The Committee on Foreign Investment in the United States (CFIUS) is a U.S. government interagency committee with the responsibility to review foreign investments in U.S. businesses and real estate transactions for national security implications. CFIUS is ultimately concerned with protecting the national security of the U.S. via a National Security Agreement (NSA) with the business. NSAs include particularities around reporting requirements, the security protocols in handling protected data from American nationals, identifying protected data classes, ensuring that only approved screened employees can access protected data, ensuring compliance with data structures, identifying data sources (systems, applications, repositories), performing risk assessments on those data sources, prioritizing mitigation of protected data inside such data sources, and more.
The paramount and most challenging requirements center on the identification and safeguarding of critical information assets. The completeness and accuracy of enterprise-critical asset identification, monitoring, and security are vital for a comprehensive CFIUS compliant cybersecurity program. With a solid understanding of requirements, roles, and responsibilities, IT Security, Compliance, Privacy, Information Governance, and Legal Discovery professionals can successfully navigate the difficulties of CFIUS compliance challenges and fulfill business objectives.
In this informational presentation, our team which is approved by the CFIUS Monitoring Agencies (CMAs) and brings first-hand delivery of CFIUS Third-Party Provider services in these areas ranging from data protection and privacy to identity access management and data loss prevention will discuss and explain the best approaches, protocols, and practices for successfully guiding an organization’s data in a world of nation-state bad actors and insider threats.
- What is CFIUS (Overview, History, and Current Landscape)?
- Why is it getting more attention now (Geo-Politics and Business Landscape Changes)?
- What types of transactions are covered?
- What does it mean to Enterprise Risk Management Professionals (Privacy, Compliance, Info Governance, IT Security, and Legal)?
- What are the costs (Filing Fees and Penalties)?
- How do you prepare (Proactive and Reactive Considerations)?
- How do you implement and manage a CFIUS Compliance program (Roles, Responsibilities, and Risk; CFIUS Compliance Achievement Plan (Plan for Implementation); and CFIUS Compliance Execution (Execution of Implementation Plan for Compliance)?
Matthew L. Miller, Esq.
Senior Vice President, Global Information Governance Advisory Services Leader
Matthew L. Miller, Esq., is Senior Vice President, Global Information Governance Advisory Services Leader at HaystackID, based in Los Angeles, CA. With nearly 20 years of field experience, a background in legal, then forensics and eDiscovery, followed by privacy, governance, and incident response; Matt is like a “Swiss Army Knife” for organizational data challenges. Matt formerly co-developed Ernst & Young’s information governance solutions, and later was VP, Global Information Governance Advisory Services Leader at Consilio LLC. He has led highly complex data breach incident response related forensic investigations and multi-national, petabyte-scale, data governance and privacy engagements, in addition to acting as a neutral eDiscovery expert and leading an active CFIUS program engagement.
Christopher Wall, Esq.
Data Protection Officer and Special Counsel, Global Privacy and Forensics
In 2022, Christopher Wall joined HaystackID and currently serves as Data Protection Officer and Special Counsel, Global Privacy and Forensics on the Client Services team. Chris also serves as HaystackID’s internal data protection officer. In his role as Special Counsel for Global Privacy & Forensics, Chris helps HaystackID clients navigate the cross-border privacy and data protection landscape and advises clients on technical privacy and data protection issues associated with cyber investigations, data analytics, and discovery. Prior to joining HaystackID, Chris worked at Ernst & Young, where he led cross-border cybersecurity, forensic, structured data, and traditional discovery investigations.
Information Governance and Data Privacy Consultant, Advisory Services
James Branch joined HaystackID as a consultant specifically focused on leading CFIUS Program Compliance projects. James has been an IT executive aligning technology vision with overall enterprise strategy for more than 30 years and spent more than 9 years as Senior VP, IT / Chief Information Technology Officer (CTO/CIO) leading IT Security and the data centers for Advanced Discovery prior to being acquired in 2018. Prior to this, he led the Information Technology growth and transformation for a leading global real estate private equity and asset management organization for nearly 15 years.
Director of Global Strategic Technology Partnerships, Advisory Services
Michael Amaral has been in the HaystackID family for more than 4 years and is currently the Director of Global Strategic Technology Partnerships, Advisory Services. Prior to joining HaystackID, he was the Director of NightOwl’s Global Client Advisory team, leading the Privacy Management Technology group. Mr. Amaral is a technologist with over 25 years of experience helping companies solve complex data problems in compliance, governance, privacy, and litigation matters. Mike is certified in products such as OneTrust, Nuix, Informatica, and more.