Past Meetings

A standardized risk based approach to privacy using ISO27701

Tuesday, February 16, 2021 - 6:00pm

Matthew Corwin

Matthew Corwin

A privacy program in this rapidly evolving regulatory environment must take into account many perspectives, including: an understanding of the current requirements applicable to each business process which involves personal information, the business justifications for the use of that personal information; the way in regulatory requirements translate into technical and process changes, how those changes are best addressed from the application level to the organizational level; future-proofing against changing applications, business needs, and additional regulatory requirements, increased customer and partner expectations, and peer competitor strategies. This program must also be risk based and designed to achieve a viable defensible position in the shortest amount of time, without boiling the ocean, and should include a road map for continuous improvement and recurring risk and privacy assessments.