Community Platform
Interests
  • Consumer applications and technologies
  • JavaScript
  • jQuery
  • JSON
  • more...
This Year
100 Points
Total
1635 Points
MIS Badge

Click here
to validate the recipient

How to Navigate US Privacy Laws in 2023

  • Hosted by:  IT Governance USA
  • Speaker:  William Gamble, GRC Consultant, IT Governance USA
  • Activity Details:
    • IT Live Webinar that focuses on 4 main topics surrounding IT Governance, privacy laws, and privacy management:
      • The type of US state privacy laws you need to be aware of
      • U.S. state privacy laws and how they compare to the EU’s GDPR (General Data Protection Regulation)
      • Privacy compliance requirements and what you need to get right
      • Practical advice and solutions for privacy management
  • What I Learned:
    • There are 4 different types of laws to consider:
      • Cybersecurity Laws – NY Shield Act, Massachusetts 20 CMR 17, 25 states have standard cybersecurity laws
      • Incident Laws – state breach laws, all 50 states
      • Privacy Laws – COPPA, CPRA, Sec Rule S-P *Privacy laws are a subset of cybersecurity laws. They are not one and the same.* 
      • Hybrid Laws – HIPAA, GDPR (the global standard)
    • GDPR Principal Rights (5): Lawful, Legitimate, Accurate, Adequate, Retention, Security
    • GDPR Rights (8): Notice, Access, Rectification, Erasure, Restriction of Processing, Portability, Profiling, Object to Processing
    • Data = Economic Value
    • Get These Right:
      • Cybersecurity – frameworks
      • Privacy Notice – don’t use templates or you will be fined (ex: $5B fine on Facebook)
      • Access Requests – out-in/out-out option, all users must see these, build trust with users
    • Data Controllers have the most liability within the organization, especially since they are the liaison between Users and Data Processors.
  • How the activity relates to coursework or your career goals: 
    • I am interested in focusing my career towards minimizing the risk of data breaches through IT Governance, and privacy & risk management, while gaining more knowledge about how different privacy  laws affect different states and how violating those laws would negatively impact organizations.
    • I am planning to earn my security certifications as I enter the workforce.

Skip to toolbar