top of page

ROCKIN WITH DATA PRIVACY

BUILDING A DATA PRIVACY PROGRAM

About

​

Peter Gallinari is a seasoned professional with over 48 years of experience in Information Technology, including more than 30 years in leadership roles specializing in Data Privacy, Cybersecurity, and Compliance. He possesses extensive industry expertise across the financial services, healthcare, and government sectors.

Throughout his distinguished career, Peter has held several high-profile positions, including:

​​

  • Chief Data Privacy Officer for the State of Tennessee

  • Domain Information Security Officer for the State of Tennessee

  • Former Chief Security Officer at GE Capital and GE IT Director of Operations

  • Chief Security Officer overseeing security for three hospitals in New York

  • Assistant Vice President (AVP) of Delivery Services at Merrill Lynch

 

Currently, Peter serves as the Data Privacy Program Manager for the State of North Carolina, where he brings his deep knowledge of regulatory compliance, including frameworks such as GLBA, SOX, HIPAA, FERPA, FTI, CJIS, SSA, and the EU GDPR, along with PCI compliance for commercial operations.

​

Peter is a recognized subject matter expert in cloud compliance and governance solutions and a frequent keynote speaker at Data Privacy and Cybersecurity conferences for both public and private sectors. His insights and leadership have been instrumental in driving secure and compliant management of sensitive data in complex, high-stakes environments. Additionally, he serves on the state’s AI/GenAI committee, working to establish robust guardrails for the privacy of state data—a role he has held since his tenure as the former Data Privacy Officer for the State of Tennessee.

Mission

In an increasingly digital world, organizations along with state government handles vast amounts of sensitive data. Building a robust data privacy program is crucial to protect this information and maintain public trust. I will outline the key steps in building a data privacy program and highlight the risks of not having one in place, along with understanding how privacy differs from the private and public sectors. It's not all about the legal components of data privacy to have a successful program, but understanding how to operationalize the program across your landscape which is essential. 

Vision

In the data privacy industry, we’re often overwhelmed by the sheer volume of information on this topic. There are countless industry, educational, and professional resources available, offering valuable guidance—sometimes to the point of information overload.

​

I felt it was the right time to consolidate this wealth of knowledge, combining it with my own industry experience, to create a concise reference guide. This resource is designed to support your efforts toward building ‘Data Privacy Awareness’ within your organization. No matter your level of expertise, you’ll find the content practical and beneficial.

​

 

It is important to note that privacy practices and requirements may vary based on specific state laws, regulations, and organizational structures. Therefore, it is crucial for state government agencies and private business to use what is essential to their business, and as always consult legal and privacy experts to ensure compliance with applicable laws and regulations.

FUNDAMENTAL COMPONENTS OF A DATA PRIVACY PROGRAM

My intent is to share the detail on these items on the left.

​

​

​

If there is a particular area that you would like more information on, please contact me from my contact page. 

​

IS DATA PRIVACY JUST ABOUT LEGAL AND CYBERSECURITY? 

Remember, the legal team plays a crucial role in ensuring compliance with the handling, use, storage, dissemination, sharing, and access of data within your organization.

​

To effectively support legal in data privacy compliance, it's essential to have a structured process and dedicated personnel on the data privacy team to manage the program from an operational standpoint. This role is critical for the program's success and is distinct from legal responsibilities. The legal team typically focuses on navigating new laws and policies, so they rely on operational support to carry out the day-to-day implementation of data privacy practices.

​

The operational/technical leader in data privacy will drive the program across the organization, focusing on:

  • Providing privacy awareness and training,

  • Conducting Privacy Impact Assessments (PIAs),

  • Monitoring compliance,

  • Managing risk,

  • Responding to incidents and working with legal on remediation,

  • Documenting and reporting metrics.

This leader ensures that privacy practices are consistently applied, relieving the legal team of operational duties and enabling a more comprehensive, compliant approach to data management.

Look forward to other discussions in the areas of:

  • Risks of not have a privacy program

  • Effectiveness of guardrails around your Ai infrastructure

  • How data privacy may differ in the private and public sectors

  • How the Data Privacy Officer works with your Chief Security Officer 

​

​

“Data Privacy is a matter of trust. Our citizens/consumers are expecting us to do the right thing with their data.”

“By providing a service that focuses on a strong value of trust, we will build a reputation that demonstrates our integrity and how we value and respect our citizens/consumers privacy.”

 - Peter Gallinari

bottom of page