top of page


Understanding, Scaling, and Automating Data Protection Assessments

(IAPP approved for CPE credits)

21st May 2024

Nearly all state privacy laws, like California, Connecticut, Virginia, Montana, and Oregon, mandate that controllers conduct Data Protection Assessments (DPAs). The Colorado Privacy Act goes a step further, specifying the content of the DPAs, and, to further complicate the matter, the draft California regulations may include different requirements.

DPAs are required for any activities that present a "heightened risk of harm" or "significant risk" to consumers' privacy or security. While DPAs are a new and very time-consuming obligation, there is also value in performing these assessments. DPA's provide the opportunity for businesses to get in front of privacy issues before they become problems.

Given the questions and concerns we have received on this topic, we're excited to announce our upcoming webinar, Understanding, Scaling, and Automating Data Protection Assessments, created and hosted by  Priya Keshav and Gregory Szewczyk.

Topics to be covered

  • Top challenges in conducting Data Protection Assessments and how to address them

  • Automation of DPAs

  • Assessing risk and appropriate risk flags for privacy risks

  • Measuring privacy risks using results from the DPAs

Gain the insights of industry experts; Register Now!

This webinar is approved by the IAPP - International Association of Privacy Professionals (IAPP) for Continuing Privacy Education (CPE) Credits.

In February of this year, FTC imposed a $16.5 million fine on Avast for collecting and selling consumer browser data without consent through its Czech subsidiary, Jumpshot. While Avast immediately shut the subsidiary down, the FTC fine and order still applies to Avast, requiring them to make a number of changes.

As businesses, we often rely on and work with third parties for a variety of processes, products, and services. And at times, without realizing it, we can take on some of the risks of the parties we work with. And while we cannot dictate the functioning of another party, it is our responsibility to mitigate and manage risks associated with the third parties we work with.
Understanding the importance of third-party risk management, seasoned privacy professionals Priya Keshav and Kim-An Hernandez will be hosting a webinar on this topic on 17th April 2024.
Key topics to be covered:
  • Third-party risk management best practices
  • Role of privacy in managing third-party risk
  • Auditing and assessing third-party contracts and agreements
  • Assessing third-party practices and services
  • Selecting and onboarding new third parties

This webinar is approved by the IAPP - International Association of Privacy Professionals (IAPP) for Continuing Privacy Education (CPE) Credits.

The EU AI Act is close to being finalized, and California just released the rules for automated decision-making that will regulate the PI used by AI is protected and prevent biases.

Given this unprecedented importance given to AI in the world of privacy, companies are called to ethically and effectively incorporate AI into their privacy programs so that their AI systems and practices avoid noncompliance with the upcoming regulations.


Brought to you by Priya Keshav, CEO of Meru Data, this webinar is geared towards a brighter future, inculcating the importance of ethical AI practices to reshape the business landscape.

Priya enables corporations to identify and proactively manage privacy risks around data. Prior to this, Priya Keshav was the Managing Director of KPMG’s Forensic Technology Services practice in the Southwest U.S. She has more than twenty years of consulting experience in privacy, information governance, cyber-crime response, eDiscovery, and forensics investigations.
Some of the many topics covered in this webinar:
  • Current regulations around AI.
  • Privacy best practices for AI and Machine Learning
  • How to build on existing privacy programs to incorporate AI 
  • Ethical and responsible use of AI
Elevate your business and transform your legacy by joining our exclusive webinar.

This webinar is approved by the International Association of Privacy Professionals (IAPP) for Continuing Privacy Education (CPE) Credits.
No organizational change or process is effective unless it can be tracked and measured effectively. But in today's fast-paced environment, can we automate and track changes and processes?
How can we increase the efficiency of our privacy indicators and KPIs to in turn, affect the overall success of our privacy programs?
Our CEO, Priya Keshav, has created a webinar packed with information and insights on how you can use key privacy metrics and KPIs to track the changes in your business effectively and help you align your business vision with your progress.
Topics to be covered:
  • How metrics can support the need for budget
  • Why metrics are needed to show ROI
  • How to develop and track metrics
  • Different key metrics that can be used
  • How change can be measured and tracked in an automated fashion
This webinar is approved by the International Association of Privacy Professionals (IAPP) for Continuing Privacy Education (CPE) Credits.
The Privacy by Design approach is no longer considered an additional strategy but a requirement laid down by certain regulations.
However, implementing it is not a straightforward process. What are the implementation challenges that companies face? What are approaches that have had success when implementing Privacy by Design? How can Privacy by Design be made sustainable?
Join our webinar, where we will be using our years of experience building and sustaining privacy programs inhouse to share our insights around the practical reality of implementing Privacy by Design in-depth, specifically the solutions that work and the solutions that don't
Topics to be covered
  • The Need for Privacy by Design
  • Implementation challenges
  • Collaboration with engineering teams
  • Effective communication on privacy company-wide
  • Privacy by Design best practices
  • Insights on approaches that work and approaches that don't
  • Building Sustainable Privacy by Design programs
This webinar is approved by the International Association of Privacy Professionals (IAPP) for Continuing Privacy Education (CPE) Credits.

Recent regulatory activity around privacy has a marked focus on cyber security aspects of privacy. The Texas Data Privacy and Security Act (TDPSA - effective July 1, 2024) requires data brokers to implement and maintain a comprehensive written information security program. The Florida privacy law requires companies to conduct and document data protection assessments of specified processing activities involving personal data. Extensive requirements are also specified for these assessments, and companies have an obligation to disclose the assessment if requested by the Florida Attorney General. Most recently, the California Privacy Protection Agency (CPPA) released discussion drafts of regulations they are considering around risk assessment and cybersecurity audit.

What does this trend mean for companies? For consumers? How will your programs need to be updated to comply with these laws?

To find out more, join our webinar, Increased Focus on Cybersecurity in Recent Privacy Laws, with privacy and security experts

October 17th, 2023 | 12:00 PM CST

The My Health My Data Act (MHMDA) was signed into law in April and will largely take effect from 31st March 2024. Complying with this Act requires a deep understanding of its definitions, scope, and impact. MHMDA will regulate the collection, use, sharing, and sale of health-related data. Companies subject to MHMDA will need to prepare as this law potentially requires more effort than other state privacy laws.

During our webinar on the My Health My Data Act, we plan to delve deep into the regulation, focusing on topics such as
  • Introduction to the Act - its scope and why it has been gaining a lot of attention
  • Specifics of the law and how companies can prepare for it
  • How the law differs from HIPAA
  • The impacts of the law on geo-fencing and Ad tech
  • The impact of the privacy right of action and what we can understand from other laws like BIPA that also have the privacy right of action 
Artificial Intelligence (AI) has transformed our lives in many ways. AI offers a promise to provide numerous benefits to society.  But with the increasing use of AI, risks around the use of AI also increase.  As companies embed AI into all their products and services, there are a lot of questions around what data is used and how it is used to train AI models, particularly when the algorithm is used for critical decision-making.

In this webinar, we plan to discuss the intersection of AI and Privacy. 
  • Introduction
  • Privacy Issues arising from use of AI
  • Current privacy laws in the US and in EU
  • How the existing data privacy laws regulate AI 
  • New EU AI Act and other upcoming AI Regulations

Children & Teen Privacy: Tips for Navigating Legal & Regulatory Landscape

June 13th, 2023

Lawmakers and regulators are increasingly focused on children’s privacy and online safety while increasing protections and obligations for teenagers. With the California Age-Appropriate Design Code Act going into effect in 2024 and other legislative changes, businesses will need to understand how to prioritize children’s and teen privacy, understand new developments in children and teen privacy, and implement measures that comply with the applicable regulations while still meeting their business requirements. This webinar intends to inform businesses on how to address this heavy lift.
Our webinar on Children and Teen privacy will cover the following topics : 
  • Upcoming and existing privacy regulations focused on Children and Teen privacy
  • How businesses can prepare for the upcoming regulations and enforcements
  • Incorporating children's privacy measures into existing privacy programs
  • Building a privacy program that both protects the privacy of children and meets business requirements

Privacy Engineering: Moving from legal requirements to implementation

May 17th, 2023

Privacy engineering is a discipline that integrates privacy into the SDLC and operationalizes Privacy by Design (PbD) to deliver privacy outcomes. Privacy Engineering brings together tools (including Privacy-enhancing Technologies) to build systems that respect privacy. These systems embody fundamental data protection principles by minimizing personal data use, maximizing data security, and empowering individuals. Join us for a conversation with Priya Keshav, CEO of Meru Data and Aaron Weller, Leader of HP's Privacy Engineering Center of Excellence around the importance of Privacy Engineering as part of a modern privacy program.  

We will cover topics including: 
- How do we operationalize legal and business requirements around privacy?
- What is Privacy Engineering and PETs?
- How do you build a Privacy Engineering Center of Excellence?
- Why would you need a CoE?

Ad Tech Privacy: Legal and Regulatory Developments

April 11th, 2023

The legal and regulatory privacy landscape is evolving rapidly. The Ad Tech privacy space, in particular, is facing significant compliance and regulatory challenges in light of the recent enactment of comprehensive privacy legislation that regulates Ad Tech and increased regulatory scrutiny and enforcement. As a result, the Ad Tech space is one on which to keep an eye

Our webinar will cover the following topics:
- How recently enacted privacy laws (including U.S. state comprehensive privacy laws) affect the Ad Tech industry
- Notable regulatory developments impacting the Ad Tech industry
- How players in the Ad Tech ecosystem should approach privacy compliance in the wake of recent developments

​​The Essentials on Employee Data Privacy

February 24th, 2023

Employee privacy rights pose unique challenges for US businesses. The ever-changing privacy law landscape is complex and if you don’t have a plan the liability and business interruption can be substantial. This panel will address some of the new requirements stemming from global privacy laws around collecting and processing employee data that every US business needs to know.  

**This course has been approved by the State Bar of Texas for full CLE credit. MCLE stands for Minimum Continuing Legal Education and every active member of the State Bar must complete a minimum of 15 hours of continuing legal education (CLE) during each MCLE compliance year. Our Sponsor ID # is A17268. For an attorney to report your attendance, click on the link, log in, certify that the requested credit is correct, and click submit. ** Link:

Educating Internal Stakeholders and Setting Expectations

January 25th, 2023

Privacy has been at the forefront of business priorities and rightfully so. The privacy forward approach involves numerous complexities, the most important being the need for fundamental change in our data practices.

These changes have to start at the top and persist through to the grass-roots level which calls for accurate and continuous education and communication within the organization.

As we begin the new the year on the right foot, let's focus first on building a practice of appropriate education and communication within the company as this has consistently been the marker of successful change within any organization.

Colorado Privacy Regulations: What Businesses need to know

November 15th, 2022

With the Colorado Privacy Act (CPA) expected to go into effect on July 1, 2023, the state will join the ranks of California and Virginia in terms of privacy legislation. This gives businesses about eight months to get things in order before the law goes into effect.

However, the CPA differs from the other state regulations in certain aspects. The latest draft regulations proposed by the Colorado AG add some complexity around the legal obligations by businesses.

This webinar will focus on helping businesses prepare for the Colorado Privacy Act. If you’re someone who is already compliant with the existing privacy laws or just starting out, join us to learn how you can prepare to achieve timely compliance with the upcoming Colorado regulations.

The end of B2B Exemptions under CCPA: Are you prepared for it?

October 18th, 2022

B2B exemptions under the California Consumer Privacy Act (CCPA) excluded personal information collected in a business-to-business (B2B) context from the scope of the CCPA. However, these exemptions will cease to apply starting January 1, 2023, with the enforcement of the CPRA.
This means companies collecting personal information (PI) of business contacts for providing or receiving a product or service to and from another business will have to comply with the requirements under the CPRA. This goes on to include the PI of workforce members, independent contractors, service providers and other business contacts that was collected to aid in providing or receiving a product or service to and from another business.

InfoGov World 2022

September 27-30, 2022

Priya Keshav, founder and CEO of Meru Data, will speak on “Data Minimization - How to establish a Data Minimization Program” at the InfoGov World Expo & Conference 2022. ​

The 3-D virtual event will be held on September 29 & 30.

CPRA: What Arizona Data Processors Need to Know

September 15th, 2022

Priya Keshav, founder and CEO of Meru Data, will be speaking at the ARMA International & Arizona Chapter Event on “California’s Consumer Privacy Rights Act (CPRA): What Arizona Data Processors Need to Know”. ​

The session will discuss the key takeaways from California Attorney General’s notices to organizations addressing purportedly incomplete or untimely responses to DSARs, incomplete recordkeeping, and deficient consumer notices, and from civil suits alleging causes of action under the CCPA.

Implementing Privacy by Design

August 30th, 2022

Is your privacy program Proactive or Reactive? Is Privacy your default setting? Most importantly, is Privacy embedded into your business practices and IT design? ​

Today's data governance world calls for a 'Privacy by design' approach where Privacy is already a part of the IT architecture of the business, where it is the default setting, and every practice that occurs, does so from a privacy-forward standpoint. ​

Tune into our webinar where Privacy professionals discuss the Privacy by design approach and how it can be implemented for new businesses as well as already existing ones. We will also cover best practices and tips to maintain the approach over the long term

Planning for 2023: Managing across 5 state privacy laws

July 19th, 2022

Are you prepared for 2023? With new privacy laws going into effect in Virginia, Colorado, California, Utah, and Connecticut, what should you be doing now to help ensure timely compliance with these new requirements? ​

Developing a comprehensive, multi-state privacy strategy will be challenging, especially given the fact that some of the requirements for compliance are still under development. The best path for an organization is to implement a strong data privacy foundation with processes and tools that are scalable to adaptable to new regulations. ​

Join us for this webinar as we focus on the new state privacy laws, provide companies with helpful tips to prepare for the new laws before they take effect. We will also discuss what to expect from the rulemaking process.

Preparing for incoming privacy laws: building a Data Minimization program?

May 25th, 2022

Data minimization should be an integral part of an organization's privacy program. Data minimization requires good planning, connecting the dots, and working collaboratively with all relevant stakeholders across the organization. Please join us where we discuss the following:

- Data minimization requirement under CPRA, VCDPA, CPA, and GDPR
- How do you minimize collection?
- Reconciling the requirement to delete for Privacy and Retention Compliance
- Practical examples and use cases on how to plan
- Discuss existing case laws and requirements
- Steps that can lead to a sustainable data minimization program
- Incorporating best practices and lessons learned

MER | The MER Conference 2022

May 10th – 12th, 2022

Priya Keshav, the Founder, and CEO of Meru Data will be speaking on “Rethinking RIM for Data Minimization,
Are You Ready?” at the MER | The MER Conference 2022 | May 10th – 12th.

Join the live session on May 2022.

Privacy Frameworks & Internal Controls- Efficiently scale a privacy program

April 5th,2022

Internal controls are safeguards designed to avoid, detect and minimize risks. Internal Controls are valuable tools. ​

Companies are adopting internal control frameworks to enhance, measure and mature their privacy programs. In this webinar, we will discuss ​
1. Frameworks like ISO or NIST
2. Factors involved in picking the right framework
3. Incorporating privacy-related controls into the control environment
4. Can control enhance your operational efficiency?
5. How to measure the effectiveness and maturity of the program using these frameworks as a guide

AI/ML to Classify and Build Data Intelligence – Design and Approaches

March 2nd, 2022

With the exponential growth incorporating data, there is an increasing need to ensure all sensitive, personal, and business information is properly identified and secured. But it has become difficult for organizations to keep up with this growth in enterprise data and utilize its full potential. Only AI and machine learning technologies offer the ability to detect, map, and categorize sensitive data at an organizational level. However, mapping sensitive information at an enterprise scale requires a solution that is scalable and accurate.

Reasons to attend
- Get acquainted with the types of data classification
- Know how to properly scope and plan for such an effort
- Learn about the capabilities and limitations of such an AI/ML model and how to incorporate appropriate manual controls for successful execution

Effective change management for successful IG and Privacy programs

January 19th, 2022

Join us for a webinar on Effective change management in IG and Privacy programs. Change management is critical for reducing user adoption risks and improving alignment. Done correctly, it leads to greater ownership and accountability across the organization around Privacy. It correlates directly with program success. But despite everyone's understanding, this is critical for success, why is change management so difficult?

Our panel will discuss the three main pillars of change management:

Leadership and Influence: How can you enable leaders in your organization to persuade others to join in the execution of IG programs. How can your existing organization structure be leveraged to influence change?
Negotiation and Persuasion: Be more transparent and engaging during the implementation process. This has a direct impact on user adoption, ROI and ultimately will lead the organization to its IG and Privacy goals. Communicating the “future state” will help people understand areas that will need to change the most.
Tools and techniques needed: Do you have the right tools to introduce change? How will you be able to motivate others and deal with resistance to change? What are some of the emotional elements of change that you need to consider so that your IG and Privacy future state is realized and sustained?

New World
Privacy Pros

December 15th, 2021

We will cover topics like where privacy professionals go to keep themselves informed, areas of specialization that are developing in this space what skills are most sought after, where, and why. ​

- Keeping up with Privacy standards
How can we keep up with new and conflicting privacy compliance standards across the globe? What are some of the sources to stay current How effective are training and certification?
How will the Privacy space evolve ​​
What specializations do we see evolving within the Privacy space? What should Professionals in this area be thinking about to stay current Potentials areas of expertise that are developing: Privacy Law (Country specific), Privacy Engineering, Privacy Tech
Where should Privacy sit within organizations?
What is the ideal model for Privacy – centralized function or distributed/embedded Where is Privacy currently in organizations – Legal, Compliance, Marketing? Which parts of the organizations are hiring today in Privacy?

Gaining Customer Trust In Retail - Incorporating Privacy

November 9th, 2021

Did you know 80% of people are more likely to buy from companies that they believe protect their personal information? Retail companies need to truly understand their consumers in order to both retain and successfully serve them. Can this be done effectively while also ensuring consumer privacy is safeguarded? Deriving value from consumer data and providing privacy protection are not either/or options for companies today. Both are a must for companies to succeed in Retail. Join us for a discussion on how you can proactively build programs to maximize both the value of your consumer data and ensure the privacy protection that consumers expect.

Key themes of the discussion:
- Customer centricity in Retail
- Maximizing data utility without compromising privacy
- Integrating “Privacy by Design” into day-to-day operations and why it’s important
- Can Privacy-enhancing technologies (PETs) help?

Assurance vs.

September 21st, 2021

Rather than continuing to rush forward with implementing a digital transformation strategy, including privacy and security-related issues, organizations actually need to take two steps back to identify critical information management-related gaps before continuing to move forward. The first step is to automate information-related processes in conjunction with information management best practices to establish systematic controls and reporting mechanisms. The second step is to convince stakeholders that the program is effective by demonstrating positive ROI. This workshop discusses how to establish effective information assurance (IA) KPIs to successfully manage and sustain your privacy program from an IA perspective.

InfoGov World Expo! Conference 2021

September 14-17, 2021

Priya Keshav, Founder and CEO of Meru Data, will present "Breaking Down Information Silos with IG Metrics & Transparency".

Learn from these and other educational sessions, only at InfoGov World conference days, September 16 and 17 (IG, RIM, and eDiscovery training happening on September 14 and 15). Don't miss out - register today!

MER | The MER Conference 2021

May 24-27, 2021

Priya Keshav, Founder and CEO of Meru Data, will be speaking on “Implementing Data Minimization Programs at Global Enterprises” at the MER | The MER Conference 2021 | May 24 -27.

She will discuss key foundational elements required for a robust data minimization program and how they should be structured to engage stakeholders across the enterprise. Join the live session on May 25, 9:00 AM – 10:00 AM CDT.

ARMA AZ Spring 2021 Seminar

March 18th, 2021

Information has become a valuable asset of the digital realm, and safeguarding it should be the priority of every organization. With the growing opportunities for IoT and AI, it is pivotal to be abreast with the risks associated with the same. The Arizona Chapter is back with their ARMA AZ Spring 2021 Seminar!

This month will feature a talk on “IoT and AI, and why we should be interested in it” by guest speaker Priya Keshav, the CEO of Meru Data. Join the live seminar on March 18, 2021, at 8:00 AM MDT via Zoom.

Roundtable: Women in Information Governance

July 21st, 2020

What factors, qualities, and skills drive success, and how can those components help women pursuing careers and leadership roles in the information governance sector?  panelists include Ann K. Snyder (Manager of Content Development at ARMA International), Priya Keshav (Founder and CEO of Meru Data), Stacey Egerton Davis (Senior Vice President of FinPay, LLC), and Lynn Molfetta (co-partner and consultant at MC Bernstein Data).

The Intersection of IoT and AI

May 5th, 2020

The session focuses on the intersection of IoT and AI and how it affects your security, privacy, and ethical risks. The presentation will share examples of how companies are viewing and managing these risks right now. The challenges companies face while trying to address these risks will also be discussed. Both IoT and AI are here to stay.

"Stop with the Hype: Making sense of the latest privacy regulations.”

March 3rd, 2020

John Montana, Brian Tuemmler, Priya Keshav, and John Icaza will join a panel to provide practical advice for organizations on how to comply with various privacy regulations followed by a 45-minute roundtable discussion.  Participating in this session will help you be knowledgeable and up to date about privacy compliance which will be a key skill going forward.

Masters Conference - Dallas

February 28th, 2019

Technology is changing our lives in countless ways, from smart thermostats and smart watches to smart cities and energy grids. A wide variety of use cases are being enabled through smart devices called IoT or the Internet of Things. As companies unlock the potential of IoT, the number of IoT devices is expected to exponentially grow to 20 billion by 2020. Managing data from IoT is a looming challenge for legal professionals. We will discuss these challenges both how they affect the practice of law and the operational challenges surrounding data governance.

Chief Information Governance Officer Conference - Chicago

May 9th, 2018

Invited speaker to discuss "IG Leadership in a Time of Transformation: Robots, Blockchains, and IoT Devices, Oh My!" The advent of AI and other innovative and disruptive technologies is an opportunity for CIGOs to step up in taking the lead in spearheading efforts to integrate such technologies into the workplace. The panel will share insights on how companies have used AI techniques and blockchains, including in changing the way recordkeeping functions, and will also discuss how the IoT environment poses new and unique challenges in the IG space.

The CIGO Summit is a by-invitation-only, executive event for senior leaders in cybersecurity, information management, law, privacy, data analytics, records management, compliance, and other IG-related disciplines.


October 24th, 2018

IoT and Info Gov: What You Need To Know The Internet of things, or IoT, is transforming how we interface with the world. As organizations unlock the potential of IoT, the number of IoT devices is expected to exponentially grow. Managing data from IoT is a looming challenge for information governance professionals. Join this session for practical guidance on how to structure an IG program for IoT data.

bottom of page