How can we continuously adapt to the ever-changing U.S. data privacy regulations
In a recent Super Cyber Friday, "Hacking U.S. Data Privacy: An hour of critical thinking on dealing with the ever-changing patchwork of regulations," we explored the difference between data privacy versus legal requirements, U.S. - specific privacy mandates, and the future of privacy legislation.
Joining us for this conversation were Matt Cooper , senior manager of privacy risk and compliance at Vanta , and Greg M. , CISO at Lightcast .
HUGE thanks to our sponsor, Vanta
Watch the full video
Best quotes from our guests
“For all the personal data in your system, know where you got it and why you have it.” - Matt Cooper, Vanta
"You need to let people know why you're collecting their data, what you're collecting, what you're doing with it, who you're sharing it with. Then, you basically need to give them control of that data if they want to be deleted, forgotten, or corrected." - Matt Cooper, Vanta
"When I first started getting into GDPR, I was like, 'Oh, that's it. It seems basic, like, why is this a big deal?' Because the concept is simple. But the implementation gets extremely complex and difficult." - Matt Cooper, Vanta
"How the landscape is today, people accessing anything, pushing the buttons, opening that access, it's hard to tell. It's just, it's a very complex problem, and it's something that we take on a day-to-day basis. Because there is so much data." - Greg McCord, Lightcast
领英推荐
"It's going to take something big that forces the country to move. It's not the top topic. It's not the priority, even though the citizens think it is, it's just not. So it's going to have to take something big like AI or a massive breach of something or other infrastructure gets taken down." - Greg McCord, Lightcast
"Instead of having five different control sets or seven, eight different sets of laws, we look at ways to harmonize those where they're effectively the same and make sure we're adhering to the highest bar." - Matt Cooper, Vanta
Quotes from our audience
"Just start somewhere. With new systems you bring in, start to track what data is going into them and how it's used. Then work the backlog." - Matt Black , director information security, Contentstack
"Find even one data store of PII that is redundant and get it slated for removal. Aim for less data." - Duane Gran , director information security, Converge Technology Solutions Corp.
"Put your teams on a data diet. Destroy it when they cannot truly justify keeping it." - Jeff Reich , executive director, Identity Defined Security Alliance
"Allowing data to age and ensuring that it really is purged from your production environment." - James S. , DevSecOps engineer
"Making sure that your Dev team cannot use real production data for development work." - James Sparenberg, DevSecOps engineer
"Conduct real classes with the teams in your organization to teach them how their 'job focus' affects data privacy. Most don't understand it." - James Sparenberg, DevSecOps engineer
Director, Sales and Strategic Partnerships
1 年Glad to see this. Where data privacy needs automation, it should be implemented for sure. Sadly not everything *can* be automated, so orgs need to make sure they have a strong privacy program in place because automation is only part (admittedly a very big part) of data privacy management.