Data Protection, Privacy, and Controls Conference

Date and Time

The conference will be held on January 22, 2026 from 8:30 am to 12:30 pm.

Add this event to your calendar using the Add to Calendar link at the bottom of the page.

Virtual Event

The conference will be held using Zoom.

Prior to the event, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.

Pricing

The fee for GWDC Members is $10 for the conference.
The fee for all other registrants is $30 for the conference.

To become a member and take advantage of the member rate for our events, among other benefits, join ISACA and select the Greater Washington D.C. Chapter as your local chapter.

Event Policies

Cancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system by the date registration closes. Refunds vary depending on the date of cancellation and cost of the event. See ISACA GWDC Event Policies for details.

The GWDC welcomes your comments, complaints, suggestions, questions, and other feedback concerning our website information and services.
All complaints should be submitted through the Registration Contact Form.

AI Trust – Quality, Sensitivity, and Governance

Presenter: Dr. James Barker (BigEye)

The world is excited over the abilities of AI. But, Agents, Advisors, and Assistants all need quality data that is trusted and classified in order to be shared. Privacy professionals battle for the attention, budget, and priority of leadership but with the explosion of AI a reset is needed. Teams across a firm need to work to bring together the needs of data quality, data privacy, and data security to certify the use of data for AI.

In this session, the idea of AI Trust will be examined, surfaced, described, and direction will be provided in a manner to help privacy professionals educate leadership and stakeholders to build the case for the time, talent, and treasure of their organizations. This session will help set the stage for investment for success by discussing the need for information privacy and considering the idea of data sensitivity as it relates to privacy for AI. In addition we will diagram the role of data quality, and the role of data security and governance of data for AI or CAID (Certified AI Data).

Join us in this session to help establish the privacy and security stage for AI.

Managing Data Privacy and Other Risks in AI Agents

Presenter: Tanya Baccam (SANS)

AI agents ‐ autonomous or semi-autonomous systems capable of initiating actions, making decisions, and interacting with enterprise data ‐ are rapidly transforming operational models across the private sector, government agencies, and higher-education institutions. Their capabilities can introduce substantial efficiency and analytical value, but they also can generate complex privacy, security, and compliance risks that exceed those of traditional AI tools. As organizations accelerate adoption, internal audit, cybersecurity, privacy, and risk management functions must adapt their assurance approaches to ensure safe, accountable deployment. This session equips auditors and governance leaders with methodologies to assess and manage AI agent risks in environments where sensitive, regulated, and mission-critical data is pervasive. Leveraging extensive real-world expertise in AI governance, cybersecurity, privacy engineering, and assurance disciplines, the session will address how to:

• Evaluate the privacy and security risks inherent to AI agents.
• Align AI agent governance with established regulatory and assurance frameworks – such as NIST AI RMF, NIST CSF 2.0 Governance Function, COBIT, ISO/IEC 27001, FERPA, HIPAA, – to provide cohesive, auditable control structures across industries.
• Assess AI agent integration within business, government, and university workflows.
• Design actionable audit procedures for AI agents.

Participants will leave with repeatable approaches to governing and auditing AI agents, enabling them to support secure and ethical AI adoption while meeting escalating expectations from regulators, boards, and executive leadership.

Your Car’s Hidden Passengers: Companies, Cops, and Criminals. Retake Control

Presenters: Mike Pedrick, Merry Marwig (Privacy4Cars), and Justin Pollard

Not your grandparents’ Oldsmobile ‐ from integration with our smartphones to voice assistants to autonomous driving functionality, today’s automotive products are more connected to the world around us than ever. With added convenience comes some interesting challenges to consumer privacy. In this panel, two and a half car enthusiasts, two privacy professionals, and three data nerds will unpack the world of Connected Cars, including the state of technology, the effect of increasing regulatory pressures, and most importantly, what YOU can do to manage risk in this ever-changing landscape.

Data Protection for the Future: Threat Focused Data Protection, Data Handling Best Practices and Thoughts on Protecting Data in an Era of Growing AI and Quantum Computing Capabilities

Presenter: Kevin Garvey (SANS)

Data is the currency of companies worldwide. Protecting data has always been a challenge to companies and the rise of AI and concerns about Quantum continue to be talked about in alignment to data security. Protecting data requires administrative and technical controls to provide a level of comfort to senior leaders that their companies’ data is being protected. In this talk, thoughts about how to have a threat-based view will be discussed, best practices on handling data in organization from an administrative and technical perspective, and what all leaders should know about when thinking of new AI and Quantum cybersecurity risks against their data.

Dr. James Barker
Director of Professional Services @ BigEye

Dr. James M Barker has over three decades of experience in AI and Data. Jim currently serves as the Director of Professional Services at Bigeye, where he leads professional services and champions data literacy, governance, and operational efficiency powered by AI. Collaborating with cross-functional teams, Jim helps businesses adopt robust DataOps frameworks to drive measurable outcomes, leveraging proven methodologies and innovative approaches to data management. He is singularly focused on introducing and expanding Data Trust in all aspects of data including AI, Analytics, Operations Management, Data Quality, Data Privacy, Data Security, Compliance, and DataOps.

Dr. Barker’s career spans consulting, data strategy, and digital transformation across a wide variety of industries including health care, manufacturing, finance, and oil & gas. His experiences at Best Buy originated the system use of Gamification and Market Basket Analysis. At Thomson Legal & Regulatory (Thomson-Reuters) his team was one of the first to put Big Data into practice. The professional Services team at Informatica expanded the use of Data Quality and built the Velocity Data Migration Methodology which was further enhanced with data governance at Honeywell. The Honeywell data and data governance council originated the ‘House of Data’ to include aspects of data quality, data privacy, data security, and standards for operational efficiency.

At Bigeye, he focuses on empowering organizations to treat data as a strategic asset, fostering data enablement and literacy at scale. His mission is to improve data quality and governance processes while advancing industry-wide adoption of cutting-edge solutions in data observability and AI-driven insights.

Tanya Baccam
Senior Instructor & Faculty Research Advisor @ SANS
CPA, GIAC GPPA, GIAC GCIH, CISSP, CISM, CISA, CITP, and OCP DBA

Tanya is an experienced information security and audit consultant and long-time instructor for SANS. She has consulted with a variety of clients about their cybersecurity and audit controls. She regularly conducts IT audits, cybersecurity assessments, web application penetration testing and issues SOC 2 reports. She regularly consults in areas such as system audits, web server security, web application security, risk assessments, penetration testing, database security, and network infrastructure design. She has played an integral role in developing multiple business applications in roles ranging from the Director of Assurance Services for a security services consulting firm, the Manager of Infrastructure Security for a healthcare organization, and as a Manager at Deloitte in the Security Services practice. Tanya is also a faculty member of the SANS Technology Institute, an NSA Center of Academic Excellence in Cyber Defense and multiple winner of the National Cyber League competition. She currently holds CPA, GIAC GPPA, GIAC GCIH, CISSP, CISM, CISA, CITP, and OCP DBA certifications.

Mike Pedrick

Mike Pedrick has been on both sides of the IT, IS, and GRC consulting/client table for more than 20 years. A doggedly client-focused program leadership advisor, mentor, and trainer for organizations including ISACA, as well as a Chapter Board member for the same, Mike has been building consulting programs and helping clients of all sizes across several industries navigate the troubled waters of risk management, cybersecurity, and business enablement.

Merry Marwig
Privacy4Cars
FIP, CIPP/US, CIPM

Merry Marwig is a pro-consumer, pro-business privacy advocate who is optimistic about what data privacy rights mean for everyday people’and for the companies they do business with. At Privacy4Cars ‘ the world’s leading authority on vehicle privacy and data security ‐ she helps protect driver and passengers’ personal data while creating business opportunities for automotive companies. Merry holds three IAPP certifications (FIP, CIPP/US, CIPM), is certified in Logical AI Governance, and earned a master’s degree from the University of Illinois at Urbana-Champaign.

Justin Pollard

Justin Pollard has been a leader in data and analytics for more than 15 years. An advocate for leveraging data with purpose, his consumer-first approach to solving complex business problems has consistently proven that driving value and respecting consumer privacy are not mutually exclusive. Justin has enabled companies in industries including healthcare, hospitality, media, and more to build data programs where decisions and value come together.

Kevin Garvey
Certified Instructor @ SANS

Kevin Garvey is a certified SANS Instructor and teaches about data protection, privacy and controls worldwide as part of the SANS LDR (Leadership) 512 course. Previously, Kevin was the Director of Governance, Risk and Compliance at CLS Bank, an international bank responsible for FX settlement based in New York City. Additionally, Kevin previously headed Security Operations for CLS with responsibility for overseeing incident response, vulnerability management, cyber threat intelligence, and the security operations center (SOC). Previously, Kevin was the manager of Threat Management and Incident Response at WarnerMedia. Previous cybersecurity experience included his time at New York Power Authority and JP Morgan. Kevin has always had a passion to hunt down the adversary and has loved tackling the risk and threat challenges his responsibilities have thrown at him. Kevin teaches SANSLDR512: Security Leadership Essentials for Managers

Poll Questions

Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits. The GWDC will not be responsible for the participant’s inability to respond to the polls.

CPE Distribution and Evaluation Survey

CPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit.

Learning Objective

After attending this event, attendees will learn about current and future trends in the data security and privacy space.

CPE-Related Details

• Prerequisites: None
• Advance Preparation: None
• Program Knowledge Level: Basic
• Delivery Method:  Group Internet Based
• Field of Study:  Information Technology – Technical