Agenda
-
A dive into the legal and legislative landscape for tech leaders. A primer on laws like PIPEDA, GDPR, CCPA, the CLOUD Act, and the interrelationships across jurisdictions. We'll cover high-level cross-border implications for Canadian companies, enforcement trends, and impacts.
-
Short coffee and comfort break
-
Mapping security maturity to privacy requirements using OWASP SAMM. Data classification and inventories, Privacy, Business, and Security Impact Assessments for product, and company assessments using NIST PF and CSF.
-
Lunch break!
-
Consent management systems and the implementation of consent in apps (including offline and other fringe scenarios). Individual rights automation requirements within products, and the relationship between B2B and B2C. Cross-border transfer mechanisms, Bring Your Own Key, encryption, and data sovereignty. Pseudonymization vs Anonymization. Vendor Risk Assessments. Age verification and Child Protection.
-
Coffee and comfort break
-
The surprise obligations that hit you when you least expect them! Data Processing Agreements, contractual obligations that are invisible to development, and sales teams selling non-existent features.
-
Testing integration and incorporating privacy validation. Breach detection and response. Audit trails and logging. DMZs and Remote Access. Tabletop exercises.
-
Conducting maturity assessments and assessing current capabilities. Prioritization matrices for development issues. Resource planning and budgeting. Executive communications and presenting privacy for investment.
-
Key insights, shared resources and templates, evaluation and feedback.
What to Expect from the MasterClass
Premium professional development with specialized expertise
Comprehensive curriculum covering multiple jurisdictions
Expert-led instruction from a seasoned credentialed professional
Practical frameworks that align with existing and familiar Dev approaches
Take-away practical and instant-use implementation tools and templates
Follow-up 1 hour consultation session post-workshop
FAQs
-
No, you do not need a background in PrivSec. You will need an established knowledge of your own business practices and a functional understanding of cyber security practices.
-
No, this masterclass is run as a completely tech agnostic event. There will be no product pushes from manufacturers, only recommendations of known tools to suit particular situations.
-
Ross hails from a technical background, but has studied paralegal practices and privacy legislation in order to translate legal requirements. He has served as a translator between technical and legal teams for over a decade. This masterclass is focused on technical practicality!
-
Absolutely not! The point is to be practical with useful takeaways. Each session will have practical material, activities, and templates that can be taken back and implemented immediately.
Ross Saunders
Nerd with Trust Issues
Ross is a technology and privacy specialist with over 20 years of experience navigating the complex intersection of innovation, governance, and cybersecurity.
With a background in Software-as-a-Service and more than a decade dedicated to governance consulting in privacy and security, Ross has helped organizations translate regulatory requirements into actionable strategies. He is a passionate advocate for consumer cybersecurity and privacy rights, known for making even the most complex topics accessible and engaging.
In the technical world, Ross has moved through the ranks in roles including desktop support, third-line software support, DevOps, software development, product management, engineering management, global services management, and most recently Chief Privacy Officer for several SaaS, software, and tech organizations. He has helped build practical privacy programs for organizations across Canada, India, South Africa, Australia, the EU, and the USA.
Ross holds a Master’s degree in Management of Technology and Innovation (Cum Laude), with an award winning dissertation on the productization of professional services in the audit software industry. He holds a CIPP/E designation in privacy, and certifications in paralegal, software development, and ethical hacking. He is a professional member and past chair (Johannesburg) of the International Association of Privacy Professionals (IAPP), and currently serves on the national board of the Canadian Association of Professional Speakers (CAPS).