About Us

Contact us at: jmcgroup@roadrunner.com / (805) 230-2545 / mobile (805) 889-7422

John M. Correlli, Data Privacy Attorney, CIPP , HCISPP


Mr. Correlli is a Compliance/Data Privacy and Information Security consultant and regularly serves organizations looking to implement best practices for effective data breach prevention and compliance with federal and state privacy, security, and breach notification rules.

He is also a data privacy attorney (Calif – 30 years), Certified Information Privacy Professional (CIPP), and an ISC 2 Health Care Information Security and Privacy Practitioner (HCISPP).

John has expertise in the areas of U.S. and international privacy and data protection laws, standards and best practices, information security, online privacy and data transfers.


John has conducted enterprise-wide data privacy risk audits and mitigation programs; HIPAA risk analyses; breach prevention risk audits; and has developed customized and stratified recommendations for the review, changes to, and creation of, policies, procedures and data-breach prevention efforts;  he has also provided guidance in pre-breach and post-breach disclosure and notification response preparations and effective incident response plans.

Some of the organizations John has serviced include: Sutter Health System, Pepperdine University, UCLA, UC Berkeley, UC Irvine, Dartmouth University, Pacific Alliance Medical System, Memorial Care Health System, Central Coast Visiting Nurses Association, Harris County Emergency Corps, HCP (Hospice of Central Pennsylvania), United WestLabs, Adventist Health Hospital Network, Health Advocates, LLC, Schwabe Williamson & Wyatt.

John recently published the article ‘Ransomware – Kinapping the Kilobyte’ for the Southern California Ventura County Bar Association (March, 2017).  And he also authored the article ‘Breaches in the Academic Sector’ (ref Computerworld.com).  He has also published ‘Preventing Identity Theft in the Workplace – A Guide’, a data breach prevention guide specifically tailored for small businesses.

John is Co-Editor of ID Experts’ HIPAA Final Omnibus Rule & Business Associates Playbooks and has conducted lectures on the background, problems, and solutions of information privacy protection and data breach response requirements.  He is often quoted in numerous articles and publications, including ITJournal, Becker’s Hospital Review, and Computerworld, as a leading authority on data privacy issues.

John filed a utility patent based upon state-of-the-art methods of analysis, review, and recommendations for organizations intent on implementing effective and efficient privacy data protection methods; as well as real-world breach response plans adaptable to any organization.    In 2010, he was awarded Federal GSA Vendor Schedule Contract FABS 520-17 (Privacy Data Risk Assessment and Mitigation Services) – GS23F0039W.

John was also the managing member and founder of Gait, LLC, a privacy data consulting firm, offering comprehensive data privacy risk management and compliance consulting services, policy development, training and awareness, and breach mitigation guidance.

Professional Organizations

John is a 30- year member of the California State Bar (133995); International Association of Privacy Professionals (IAPP), International Information Systems Security Certification Consortium (ISC2) and has worked closely with members of the So-Cal Hi-Tech Crimes Task Force/Identity Theft Detail. He is also one of the original members of The Privacy Consortium, a collaborative group of leading information privacy experts, advisors and consultants


IAPP – International Association of Privacy Professionals

ISC2 – International Information Systems Security Certification Consortium

JMC Privacy Consulting Group
Protecting Identities . . .
. . . One Business at a Time

JMC Privacy Consulting Group
Westlake Village, California

Back to Home Page

Professional Web Site Powered by Bold Business Tools