Name: GDPR: Lessons Learned From 200 Companies Who Got It Wrong
Start: 2021-01-05T17:00:00Z
End: 2021-01-05T17:01:02.000Z
Location: BrightTALK
Rating: 5

Spirion has relentlessly solved real data protection problems since 2006 with accurate, contextual discovery of structured and unstructured data, purposeful classification, automated real-time risk remediation, and powerful analytics and dashboards to give organizations greater visibility into their most at-risk data and assets. 

Spirion’s privacy-grade™ data protection software enables organizations to reduce risk exposure (protect against data breaches and avoid costly fees), gain visibility into their data footprint—wherever it lives, improve business efficiencies and decision-making while facilitating compliance with ever-changing data protection laws and regulations. 

With solutions offered both in a highly-scalable cloud architecture or on-premise, Spirion is equipped to help protect what matters most—the personal data of our customers, our colleagues, and our communities.

Perhaps the most significant legal developments for information security professionals in 2021 came not in the form of traditional “risk-based” data protection laws but instead the passage of two “rights based” ones.  Both the Virginia Consumer Data Protection Act and the Colorado Privacy Act were significant developments, granting individuals the right to control how others use their personal data and well as mandating numerous InfoSec requirements. Some 25 states introduced comprehensive privacy legislation in 2021, and it’s very likely those same bills will reappear in this year’s legislative sessions. 
Meanwhile, the California Privacy Rights Act of 2020 (CPRA) is expected to consume major corporate resources in 2022 as enterprises come to grips with new types of personal data in scope, additional contractual requirements when selling personal information to third parties, and additional protections for the personal information of children. There’s also the creation of a “privacy police” agency, the California Privacy Protection Agency, which carries significant regulatory power.
Join our panel of industry experts as we discuss the biggest privacy events of 2021 and what may be in store for 2022. 
Takeaways include:
• InfoSec mandates of upcoming data privacy laws and regulations
• The biggest data privacy challenges for the year ahead
• Expert perspectives on meeting legal requirements

What Information Security Professionals Need to Know About Privacy Mandates

Cyber breaches reached an all-time high in 2021. No matter what industry you operate in, last year’s expansive breaches left wide-ranging impacts on organizations and their customers. Understanding the most common (and successful) attack vectors from last year is essential to devising and executing a comprehensive plan to protect your most valuable data in 2022.
Join Spirion and the Identity Theft Resource Center (ITRC) on Tuesday, February 1, 2022, for a deep dive into the top data breaches of 2021 and what may be in store for the year ahead. You’ll also gain actionable steps to help keep your organization, its data, and its people safe.
As the premier source of data for notified breaches, ITRC will present the findings and key takeaways from its 2021 Data Breach Report (DBR), the most quoted source of comprehensive information about publicly reported data compromises in the U.S.  It is the “go-to” source for organizations seeking trend analysis and tracking data on data breaches, exposures, and leaks dating back to 2005. 
Takeaways will include: 
• The numbers behind last year’s data compromises
• The root causes of the data compromises, including case studies of the leading causes
• The types of data that were compromised
•	Actionable steps you can take to preemptively protect sensitive data and reduce the impact of breaches

The Top Data Leaks, Cyberattacks, and Insider Hacks of 2021 (and 2022 Outlook)

Are ransomware attacks out of control, or are security teams unprepared? The last two years have certainly seen an uptick in ransomware attacks. However, most organizations forced to pay their cyber bullies are victims of lax security practices. Even with a world health crisis happening, cybercriminals continue to target organizations and extort anywhere from a few hundred dollars to hundreds of thousands, payable in cryptocurrency.

Most companies that find themselves in the crosshairs of a ransomware gang have little hope to come out of it with their bank accounts intact. But not all must pay up or perish. There are means of escaping the dire consequences of these attacks. You must be prepared—but what does that entail? Our panelists will explore some of the ways to help keep your organization, its data, and its people safe from digital extortion.

Attendees are eligible to receive 1 CPE credit.

Ransomware: Is Your Sensitive Data Protected, or Will You Have to Pay Up?

The importance (and complexity) of data protection is increasing in proportion to the exponential amount of data enterprises continue to create and store. Data security and privacy policies guide the cleansing, organization, and remediation of sensitive data to ensure it is protected from compromise and misuse. Who is responsible for the time-consuming enforcement of data security and privacy policy enforcement on these endless collections of data? Many enterprises leave it up to the users to identify, tag, and secure their organization’s most sensitive data. Such manual measures, however, are not reliable nor sustainable.  
Join us to learn how to auto-enforce data protection policies using Spirion Playbook automation. Our team will demonstrate the ability to build automated and persistent data classification and remediation rules that align with your data protection policies.

Reduce the Complexity of State Data Protection Law Compliance

We are all at risk of a ransomware infection – fraudulent websites, insecure downloads, and spam email are all easy attack vectors. According to the 2021 Verizon Data Breach Investigations Report, “The major change this year with regard to action types was ransomware coming out like a champ and grabbing the third place in breaches (appearing in 10% of them, more than doubling its frequency from last year).” In this webinar, we will discuss the importance of avoiding a ‘digital hostage’ situation where you are paying large sums of ransom to release your sensitive data.

Learn how Spirion Sensitive Data Platform helps lower the risk associated with bad actors attempting to exfiltrate your data.  See first-hand what Spirion brings when it comes to cyber defense and sensitive data protection.

How to Protect your Sensitive Data from Ransomware Attacks

Gone are the days when everything that happened at work occurred between ‘these four walls.’ The world was challenged and rose to the occasion. People are working from literally everywhere. Unfortunately, greed didn’t take a vacation. We’ve heard stories of malicious employees allowing access to corporate networks for a payout, negligent employees posting data in a public cloud container, accidental exposure through a targeted phishing scheme, and compromised attackers exfiltrating corporate data.

It was a little easier to spot abnormal behavior or disgruntled employee in the old days. With people working from all over, it makes identifying and monitoring the sensitive data individuals have access to much more complicated.

Our panel will identify the different types of insider threats they see in the wild and offer their advice on the 5 ‘Must Haves’ to help deter this growing threat to corporate data security and privacy.

5 Must-Haves in Developing an Insider Threat Program

More and more data is generated faster and faster across more devices. It’s almost impossible to keep up. Data resides in the PC you’re working on now, the printer down the aisle, your smartwatch, the thermostat, our cars, in manufacturing plants – you get it. Data is everywhere. The question is, do you know what sensitive data exists across systems, databases, file shares, endpoints, and apps? More than half of respondents to the IAPP-EY Privacy Governance survey (56%) named “locating unstructured personal data” as the most challenging issue in responding to data subject access requests including access, deletion, and rectification requests.  It is crucial to have visibility into all areas where data resides to enact security and regulatory compliance measures. This can be tricky given the amount of data created and the current era of remote workers. Our panel of industry experts will dive into the areas that need attention. Some of these may surprise you – and frankly, some data isn’t worth protecting. Bring your questions and scenarios to this interactive panel to get the answers you need!

It's 2:00 AM. Do You Know Where Your Data Is?

Although the California Privacy Rights Act of 2020 (CPRA) will not go into full effect until January 1, 2023, businesses are expected to start complying with the law’s obligations for gathering and maintaining consumer personal information as early as 1, 2022. 
Meanwhile, there’s countless questions that have been raised since voter approval of Prop. 24 that the California Attorney General is actively drafting regulations to interpret and clarify. For instance, what defines sensitive personal information? What about cross-context behavioral advertising? Where do I have to search when a consumer requests their personal information? 
In this interactive webinar, we’ll take a look at the obligations of this new law and how it expands on the wide-ranging consumer rights created by the CCPA. We’ll also answer your questions, live, and offer insight into immediate steps your organization should take in advance of the enforceable compliance deadline slated for January 1, 2023.
Takeaways include:
• A summary of new consumer rights and business obligations under the law
• Immediate priorities for your information security program
• An understanding of the “opt-in” vs. “opt-out” rules for collecting, selling, and sharing personal information

What You Need to Know About CPRA in 2022: Your Questions Answered

Over the past 20 years, data classification has consistently been proven effective in protecting sensitive data.  Combining classification with modern Digital Rights Management (DRM) enables organizations to precisely define the “who”, “what”, “when”, and “where” of sensitive data access, promoting compliance with a wide range of cybersecurity and privacy mandates.  In the wake of last summer’s Schrems II decision from the Court of Justice of the European Union, the “where” of access has become especially relevant for complying with the EU’s General Data Protection Regulation (GDPR).  

Schrems II mandates additional controls for the transfer of personal data out of the EU and controlling the “where” data can be accessed represents a powerful tool not only for complying with the GDPR, but for many other cybersecurity mandates.  In this presentation, data protection technical and legal experts will discuss employing a combination of data classification and DRM for compliance with the GDPR and similar laws.  

Takeaways include:

• A summary of the Schrems II decision and why it matters to you now
•	The relationship between classification and policy enforcement
•	Leveraging data classification and DRM for legal compliance – including the “where”

Advancing GDPR Compliance, Post-Schrems II, Using Data Classification

Businesses worldwide are taking a much closer look at their data to ensure their most sensitive information is safeguarded under the requirements of laws, regulations, and professional obligations. Knowing what data you collect dramatically reduces risk and uncertainty. According to the RSA Data Privacy and Security Survey, since 64% of U.S. users and 72% of U.K. users agree that “if a company loses my personal data/information, I feel inclined to blame them above anyone else, even the hacker,” the risk from data asset ambiguity is enormous.  

Grasp the particulars of data inventory and data mapping – From what to include in a data asset inventory, how to get started, and the benefits of data asset control that are too important to ignore.  See Spirion Sensitive Data Platform in action during this live product demonstration.

Benefits of Data Asset Inventory when Tracking and Managing Sensitive Data

Data privacy cannot be achieved with a one-size-fits-all solution. Regulations, business requirements, and customer concerns can vary between regions, industries, revenue, and more. While many agree that data discovery is a foundational aspect of any data privacy management program, what’s less clear is where organizations go from there. 

The concept of profiles in the NIST Privacy Framework addresses this and lays out strategies for organizations to map out the next steps in their privacy planning depending on factors such as organizational maturity, capacity for change, and regulatory requirements.

This Tech Talk will detail how the world’s most accurate data discovery in Spirion Sensitive Data Platform (Spirion SDP) can be used to expand privacy operations with a blend of extended core functionality and intelligent optional add-ons. 

Key takeaways:
• Discover the depth, breadth and accuracy of our Privacy-Grade solution, Spirion SDP
• Explore how to automate SRR fulfilment with speed and accuracy using Spirion Sensitive Data Finder
•	Learn how to leverage Spirion Sensitive Data Watcher to monitor, connect and understand sensitive data

With multiple tools to choose from, Spirion empowers organizations to design privacy programs that are right-sized for their company’s data privacy and security needs and to be confident that their data is protected – no matter where it lives.

A single source of truth for sensitive data: Managing cyber and privacy risks

As organizations struggle over misuse and exfiltration of data, visibility and accountability is more important than ever. 

This Tech Talk will explore the Activity Monitoring functionality of Spirion Sensitive Data Watcher (SD Watcher). Powered by Spirion Sensitive Data Platform (SDP), Spirion SD Watcher allows users to collect and report on file and folder activity to help identify unauthorized or abnormal behavior involving sensitive data. This better allows organizations to prioritize privacy risk management by determining if, when and, how sensitive data may have been accessed or exfiltrated and build a stronger security posture. 

You will learn:
- How the accuracy and breadth of data discovery delivered by Spirion SDP is augmented by Spirion SD Watcher to allow data stewards to better to manage compliance and privacy risk
- What the MITRE ATT&CK framework is and how it provides a best-practices approach to activity monitoring 
- The concept of the “accidental insider” and how to protect against these types of breaches

Speakers: Jason Hodgert, Penni Kessler, and Britton Karon from Spirion

Data Needs Monitoring: Reduce the Privacy Risk of Your Sensitive Data

On March 2, Virginia became the nation’s second state to adopt a comprehensive data privacy law—and the first state to enact such protection of its own accord. Introduced by Senator David W. Marsden, the progressive Virginia Consumer Data Protection Act (VCDPA) reflects many of the consumer rights granted under California’s privacy laws—but goes a step further—by aligning with the European Union’s General Data Protection Regulation in a few critical areas.

Spirion’s Scott Giordano, VP and Sr. Counsel, Privacy and Compliance, has the privilege to sit down with Senator Marsden to discuss the spark behind the introduction of the Virginia Consumer Data Protection Act and the nuances of the VCDPA for companies doing business in Virginia or marketing to Virginian citizens. 

Can’t miss topics include: 

• Who must comply with the VCDPA? 
•	Why is the VCDPA important for Virginia residents? 
•	What are the business obligations of VCDPA? 
•	How will VCDPA be enforced? 
•	What additional state legislation is expected across the U.S. in 2021?

U.S. Data Privacy Trailblazer: Virginia comprehensive data privacy law

What is sensitive personal information?  What about cross-context behavioral advertising? Where do I have to have to search when a consumer requests their personal information?  These and a whole host of other questions have been raised by voter approval of Prop. 24, the California Privacy Rights Act of 2020 (CPRA).  

In this interactive webinar, we’ll take a look at this new law and how it expands on the new and wide-ranging consumer rights created by the CCPA.  We’ll also answer your questions, live, and offer insight into getting your organization ready in advance of the compliance deadline.  

Takeaways include:
- A summary of new consumer rights under the law
- Likely changes you’ll need for your information security program
- An understanding of the “opt-in” vs. “opt-out” rules for collecting, selling, and sharing personal information

Speaker: Scott M. Giordano, V.P. and Sr. Counsel, Privacy and Compliance, Spirion

The California Privacy Rights Act of 2020: Your Questions, Answered

As the wave of ransomware and other attacks on government entities continues to rise, legislatures have responded with the creation of government security operations centers (or SOCs) or similar cybersecurity programs.  In particular, the state of Florida has recently passed into law a program to fund its own SOC.  Starting a SOC raises all kinds of questions:  What are the key components?  What kinds of professionals should be staffing it?  How can it be developed on time and on budget?  In this panel discussion, cybersecurity technical and legal professionals will offer their insight into how best to get a cybersecurity program off the ground.  

Takeaways include:

• The role of a cybersecurity steering committee
• Basic capabilities all SOCs should have
• Working with legal and audit teams

Florida HB 1297: What Is It and What Does It Mean For My IT Security Team?

To date, 31 states have either signed, passed, or introduced GDPR/CCPA-style legislation to protect the privacy of consumers which is transforming how business and private sectors alike manage customer data.

A common thread among many of these regulations are a list of consumer rights with regards to the handling of the data organizations like yours collect every day. While the naming and number of these rights vary from state to state, they commonly include, but are not limited to the Right of Access, the Right of Rectification, and the Right of Deletion. 

Consumers exercise these rights through what is commonly referred to as a Data Subject Access Request (DSAR), Individual Rights Request (IRR) or Subject Rights Request (SRR) detailing their personal data footprint. Under these regulations, these requests must be handled promptly, accurately, and without exception. 

On this Tech Talk, we will introduce Spirion Sensitive Data Finder to demonstrate how this tool protects and simplifies Rights Requests for current and future regulations. Key takeaways:

-Find personal or sensitive data, wherever it lives (you can’t protect what you don’t know you have!)
-Identify the data relationships between documents and locations associated with the same person through our personal data recognizer technology
-Build an inventory of discovered subjects for fast reporting to fulfill DSAR, IRR, and SRR requests within a given compliance window through user-friendly dashboards
-Build and generates subject reports containing a summary of data types

Subject Rights Requests simplified: Using Spirion to maintain privacy compliance

“The CCPA is just the U.S. version of the GDPR.”

“If I’m compliant with the GDPR, I’m also compliant with the CCPA.”

“Personal data under GDPR is the same as personal information under CCPA.”

All of this common wisdom about the GDPR and CCPA is arguably false. In fact, there are numerous differences, some great and some subtle, between the two that serve as traps for the unwary. Add to this the upcoming CCPA 2.0, with its new class of (and significant restrictions on the use of) personal information, and the potential for consumer complaints and disputes with supply-chain members becomes dramatic. In this interactive webinar, a privacy and security industry veteran will analyze, compare, and contrast these laws and offer insight into what they mean for your data protection program.

Takeaways include:

-Key differences between the three laws that impact your data protection strategy
-Avoiding conflicts with supply-chain members and other business partners
-How to leverage current compliance efforts for CCPA 2.0 and other upcoming data protection laws

Speaker: Scott M. Giordano, Esq., V.P., Data Protection, Spirion

Scott M. Giordano is an attorney with more than 20 years of legal, technology, and risk management consulting experience. An IAPP Fellow of Information Privacy and a Certified Information Security Systems Professional (CISSP), Scott serves as Spirion’s subject matter expert on multinational data protection and its intersection with technology, export compliance, internal investigations, information governance, and risk management. Scott has held senior positions at several legal technology firms and is listed as co-inventor on Intelligent Searching of Electronically Stored Information, patent application no. 13/842,910. In addition, he taught the first law school course anywhere on electronic evidence and e-discovery. Scott is a member of the bar in Washington state, California, and the District of Columbia.

GDPR vs. CCPA vs. CCPA 2.0: 10 Critical Differences

About: Since EU supervisory authorities began GDPR enforcement in May of 2018, over 200 companies and government agencies have been punished for privacy and security failures by EU authorities. Those companies include both marquee and non-household brands where close to €400M in proposed fines were issued. The failures to comply were attributable to not having basic privacy and security practices in place. In this webinar, we will review several post-mortems, determine what went wrong, and discuss the implications for not complying with the privacy and security requirements of the GDPR going forward.

Key takeaways include:

-Understanding what regulators consider when issuing a penalty

-Generating better privacy success measurements by leveraging the NIST Privacy Framework and ISO 27701

-Applying these lessons for California Consumer Privacy Act (CCPA) compliance

Speaker: Scott M. Giordano, Esq., V.P., Data Protection, Spirion

Scott M. Giordano is an attorney with more than 20 years of legal, technology, and risk management consulting experience. An IAPP Fellow of Information Privacy and a Certified Information Security Systems Professional (CISSP), Scott serves as Spirion’s subject matter expert on multinational data protection and its intersection with technology, export compliance, internal investigations, information governance, and risk management. Scott has held senior positions at several legal technology firms and is listed as co-inventor on Intelligent Searching of Electronically Stored Information, patent application no. 13/842,910. In addition, he taught the first law school course anywhere on electronic evidence and e-discovery. Scott is a member of the bar in Washington state, California, and the District of Columbia.

GDPR: Lessons Learned From 200 Companies Who Got It Wrong

GDPR

Data Privacy

Data Security

Compliance

Data Protection

CCPA

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Practicing business intelligence allows your company to transform raw data into sets of insights for targeted business growth. The business intelligence and analytics community on BrightTALK is made up of thousands of data scientists, database administrators, business analysts and other data professionals. Find relevant webinars and videos on business analytics, business intelligence, data analysis and more presented by recognized thought leaders. Join the conversation by participating in live webinars and round table discussions.

Business Intelligence and Analytics

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

GDPR: Lessons Learned From 200 Companies Who Got It Wrong

Presented by

About this talk

More from this channel