John Pilch, Senior Cybersecurity / Data Privacy Analyst

John Pilch

Senior Cybersecurity / Data Privacy Analyst

John provides experienced insight into data privacy programs and data breach response issues for organizations large and small.

Get To Know John

With 25 years of experience in global privacy, data protection, and internal control at two Fortune 500 companies, John connects with teams developing and executing privacy and data security programs, both within and outside the legal organization. He assists clients in complying with privacy laws such as GDPR, UK GDPR, PIPEDA, CCPA, and Virginia’s Consumer Data Protection Act. John also has expertise in identifying cybersecurity and data privacy risks, applying control frameworks (NIST, COSO, CMMC) to organize and communicate concerns to executive management, and in developing and implementing corrective actions.

John is a Certified Information Systems Security Professional (CISSP) and a Certified Information Privacy Professional for the U.S. and Europe (CIPP/US, E).

John came to Woods Rogers looking for a broader range of cybersecurity and data privacy experiences than he had faced in his prior career. Woods Rogers and their clients have provided that, and more.


  • Worked with a global company to comply with GDPR requirements by implementing Standard Contractual Clauses between 250+ legal entities in more than 35 countries.
  • Drafted Privacy Policies and Notices for small internet-based businesses, a mid-sized construction company, a large utility, and several global manufacturing firms.
  • Drafted Data Protection Agreements, Transfer Impact Assessments, Data Protection Impact Assessments, and Data Subject Access Request procedures for various clients.
  • With other members of the Woods Rogers team, provided data breach support to local government entities, schools systems, and manufacturing, retail, and technology companies.
  • Prior to Woods Rogers, led the privacy function for a company with 50,000 employees across more than 30 countries, including those in the European Union, the United Kingdom, Canada, and Brazil, as well as California, Virginia, and other states in the United States.
  • Prior to Woods Rogers, developed, implemented, and led programs to ensure global compliance with the IT-oriented requirements of the Sarbanes-Oxley Act (SOX).



Certified Information Systems Security Professional (CISSP) 

Certified Information Privacy Professional for the U.S. and Europe (CIPP/US, E).


University of Michigan, M.B.A., with High Distinction

University of Virginia, B.A.

News & Insights


Virginia: CDPA requirements for data controllers | OneTrust DataGuidance | January 4, 2022

Virginia: The CDPA Work Group’s final recommendations | OneTrust DataGuidance | November 23, 2021

Virginia – Cookies & Similar Technologies | OneTrust DataGuidance | September 30, 2021

Virginia: CDPA Requirements and Vendors | OneTrust DataGuidance | April 29, 2021

Virginia: Assessment Requirements Under the CDPA | OneTrust DataGuidance | April 19, 2021

International: Comparing Virginia’s CDPA with the CPRA and the GDPR OneTrust DataGuidance, February 2021

Matter results depend upon a variety of factors unique to each case. Past results do not guarantee or predict a similar result in any future matter. Some material on this site may be considered attorney advertising in some jurisdictions.

Jump to Page