Privacy SIG

Mission:
This group is dedicated to providing privacy relevant topics to security professionals through thought leadership and a knowledge-sharing platform. The Privacy SIG will host monthly webinars related to timely privacy-related information, privacy engineering and the implementation of technical strategies and tactics that help to preserve system functionality and prevent privacy violations.

Goal:
Help the community understand the differences and similarities between privacy and security and how to leverage synergy and collaboration while bringing privacy to security professionals in a non-legal way. We also want to create and support local chapter Privacy SIGs.

>> Interested in submitting a suggestion for an upcoming webinar, provide it here: ISSA Privacy SIG - Call for Papers

>> Interested in volunteering, register here: ISSA Privacy SIG - Volunteer Sign-Up

Leadership:

Loretta Dennison

Loretta has a Master’s Degree in Technology Management from Georgetown University. Throughout her career she has been involved in the handling of information whether as a communications executive in radio, television, or domestic syndication. In her current role, Loretta serves as a Privacy Attorney where she collaborates with business units at the Federal level to ensure the successful integration of privacy considerations in the appropriate business operations and IT systems. In addition to being an ISSA Privacy Sig Tri-Chair member, Loretta serves on the Board of Directors of the ISSA National Capital Chapter. 

Robert Graham

Robert helps business and application stakeholders keep their data safe by designing, engineering, and consulting on cybersecurity. With 20 years in the industry, there are few areas of cybersecurity where Robert doesn't have at least a working knowledge of the material. Starting in networking and network security, later acting as an SME for IPS at Check Point, Robert then moved to Daimler/Mercedes and got into threat modeling and cybersecurity organizational management, where strengths in cybersecurity business processes were developed.

Events

• 11.18.2025 - How to Protect Yourself From People Like Me
• 06.17.2025 - ISSA Privacy SIG Virtual Town Hall
• 05.20.2025 - Safety Nets for Artificial Intelligence Risk Management Failures
• No webinars for the month of April
• 03.18.2025 - Why AI Needs Its Own Risk Management Policies and Processes
• 02.18.2025 - Privacy for the People by the People
• 01.21.2025 - A CISO Guide to AI and Privacy
• 12.17.2024 - Privacy & Security: Different But Equal and Why They Need to Work Together
• 11.19.2024 - Privacy is About More Than Just Regulation
• 10.15.2024 - Privacy for the People by the People
• 09.17.2024 - Privacy Standards and Certifications
• 08.20.2024 - Assessing Your Cloud Service Providers: Impact of Security and Privacy in the Cloud
• 07.16.2024 - Privacy Compliance and the Importance of Due Diligence: Redefining Privacy
• 06.18.2024 - Data Privacy Framework Program
• 05.21.2024 - Privacy SIG: Similarities and differences between GDPR and Data Privacy in the Caribbean
• 04.16.2024 - “Trust me – I’m an AI”: Why explainable AI is important
• 03.19.2024 - 50 Shades of Data
• 02.20.2024 - Cybersecurity considerations for AI: comparing U.S. and EU approaches
• 01.16.2024 - Staying Ahead of the SEC Cyber Amendments
• 12.19.2023 - Building a Responsible AI Culture
• 11.21.2023 - Privacy by Design: More than just a catchy phrase!
• 10.17.2023 - Challenges and Opportunities in Implementing Privacy By Design in the Caribbean – The Jamaica Data Protection Act 2020 as a Case Study
• 09.19.2023 - How to address privacy needs across the AI tech stack
• 06.20.2023 - Privacy Operations: What’s on the horizon in the US
• 5.16.2023 - Developments in Europe from the Data Protection perspective: data sharing with trust
• 03.21.2023 - Emerging trends in data protection in Africa
• 02.21.2023 - Listen to me! Global Privacy Control (GPC) and consumer preference
• 01.17.2023 - President Biden’s Executive Order on U.S. Signals Intelligence Activities for EU-U.S. Data Transfers: Is it Adequate for the EU?
• 12.20.2022 - Privacy SIG: The Science of Privacy
• 10.18.2022 - IEEE Standard P7002- Data Privacy Process
• 09.20.2022 - Standards, Frameworks, and Certification, oh my!
• 08.16.2022 - Privacy SIG: Operationalising Privacy in Small & Mid-Sized Organizations
• 07.19.2022 - Privacy SIG: Co-existence of Facial Recognition, AI, and Privacy
• 06.21.2022 - Privacy SIG Series: Nuances of Privacy Incident Response Management
• 05.17.2022 - Privacy SIG Series: Sharing insights without leaking personal data: an introduction to differential privacy
• 03.08.2022 - ISSA Privacy Special Interest Group: Birds of a Feather
• 01.25.2022 - Privacy and the “Law of Everything”
• 12.14.2021 - Privacy SIG Series: Highlighting NIST Privacy and Cybersecurity Workforce Initiatives
• 11.16.2021 - Privacy of sensitive information and public health
• 10.19.2021 - Can I trust anyone to safeguard my privacy?
• 09.21.2021 - A Delicate Balance: When Security and Privacy Want Opposite Things
• 08.17.2021 - How nascent privacy-tech supports operations while preserving confidentiality
• 06.15.2021 - Why Privacy (usually) Needs Anonymity
• 06.03.2021 - Data Privacy: A World of Opportunities
• 05.18.2021 - Secure Multi-Party Computations
• 04.20.2021 - Taking Responsibility for Someone Else's Code: Studying the Privacy Behaviors of Mobile Apps at Scale
• 03.16.2021 - ISO 27701 versus NIST Privacy Framework
• 02.16.2021 - Birth of Privacy Design Strategies
• 01.19.2021 - Pseudonymization vs. Encryption: Fight!
• 12.17.2020 - User-Centric Privacy: Designing Effective Protections that Meet Users’ Needs
• 09.17.2020 - Quantitative risk with FAIR (Security and Privacy)
• 08.19.2020 - The Osano Data Privacy and Data Breach Link
• 07.15.2020 - Top Reopening Considerations: Back to Business with a Privacy & Security Approach
• 06.25.2020 - What happens next? - Privacy and Security Considerations Post-Public Health Emergency – Announce Privacy SIG

Tools

• Firefox. Protect your life online with privacy-first products
• Brave. Browser that blocks ads and website tracking
• DuckDuckGo. Search engine that doesn’t profile its users
• Privacy Badger. Browser extension that analyzes and blocks trackers
• Tresorit. End-to-end encrypted cloud storage for business
• Signal. Cross-platform encrypted messaging service
• SpiderOak. Collaboration tool, online backup and file hosting service
• ProtonMail. Free encrypted email
• Password Manager : 1Password, LastPass, Dashlane
• Data Detox Kit. Everyday steps you can take to control your digital privacy, security, and well being in ways that feel right to you.
• Jumbo. Take back control of your data