Profiles search

Regina Farmer

Lead Counsel, Global Privacy & Cybersecurity at McKesson
Atlanta, GA, United States

Details

Experience: 2023 : Present

McKesson

Lead Counsel, Global Privacy and Cybersecurity

2022 :

McKesson

Senior Counsel, Global Privacy and Cybersecurity

2021 : 2022

McKesson

Counsel, Privacy & Data Protection

Skill set includes :

• HIPAA – Security, Privacy, & Breach Notification rules

• Tracking Technology & Cookie Management (the privacy implications of AdTech)

• US Privacy laws, including CCPA/CPRA, VDPA, CO Privacy Act, etc.

• NIST SPs and FIPs - for example, 800-53, 800-61, 800-122, and various other SPs

• Privacy Law Implementation (Operational & Legal)

• Data Protection

• Incident Response and Incident Management

• Risk Management & Compliance

• Advice & Counsel to Business Units and Compliance organizations concerning :

- Privacy and Data Protection laws

- State law implementation and impacts (including CCPA/CPRA, VDPA, etc.)

- HIPAA Privacy, Security, and Breach notification

- Tracking Technologies (including cookies, device fingerprinting, sniffing, etc.)

• Collaboration – partners include :

- Information Security Risk Management organization

- Business Unit Team, including IT, PMs, Leadership, BU Attorneys

- Global Privacy Office

2019 : 2021

McKesson

Sr. Manager, Privacy & Operations (General Counsel Organization)

DXC was spun off from Hewlett Packard. I continued to lead a large, cross functional team that was responsible for mitigating risk and several SLAs, which we consistently met or exceeded.

2016 : 2019

DXC Technology

Operations Manager & Information Security Leader (MMIS Audit Risk Management Program)
Company: McKesson

About

CISA certified attorney with strong project management skills. Expertise in US Consumer Privacy Laws and Data Protection. Experience includes having developed, led, and coached large high performing teams of various professional levels and diverse skill sets and having built teams from the ground up”.

Functional skill set includes:

* Working and advising cross functionally, especially with Information Security, Audit, & Compliance

* Incident Response

* Various control frameworks, including NIST, ISO, etc.

* Privacy Law Implementation (Operational & Legal)

* Critical Infrastructure Provisions of the Homeland Security Act

* HIPAA – Security, Privacy, & Breach Notification rules

* Tracking Technology & Cookie Management (the privacy implications of AdTech)

* FISMA

* Risk Management & Compliance

* Advice & Counsel to Business Units and Compliance organizations

* Regulatory Reporting and Compliance

* System Development Life Cycle (SDLC)

* Project Management – establish and lead diverse teams for complex projects and audits