The Next Generation of Data Privacy

This session will examine the enactment of increasingly rigorous state data protection laws and detail the distinguishing aspects of these laws. We will discuss the need to adopt a multifaceted compliance approach, combining administrative, technical and physical security controls, and will emphasize the elements which are present in all effective information security programs. The session will include a discussion of the consequences of non-compliance and the need for ongoing verification to identify areas within the enterprise that are non complaint.

Having a sub-standard IT security posture can cost your company money. It can lead to negative governmental audit findings, or keep you from closing that big deal with a security minded company. During this presentation, we will discuss an industry appropriate IT security posture that maximizes your IT security investment.

Managing the privacy of personal information in networked systems is made much more challenging as we deploy new, complex, and networked business infrastructures. Today, operational privacy requirements typically focus on the enterprise, but don’t readily extend across policy and jurisdictional boundaries. Although many technical solutions and standards exist today to support these valuable new infrastructures a framework or model for building life cycle privacy-compliant architectures has not been available to implementers. This presentation will offer an overview of a new Privacy Management Reference Model about to be developed by a technical committee in the OASIS standards organization. The Model will help guide development of lifecycle-focused privacy requirements, enable mapping current and future technologies and solutions to those requirements, and enable the development of privacy architectures.