PPS 2012




Consumer Financial Protection Bureau: The Newest Financial Services Regulator

Learn all about the CFPB, from its jurisdiction and powers to how it will figure into the overall picture of regulatory compliance for financial services. Some of the key privacy provisions of Dodd-Frank will be reviewed, such as the customer complaint process, the CFPB examination manual and enforcement mechanisms. You’ll also hear some recommended strategies for implementation.

Lynn A. Goldstein, CIPP/US, Senior Vice President, Privacy General Counsel & Chief Privacy Officer, JP Morgan Chase Bank, N.A.

Presentation 1


Navigating Regulatory Impacts of a Financial Service Data Breach

Financial services providers deal with highly sensitive information as a matter of course. In this session, learn how a structured approach to data breach prevention and response, including engagement with stakeholders and regulators, will help you navigate the challenge.

Christine M. Frye, CIPP/US, SVP Privacy Compliance Executive, Bank of America
Dana L. Simberkoff, CIPP/US, Vice President, Risk Management and Compliance, AvePoint, Inc.

Presentation 1


Impacts of Foreign Privacy Laws on Regulatory Reporting

Many data protection, privacy and related confidentiality laws restrict disclosures of personal data to third parties (including governmental agencies) as well as cross-border transfers of such data. Recent laws (such as Dodd-Frank and FATCA) require increased disclosure of customer-level data to U.S. regulatory agencies, including data about foreign customers. This conflict of laws is becoming a larger concern requiring U.S. based financial institutions to work to limit exposure under the foreign laws, while still complying with U.S. regulatory reporting requirements. In this session, we’ll explore these types of laws, the nature of the conflicts and potential responses.

Kathryn D. Kohler, CIPP/US, Senior Counsel, Wells Fargo & Company

Presentation 1


Privacy Implications of Mergers and Acquisitions and Outsourcing: Post-acquisition Integration of IT Systems, Shared Service Centers and IT Transformation

Acquisitions are riddled with data privacy issues, particularly surrounding customer data, employee data, a variety of IT systems and multiple locations across the country or across the world. Through a case study of a hypothetical global organization, you'll work with a typical project plan to build the facts, understand the specific tasks to bridge the gaps between two organizations, and develop an implementation plan to address the privacy, outsourcing and data restriction issues.

Joan B. Quinn, CIPP/US, Chief Privacy Officer, TD Bank
Andrew Smith
, Partner, Morrison and Foerster LLP

Presentation 1


De-Identification of Personally Identifiable Information

This is the age of big data, where massive amounts of information or data from multiple sources are being collected, linked together and analyzed by organizations in different industries for many different purposes. This data tends to be personal in that it characterizes individual human behaviors such as their Internet surfing patters, purchasing behavior in stores, individual health information, details on financial transactions and physical movements to name just a few examples. All of this personal information, especially when combined, paints a detailed picture about individuals, their likes and dislikes, what they do and when and where they do it. This raises important and highly sensitive privacy issues. There is much debate and deliberation on this topic. Join us to examine the need to de-identify personally identifiable information/data in a defensible way and the methodologies used to de-identify data so that it can be leveraged for new purposes. Plus, we’ll use case studies to illustrate how these de-identified and disclosed data sets can still retain significant utility.

Khaled El Emam, Founder and CEO, Privacy Analytics, Inc.

Presentation 1


Privacy Considerations in the Online and Mobile Space: Mobile Payments, Behavioral Advertising and Social Media

A panel of professionals will dig into the ways businesses, especially financial services companies, are using mobile payments to meet their customers’ growing demands, the benefits and potential pitfalls of behavioral advertising and tracking and how social media can be used to reinforce and expand the reach of your message for sales and servicing.

Orrie Dinstein, CIPP/US, Chief Privacy Leader and Senior IP Counsel, GE Capital
Jim Rau, Associate General Counsel, Bank of America

Presentation 1



A Year in Review: Data Breaches and Lessons Learned

Healthcare data breaches, accidental data exposure including credit cards, and lost laptops resulted in a very busy 2011 and early 2012 for data breaches. Join us to reflect on the major data breaches of the year, hear about the lessons learned and find out what steps the affected organizations took to minimize the risks of future data breaches. 

Michael Vatis, Partner, Steptoe & Johnson LLP

Handout 1


International Developments in Data Breach

In this discussion, we’ll explore the evolving nature of breach notification requirements outside the U.S., including Canada, Europe, Japan, Mexico, Australia and Korea.  

Andrew S. Reiskind, CIPP/US, Privacy and Data Protection Counsel, MasterCard

Presentation 1


Data Breach Hypothetical

Every company that manages data is at risk of a data breach, no matter how mature their privacy program may be. Don’t miss this session, where you’ll walk through a complex data breach hypothetical from the discovery phase to remediation.  

Christopher Novak, Managing Principal, RISK Team, Verizon
Lisa J. Sotto
, Partner & Head, Privacy and Information Management Practice, Hunton & Williams LLP

Presentation 1


After the Breach: Forensics, Law Enforcement and Communications

You’ve had a breach and you have questions. What really happened? Who was exposed? Can you demonstrate that records were not exposed? If your data was inappropriately accessed or stolen, can you identify the culprit? Join in-house privacy counsel and forensic experts for an overview of the steps required to obtain the answers needed in a breach investigation. If and when a breach occurs, will you know how to respond to multiple audiences and provide those impacted with an accurate and clear communication? Do you know what reasonable offerings to provide to assist in the protection of liability and identity theft? In this session, you’ll learn a systematic approach from experts in breach communications and offerings.  

Timothy O’Brien, Supervisory Special Agent, FBI New York Division
Mark G. Seifert
, Partner, Brunswick Group
Emily Stapf
, Director, Forensic Technology, PriceWaterhouseCoopers

Presentation 1, Presentation 2


Regulators' Response to Data Breaches

Hear an expert panel explore the role of government and the expectation of industry to balance business needs with individual privacy and work to prevent data breach.

 Barbara Anthony, Undersecretary, Office of Consumer Affairs and Business Regulation
Michael DuBose
, Managing Director and Cyber Investigations Practice Leader, Kroll Advisory Solutions
Maneesha Mithal
, Director, Division of Privacy and Identity Protection, Federal Trade Commission

Handout 1, Presentation 1


Litigation Considerations

Hear the latest developments in litigation from the business perspective, and gain an understanding of the environment surrounding class action litigation in the courts; regulatory oversight by the DHHS, FTC, FCC, and self-regulatory bodies; and litigation currently pending regarding data breach and targeted ads.

 Lawrence J Bracken II, Partner, Hunton & Williams LLP
John Delionado
, Partner, Hunton & Williams LLP

Presentation 1



Tracking Technologies, Behavioral Advertising and the Current Self-regulatory Programs

Tracking of consumers digitally carries the potential for both great rewards and significant risks. It is truly a hot topic, and it is essential that companies, website publishers and those marketing to consumers in the online and mobile space understand the privacy issues and how they may impact the organization, as well as compliance options. This don’t-miss session will provide an in-depth look at how tracking technologies work, how they are being used, new tracking technologies that are taking hold and the current legal landscape of consumer tracking, Do Not Track and behavioral targeting.

Fran Maier, Founder and Chair of the Board, TRUSTe
Blane Sims
, SVP of Product, BrightTag

Presentation 1, Presentation 2


E-mail and Text Message Campaigns

E-mail and text message marketing campaigns remain the backbone of most organizations’ communications with consumers. Join us as we discuss the legal requirements, privacy considerations and current legislative and regulatory framework surrounding the use of these channels in a marketing campaign.

Justine Gottshall, CIPP/US, Partner, InfoLawGroup LLP

Presentation 1


Marketing via Mobile Applications, QR Codes and Third-party Platforms

Everywhere you look, companies are launching mobile applications, Facebook pages and other marketing initiatives through third-party platforms. These initiatives raise unique considerations given the technology used, the third parties involved and, more recently, the regulatory scrutiny on the mobile ecosystem. In this session you’ll gain baseline knowledge of the key privacy and legal issues in the mobile and platform space, including addressing privacy policies, marketing disclosures, complying with the terms set by third-party platforms and self-regulatory programs.

Alexis Payne, Partner, InfoLawGroup LLP

Presentation 1


Endorsements, Testimonials and Promotions

The FTC guidelines on endorsements and testimonials are relevant to organizations with regard to marketing activities in word of mouth, social media and influencer programs, including celebrity spokespersons, bloggers, consumers or others making endorsements or statements on their behalf. Join us for an informative discussion on the requirements you must address when undertaking these marketing activities, leveraging social platforms (Twitter, Facebook, LinkedIn, Pinterest, G+, etc.) and specific compliance guidelines for a number of situations where these issues arise. In addition, you’ll learn how similar disclosure methods and best practices can be used to address contest, promotion and privacy issues in standardizing and addressing notices across multiple platforms (web, mobile, tablet, apps and social media).

Tom Chernaik, CEO, CMP.LY

Presentation 1


Marketing to Children Online

Marketing and advertising to children online, whether through traditional websites, mobile apps, tablet devices or other connected services, is expected to take on new form when the FTC changes to the COPPA law go into effect. Brands will need to rethink the legalities of presenting targeted advertising to children, including everything from behavioral ads to contextual ads to retargeted ads and even personalized content and features. Learn from longtime COPPA experts how these changes will affect your company’s go-forward marketing and advertising strategies, and what steps you can take now to get compliant ahead of the curve.

Peter F. McLaughlin, CIPP/US, Senior Counsel, Foley & Lardner LLP

Presentation 1


Passport to the EU: Cookies, Consent and Other Marketing Issues

Companies have a legal obligation to be aware of the laws surrounding privacy in whatever region they are doing business in, and wherever they may be transferring, accessing or storing that information. Join us for a discussion of the marketing issues in the EU, and how compliance may differ from the U.S., including the issues that arise with regard to online tracking, the use of social media and data transfer. You’ll return to your company with a basic understanding of the domestic and international regulations around privacy and e-marketing. You’ll also hear an overview of the current legal issues as well as firsthand knowledge of addressing these issues in a real-world business setting.

Dennis Dayman, CIPP/US, CIPP/IT, Chief Privacy and Security Officer, Eloqua

Presentation 1