Mike Villegas

Mike Villegas

CISA, CISSP, CSX|F, CSX|A CDPSE, ISO/IEC 27001 Lead Implementer

Mike is founder of iSecurePrivacy, LLC a cybersecurity consulting firm in Southern California. Mike was previously Director of Information Security at Newegg, Inc. for five years. Mike was a Contributing Writer for SearchSecurity.com - TechTarget with over 150 articles. He has over 35 years of Information Systems security and IT audit experience. Mike was previously Vice President & Technology Risk Manager for Wells Fargo Services responsible for IT Regulatory Compliance and was previously a partner at Arthur Andersen and Ernst & Young for their information systems security and IS audit groups over a span of nine years. Mike was president of the LA ISACA Chapter during 2010-2012 and president of the SF ISACA Chapter during 2005-2006. He was the SF Fall Conference Co-Chair from 2002–2007 and also served two years as Vice President on the Board of Directors for ISACA International. He is a CISA, CISSP, CSX|F, CSX|A. PCI-QSA, PA-QSA, SSF SSA. SSF SSLCA, and ISO/IEC Lead Implementer. Mike is Certification Chair for the ISACA LA Chapter and has taught CISA review courses for over 25 years.

All Sessions by Mike Villegas

Cybersecurity Maturity Model Certification (CMMC) - 2025 and Beyond September 15, 2023
11:55 am - 12:45 pm

CCPA/CPRA Update and New Cybersecurity/Risk Assessment Requirements

Description:The California Privacy Protection Agency (CPPA), just finished its September 8th board meeting, where it walked through its draft of the Cybersecurity Audits and Risk Assessments Regulations under CPRA. The CCPA is enforced by the California Office of the Attorney General while the CPRA will be enforced by the new California Privacy Protection Agency (CPPA) with full investigative, enforcement, and rulemaking authority. This session will cover the CCPA and CPRA privacy laws, provide an update on the recent CPPA Board Meeting, and review the new Cybersecurity Audits and Risk Assessments annual requirements. Under the CCPA rights include access, consent, equality, deletion, and portability. Under the CPRA new rights include the right to correct; opt-out of automated decision-making; access to information about automated decision making; and the right to restrict the use of sensitive PI. CCPA/CPRA was to be enforceable by January 1, 2023, then it got extended to July 1, 2023. Following a California Chamber of Commerce lawsuit, a Superior Court of California judge has delayed enforcement of the California Privacy Rights Act (CPRA) regulations until March 29, 2024. We will discuss what it means and whether you are ready for CCPA/CPRA.