Assessing Privacy Risks and Privacy Control Programs

Information Privacy is often overshadowed by its more mature cousin, Information Security, when conducting risk assessments and performing audit testing.  With the increased legislative and regulatory focus on privacy in recent years, and the increasingly complex requirements that organizations have become subject to, we believe that it is timely to present some training on how to assess information privacy risks and controls.

This technical session will provide a high-level background on accepted privacy principles and resultant privacy controls. It will give the audience an overview of privacy theory, and then move through the current privacy compliance/regulatory landscape into the development and application of an appropriate privacy control program. 

Also covered will be practical examples including a brief discussion of building privacy into the development of new applications and how to audit applications for appropriate privacy controls.  Real world examples of the risks and consequences that a business faces for failing to adequately assess and address its privacy risks will also be discussed, and audience participation and sharing of experiences will be encouraged.  We plan to make this session interactive throughout, so that all audience members benefit from the collective knowledge of the group.

Two case studies will be used to show how to assess privacy risks and controls, and resultant value of such assessments. The first case study will be that of a currently deployed web application (using automated assessment tools and GAPP based assessment methodology. The second case study will examine a review of the privacy risks surrounding an enterprises marketing/customer management process.

About the Presenters

MARCUS MORISSETTE, JD, CISSP, CISA, CIPP is a Managing Director and Information Privacy Practice Leader at Concise Consulting Group. With a background in both economics and law, Marcus is uniquely positioned among risk consulting and data privacy professionals. Marcus has over 12 years’ experience as an information technology and data privacy attorney and consultant. He has held the role of both corporate counsel and senior privacy and information security consultant, and has worked in a wide range of industries. His professional experience includes work at large consulting firms such as KPMG, as well as for small, boutique consulting practices.  He holds numerous professional certifications in the privacy and information security field, as well as an active high-level government security clearance. Marcus served on active duty in the U.S. Navy as a Judge Advocate, received an honorable discharge from active duty in 2001, and maintains his status as an active drilling reservist. He is actively engaged in the data privacy field, and is currently researching several areas for presentation and publication in 2010.

SEATON M. DALY III is an Attorney At Law at Law Office of Seaton M. Daly III, P.L.L.C. Seaton is a corporate transactional attorney in Seattle, WA, with an emphasis in corporate governance.  Prior to his admission to practice law in the State of Washington, Mr. Daly worked in the Information Protection industry for 8 years in various capacities.  Upon admission to practice law, Mr. Daly went back to work in the information protection industry, and shortly thereafter started up his law firm.  Mr. Daly is a recognized expert in the emerging area of data governance law.  He is a regular presenter on this topic at academic institutions, public and private firms, trade and bar associations, and non-profit organizations.

Technical Session Registration

The online fee for the Technical Session is $60 for members of The IIA, $80 for non-members.

Our online registration and payment processing allows you to register multiple people for both the lunch and the tech session and pay for everyone with one credit card transaction.   Just select the event for which you are registering, indicate the number of people attending (differentiating by member and nonmember), and our shopping cart will calculate your total fee.  When you check out, you will enter your credit card information.  On this same screen, you must complete the box that asks for member(s) name and event under “additional information required for processing” even though it says optional.

The meeting will be conducted at Maggiano’s, located in Lincoln Square in downtown Bellevue at 10455 NE 8^th St.    The fee for the technical session is $60 for members of the IIA, $80 for non-members (three CPE credits are awarded).