One way for companies to integrate their internal and external commitment to data protection and privacy is by implementing a “privacy by design” mechanism, Sachin Kothari, director of online privacy and compliance at AT&T, Inc., explained during a recent ALM cyberSecure Conference. Kothari highlighted specific steps companies can take to effectively integrate such a program into their corporate governance structures. He was joined by Andrea Arias, an attorney in the Division of Privacy and Identity Protection at the FTC and Chaim Levin, chief U.S. legal officer at Tradition Group. This article examines Levin and Kothari’s insights on data security and privacy governance and best practices to meet the potentially competing demands of in-house, consumer and regulatory cybersecurity expectations. A future article will address Arias’ perspective on recent FTC guidance and cyber enforcement actions. See also “Coordinating Legal and Security Teams in the Current Cybersecurity Landscape (Part One of Two)” (Jul. 1, 2015); Part Two (Jul. 15, 2015).