Keynote Speaker · Privacy

Privacy Keynote Speaker for Executive Audiences and Compliance Conferences

For organizations that need their privacy program to be more than a policy page — that need to understand where modern technology actually exposes their data and what to do about it.

Sample keynote video
30
Years
200+
Assessments
85
Keynotes
16
Books Published

Why Carl for Your Privacy Audience

Privacy used to be about what the website disclosed. Today it's about where data actually goes — the analytics tools that share with sub-processors most organizations have never audited, the AI vendors processing PII through training pipelines, the SaaS platforms whose default settings expose data to integrations leadership doesn't know exist. The privacy program written five years ago doesn't match the data flows that organization actually has now. Most organizations don't realize this until something breaks.

Carl B. Johnson has spent 30 years inside the regulations that govern personal and sensitive data. As CISO at Cleared Systems, he leads privacy program engagements across healthcare, federal contracting, defense, and technology — the four sectors where privacy obligations cross-pollinate with sector-specific regulation in ways that make most generalist privacy guidance inadequate.

For privacy summits, compliance conferences, and corporate leadership audiences, Carl delivers privacy content that's actually about modern data flows — the practical exposure points organizations have today and the program-level decisions that close them.

Available Sessions on Privacy

Signature Keynote

Privacy, Technology, and the Risks Organizations Ignore

How modern technology quietly exposes data — and what leaders can do about it before it becomes a headline. Covers the data-flow patterns most organizations don't see, the analytics and vendor sub-processor risk that policy alone can't address, the AI integrations creating new privacy exposure, and the practical privacy-program moves that actually move the risk needle. Built from current engagements where these failure patterns are showing up.

Best forPrivacy summits, compliance conferences, corporate leadership programs, technology summits Duration45–90 minutes
Executive Briefing

What Boards Need to Know About Modern Privacy Risk

Briefing for boards and executive leadership on the privacy risk posture organizations actually have versus what their policies claim. Covers the disclosure obligations leadership should personally understand, the questions boards should be asking the chief privacy officer this quarter, and the governance patterns that distinguish organizations that handle privacy maturely from those that find out about exposure during a regulator inquiry.

Best forBoards, executive teams, audit and risk committees Duration20–30 minutes plus Q&A
Workshop

Building a Privacy Program That Reflects Reality

Hands-on session for chief privacy officers, compliance leaders, and the cross-functional teams responsible for privacy program execution. Walks through data-flow mapping (the kind that actually finds the exposure), vendor and sub-processor governance, the cross-jurisdictional disclosure framework, AI-and-privacy intersection points, and the documentation patterns that demonstrate program maturity to regulators across CCPA, CPRA, GDPR, sector-specific rules, and emerging state laws.

Best forCPO, compliance, legal, and risk leadership Duration3–4 hours

Download the One-Sheet

Get a printable, shareable PDF of this topic — perfect for circulating to your event committee or program chair. Includes the same sessions, audience profile, and FAQs as this page in a 2-page format.

Download Privacy Keynote Speaker One-Sheet

Who This Is For

Audiences responsible for privacy program decisions or the executive audiences whose oversight determines whether those decisions get the resources to actually work.

  • Privacy summits and IAPP-style events
  • Compliance and risk conferences
  • Corporate leadership programs
  • Chief privacy officer professional associations
  • Technology and SaaS leadership events
  • Healthcare privacy conferences
  • Financial services privacy summits
  • Boards and audit committees

What Audiences Walk Away With

  • A working understanding of how modern data flows differ from what most privacy programs assume
  • The specific exposure points created by analytics, AI vendors, and SaaS sub-processors
  • A practical framework for assessing privacy risk that goes beyond policy review
  • The cross-jurisdictional disclosure landscape and what's actually changing across CCPA, CPRA, GDPR, and emerging state laws
  • The governance patterns that distinguish organizations handling privacy well from those that don't
  • The board-level vocabulary for discussing privacy risk that translates to actual oversight

Questions Privacy and Compliance Organizers Ask

Is this primarily a US privacy talk or does it cover GDPR?
Both. Most US-based organizations have GDPR exposure through European operations, EU customers, or vendor relationships, and the cross-jurisdictional reality is part of the talk. The keynote covers CCPA, CPRA, GDPR, sector-specific rules, and the emerging state-law landscape, weighted to whichever the audience deals with most.
Can this be a sector-specific privacy talk?
Yes. Healthcare privacy, financial services privacy, technology and SaaS privacy, and federal contractor privacy each have meaningfully different operational patterns. Carl tailors examples and case patterns to the sector the audience is operating in.
Does Carl cover AI's intersection with privacy?
Yes. The intersection of AI and privacy is a major focus area — how AI vendor relationships create privacy exposure most organizations haven't accounted for, the disclosure obligations triggered by AI processing of personal data, and the governance patterns that handle AI-and-privacy together rather than as separate problems.
How current is the regulatory content?
Privacy law is moving fast at the state level and the keynote is rebuilt for each event with the latest enforcement signals and emerging legislation. The content reflects active engagement work, not material that's been on the speaker circuit for two years.
Can Carl tailor for a privacy-engineer technical audience?
Yes. The workshop format is well-suited for technical privacy and engineering audiences and goes deep on data-flow mapping methodology, the technical controls that actually enforce policy, and the engineering practices that build privacy in rather than bolt it on.
Does Carl moderate panels in addition to keynoting?
Yes. Carl moderates privacy and compliance panels at industry events and is comfortable structuring discussions that get substantive content from a panel rather than the usual surface-level exchange.

Bring This Talk to Your Event

Submit your event details and Carl's team will respond within one business day with availability and a tailored proposal.

Book Carl to Speak