Organizations are contending with significant risk management challenges as they attempt to navigate a complex, increasingly fragmented, and rapidly changing global environment of data privacy regulations and legal compliance requirements.

In this highly interactive Q&A session at RSAC 2019, this panel will provide a practical, policy-focused assessment of the most significant regulatory developments in the U.S. and abroad, along with their potential effects on cyber-threat management, data collection and use, security technology innovation, and much more.

Register Here: Navigating Today’s Data Privacy Regulation Labyrinth
Tuesday March 5th, 5:00PM – 5:50PM
Speakers: (Moderator) Greg Silberman, (Panelists) Malcolm Harkins, Theresa Payton, Ruby Zefo

The session will begin with a review of the most significant data privacy and security regulatory initiatives in the U.S., including the California Consumer Privacy Act, the ReadyTech Corporation FTC settlement, the Equifax Multi-State settlement, and various state security and breach notification laws. The panelists will then take a deeper-dive into the California Consumer Privacy Act and its significance for national organizations, with a focus on state verses federal approaches to data privacy compliance.

Next, the panel will expand its geographic focus to assess the most important developments in data protection and cybersecurity regulations in Europe and Asia, beginning with the challenges for EU members posed by GDPR and how those regulations are influencing the risk management conversation between the U.S. and its trading partners.

Panel members will also explore the practical implications of China’s Cybersecurity Law; new data localization requirements in Russia, Taiwan, and other nations; and the ways regional data protection and privacy requirements will affect organizational business processes, risk profiles, technology investments, and more.

Compliance burdens are likely to fall more heavily on certain organizations more than others. Therefore, panelists will also examine the ways public- and private-sector organizations respond differently and identify industry-specific challenges regarding competition, innovation, liability, data usage, and value generation.

The session will conclude with concrete, role-specific recommendations for CPOs, CISOs, CTOs, and product and engineering executives at domestic and multinational companies and on strategies for limiting regulatory risk profiles drawn from the panelists’ diverse backgrounds, roles, and experiences – including:

  • An examination of the latest domestic and international data privacy laws, regulations, and legal decisions
  • Discussion of effects on the public/private sectors, policy, competition, innovation, and risk management
  • Guidance on integrating privacy and security focus into product and services development

Speakers:

Malcolm Harkins is the Chief Security and Trust Officer at Cylance, responsible for enabling business growth through trusted infrastructure, systems, and business processes. He has direct organizational responsibility for information risk, security, and privacy policy.  Previously, Malcolm was Vice President and Chief Security and Privacy Officer (CSPO) at Intel. In that role, he was responsible for managing risk, controls, privacy, security, and other compliance activities for Intel’s information assets, products, and services.

Greg Silberman is Chief Privacy Officer at Cylance Inc. where he oversees the implementation and enforcement of practices that manage data in accordance with the Cylance’s Privacy Principles, with the goal of making Cylance a leader with respect to employee and customer privacy. As a lawyer, Greg has over 20 years’ experience working with companies to develop solutions to address complex business and legal issues at the intersection of intellectual property, privacy and information security. Prior to joining Cylance in 2016, Greg was a partner in the Cybersecurity, Privacy and Data Protection practice group in the Silicon Valley office of Jones Day. Earlier in his career, Greg served as Intellectual Property Counsel at Lawrence Berkeley National Laboratory.

Theresa Payton was named by IFSEC Global as 4th among the top 50 of the world's cybersecurity professionals and is one of America's most respected authorities on security and intelligence operations. The first female to serve as White House Chief Information Officer, Payton oversaw IT operations for the President and his staff during a period of unprecedented technological change and escalating threats. Previously, she held executive roles in banking technology at Bank of America and Wells Fargo. Currently, as the founder and CEO of a world class cybersecurity consulting firm, Fortalice Solutions, LLC and co-Founder of Dark3, a cybersecurity product company, she remains the expert that organizations call for discretion, proactive solutions, and incident response/crisis management.

Ruby Zefo was recently named as Chief Privacy Officer at Uber. Previously she was Vice President, Law & Policy Group at Intel Corporation, and serves as its Chief Privacy and Security Counsel. Zefo also managed Intel’s global privacy and security legal group. In addition, Zefo managed the teams that provide legal support for Intel Security Group (formerly McAfee) and Intel’s IT department. She also co-chairs the Law & Policy Group’s first women’s leadership development program, Leading Edge. Zefo began her law career at Fenwick & West LLP and later joined Sun Microsystems, Inc. Zefo has a B.S. in business administration from the University of California at Berkeley, and a J.D. from Stanford Law School.