IAPP Europe Data Protection Intesive 2013


Use these links to jump to the topic you’re interested in:


For session times and to view a complete conference schedule, visit the At-A-Glance.



Data Refineries

Andreas Weigend, PhD, Social Data Lab, Stanford University and UC Berkeley



Investing in Privacy

Stephen Deadman, Global Privacy Officer, Vodaphone



Risk, Accountability and Binding Corporate Codes

Richard Thomas, CBE, LLD, UK Information Commissioner (2002–9), Global Strategy Advisor, Centre for Information Policy Leadership, Hunton & Williams LLP




Don’t Start from Scratch! Leverage Your Compliance Programme to Deliver Privacy Compliance

Stuart Muir, Global Legal & Compliance Manager, Dell Inc.
Stefan Weiss, CIPP/US, Global Data Protection Officer, Swiss Reinsurance Company Ltd.

Join us for a discussion of how to structure a global privacy compliance programme that provides a sustainable and effective framework and can address the complexity of increased regulation in local markets. We’ll explore designing a flexible privacy programme that incorporates PbD and is tailored to your organisation’s needs; determining organisation maturity and measuring progress; using a project-driven, pragmatic approach to privacy through leveraging existing compliance programmes; baking PbD into your Compliance by Design programme to future proof your organisation; applying the technical standard ISO/IEC 29100 privacy framework to give your programme the needed global applicability; and defining specific data protection and privacy controls as part of your PbD approach. Examples of data protection and privacy controls will be provided.

What you’ll take away:

  • Insights on using a project-driven, pragmatic approach to privacy through leveraging existing compliance programmes
  • Tips for designing a flexible privacy programme that incorporates PbD and is tailored to your organisation’s needs
  • Examples of data protection and privacy controls

Presentation 1

How Scared Should You Really Be? The Truth about Enforcement Actions

Moderator: Geraldine Henbest, Global Privacy Director, Ernst & Young Global
Stewart Room, CIPP/E
, Partner, Field Fisher Waterhouse LLP

In this enlightening session, we’ll expose some of the myths associated with EU data protection. Beginning with an exploration of fear mongering surrounding the risks and dangers of regulation, we’ll move on to a discussion of the facts. By charting the path of regulatory enforcement activity over the past five years in the UK, we’ll identify the data protection issues that actually lead to enforcement and the ones that are regulatory hot air.

What you’ll take away:

  • Identification of the types of data protection issues that lead to enforcement
  • An understanding of why regulators prioritise their enforcement activities
  • Guidance on prioritising actions within your privacy compliance programme

Handout 1, Handout 2, Presentation 1



To Be, or Not To Be Personal Data

Moderator: Ellis Parry, Global Lead – Data Privacy, BP International Ltd.
David Evans
, Group Manager - Business and Industry, UK Information Commissioner's Office
William Malcolm
, Privacy Counsel, Google UK Ltd.
Mina Mehta
, VP Global Privacy Officer, GlaxoSmithKline

What does—and, importantly—does not constitute personal data has always been to some degree contextual. As we begin to identify the impacts of the era of big data, will there ever again be a context within which any data remains non-personal? Join this discussion of the black letter legal definition of personal data, regulatory guidance and a framework for assessing the risks of re-identifiability.

What you’ll take away:

  • An understanding of the black letter of the law definition
  • An overview of regulatory guidance on the topic
  • A framework for how to assess the risks of re-identifiability

Triple Threat—Customer, Provider and Integrator Approaches to Cloud Computing Challenges

Moderator: Jane Finlayson-Brown, Partner, Allen & Overy LLP
Bojana Bellamy, CIPP/E, Director of Data Privacy, Accenture
Stephen Bolinger, CIPP/US, CIPP/E, CIPP/G, EMEA Privacy Attorney, Microsoft Corporation
Rafael Garcia Gozalo, Head of the International Department, Agencia Española de Protección de Datos 

Join our expert panel for an interactive discussion of the challenges and current trends surrounding cloud computing, the current status of the European Commission's strategy, the views of some of the regulators and whether the proposed Data Protection Regulation will solve any of the issues. We’ll explore the perspectives of the 1) customer negotiating contracts with cloud service providers, 2) cloud service providers and 3) cloud integrators. Through the use of case studies, panelists will share how their organisations and clients have approached the challenges presented by the cloud model, with a focus on cross-border data transfers and the security of personal data. We will consider how the regulators foresee the challenges being overcome or addressed, and whether the proposed regulation helps. You’ll leave with practical suggestions on how consumers can ensure that personal data put into the cloud is sufficiently protected, tips for compliance with applicable data protection legislation and strategies for those providing cloud services (including integrators).

What you’ll take away:

  • A clear understanding of the issues involved
  • A view of the expectations of the various regulators and the approach of the European Commission
  • Customer, provider and integrator approaches to the challenges of the cloud model

Presentation 1

Five Essentials for Implementing Do Not Track

Moderator: D. Reed Freeman, Jr., CIPP/US, Partner, Morrison & Foerster LLP
Rosa Barceló
, Policy Coordinator, Privacy, Trust, and Related Aspects, European Commission
Kimon Zorbas
, Vice President, IAB Europe

Do Not Track (DNT) is gaining momentum. Join us to find out what it is, how it works and how it is being implemented by browsers. You’ll gain insight on the status of the World Wide Web Consortium’s process to define DNT and other efforts to do the same, what DNT does and does not accomplish, and where the industry is in terms of adoption. You’ll also hear how regulators in Europe and the U.S. will likely evaluate DNT, including what types of investigations and enforcement actions may be in store for those who fail to implement a DNT programme or inproperly implement one, and the theories of law that could underlie DNT enforcement. You’ll learn five essential tips for implementing DNT. Our panel will also touch on the future of DNT for other uses, such as e-mail and apps.

What you’ll take away:

  • An understanding of what DNT is, how is it implemented by browsers and what it means to the industry
  • Insight on how regulators will evaluate and enforce DNT implementations
  • Five practical tips for setting up a DNT program



The Art of Constructing Global Whistleblowing Programmes

Suzanne Rodway, Group Head of Privacy, RBS Legal
Christian Runte
, Partner, CMS Hasche Sigle

The construction of a whistleblowing programme for a multinational company is a complex undertaking. It requires a knowledge of country data laws, labour requirements and notification to or approval from the data protection authority. There is a growing body of options and techniques that can help you balance the obligations under these laws while implementing a global whistleblowing programme. Join us to discuss the practical choices available in developing such a programme, including participants’ real-world experience from numerous countries.

What you’ll take away:

  • Top areas of concern in the construction of whistleblowing programmes
  • The differences between countries
  • DPA notice and approval requirements

Presentation 1

BYOD—What’s All the Fuss?

Paula Barrett, Partner, Eversheds LLP
Kasey Chappelle, CIPP/US, Global Privacy Counsel, Vodafone Group Services Limited
James Leaton Gray, Head of BBC Information Policy and Compliance, British Broadcasting Corporation
Hazel Polka, Assistant General Counsel, EMEAI, Beckman

When it comes to BYOD, the challenge is finding just the right privacy and security balance. Join experienced internal and external privacy counsels for a discussion of the risks associated with BYOD programmes, and hear how to mitigate them. You’ll leave with practical tips and guidance you can put to use when considering implementation at your organisation.

What you’ll take away:

  • The privacy issues associated with BYOD
  • In-house perspectives on implementation

Presentation 1

You’re Hired! Privacy Issues When Onboarding New Employees

Ann Bevitt, Partner, Morrison & Foerster LLP
John Gevertz
, Global Chief Privacy Officer, Automatic Data Processing, Inc.

An essential for any data protection pro working in or with human resources, this session will guide you through the privacy issues surrounding onboarding new employees. We’ll explore: providing appropriate privacy notices (either as part of employment contracts or as standalone documents); obtaining appropriate privacy consent where required; placing appropriate limits on the collection of HR data from new employees and third parties; ensuring that access to new employee data is appropriately limited; preparing for employee data access requests; handling sensitive personal data (e.g. medical information disclosed during recruitment); training new employees on the correct handling of personal data; training new employees on how to use the IT systems (expectations of privacy, monitoring, social media, etc.); and contractual provisions for any third parties involved in the onboarding of new employees.

What you’ll take away:

  • The risks of non-compliant—and the benefits of compliant—onboarding processes
  • Best practices for human resources departments
  • A look ahead at global trends in privacy and data protection

Presentation 1



Data Processors Beware—Managing Risk under the Proposed Regulation

Moderator: Bridget Treacy, Partner, Hunton & Williams LLP
Mark Keddie, Director of Privacy and Business Integrity, BT Retail
Caroline Louveaux
, Managing Counsel for Privacy and Data Protection, MasterCard Europe
Matt Silva
, Chief Privacy Counsel, GE Healthcare

The proposed regulation fundamentally alters the risk paradigm for processors. No longer able to stand behind controllers, processors will have direct obligations under the regulation and face regulatory enforcement, including fines of 2% of global turnover. Join this timely discussion of the obligations for processors, assessing risk and managing the proposed changes.

What you’ll take away:

  • An understanding of the new obligations for processors
  • How to assess the new processor risk profile, and what this means for contracts with controllers
  • Tips for implementing the proposed changes and managing increased risk

Presentation 1

Paving the Way from Policy to Practice

Moderator: Emma Butler, Senior Director Privacy and Data Protection, LexisNexis
Simon Milner
, Policy Director, UK and Ireland, Facebook
Ross Phillipson
, Senior Legal Counsel – Transactions and EMEA Privacy Law, Procter & Gamble
Florian Thoma, CIPP/US, CIPP/E, Chief Data Protection Officer, Siemens AG

Join EU data protection experts for a discussion of the proposed Data Protection Regulation, primarily focusing on best practices for implementation. You’ll hear specifics on what organisations have been doing to prepare for the proposal coming into force, what the challenges are and examples of how various organisations are implementing elements of the proposal today.

What you’ll take away:

  • Insights on what other organisations are doing to prepare
  • An understanding of the challenges in different sectors
  • Practical ideas on how to implement some of the elements of the regulation

Presentation 1

Profiling: Maximising the Value of Data at the Expense of Freedom?

Moderator: Eduardo Ustaran, Partner and Head of the Privacy and Information Law Group, Field Fisher Waterhouse
Billy F. Hawkes
, Data Protection Commissioner of Ireland
Jeremy Henderson-Ross, Global Privacy Officer, AIMIA

One of the most heated debates in the privacy world right now is about how to regulate and comply with data protection law in the context of profiling. On one hand, data analytics and individual targeting have become a crucial factor for economic prosperity. On the other hand, profiling is seen as a massive risk to privacy by policymakers and regulators. Here, we’ll candidly present the two sides of the story and then try to find a viable way of minimising the risks whilst realising the benefits.

What you’ll take away:

  • An overview of the key issues surrounding profiling
  • The benefits for individuals and opportunities presented by profiling
  • A regulator’s perspective on the perceived risks and approach to the issue
  • New insights and approaches toward achieving everyone's aims

Presentation 1, Presentation 2

Update on the Data Protection Regulation: Main Drivers and Key Elements

Moderator: Monika Kuschewsky, CIPP/E, Special Counsel, Global Privacy & Data Security, Covington & Burling LLP
Anna Buchta
, Head of Litigation and Legislative Policy, EDPS
Hielke Hijmans, Head of Unit Policy and Consultation, EDPS
Peter Hustinx, European Data Protection Supervisor

Join the European data protection supervisor and senior members of his staff involved in the EU data protection reform for a systematic update on key elements of the proposed Data Protection Regulation, at a point in time when both the European Parliament and the Council are approaching a mid-term position that should serve as the basis for a final text to be adopted in 2014. This session will cover the main drivers for the reform and the key elements of the regulation, such as definitions and scope, general principles, rights of data subjects, obligations of controller and processor, as well as some controversial issues (such as the space for national law, the position of the public sector and the administrative burden for business).

What you’ll take away:

  • A better understanding of the key issues in the regulation
  • Defined roles and obligations of important players, and how the regulation will influence their operations

Update on the Data Protection Regulation: The Role of the DPAs

Moderator: Monika Kuschewsky, CIPP/E, Special Counsel, Global Privacy & Data Security, Covington & Burling LLP
Anna Buchta
, Head of Litigation and Legislative Policy, EDPS
Hielke Hijmans, Head of Unit Policy and Consultation, EDPS
Peter Hustinx, European Data Protection Supervisor

Join the European data protection supervisor and senior members of his staff involved in the EU data protection reform for a systematic update on key elements of the proposed Data Protection Regulation, at a point in time where both the European Parliament and the Council are approaching a mid-term position that should serve as the basis for a final text to be adopted in 2014. This session will cover the role of data protection authorities, arrangements for cooperation and consistency (including ‘one-stop-shop’), enforcement, international data transfers, special situations (such as media, health, employment and research) and some scenarios for further legislation.

What you’ll take away:

  • An inside look at how DPAs will operate under the new regulation
  • A look into the future from the DPA perspective



Cyber Attacks: Legal Implications for Financial Institutions

Vivienne Artz, Managing Director, IP and O&T Law Group, Citigroup, Inc.
Kris McConkey
, Director, Cyber Threat Detection & Response, PricewaterhouseCoopers
Nigel Parker
, Senior Associate, Allen & Overy LLP

Computers, the Internet, mobile transactions and electronic communications all play an important and ever-increasing role within financial institutions. However, the continued growth of cyber technologies has a number of security and privacy implications. Cyber attackers are quick to spot the potential vulnerabilities of new technologies and exploit them to commit civil and criminal offences, as well as disrupt the detection of their offences or activities. Cyber attacks often involve the misuse of personal data and confidential information. Join us to explore current trends in cybersecurity, including looking at the nature and types of cyber attacks; the evolving regulatory approach in Europe and the U.S., including legal risks and potential liabilities for financial institutions; and potential causes of action, remedies and enforcement to facilitate the prevention, detection, investigation and disruption of cyber attacks.

What you’ll take away:

  • An understanding of the nature of cyber attacks and in particular the risks they present to information privacy
  • An understanding of the implications of cyber attacks under existing data protection laws, bank confidentiality laws and UK financial services regulation
  • Insight on the evolving regulatory framework in relation to cybersecurity in the EU and U.S.
  • Practical steps that can be taken to mitigate the threats posed by cyber attacks
  • Key elements of cybersecurity strategy from an information privacy perspective

Presentation 1, Presentation 2, Presentation 3

The APAC Juggling Act: Tips for Global Financial Institutions on Managing Conflicting Regimes

Brad Bryant, EMEA Privacy Counsel, AON Hewitt
Tom De Cordier
, Counsel, Allen & Overy LLP
Helen Woollett, CIPP/E, CIPP/IT, Director, Head of Group Privacy, Barclays

In this interactive session, we’ll discuss the particular issues faced by global financial companies that wish to set up privacy programmes. There will be a focus on the Asia Pacific region as well as Europe, and on cross-border transfers. You’ll gain real-life examples and insight on implementation at large financial institutions and the challenges faced when trying to resolve conflicting data protection regimes around the world.

What you’ll take away:

  • Recent developments in privacy laws in the APAC region
  • A view of the approaches currently taken by various financial organisations when juggling conflicting regimes

Presentation 1

International Screening Requirements Meet Data Privacy in the Nordics

Nils Arne Grønlie, Partner and Head of the Norwegian Intellectual Property and Technology Team, DLA Piper
Caroline Olstedt Carlström, Chief Counsel Global Data Protection, Klarna AB
Christian Pardieu, Executive Counsel, Privacy & Regulatory Affairs, GE Corporate, GE

How do you manage the screening activities in between the U.S. legal requirements to screen (subject to U.S. civil and criminal penalties) and the Nordic explicit prohibitions to process the data (subject to local civil and criminal penalties)? The Nordic data protection regulations pose challenges to every international financial organization active in that market. U.S. entities and their overseas operations may be obliged to screen their customers, employees and business relations against lists created under U.S. anti-terrorist rules (for instance the OFAC lists). Screening requirements are also being introduced by non-U.S. organizations for risk mitigating purposes. These screening activities are, however, considered by the Nordic data protection authorities to constitute processing of sensitive data, and Sweden even expressly prohibits such processing. Recent cases in Norway and Sweden shed some light on the subject, but difficulties remain. Join our panel to discuss how to best handle the screening requirements, how and where to apply for exemptions and what to look out for.

What you’ll take away:

  • A clear understanding of the conflicting laws
  • How to manage the conflict, examples of strategies and workarounds

Presentation 1



Help or Hindrance? E-health and the Data Protection Regulation

Monika McQuillen, Partner, Eversheds LLP
Sabina Rossetti
, Legal Lead PCBU, Litigation & Data Privacy Italy - Haemophilia & Transplant Europe, Pfizer

Will the e-health agenda be helped or hindered by the forthcoming draft Data Protection Regulation? Join what’s sure to be a lively discussion, where we’ll review the obstacles facing the e-health agenda and consider the wider impact of the regulation to the life sciences sector.

What you’ll take away:

  • An understanding of the e-health agenda
  • Obstacles facing the agenda with respect to the regulation
  • Insight on how the proposed regulation will impact the life sciences sector

Presentation 1, Presentation 2

Sensitive Data and Emerging Technologies: Friends or Foes?

Moderator: Noemí Alonso Calvo, CIPP/E, Privacy Compliance Manager EMEA, Johnson & Johnson
David Evans
, Group Manager - Business and Industry, UK Information Commissioner's Office
Gonzalo Gallego
, Partner, Hogan Lovells Madrid
Wojciech RafaƂ Wiewiórowski
, Inspector General for the Protection of Personal Data (GIODO), Polish DPA

Learn about the privacy challenges introduced by new technologies that are starting to be used in the field of healthcare, including web assistance, mobile apps, information websites and others, and the benefits these technologies bring. You’ll hear specific examples of the advantages these new technologies may have for governments, particularly with regard to aging populations and the impact of the economic crisis.

What you’ll take away:

  • A better understanding of the close relationship between technology and privacy
  • Insight on the special nature of services and technology used in healthcare

Presentation 1, Presentation 2, Presentation 3, Presentation 4



The Data Dialogue, Continued

Jamie Bartlett, Director, Centre for the Analysis of Social Media, Demos
Ruth Boardman, Partner, Bird & Bird
Kimon Zorbas, Vice-President, IAB Europe

The largest-ever survey into UK consumer attitudes on personal information and data sharing was published in 2012. The Demos report, entitled The Data Dialogue, exposes poor consumer awareness but reveals that consumers do not speak with one voice: Concerns and expectations of privacy are divergent, posing a policy and commercial challenge. Join us to explore consumer awareness from three perspectives: research, industry and legal. We’ll review report highlights and what consumers think, how industry is attempting to raise consumer awareness in response to the challenges and how lawmakers are responding. We’ll also look at how the draft Data Protection Regulation may help.

What you’ll take away:

  • Conclusions of largest-ever poll of consumer attitudes on personal information and data sharing
  • Policy response from industry
  • The impacts of existing and new laws

Presentation 1



The A to Z on BCRs—Recent Developments

Emmanuelle Bartoli, Chief Legal Counsel, Data Protection and Security, Atos
Geraldine Dersley
, Lead Solicitor and Head of Legal Profession, UK ICO
William Long
, Partner, Sidley Austin LLP

Join us to explore the very latest in binding corporate rules (BCRs). Specifically, we’ll discuss how to get your BCRs approved in the most efficient way and what the regulators expect. We’ll review the benefits of BCRs for data processors, as well as the definition, application and approval procedures for processor BCRs. And, importantly, we’ll forecast how the proposed regulation may impact BCRs and data transfer.

What you’ll take away:

  • Tips for getting your BCRs approved as efficiently as possible
  • An understanding of what the regulators are expecting
  • Specifics on BCRs for data processors
  • The potential impacts of the proposed regulation on BCRs and data transfer

Debunking Myths of European and U.S. Privacy: New Data on Corporate Privacy Management

Kenneth Bamberger, Professor of Law, University of California at Berkeley

UC Berkeley Law Professor Ken Bamberger and UC Berkeley Information Professor Deirdre Mulligan have engaged in multi-year research to investigate privacy ‘on the ground’—how privacy protection actually works in corporations, and how it is (or is not) shaped by legal, social and other forces—in the U.S. and Europe. Moving away from traditional research focusing only on formal laws ‘on the books’, their work has involved 75 interviews of chief privacy and data protection officers in the U.S., Germany, France, Spain and the UK, as well as regulators, lawyers and other corporate managers. Their comparative findings are of direct relevance to privacy lawyers, privacy professionals and corporate managers alike, as they reveal an evolving set of corporate privacy best practices to which the leading firms and regulators are turning across jurisdictions; expose the real differences—and similarities—between privacy in the U.S. and in Europe; and weigh in on the heated legal reform debates in Washington and Brussels, informed by evidence of what policies have proven most effective on both sides of the Atlantic.

What you’ll take away:

  • Corporate privacy best practices to which the leading firms and regulators are turning across jurisdictions
  • The real differences and similarities between privacy in the U.S. and Europe
  • Insight on the heated legal reform debates in Washington and Brussels, informed by evidence of what policies have proven most effective on both sides of the Atlantic

Presentation 1

I Want Your Data: How to Respond to Government Access Requests

Oliver Draf, Chief Privacy Officer, Allianz Germany Group
Christoph Rittweger, Partner, Baker & McKenzie LLP
Mirjam Dora Weiße, Senior Legal Counsel, Corporate Legal and Compliance, Siemens AG

This session will provide practical guidance on how to deal with various government access requests for personal data, be it in government investigations, criminal investigations or court procedures. You’ll learn how to react to such requests and how to minimise exposure when faced with conflicting legal requirements.

Reexamining U.S. Privacy Law Adequacy and Interoperability

Moderator: Christopher Wolf, Co-chair Privacy and Data Security Practice Group, Hogan Lovells US LLP
Stephan Geering
, EMEA Manager – Global Data Privacy Office, Citigroup, Inc.
Glyn Jenner
, Assistant General Counsel & SVP, Bank of America Merrill Lynch
Robert M. Sherman, Manager, Privacy and Public Policy, Facebook, Inc.

Both the EU and U.S. are poised to reshape their privacy laws, with the EU finalising a new General Data Protection Regulation and the Obama administration proposing a new privacy Bill of Rights. Against this backdrop, an expert panel will explore the effectiveness of U.S. privacy law in meeting the EU’s adequacy standard and discuss the challenges ahead in maintaining interoperability, as both EU and U.S. privacy laws evolve.

Presentation 1

Setting Expectations—The Wider Context of the Data Protection Regulation

Iain Bourne, Group Manager, Policy Delivery Department, UK ICO
Rosemary Jay
, Senior Attorney, Hunton & Williams LLP
Hugh Tomlinson
, Barrister, Matrix Chambers     

Critical for anyone wishing to understand the proposed reform of EU data protection law, this engaging session will place the regulation in its broader EU context. While it is tempting to assume that EU data protection law is conveniently found in the specific data protection rules, and that these can be changed by EU legislators as they wish, in reality the EU is constrained by constitutional instruments and is heavily influenced by its own previous case law. Join us to explore broader EU rights that bear on both privacy and freedom of speech, the influence of the existing case law of the Court of Justice of the EU and the impact of the Charter of Fundamental Rights in the union.

Presentation 1

Through the Looking Glass: What the Rest of the Business Thinks about You

Moderator: Simon McDougall, CIPP/E, Managing Director, Promontory Financial Group
Mark Brayton
, Head of Branch Marketing & Innovation, Barclays
Keith Jones
, Head of Data Services, Royal Mail
Russell Sowden
, Global Head of HR Information Systems, Nomura

Wouldn’t it be interesting to hear what business leaders across your organisation really think of the data protection programme? We have assembled a panel of executives responsible for functions adjacent to the world of privacy and data protection, who have a range of competing pressures to contend with. With backgrounds in areas such as marketing, data, innovation, IT and HR, the panelists will share how they see privacy from their perspective. They’ll offer insight on how data protection practitioners can get their message across and achieve change in their organisations. You’ll gain insight on the language used to discuss data protection and risk management, aligning differing stakeholder agendas and whether data protection is seen as a force for good or a brake on innovation. This is a very special opportunity to hear how the discipline is seen from outside the core data protection team, with some challenging analysis and plenty of insight.

What you’ll take away:

  • Candid insight on data protection from leaders in other business areas
  • Tips for getting your message across and achieving change
  • New perspective on aligning different stakeholders in your organisation

Using a Compliance Compass to Navigate Sensitive Content within Your IT Environment

Ralph O’Brien, AvePoint, Inc.

There is increasing pressure on organisations to do more with less—and empower employees, business associates and customers through the use of the latest and greatest technologies. Companies require increasingly larger market data sets and deeper granularity to feed predictive models, forecasts and trading throughout the day. At the same time, new regulatory and compliance requirements are placing greater emphasis on governance and risk reporting, driving the need for deeper and more transparent analyses across global organisations. Enterprise collaboration systems, social media, big data, mobile devices and the cloud are great for innovation, free thinking and creativity; however, they can become a compliance headache as well. A successful compliance programme weaves together a number of stakeholders. Many factors go into the determination of an organisation’s privacy and information assurance, including statutory and regulatory requirements, company or organisational best practices and market demands. In a perfect world and as a function of best practices, each and every IT deployment should be accompanied by a governance and compliance strategy along with a plan for technical, practical and strategic implementation and monitoring of that plan. We know this doesn’t always happen: So what is a compliance officer to do? Join us to explore methods for using technology to bridge that gap between compliance, IT and ‘the business’, to begin and maintain a constructive, productive and compliant environment. We will use Microsoft SharePoint as a case study.

What you’ll take away:

  • If you can’t begin at the beginning, where do you start?
  • Considerations for assessing your as-is environment to determine the current level of risk
  • Example policies and practices that make it easier to do the right thing than to do the wrong thing

Presentation 1