Joel M. Lutz

Counsel

  • Virtual Office

404.832.6007

More ways to contact Joel M. Lutz

Joel is a privacy and data protection attorney with extensive experience designing and implementing global privacy programs, including 19 years of in-house and law firm experience.

Speaking Engagements

ACC Greater Philadelphia Chapter 17th Annual In-House Counsel Conference 2025
Overview
Representative Matters
Insights
Awards

Joel focuses on providing privacy, data security, and commercial advice to technology, financial services, media, ad tech, and health care companies. He has experience developing, implementing, and advising on global privacy programs.

Joel also assists clients with technology licensing, negotiating business agreements, and providing business lines with integrated legal advice from teams of in-house and outside counsel. He leads privacy and security assessments addressing global regulatory compliance and data risk management, including assessments covering: GDPR, CCPA, HIPAA, and FTC Consent Order compliance.

Additionally, Joel advises clients with respect to privacy and security due diligence for mergers and acquisitions. He is also a Certified Information Privacy Professional, representing an array of clients, including the largest technology companies and early-stage companies across industries such as fintech, retail, health care, mass media, social media, manufacturing, biotech, and retail.

Joel served as contributing editor to IAPP’s Privacy by Design Core training course.

  • Led legal design and implementation of Global Privacy Program at social media company to meet FTC Consent Order, including more than 300 specific business safeguards across the enterprise.
  • Led privacy and security due diligence for mergers and acquisitions involving large social media platform’s sale of its advertising business.
  • Led privacy and security assessments as both in-house and outside counsel addressing FTC Consent Order compliance, NYDFS Cyber Security Compliance, GDPR compliance, CCPA compliance, and PCI compliance.
  • Led a successful technology program for major financial company implementing enterprise data management platform, including mapping 500 critical data elements across 900 enterprise data stores and 400 system applications.
  • Created and led a global data governance program at a major financial company to define critical data, set data-use policies, and create business process controls across all divisions ensuring compliance with global data protection and privacy regulations
  • Developed and implemented company-wide program to centralize regulatory requirements, policies, controls, issues, incidents, and risk findings through governance, risk, and compliance (GRC) platform.
  • Conducted an initial privacy program assessment at a Fortune 300 financial firm. Assessment was used to obtain executive support for the investment in a holistic privacy program.
  • Led data incident response process on multiple high-profile incidents in financial, technology, social media, and mass media companies.
  • International Association of Privacy Professionals HPE Innovation Award
  • Data Governance Professionals Organization Best Practices Award
Overview

Joel focuses on providing privacy, data security, and commercial advice to technology, financial services, media, ad tech, and health care companies. He has experience developing, implementing, and advising on global privacy programs.

Joel also assists clients with technology licensing, negotiating business agreements, and providing business lines with integrated legal advice from teams of in-house and outside counsel. He leads privacy and security assessments addressing global regulatory compliance and data risk management, including assessments covering: GDPR, CCPA, HIPAA, and FTC Consent Order compliance.

Additionally, Joel advises clients with respect to privacy and security due diligence for mergers and acquisitions. He is also a Certified Information Privacy Professional, representing an array of clients, including the largest technology companies and early-stage companies across industries such as fintech, retail, health care, mass media, social media, manufacturing, biotech, and retail.

Joel served as contributing editor to IAPP’s Privacy by Design Core training course.

Representation Matters
  • Led legal design and implementation of Global Privacy Program at social media company to meet FTC Consent Order, including more than 300 specific business safeguards across the enterprise.
  • Led privacy and security due diligence for mergers and acquisitions involving large social media platform’s sale of its advertising business.
  • Led privacy and security assessments as both in-house and outside counsel addressing FTC Consent Order compliance, NYDFS Cyber Security Compliance, GDPR compliance, CCPA compliance, and PCI compliance.
  • Led a successful technology program for major financial company implementing enterprise data management platform, including mapping 500 critical data elements across 900 enterprise data stores and 400 system applications.
  • Created and led a global data governance program at a major financial company to define critical data, set data-use policies, and create business process controls across all divisions ensuring compliance with global data protection and privacy regulations
  • Developed and implemented company-wide program to centralize regulatory requirements, policies, controls, issues, incidents, and risk findings through governance, risk, and compliance (GRC) platform.
  • Conducted an initial privacy program assessment at a Fortune 300 financial firm. Assessment was used to obtain executive support for the investment in a holistic privacy program.
  • Led data incident response process on multiple high-profile incidents in financial, technology, social media, and mass media companies.
Insights

Speaking Engagements

ACC Greater Philadelphia Chapter 17th Annual In-House Counsel Conference 2025

Articles + Publications

FTC Settlement Spotlights Security of APIs Proliferating Across the Internet

Articles + Publications

Do You Know Where Your Data Is Going? On April 8, New National Security Rules Take Effect

Articles + Publications

2024 Privacy, AI & Cybersecurity Year in Review

See all insights from Joel M. Lutz

Awards
  • International Association of Privacy Professionals HPE Innovation Award
  • Data Governance Professionals Organization Best Practices Award

Top areas of focus

  • Member, Children’s Hospital of Philadelphia, Family Advisor Council, (2012-2020)
  • Member, Children’s Hospital of Philadelphia, Medical Ethics Council, (2015-2020)
  • Head of Global Privacy Compliance, director, associate general counsel, Facebook, Inc. 2019-2020
  • Chief privacy officer, assistant general counsel, Lincoln Financial Group, Inc., 2018-2019
  • Head of Enterprise Data Governance and Privacy, chief privacy officer, Vanguard Group, Inc. 2012-2018
  • Associate general counsel Vanguard Group, Inc. 2008-2012

Education

  • Tulane University Law School, J.D., magna cum laude, Order of the Coif, 2003
  • Louisiana State University, M.S., 2000
  • Centenary College of Louisiana, B.A., B.S., 1997

Bar Admissions

  • Louisiana
  • Certified Information Privacy Professional (CIPP)
  • Inaugural Member, Privacy Bar Section of IAPP