A standardized risk based approach to privacy using ISO27701

Tuesday, February 16, 2021 - 6:00pm

Matthew Corwin

Matthew Corwin

A privacy program in this rapidly evolving regulatory environment must take into account many perspectives, including: an understanding of the current requirements applicable to each business process which involves personal information, the business justifications for the use of that personal information; the way in regulatory requirements translate into technical and process changes, how those changes are best addressed from the application level to the organizational level; future-proofing against changing applications, business needs, and additional regulatory requirements, increased customer and partner expectations, and peer competitor strategies. This program must also be risk based and designed to achieve a viable defensible position in the shortest amount of time, without boiling the ocean, and should include a road map for continuous improvement and recurring risk and privacy assessments.


Matthew Corwin

Matthew Corwin is VP of Security and Privacy Risk at Truvantis, a cyber security consulting firm. He has previously held leadership roles at a number of companies including Cognizant, where he led the U.S. unit of the Cognizant global privacy and security consulting practice, and Symantec, where he assessed vendor SaaS /IaaS / cloud environments and SLAs / MSAs / SOWs for impact to security and privacy compliance in the context standards including GDPR, PCI and FedRAMP. He is also an attorney licensed in California and has worked in regulatory compliance, privacy, cybersecurity, and litigation practices for several top law firms.



Zoom Meeting to be provided for those who RSVP