This is a 1/2 day event.
Abstract: Data privacy laws have been around for years but recent laws including GDPR and CCPA have increased the need for privacy awareness and practitioners around the world. Privacy laws do not stop there as most countries have their own data privacy laws and many states are working to adopt laws as well. Organizations are working to understanding what these laws mean to them, how to meet them and integrate privacy across the organization. Industry standards bodies are also introducing new standards and certifications to help bridge the gap in knowledge and awareness. Join us for a half day seminar covering a variety of topics in data privacy as we cover many of the key things companies and individuals should know about data privacy.
- Passionate about Privacy
- Navigating and Implementing Privacy and Security Standards and Frameworks
- Getting Started with Privacy Engineering and Privacy by Design!
- Privacy Impact Assessments (PIA) and Data Protection Impact Assessments (DPIA)
- Auditing Privacy Controls
- Privacy Program Management
- ComPriSec Panel Discussion
Link to DPIA template
Link to Article 29 Guidelines
Link to Cybersecurity is Everyone's Job
Link to FAIR Institute
- 8:00am – 8:05am = Welcome and Introductions
- Lisa McKee, CISA, CDPSE, PCIP, is a Sr. Manager of Security and Privacy solutions at Protiviti. She has nearly 20 years of IT industry experience in Cybersecurity, Information Technology, Vendor Management, Privacy, US and International Data Privacy Laws, Software Development, IT Audit, Compliance, PCI, Risk and Governance. Lisa assists companies conducting security assessments, implementing privacy and compliance programs and managing PCI oversight. She is a highly regarded consultant in the Midwest IT industry and a regular featured speaker at (ISC)2, ISACA, IIA, NEbraskaCERT and F2F Interface. Lisa is also a member of the IAPP National Privacy Engineering Advisory Board and passionate about privacy and security.
- 8:05am – 8:30am = Passionate about Privacy (Paul Laurent and Lisa McKee)
- What is Data Privacy
- What is CCPA, GDPR other notable privacy laws
- Impact of Privacy Shield and Schrems II
- Privacy Rights, DSARs and setting the tone for the day
- 8:30am – 9:00am = Navigating and Implementing Security and Privacy Frameworks
- Overview of NIST CSF
- Overview of NIST Privacy Framework
- OEDC Framework
- How to leverage security teams to support privacy
- Paul Laurent, J.D., CISSP, CISA, is a Director in Protiviti’s Technology Consulting Security & Privacy practice. Paul’s previous experience includes leading development, implementation, and assurance of the Global EU-GDPR Compliance program for one the world’s largest mapping and location data services companies; he additionally directed Cybersecurity Strategy for multiple large business units in his decade long tenure at one of the world’s largest enterprise software vendors and cloud service providers.
- 9:00am – 9:10am = Break
- 9:10am – 9:40am = Privacy Engineering and Privacy by Design! (Katie Stevens and Lisa McKee)
- What is Privacy Engineering
- Deep Dive into Privacy by Design Principles and Controls
- PbD Across the Organization
- What auditors should look for when auditing SDLC programs
- 9:40am – 10:00am = PIA’s and DPIA’s
- What are they, similarities and differences, when to use each
- Conducting PIA’s and DPIA’s
- Tools, Techniques and Templates
- Katie Stevens is a Director in our Technology Consulting practice with a specific focus in Security and Privacy. Katie has over 15 years of Security & Privacy experience and 19 years of overall technology experience. Prior to joining Protiviti, Katie assumed a lead Technology Risk & Compliance role at a global banking firm with main focus in Security & Risk Management, Identity & Access Management, Business Continuity, and Data Protection. After joining Protiviti in 2011, Katie has provided Security & Privacy services for clients in a variety of industries, including financial services, healthcare services, retail, consumer products, and legal services. Since 2016, Katie has been focusing solely on helping our clients operationalize the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) requirements with main focus in data discovery and inventory, compliance readiness assessments, implementation of GDPR and CCPA compliance strategies as well as implementation of technology solutions to address data subject rights and data management requirements.
- 10:00am – 10:10am = Break
- 10:10am – 10:30am = Auditing Privacy Controls (Ron Naulls and Lisa McKee)
- Privacy assessments/audits
- 10:30am – 11:00am –Privacy Program Management
- Privacy roles and responsibilities
- Managing compliance in time of uncertainty
- Ron Naulls is a Sr. Manager in the Technology Consulting practice of Protiviti’s Los Angeles, California office. Ron has partnered with several Fortune 500 companies in a variety of industries. With over twenty years of experience in Information Technology, he provides business and technology consulting, as well as internal and external information security and privacy services to public and private organizations. Prior to joining Protiviti, Ron worked at Ten-X (Formerly Auction.com A Google Capital Company) in various leadership capacities overseeing Privacy, Security, Compliance, ISO/IEC 27001/2 certification, SOC 2 Type II and PCI DSS validations, GDPR governance, cloud computing, and technology legal issues. His focus over the past five years has been in the Privacy & Cybersecurity space with a firm combination of IT Infrastructure and Security enterprise alignment, IT operations, Regulatory Compliance audits, Cybersecurity Architecture and Framework reviews, as well as Business Continuity.
- 11:00am – 11:10am – Break
- 11:10am-11:45am – ComPriSec – The New Normal (Panel of Industry Experts) (Lisa McKee, Ron Woerner, Rob LaMagna-Reiter, Matt Morton)
- Difference between Compliance, Privacy and Security
- Methods for coordination, getting alignment
- Overcoming challenges, communicating wins
- 11:45am – 12:00pm = Wrap and final announcements
- Professional Associations and Resources
- Speaker Contacts
- Final Announcements
- Ron Woerner, CISSP, CISM is a noted consultant, speaker, and writer in the security industry. Ron established the Cybersecurity Studies program at Bellevue University, an NSA Center of Excellence where he still teaches. He has been a featured speaker for TED, (ISC)2, ISACA, and RSA conferences and numerous industry podcasts and webinars. As President and Chief Security Evangelist at Cyber-AAA, he works as a Security Consultant delivering awareness, performing security risk assessments, and advising small, medium, and large organizations. Ron has numerous technology degrees and is passionate about building the next generation of cyber professionals.
- Robert LaMagna-Reiter is a leading, trusted Information Security & Risk Management professional. As CISO for FNTS, Robert leads information security strategies and roadmaps for FNTS & its clients through risk management; strategy; architecture and engineering; regulatory compliance and IT governance. Leveraging more than 15 years of expertise, Robert is a strategic advisor, consulting & partnering to achieve security initiatives, helping others to understand the value and risk alignment to their enterprise through proper security strategy. Robert holds several industry certifications including: CISSP, CISM, CDPSE, CHP, PCIP & Security+. Robert’s experience includes leadership roles in information security for transportation, government communications, retail, e-commerce and managed services industries. He holds a MBA and a Bachelor of Science degree in Management Information Systems from the University of Nebraska at Omaha. Robert is also an Ambassador & Zero-Trust Influencer for Palo Alto Networks and serves as Advisory Board President for SOFTwarfare.
- Matt Morton has more than 20 years of experience in IT with over half in management. With a strong focus on information security and IT management, organizational development and strategic technology architecture, Matt’s hands-on management savvy, innovative strategic expertise has strong record of delivering the balance between security and value to organizations. Most recently, Matt was the Executive Director and Chief Information Security Officer at the University of Nebraska. While there he facilitated the design and development of a new security organization serving all campuses. Prior to that, Matt served as the Chief Information Security Officer and Assistant Chief Information Officer at the University of Nebraska at Omaha where he established the Information Security Department by utilizing existing resources and re-purposing staff from other IT support roles. Matt likes to flyfish and hike whenever he can.