This session will cover the general evolution of data privacy laws and frameworks, including breach notifications. Participants will walk away with a thorough understanding of the recent history of data privacy laws in the U.S. (federal and “patchwork” of state laws), as well as the distinction between the NIST Privacy Framework and the NIST 800-53 Rev. 5 Privacy Controls. There will be a case study example that will also help participants become familiar with the NIST Privacy Framework and how it can be used to guide risk-based decisions about privacy of data. The session will also give tactical information about how an organization can manage current regulatory risks while preparing for new and unpredictable risks to the privacy of individuals and their data.
Learning Objectives
- Explain the general evolution of data privacy laws and frameworks, including breach notification
- Give an example of a case study to become familiar with the NIST Privacy Framework and how it can be used to guide risk-based decisions about privacy of data
- Describe how to proactively apply next steps in protecting the privacy of data
Speakers
Andrew Mahler
Director of Privacy, Compliance and Managed Services
CynergisTek
Joseph Dickinson
Partner
Michael Best & Friedrich