CISO Executive Network Roundtable: Data Protection, Security and Privacy

Robinson Bradshaw sponsored the CISO Executive Network Charlotte group's virtual roundtable. The meeting's theme was "Data Protection, Security and Privacy." Robinson Bradshaw attorney Allen O'Rourke provided a brief cybersecurity and privacy legal update.

The group aimed to better understand how members are dealing with the job of protecting their data assets and working with the privacy teams, with topics including:

• Relationship between privacy and security programs
• The challenge of effectively implementing a data management program that includes finding and classifying data asset
• Which data protection solutions are realistic - DLP, encryption, DRM, obfuscation, right to be forgotten, and more
• Value of data breach exercises
• Role of the data owner and end users in the data protection program
• The role of the CISO in data integrity matters (The "I" in the CIA triad)
• Efficacy of end user data protection training such as phishing prevention training
• Protecting data as it moves to the cloud and third parties
• CASB solutions
• Privacy drivers that impacts security program's ability to collect and analyze user and application information
• Consideration for how quickly collected user data can have a privacy impact (e.g., fitness data from wearables, not PHI yet but likely to be)