Data Privacy Day 2021

Date/Time

Date: 1/28/2021
Time: 9:00 am - 12:00 pm

Location

Harrisburg University of Science and Technology

Held Virtually (2021)

“The New Abnormal is Coming – Organizations No Longer Own Data, Clients Own Data.”

Newly enacted laws and policies are mandating that client data must be managed based on their preferences and deleted whenever requested. These changes require a completely different strategy on how client data is collected, managed, and stored. Non-compliance carries significant penalties to organizations.

Agenda

9:00-9:05 AM
Welcome

Kelly Powell Logan

Vice President of Strategic Workforce Development and University Centers
Harrisburg University of Science and Technology 

9:05- 9:40 AM
Data Privacy: What is it, Why is it Important, & What are the Requirements?

Jennie Thompson

Chief Privacy Officer
PHEAA

Speaker Biography: Jennie has over 22 years of public service with PHEAA. In her most recent role as Chief Privacy Officer and Interim Records Retention Officer, she is responsible for the overall definition, direction, and implementation of the Agency’s Privacy and Records and Information Management Programs.  This includes establishing policies, procedures, and training to enforce the Programs; monitoring and assessing the effectiveness of controls, and working with business partners to implement a privacy-by-design philosophy to proactively mitigate risk.  Her Office is also responsible for monitoring and managing keys risks relative to the Agency’s technology area and the Privacy, Security, and Records and Information Management Programs.  

Ms. Thompson holds a bachelor’s degree in Corporate Communication from Elizabethtown College.  She also earned a master’s of jurisprudence Business Law Compliance from Loyola University Chicago-School of Law.  

9:40-10:25 AM
Data Privacy vs. Data Security: The Role of Chief Data Officer & Chief Privacy Officer

Susan Corrado (Facilitator)

Chief Privacy Officer
Commonwealth of Pennsylvania 

Speaker Biography: Susan Corrado was appointed Deputy General Counsel for the Pennsylvania Governor’s Office of General Counsel (OGC) in August of 2020. She serves as counsel on issues related to the Commonwealth’s strategy, policies and operations in the areas of privacy and risk management. Susan provides legal support for initiatives related to risk assessment and management. She also works with Commonwealth agencies and executives to integrate privacy controls within business and information technology processing to ensure compliance with privacy laws, regulations, and state and agency policies.  

Susan came to OGC after serving as a Senior Compliance Officer with privacy and fraud oversight for a financial services firm headquartered in Pennsylvania. She is also a former Special Agent for the Federal Bureau of Investigation (FBI) and the owner of an investigative services firm. Prior to joining the FBI, she practiced law for a Newark, NJ firm focusing on commercial litigation.  

Susan is a Certified Information Privacy Professional with the International Association of Privacy Professionals and a Certified Fraud Examiner with the Association of Certified Fraud Examiners. Susan received her undergraduate degree with honors from the University of Scranton, and her juris doctor from Seton Hall University School of Law.

David Partsch

Chief Data Officer
Commonwealth of Pennsylvania

Speaker Biography: David Partsch was named Chief Data Officer for the commonwealth in March 2020. David is the first person to hold this newly created position and will be responsible for developing and executing data priorities, strategic plans, direct data investments, procurements, and policy for the commonwealth. 

David has 25 years’ experience in the IT industry, most recently as the chief information officer and chief information security officer at InXite Health Systems, a healthcare technology company. He also served at the West Virginia Health Information Network (WVHIN), where he was responsible for all aspects of information technology for the state-wide clinical health information exchange, as well as the Geisinger Health System and the Federal Bureau of Investigation. 

David is an active member of the Health Information Management Systems Society (HIMSS), College of Health Information Management Executives (CHIME), American College of Healthcare Executives (ACHE), Association for Information and Imaging Management (AIIM), Association for Records Management Administrators (ARMA), and Information Systems Security Association (ISSA).  

David has served as a board member of several organizations such as Marshall University’s Master of Healthcare Informatics and University of South Florida’s Cybersecurity for Executives academic programs. 

David earned a master’s degree in business administration from the University of Scranton in Scranton, PA and a bachelor’s degree in Quantitative Business Analysis from Penn State University

10:25-11:10 AM
Panel: Best Practices in Data Privacy for Public Sector and the Private Sector
Facilitated by Susan Corrado, Chief Privacy Officer, Commonwealth of PA

Jason McNew

Senior Engineer
Risk & Compliance, Appalachia Technologies

Speaker Biography: Jason McNew, CISSP, has over 20 years of experience in the field of Information Technology, including 12 years at the White House Communications Agency (WHCA) and Camp David, where he worked on some of the most secure systems in the world, for some of the most important customers in the world.  While at WHCA, Jason held a Presidential access clearance – an elite clearance granted only to those of unquestionable character and integrity.  Jason founded Stronghold Cybersecurity in 2017, which was then acquired by Appalachia Technologies in September 2020. 

Jason, a United States Air Force veteran, holds a Master’s degree from Penn State in Information Sciences, Cybersecurity and Information Assurance, in addition to a Bachelor of Science and two Associate of Science degrees.  Penn State’s Cybersecurity program has been reviewed and endorsed by the National Security Agency (NSA) and the Department of Homeland Security (DHS) 

Stephen Bartel

Director, Cybersecurity Services
KPMG

Speaker Biography: Stephen is a director in KPMG’s Advisory Services practice for Information Governance and Privacy service group.  He has more than 20 years privacy, compliance risk management examination, and audit experience in the highly regulated financial services industry. He has a strong background working  with privacy, compliance, business lines, auditors, and regulators to identify internal risks and control weaknesses in order to mitigate regulatory compliance exposure. His current and past clients include some of the leading entities in the financial services industry including Fintechs, as well as experience as a Federal Reserve Bank Examiner.

Thomas Rivera

Strategic Success Manager
VMWare

Speaker Biography: Thomas Rivera, CISSP has over 30 years of experience in data storage architectures, with specialties in data protection and data privacy. Thomas currently holds the position of Strategic Success Manager at VMWare Carbon Black. Thomas also holds leadership positions in multiple standards organizations, including: Secretary, INCITS Technical Committee for Cybersecurity (CS1), Chair, IEEE Zero Trust Working Group, Cybersecurity & Privacy Standards Committee (CPSC), Co-Chair, SNIA Data Protection & Privacy Committee. In addition, Thomas is an active member of the American Bar Association’s Cybersecurity Legal Task Force.

Chris Smith

Vice President of Global Security Services and Connected Security
Lumen

Speaker Biography: Smith consistently creates world class product experiences through solid product management practices. He has a keen ability to identify and solve customer business problems paired with more than 20 years of experience developing and managing products and applications for the Enterprise market.  Smith currently manages Lumen’s Security portfolio, which includes management and investment oversight for their product portfolio, as well as revenue responsibility for the portfolio globally. 

Prior to joining Lumen through the Level 3 acquisition, Smith was Vice President of Product Management, responsible for enterprise voice solutions and the global data center portfolio. Smith also served a Director in the CTO Office at Global Crossing, where he was responsible for setting and incubating technology direction and developing and managing the suite of SIP Trunking services.   

11:10-11:55 AM
Panel: Data Privacy and Data Security Trends for the Future
Facilitated by Erik Avakian, Chief Information Security Officer, Commonwealth of PA

Karen Handelsman Moore

Chief Compliance Officer
Unisys

Speaker Biography: Karen Moore is the Chief Compliance and Privacy Officer at Unisys, a global technology service and solutions company (NYSE: UIS).  Reporting to the General Counsel and to the Board Audit & Finance and Security & Risk Committees, she is responsible for the design and implementation of the company’s global compliance program and charged with oversight of the Unisys cross-functional privacy program.   Currently based in the Washington DC metro area, Mrs. Moore has also lived and worked in Moscow, Russia, and Lausanne, Switzerland. 

A member of the NY bar, Mrs. Moore started her law career as a judicial clerk at the US Court of International trade, after which she spent several years in private practice with the global law firm, Baker & McKenzie.  She then held various in house positions with Philip Morris International, NASDAQ and Inchcape Shipping Services before joining Unisys in June 2019.  A frequent speaker and university lecturer on data privacy and corporate compliance and ethics, Mrs. Moore holds a BA from Middlebury College, a JD from Emory University, and a certificate of European legal studies from Leiden University in the Netherlands. 

Josh Drumwright

Senior Manager
Deloitte

Speaker Biography: Josh Drumwright is a senior manager in Deloitte & Touche LLP’s cyber practice, where he leads privacy and data ethics efforts for government and public sector clients. With over 17 years of cyber risk, internal audit, and management consulting experience, Josh focuses on transforming cyber practices to better accomplish business objectives. He is regularly involved in helping clients and our account teams address privacy and data protection, cyber strategy & governance and IT risk management challenges.  

Josh’s project work has included leading the program management office for a retailer’s payment system redesign, guiding executives through evaluation and redesign of cybersecurity functions and processes (e.g. assessment and authorization / risk management processes), automating continuous monitoring processes, coaching executives through messaging for cyber breaches, developing strategies for addressing privacy challenges with global expansion, and supporting White House working groups for protection of electronic medical records. He has also led numerous other project initiatives in IT risk management, records management, application security and controls, cybersecurity, corporate governance, and executive education. 

Josh received a Bachelor of Science in business information technology from Virginia Tech. He is also a Certified Information Systems Security Professional (CISSP), Certified Information Privacy Professional (CIPP/US&G), Certified Information Systems Auditor (CISA), and previously qualified as a Payment Card Industry Qualified Security Assessor (PCI-QSA).  

Brian Zimmer

Solution Director National Security
ePlus

Speaker Biography: Brian Zimmer is the Global Solutions Director for ePlus Security, a $2b, multi-practice integrator with offices in the US, Britain, EU & Asia.  Brian brings 22 years of Information Security experience to his current role where he helps guide the go-to-market strategy of ePlus across its product & services portfolio. 

Brian has had a number of roles during his career including: Systems Administrator, UC Security Engineer and Consultant, Active Directory Security Architect, Sr. Global Incident Responder, Enterprise Security Architect, Consultant & Architect across the global NGO and Fortune 100, and Principal Architect for Data Security and Privacy. 

Brian holds number of industry certifications and has long been passionate about global security and privacy. 

11:55- 12:00 PM
Closing

Charles Gerhards

Government Technology Institute Executive Director
Harrisburg University of Science and Technology