Glenn M.
Overland ParkKS

Privacy Compliance Advisor & Program Implementation Specialist

CURRENT AVAILABILITY INFO My availability is limited to very short-scope consultations on specific questions Upwork clients may have about data protection or financial services compliance requirements. I'm open to short calls to discuss your needs prior to engaging, but actual consultation projects involve a two-hour minimum of my time. I am especially interested in engaging with clients who are taking proactive steps to pull together governance programs for their development and uses of artificial intelligence (AI), machine learning, large language models, etc., and are potentially interested in applying the new NIST AI Risk Management Framework to such efforts. THE SHORT STORY My core work is helping people create or evolve their information security, personal data privacy, and ethical data use compliance programs. I can help you create specific regulation roadmaps and get to your desired final destinations for them. We can accomplish this together through either having me lead and do the overall work for you or having me mentor your internal resources through doing the work. The more active participation we have from your own internal resources, the stronger your internal AI usage and governance, privacy, and security functions will be. And you will carry on with even more long-term value from our project work together. One unique skill I can provide is helping you maximize the efficiency of your legal counsel budget. Throughout my career, I have served as a translator between technology/operations areas and attorneys, both in-house and outside counsel. People often "overhire" attorneys to do things that do not require an attorney, because they don't know any other solution to their problem. I can make your attorney legal review of documents go more quickly, and to help you better understand what your attorneys are advising in terms of operational impact of your compliance work. THE DETAILS For the last several years, a majority of my work has been on GPDR and CCPA. But I also continue to work on HIPAA for healthcare covered entities and their business associates, and helping companies from all kinds of industries prepare for SOC 2 (and even the newer SOC 3) audits. I have focused a lot of attention on helping my existing clients understand and prepare for Brazil's LGPD--by applying all my past privacy experience and a basic fluency with Portuguese to support that work--and the NIST Privacy Framework. Now, of course, I monitor a lot of the US state-to-state expansions of CCPA-like state privacy laws. And I am currently working through being able to fully support clients in making use of the new NIST Artificial Intelligence (AI) Risk Management Framework. DOCUMENTATION The policy and procedure, notice, communications templates, etc., etc. that are necessary outcomes of this work are the things I love to do, and that brought me into this work from my former career in IT documentation and help systems. For any of your date ethics, privacy, and security policies and procedures documentation needs, I can produce documentation that is fully customized to your business needs very quickly, based on a large library of my own starting-point content and other open-source materials. ASSESSMENTS & EVIDENCE When you have an existing data protection program, helping you comply with specific laws and regulations includes doing all kinds of assessments and creating evidence of compliance. This includes a variety of privacy-oriented assessments and all those vendor security questionnaires you may be getting. I can help you with those things whether you have a mature program or are simply trying to respond to a client questionnaire. And if you are new to all of this, and are simply trying to meet an urgent client demand, we can use the response process to help you initiate the formal AI, privacy, and security governance program you are likely needing. TOOLS CREATION Some of the specific things I can help you accomplish to meet your privacy (and AI governance or security) compliance needs: Create custom SharePoint compliance tools and sites (where you can track documentation, store and report on compliance evidence, manage training, manage vendors, manage data inventories & data subject requests), create custom e-learning training courses using Articulate 360 (including both Storyline and the rapid-development approach of Articulate Rise 360), and delivering live training and privacy/security compliance mentorship of your staff. DISCLAIMER: I am not an attorney. I just have lots of experience working with attorneys in various capacities. If you have potentially experienced some kind of compliance or data breach, I would advise that you first seek legal counsel and then consider involving a consultant or other contractor like me under the direction of your legal counsel. This is the best means of protecting your right to privileged communications.
Work history

Glenn M. has more jobs. Create an account to review them
Skills

Skills

  • Certified Information Privacy Technologist
  • Privacy Law
  • Corporate Governance
  • Information Security Governance
  • GDPR
  • Policy Writing
  • Company Policy
  • Data Privacy