top of page

ROCKIN WITH DATA PRIVACY

BUILDING A DATA PRIVACY PROGRAM

About

Peter Gallinari is a seasoned professional with over 50 years of experience in Information Technology, including more than 30 years in leadership roles specializing in Data Privacy, Cybersecurity, and Compliance. He brings extensive cross-industry expertise spanning financial services, healthcare, and government, with a proven track record of developing and leading governance programs that protect sensitive data in complex, high-stakes environments.

Throughout his distinguished career, Peter has held several high-profile positions, including:

  • Chief Data Privacy Officer, State of Tennessee

  • Domain Information Security Officer, State of Tennessee

  • Chief Security Officer, GE Capital

  • GE IT Director of Operations

  • Chief Security Officer, overseeing security for three hospitals in New York

  • Assistant Vice President (AVP) of Delivery Services, Merrill Lynch

  • Data Privacy Program Manager, State of North Carolina

Peter has deep regulatory and compliance expertise across GLBA, SOX, HIPAA, FERPA, FTI, CJIS, SSA, PCI, and the EU GDPR, along with strong alignment to leading security and data protection frameworks, including ISO 27001, SOC 2 Type II, HITRUST and NIST.

​

In addition to his broader governance work, Peter has developed a growing body of articles and guidance focused on Artificial Intelligence (AI) risk, privacy impacts, and security governance. He specializes in helping organizations assess AI-enabled solutions—such as Microsoft 365 Copilot and agentic AI capabilities—to determine their risk level prior to implementation, reduce exposure to unintended sensitive data disclosure, and strengthen enterprise readiness through practical, scalable governance controls.

​

Peter is a recognized subject matter expert in cloud compliance and governance solutions, and is a frequent keynote speaker at Data Privacy and Cybersecurity conferences across both the public and private sectors. He is also the author of The Sound of Governance: Rockin’ Privacy Across Sectors (available on Amazon) and the creator of the weekly YouTube channel Rockin Data Privacy, where he covers modern privacy, security, and AI governance challenges in an approachable, real-world format.

Mission

In an increasingly digital world, organizations along with state government handles vast amounts of sensitive data. Building a robust data privacy program is crucial to protect this information and maintain public trust. I will outline the key steps in building a data privacy program and highlight the risks of not having one in place, along with understanding how privacy differs from the private and public sectors. It's not all about the legal components of data privacy to have a successful program, but understanding how to operationalize the program across your landscape which is essential. 

Vision

In the data privacy industry, we’re often overwhelmed by the sheer volume of information on this topic. There are countless industry, educational, and professional resources available, offering valuable guidance—sometimes to the point of information overload.

​

I felt it was the right time to consolidate this wealth of knowledge, combining it with my own industry experience, to create a concise reference guide. This resource is designed to support your efforts toward building ‘Data Privacy Awareness’ within your organization. No matter your level of expertise, you’ll find the content practical and beneficial.

​

 

It is important to note that privacy practices and requirements may vary based on specific state laws, regulations, and organizational structures. Therefore, it is crucial for state government agencies and private business to use what is essential to their business, and as always consult legal and privacy experts to ensure compliance with applicable laws and regulations.

FUNDAMENTAL COMPONENTS OF A DATA PRIVACY PROGRAM

My intent is to share the detail on these items on the left.

​

​

​

If there is a particular area that you would like more information on, please contact me from my contact page. 

​

IS DATA PRIVACY JUST ABOUT LEGAL AND CYBERSECURITY? 

Remember, the legal team plays a crucial role in ensuring compliance with the handling, use, storage, dissemination, sharing, and access of data within your organization.

​

To effectively support legal in data privacy compliance, it's essential to have a structured process and dedicated personnel on the data privacy team to manage the program from an operational standpoint. This role is critical for the program's success and is distinct from legal responsibilities. The legal team typically focuses on navigating new laws and policies, so they rely on operational support to carry out the day-to-day implementation of data privacy practices.

​

The operational/technical leader in data privacy will drive the program across the organization, focusing on:

  • Providing privacy awareness and training,

  • Conducting Privacy Impact Assessments (PIAs),

  • Monitoring compliance,

  • Managing risk,

  • Responding to incidents and working with legal on remediation,

  • Documenting and reporting metrics.

This leader ensures that privacy practices are consistently applied, relieving the legal team of operational duties and enabling a more comprehensive, compliant approach to data management.

Look forward to other discussions in the areas of:

  • Risks of not have a privacy program

  • Effectiveness of guardrails around your Ai infrastructure

  • How data privacy may differ in the private and public sectors

  • How the Data Privacy Officer works with your Chief Security Officer 

​

​

“Data Privacy is a matter of trust. Our citizens/consumers are expecting us to do the right thing with their data.”

“By providing a service that focuses on a strong value of trust, we will build a reputation that demonstrates our integrity and how we value and respect our citizens/consumers privacy.”

 - Peter Gallinari

bottom of page