How Many Standards are Enough to Build a Privacy Program? | IAPP Global Privacy Summit 2025
Dylan Gilbert, Privacy Policy Advisor, Privacy Framework Lead, National Institute of Standards and Technology
Janelle Hsia, CIPP/E, CIPP/US, CIPM, CIPT, President, Founder, Privacy SWAN Consulting
Mark Lundin, CIPP/E, CIPP/US, CIPM, Partner - Cloud, Security and Privacy Assurance, BDO USA
John Wunderlich, CIPP/C, CIPM, FIP, Chief Privacy Officer, JLINC Labs; Privacy Consultant, John Wunderlich & Associates
As global privacy laws and regulations get more complex, companies look to standards and voluntary guidelines to structure their privacy programs and streamline compliance. These resources are beneficial to help companies and institutions create a framework which reduces costs by designing just once for many situations. Standards are also useful to help companies and institutions measure the results of their privacy programs and improve privacy risk mitigation. There are broad standards and voluntary guidelines from organizations like IEEE, ISO, IEC, and NIST, plus there are targeted standards from the OECD, Kantara Initiative, and IOPD. But understanding which standard to use for which situation can be confusing. For example, if a security program is using the NIST Cybersecurity Framework, should it adopt the NIST Privacy Framework or ISO/IEC 27701? With all the different options, this panel will explain the standards and voluntary guidelines to help select the right one(s) for a business or institution.
What you will learn:
The ecosystem of standards and learn how standards can help establish or improve your privacy program.
The difference between a conformance standard and a nonconformance standard and learn tips to customize the standards for your particular business purpose.
The right questions to ask your security and compliance teams so the privacy program is using the best standard for your company or institution.
Audience: Intermediate