In the past twelve months, at least nine U.S. states have passed laws mandating the creation and execution of written information security programs (or WISPs) by businesses and more are likely to follow suit during this legislative session. Some have also mandated the creation of policies with respect to the secure destruction of personal data, while others have added the requirement of cybersecurity risk assessments.
Federal government agencies already demand WISPs under several statutes and the EU General Data Protection Regulation (GDPR) requires them for cross-border data transfers. This expanding requirement for WISPs raises several questions:
What should go into one?
How long should it be?
How is it different that a security policy?
Does Legal need to approve it?
In this webinar, data protection industry veterans will offer their perspective on the need for WISPs. Takeaways include:
Which jurisdictions require WISPs and which are considering them
WISP contents and best practices
How WISPs relate to your other policies
Who should attend: Information security and cyber security, CIOs, CISOs, Data Protection Officers, Information Security Directors, Staff Attorneys, Compliance, and Security Auditors.