Perhaps the most significant legal developments for information security professionals in 2021 came not in the form of traditional "risk-based" data protection laws but instead in the passage of two "rights based" ones. Both the Virginia Consumer Data Protection Act and the Colorado Privacy Act were significant developments, granting individuals the right to control how others use their personal data, as well as mandating numerous InfoSec requirements. Some 25 states introduced comprehensive privacy legislation in 2021, and it's very likely those same bills will reappear in this year's legislative sessions.

Meanwhile, the California Privacy Rights Act of 2020 (CPRA) is expected to consume major corporate resources in 2022 as enterprises come to grips with new types of personal data in scope, additional contractual requirements when selling personal information to third parties, and additional protections for the personal information of children. There's also the creation of a "privacy police" agency, the California Privacy Protection Agency, which carries significant regulatory power.

Join our panel of industry experts as we discuss the biggest privacy events of 2021 and what may be in store for 2022.

Takeaways will include:

•  InfoSec mandates of upcoming data privacy laws and regulations

•  The biggest data privacy challenges for the year ahead

•  Expert perspectives on meeting legal requirements

Attendees are eligible to receive 1 CPE credit.

Generously supported by:

supported by logo
speaker photo
Scott Giordano
VP, Corporate Privacy & General Counsel, Spirion

Scott M. Giordano is an attorney with more than 20 years of legal, technology, and risk management consulting experience. An IAPP Fellow of Information Privacy and a Certified Information Security Systems Professional (CISSP), Scott serves as Spirion’s subject matter expert on multinational data protection and its intersection with technology, export compliance, internal investigations, information governance, and risk management. Prior to joining Spirion, he served as Director, Data Protection for Robert Half Legal and established the global privacy program for Esterline Technologies Corporation in Bellevue, WA.

speaker photo
Rebecca Rakoski
Co-Founder & Managing Partner, XPAN Law Partners

Rebecca L. Rakoski, Esq., is the managing partner at XPAN Law Partners. Rebecca counsels and defends public and private corporations, and their boards, during data breaches and responds to state/federal regulatory compliance and enforcement actions. She manages the intersection of state, federal, and international regulations that affect the transfer, storage, and collection of data to aggressively mitigate her client's litigation risks. As an experienced litigator, she has handled hundreds of matters in state and federal courts. Rebecca advises her clients on a proactive, multi-jurisdictional approach to identify and address data privacy and cybersecurity compliance gaps and potential liabilities. She works with clients to create and tailor a security and privacy governance program that fits their specific needs in order to limit their regulatory exposure.

As a thought leader in the area of data privacy and cybersecurity, Rebecca serves on the New Jersey State Bar Association's Cyber Task Force. Rebecca is Vice-Chair Elect for the New Jersey State Bar Association's Bankruptcy Law Section, and also served on the Complex Business Litigation Committee that drafted and revised the Court Rules involving electronic discovery in complex litigation matters. She has been appointed in several litigation matters by the New Jersey Superior Court as a Discovery Special Master.

Rebecca is on the Board of Governors for Temple University Health Systems, and is an adjunct professor at Drexel University’s Thomas R. Kline School of Law and Rowan University.

speaker photo
Christopher Leach
CISO, Adveeno

His career spans over 30 years in risk analysis, operations, strategy and financial controls and has included senior management, consulting and entrepreneurial experiences. He currently is CISO at Adveeno. He has held positions at Cisco, HP, HPE and DXC. He was the Director of Security Services for CompuCom, a Dallas based out sourcing company. There he is responsible for 24X7 operations and monitoring of client networks and infrastructure. He managed a team that is recognized as leaders within their respective fields and operates multiple honey pots and other security infrastructures to maintain a cutting edge in the ever changing information security environment. Previously he was CISO for Affiliated Computer Services (ACS), an out sourcing company acquired by Xerox.

A recognized global thought leader and sought after professional, he has maintained strong relationships with other security professionals, providers and vendors. He views security as a partner with the business and understands that risk can be controlled but never fully eliminated and therefore approaches security from a risk based model.

Was a co-presenter with Microsoft Chief Strategist, Craig Mundie, at Microsoft's keynote address at the 2008 RSA conference. Was awarded the Information Security Executive and People's Choice Award winner 2008 ( Was named as one of Computer World's Premier 100 IT Leaders - class of 2009 ( Former licensed CPA Former Top Secret Clearance (US).

speaker photo
Tom Bechtold
Digital Events Director, SecureWorld

Tom has been part of the SecureWorld team for over 14 years. He has launched several of the regional conferences we hold today. Tom is currently responsible for SecureWorld Digital, which provides educational content to the SecureWorld audience. He produces, executes, and moderates the majority of the Remote Sessions webcasts while also working closely with the SecureWorld event directors to build relevant agendas at the regional conferences.