ASC X9 Webinar –
Modern Approach to Privacy Assessments
Data privacy laws have been around for years but recent laws including GDPR and CCPA have increased the need and awareness of privacy assessments. Organizations are working to understand what these laws mean to them and how to conduct privacy assessments. There is a significant difference between Privacy Impact Assessments (PIA) and Data Protection Impact Assessments (DPIA) but knowing when to perform each is challenging. This session will cover industry standards, laws and regulations relating to PIA/DPIA and tools, tips, and techniques to conduct them.
a. What are PIA/DPIAs, similarities and differences between them and when to use each.
b. How to conduct PIA’s and DPIA’s.
c. Tools, Techniques and Templates for completing PIA/DPIAs.
Lisa McKee, CISA, CDPSE, PCIP, is a Sr. Manager of Security and Privacy solutions at Protiviti. She has nearly 20 years of IT industry experience in Cybersecurity, Information Technology, Privacy, US and International Data Privacy Laws, Vendor Management, Software Development, IT Audit, Compliance, PCI, Risk and Governance. Lisa assists companies conducting security assessments, implementing privacy and security programs and managing PCI compliance. She is a highly regarded consultant in the Midwest IT industry and a regular featured speaker at IAPP, ISACA, IIA, ISC2, NEbraskaCERT. She speaks at conferences locally, nationally, and globally including the IAPP, ISACA and RSA. Lisa is also a member of the Accredited Standards Committee X9 providing input on industry standards and a member of the IAPP National Privacy Engineering Advisory Board and passionate about privacy and security.
Michael Anderson, is a Senior Consultant at CompliancePoint working in the private and public sectors, including critical infrastructure, airports, stadiums, state and tribal government agencies, healthcare, retail, and finance. He has over a decade of experience in compliance, risk analysis/management, incident response, reporting, digital network and threat intelligence, and technical exploitation analysis. Michael’s past experience includes eight years in the United States Navy working as a Cryptologic Technician. Michael received his Bachelor of Science in Cyber Operations and Master of Science in Cybersecurity from Excelsior College and is currently pursuing a Doctor of Philosophy in Cyber Defense at Dakota State University. In addition to his multiple degrees, Michael holds several industry certifications, including: (ISC)2 (CISSP, HCISPP, CAP), ISACA (CGEIT, CISA, CRISC, CDPSE), PCI (QSA), HITRUST (CCSFP, CHQP), and CompTIA (Security+, Network+).