Jim Koenig, Dean Forbes, Hershel Eisenberger, Kevin Levine, Hershel Eisenberger
Session Time: Wed, May 6, 2026: 02:30 PM – 03:30 PM
— 10 Practical Implementation Tips Privacy and Cyber Professionals Need to Know Now
With the first CCPA cybersecurity audit period beginning January 1, 2027 — and first certifications due April 1, 2028 — organizations have less than eight months to have their programs operational, documented, and auditable. This panel delivers:
- Requirements. A detailed overview of what the California Privacy Protection Agency actually requires under the CCPA’s mandatory cybersecurity audit rules — including the 18 core components auditors must evaluate
- Multi-Framework Comparison. A side-by-side comparison of those requirements against the frameworks security organizations are already running: CIS Controls v8.1, NIST CSF 2.0, ISO/IEC 27001, NYDFS Part 500, PCI DSS, SOC 2 Type II, and more — so attendees know exactly where their existing programs cover the requirements and where the gaps are
- Industry Roundtable Highlight: a candid roundtable discussion of the 10 most critical implementation tips, drawn from the front lines of real programs already in motion at leading organizations — covering privilege-protected pre-audit assessments, PI data mapping, MFA scope surprises, vulnerability disclosure programs, auditor independence, evidence repository strategies, and the privacy-CISO collaboration this requirement demands
Kyle Levine, Senior Lead, Privacy and Data Protection Office, Google
Hershel Eisenberger, Senior Director, Legal Counsel, Head of Privacy & Data Protection, The Coca-Cola Company
Dean Forbes, Vice President, Associate General Counsel & Chief Privacy Officer, DaVita
Jim Koenig, Partner & Global Co-Leader, Privacy + Cyber + AI Practice Troutman Pepper Locke (moderator)
Reading Materials:
