Nota Bene Episode 93: Navigating the New Global Cybersecurity Compliance Landscape with Scott Giordano
Multinational companies face unique challenges when it comes to cybersecurity and privacy regulation compliance, especially those doing business in the European Union. Joining us to share his insight on how to best navigate global cybersecurity and privacy regulations is Spirion Vice President and Senior Counsel for Policy and Compliance, Scott Giordano.
Spirion is a data privacy and security company that builds and delivers data discovery and classification solutions. Spirion is a data privacy and security company that builds and delivers data discovery and classification solutions. Scott Giordano is an attorney with more 20 years of legal, technology, and risk management consulting experience. A subject matter expert on multinational data protection and its intersection with technology, export compliance, internal investigations, information governance, and risk management, he currently serves as Senior Counsel for Privacy and Compliance at Spirion, a leader in rapid identification and protection of sensitive data.
What We Discuss in This Episode:
- What are the two sectors that fall under the data protection umbrella?
- Why do the various sectors and industries in the U.S. have much greater control of privacy regulations?
- Along with federalism, do states have their own authority to create rules regarding cybersecurity and privacy?
- How is it that the European Union is able to move forward with cohesive regulation and the U.S. is unable to so as easily?
- What are the three elements that security and privacy regulations passed by the various U.S. states have in common?
- How are stakeholders coming together in the U.S. to move cohesive regulation forward?
- What is the difference between rights-based vs. risk-based regimes?
- How does the recently issued Shrems II decision affect data protection?
- What is the root of the divergence between the U.S. and the European Union intelligence establishments?
- How should a multinational company navigate the current privacy laws?