The Security Mandates of the CCPA, GDPR, and Other Privacy Laws

Apr. 13, 6:00 PM - 7:00 PM

Clear your calendar for April 13 as the ISC2 Maine Chapter hosts Scott Giordano from Spirion on the topic of Security Mandates of the CCPA, GDPR, and Other Privacy Laws.

Modern “rights based” privacy laws such as the GDPR and CCPA address much more than privacy, they contain their own list of InfoSec mandates, many of which could be a law in their own right. Risk assessments, audits, and validation of consumer rights requests are now part of that list, requiring an approach that is decidedly different from traditional, risk-based mandates like HIPAA or GLBA. Moreover, these laws tightly regulate sharing personal data with others, requiring security policy “flow downs” to business partners. Inevitably, meeting the terms of these mandates falls to the InfoSec team, often without much thought (or budget) from corporate management. With new or updated privacy statutes from Colorado (CPA), Virginia (VCDPA), and California (CPRA) coming online in 2023 (and a wave of similar ones on the way), understanding these mandates has become especially important. In this presentation, InfoSec legal veterans will take a deep dive into these laws and explain what they mean for you and your InfoSec team. Takeaways include:

  • How security mandates in privacy laws stack up to traditional security laws
  • What regulatory authorities are looking for in risk assessments and audits
  • How to prioritize your budget and efforts

Scott M. Giordano, Esq., V.P., Corporate Privacy, and General Counsel, Spirion
Scott M. Giordano is an attorney with more than 20 years of legal, technology, and risk management consulting experience. An IAPP Fellow of Information Privacy, a Certified Information Security Systems Professional (CISSP), and a Certified Cloud Security Professional (CCSP), Scott serves as Spirion’s subject matter expert on multinational data protection and its intersection with technology, export compliance, internal investigations, information governance, and risk management.

How To Register