MASTERING CYBERSECURITY AND PRIVACY LAW: FROM NOVICE TO EXPERT

UNDERSTANDING THE CALIFORNIA EFFECT: COMPARING CCPA & CPRA TO GDPR

2 Hours/ ADVANCED CLASS/ Adriana Sanford

• Learn key differences between the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) compared to the General Data Protection Regulation (GDPR). 
• Review and analyze a wide range of legal documentation to help ensure compliance with privacy laws and regulations, including agreements, policies, notices, letters, reports, assessments, plans, schedules, questionnaires, and checklists.

FROM HEALTH TO FINANCE: COMPREHENSIVE GUIDE TO CA SECTORAL PRIVACY LAWS

2 Hours/ ADVANCED CLASS/ Adriana Sanford

• Develop an understanding of the sectoral privacy laws in CA,  such as health data, financial data, and employment data. Gather insights into the specific legal requirements for complying with data subject rights in California, including how to effectively manage access requests, rectification requests, erasure requests, and other requests related to data subject rights.  

ACROSS BORDERS: NAVIGATING US PRIVACY LAWS, GDPR, LATAM FRAMEWORKS

2 Hours/ ADVANCED CLASS/ Adriana Sanford

• Gain a comprehensive overview of US state privacy laws and US regulations, such as those established by the FTC (enforcement actions, policy activities, and education initiatives related to data privacy regulations in the US). 
• Obtain an understanding of the nuances and complexities of privacy laws in the Latin American region and how laws and regulations in Argentina, Brazil, and Mexico differ from the GDPR. 

LEARNING OUTCOMES

1. Understand the key differences between the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and the General Data Protection Regulation (GDPR).
2. Review and analyze a wide range of legal documentation to ensure compliance with privacy laws and regulations, including agreements, policies, notices, and assessments.
3. Develop an understanding of sectoral privacy laws in California, such as health data, financial data, and employment data, and how to comply with them.
4. Gain insights into the specific legal requirements for complying with data subject rights in California, including how to effectively manage access requests, rectification requests, erasure requests, and other requests related to data subject rights.
5. Obtain a comprehensive overview of US state privacy laws, as well as US regulations such as those established by the Federal Trade Commission (FTC), including enforcement actions, policy activities, and education initiatives related to data privacy regulations in the US.
6. Understand the nuances and complexities of privacy laws in the Latin American region, and how laws and regulations in Argentina, Brazil, and Mexico differ from the GDPR and US laws.
7. Develop strategies for complying with privacy laws and regulations in California, the US, and Latin America, and be able to apply them in a variety of settings and contexts.
8. Learn best practices for managing data privacy risks and compliance programs, including data governance and incident response planning. If customers can’t find it, it doesn’t exist. Clearly list and describe the services you offer. Also, be sure to showcase a premium service.

IMPROVING TABLETOP EXERCISE OUTCOMES

3 Hours/ ADVANCED CLASS/ Eric Barricklow

• Eric D. Barricklow, CISO & Executive Advisor at EVOTEK; former Cyber Director of JPL's $450 million Institutional Computing Environment program; former CISO for the City of Anaheim

• Maximize tabletop exercise effectiveness with new planning and implementation strategies. Tabletop exercises are one of the methods used to evaluate an organizations’ plan as part of the TTE Program. Following the 5P principal (Prior Planning Prevents Poor Performance) organizations can increase the efficiency and effectiveness of response actions and identify gaps or deficiencies within the Plan being exercised. Properly planned Tabletop exercises include identifying topic, scope, objectives, participants, facilitators, developing the exercise materials, conducting the exercise, performing an after-action review, and publishing an improvement / sustainment plan.

LEARNING OUTCOMES

1. Develop an understanding of the importance of IT Plans, such as Contingency and Cybersecurity Incident Response Plans, and the role of Tabletop exercises in evaluating and improving these plans.
2. Learn best practices for planning and conducting Tabletop exercises, including identifying topics, scope, objectives, participants, and facilitators.
3. Understand the key elements of effective exercise materials, including scenarios, injects, and evaluation criteria.
4. Gain skills in facilitating Tabletop exercises, including managing group dynamics, encouraging participation, and addressing challenges.
5. Develop an understanding of the importance of an after-action review process and how to use feedback to identify improvement opportunities.
6. Learn how to develop an improvement/sustainment plan to ensure that the organization continues to improve its response and preparedness capabilities.
7. Understand the importance of team coordination and communication during a crisis and develop skills in effective communication strategies.
8. Identify common gaps and deficiencies in IT Plans and learn how to address them through Tabletop exercises.
9. Gain insights into the benefits of a Test, Training, and Exercise (TTE) Program for organizational preparedness and how to implement such a program.
10. Develop practical skills in planning and conducting Tabletop exercises in a variety of contexts, and learn how to tailor exercises to meet specific organizational needs.