed internal Bring Your Own Device program; created flexible, technology and device neutral program, balancing corporate security and proprietary needs with global employee privacy requirements.

  • twitter
  • LinkedIn
  • YouTube
  • RSS

All Contents Copyright © 1996-2019 Practising Law Institute. Continuing Legal Education since 1933.

© 2019 PLI PRACTISING LAW INSTITUTE. All rights reserved. The PLI logo is a service mark of PLI.