Evolving Fields

The landscapes for both data privacy and information security are evolving. An organization needs data privacy specialists to ensure appropriate policies and procedures are in place and to keep abreast of regulatory changes that require refinement of those policies and procedures. An organization needs information security specialists who will keep informed concerning technological advancements, and who will continually test the organization’s systems to ensure they remain effective in light of new and evolving cyber threats. As the fields of Data Privacy and Information Security continue to evolve, it is essential for organizations to form an interdisciplinary collaboration between technology experts, legal professionals, policymakers, and privacy advocates.

Relevant Experience

Karen Guerra has the expertise and experience in data privacy and data security that make her an invaluable asset in today’s digital landscape.

• As an attorney, Karen has a strong understanding of data privacy law. She researched, catalogued, and interpreted data privacy law for many jurisdictions, including statutes, regulations, industry guidelines, and civil litigations. She participated in a team effort to develop a comprehensive database of more than 1400 laws, regulations, and standards in the United States and foreign countries. She led a team to create a database of regulatory enforcements and civil actions related to data privacy and data security to catalog legal actions brought where companies failed to meet their legal obligations.
• As a data privacy specialist, Karen has experience drafting policies and procedures related to data privacy and data security issues. She has helped develop risk registers to assist companies assessment of risks associated with their products and practices. She has worked on data inventory and privacy impact assessments. She has reviewed and revised third-party contracts. She has worked on a data breach assessment, helping to analyze a breached database to determine the appropriate regulatory and customer notifications.
• Karen has worked with Information Security teams. Although not a programmer, Karen understands the lingo and effectively worked with programmers in the development of a platform tool for research and access to data privacy enforcement and litigation actions. After gathering documentation from numerous sources related to privacy assessments, artificial intelligence, product impact assessments, information security and cyber security, Karen developed a framework for cataloguing and accessing relevant case law in the platform. She then worked with the platform programmers to implement the enforcement action module.

Throughout her professional career, Karen has been a collaborator, working with people in various fields of expertise. She has effective written and oral communication skills coupled with listening and mediation skills. She has a degree in Finance that equips her with an understanding of budgets, and a company’s need to balance data privacy costs with profitability concerns. She has skills, knowledge, and experience that have enabled her to work with executives, attorneys, managers, system engineers, analysts, and data processors. Karen is dedicated to data privacy issues. She is a Certified Information Privacy Manager (CIPM) certified by the International Association of Privacy Professionals (IAPP), which allows her to stay abreast of this evolving field in today’s digital landscape.