Global Privacy Summit

Breakout Sessions

 

Use these links to jump to the topic you’re interested in:


For session times and to view a complete conference schedule, visit the At-A-Glance.

 

  BIG DATA/CLOUD COMPUTING

 

How Using Big Data in Security Helps (and Hurts) Us

Kerry Matre, CIPP/US, Solutions Marketing Manager, Hewlett Packard Enterprise Solutions
Boris Segalis, CIPP/US
, Partner, InfoLawGroup LLP

Companies experience a continuous threat of data loss and theft from the inside (think Edward Snowden). Employees have access to systems within a business but often use their access in inappropriate ways. As a result, employers are employing big data to monitor their employees for malicious behavior and inappropriate access. This session will explore technologies implemented around big data for security and discuss the implications on personal privacy.

What you’ll take away:

  • Learn how big data is used inside companies to monitor for data loss and potential threats
  • Understand how behavioral analytics is used to identify malicious insiders
  • Recognize the potential for abuse of big data use for security purposes

Presentation 1, Presentation 2

Privacy and Innovation in the Age of Big Data MCLE Ethics Credit Eligible!

Martin Abrams, Executive Director and Chief Strategist, Information Accountability Foundation
Christina Peters, CIPP/US, Chief Privacy Officer, IBM
Robert Sutor, VP, Business Analytics and Mathematical Sciences, IBM Research

Data-driven organizations perform better. Organizations are look to leverage the volume, velocity and variety of data in today's instrumented and interconnected world to gain insights and performance advantages. Yet gathering, merging and analyzing personal information from various sources and putting that insight to use present legal and ethical challenges. How can organizations make innovative yet responsible use of personal data within this context? Hear our expert panel touch on the basics of analytics, highlight some of its applications, discuss associated privacy challenges and good practices and propose ways forward. You’ll gain insight your organization can use as a the speakers—a leader at a global privacy think-tank, the chief privacy officer at a global analytics industry leader and a leader in analytics research—discuss and debate this timely issue.

What you’ll take away:

  • An understanding of the basics of big data analytics and associated benefits and risks
  • Good practices used to mitigate privacy risks and comply with privacy laws

Presentation

A How-to Guide for Privacy, Big Data and the Cloud in the U.S. and Asia Pacific

Alec Christie, Partner, DLA Piper Australia
Joel M. Lutz, Data Governance and Privacy Leader, The Vanguard Group, Inc.

It's cloud illusions I recall
I really don't know clouds at all
           (Joni Mitchell, “Both Sides Now”)

Come explore big data and the cloud and their growing importance in today's global business environment. Using case studies and real-life examples in the U.S. and a selection of Asia Pacific countries, we’ll outline the key privacy issues. Focusing on cross-border transfers and the application services/SaaS cloud model (currently the most often used by business) and based on our U.S. and Asia Pacific experiences, we will discuss how to resolve and deal with the real-world privacy issues that arise in relation to big data and the cloud in practice. This session takes a how-to approach to addressing the key privacy issues that arise, with real-world solutions for vendors and customers of the cloud and users of big data throughout these regions. We will provide a practical framework for identifying and addressing issues that are raised when embarking on projects involving big data and the cloud.

What you’ll take away:

  • A clear understanding of the privacy issues that arise in respect to big data and the cloud in the U.S. and Asia Pacific
  • A practical framework for identifying and addressing the privacy issues that arise
  • Confidence for approaching the privacy issues and the know-how to deal with them

Presentation

 

  CONVERSATIONS IN PRIVACY

 

Do the FIPPs Need to Be Modernized?

Moderator: Nuala O’Connor, CIPP/US, CIPP/G, President & CEO, Center for Democracy and Technology
Adam Thierer, Mercatus Center, George Mason University
Nicole Wong, Deputy US Chief Technology Officer, Office of Science & Technology Policy, Executive Office of the President

The rise of the Internet of Things has heightened a growing tension in the world of privacy: Are the traditional privacy principles in need of modernization? Some have questioned the vitality of the Fair Information Practice Principles, as notice and choice become more difficult in a screenless world, and data minimization and related concepts become less salient in a data-driven world. However, these principles continue to serve as the backbone for privacy policy worldwide, repeatedly endorsed by the White House, European Commission, FTC and international organizations such as the OECD. This panel will assess the relevance of long-standing principles underlying privacy concepts, and whether and how FIPPs should be modernized to reflect modern technology.

FTC Hot Topics with Commissioner Julie Brill

Interviewer: Jim Halpert, Partner, DLA Piper LLP
Julie Brill, Commissioner, Federal Trade Commission

Commissioner Julie Brill and DLA Piper privacy practice co-chair Jim Halpert will discuss the top items on the Commission’s agenda, including mobile privacy and security, consumer tracking, building privacy considerations into Big Data, data broker transparency, and potential changes to the U.S.-EU Safe Harbor program. Don’t miss this special opportunity to get an inside view of the FTC’s privacy agenda from a long-time thought-leader on privacy.

Privacy on the Books and on the Ground

Moderator: Omer Tene, Vice President, Research and Education, IAPP
Kenneth Bamberger, Professor of Law, Co-Director, Center for Law and Technology, University of California Berkeley
Giovanni Buttarelli, Deputy Supervisor, EDPS
Deirdre Mulligan, Assistant Professor, The School of Information at UC Berkeley, Co-Director of the Berkeley Center for Law & Technology

It has been said that "Americans are from Mars, Europeans are from Venus," but what is it that’s so different about the two trading blocks' privacy laws? In this fascinating conversation, UC Berkeley Professors Ken Bamberger and Deirdre Mulligan and Assistant European Data Protection Supervisor Giovanni Buttarelli will take us on a deep dive into different European regimes. The discussion will center around findings based on more than 100 interviews with European privacy leaders presented in a series of articles by Bamberger and Mulligan, that highlighted the variations in European states’ implementations of the Directive and the growing legal landscape of privacy in the U.S.—the result of which was some inter-planetary alignment. In particular, they surmised that heavy top-down regulatory approaches resulted in less robust frameworks for operationalizing privacy commitments within firms.

A Q&A with FTC Chairwoman Edith Ramirez

Interviewer: Reed Freeman, Partner, Morrison & Foerster LLP
Edith Ramirez, Chairwoman, Federal Trade Commission

This session will be a tabletop Q&A with Chairwoman Ramirez on current FTC priorities in the areas of privacy, identity protection and data security. We will explore these priorities not just in terms of enforcement, but also in terms of the commission's thought leadership and policy work in these areas. We will also address the commission’s relationship with its peer agencies internationally.

What you’ll take away:

  • Firsthand insight on the current FTC priorities in the areas of privacy, identity protection and data security

A Q&A with NSA CLPO Rebecca Richards

Interviewer: Daniel Weitzner, Director, MIT CSAIL Decentralized Information Group
Rebecca Richards, CIPP/US, CIPP/G, CLPO, National Security Agency

This session will be a tabletop Q&A with Richards exploring the newly created position of Civil Liberties and Privacy Officer at the NSA. What has she been tasked with and how does she plan to begin tackling the job? How can an organization like the NSA communicate more effectively about how it protects privacy and civil liberties? How will Richards’ work be informed by her time at DHS and her training as a privacy professional? Finally, what does the future hold for government access to data and how can a privacy pro like Richards help to shape that future?

What you’ll take away:

  • Firsthand insight on the NSA CLPO’s priorities in the areas of privacy, identity protection and data security

A Talk with Peter Swire

Interviewer: Omer Tene, Vice President, Research and Education, IAPP
Peter Swire, CIPP/US, Nancy J. and Lawrence P. Huang Professor, Scheller College of Business, Georgia Institute of Technology, Member, President Obama's Review Group on Intelligence and Communications Technology

Few privacy leaders have the scope and depth of experience of Professor Peter Swire. Selected for Obama's NSA review board, former co-chair of the W3C process to standardize Do Not Track, and one of the drivers of the HIPAA privacy rule, Swire has been in information privacy since the get-go. Get a front-row seat as Professor Swire and Professor Tene, the IAPP VP of research and education, discuss the delicate balance between privacy and national security, the rapidly shifting online and mobile data ecosystem, de-identification and trans-border data flows to the cloud.

Handout 1, Handout 2

“This Journey Is 1% Finished”—Building Privacy for the Long Term

Interviewer: Nuala O’Connor, CIPP/US, CIPP/G, President & CEO, Center for Democracy & Technology
Erin M. Egan
, Chief Privacy Officer, Policy, Facebook, Inc.

Facebook has a saying, “This journey is 1% finished.” Join us for a public interview to hear the recently seated leader of one of America’s prominent public policy and Internet freedom advocacy organizations ask Facebook’s key privacy decision-maker what this means for consumer privacy.

What you’ll take away:

  • Preparing your privacy program for the future
  • Privacy’s new and expanding definition
  • The value of transparency and notice
  • The evolving interplay and tension between the U.S. government and the private sector regarding data access
  • And much more!

Which Dystopian Future Will Come to Pass?

Moderator: Sam Pfeifle, Publications Director, IAPP
David Brin, Author
Alex Irvine, Author

The surveillance society is one of the hallmarks of literary science fiction. For years, writers have been predicting alternative forms of the complete loss of privacy, from George Orwell’s 1984 coining of the nearly ubiquitous moniker “Big Brother” to Philip K. Dick giving us the particularly insidious world of Minority Report, where the surveillance is so pervasive the authorities know you’re going to commit a crime before you do. In this conversation, the IAPP’s resident sci-fi geek talks with two leading futurist writers about how uncanny it is that writers have been so prescient with ideas about ubiquitous data gathering and how likely it is that some of the latest literary predictions will come to pass.

 

  ENFORCEMENT AND LITIGATION RISK

 

Privacy Litigation Risks: Update from the Trenches

Douglas Meal, Partner, Ropes & Gray LLP
John Nadolenco, Partner, Mayer Brown LLP
Mark Schreiber, Partner, Edwards Wildman LLP

Get up to speed on the latest in private privacy and data security litigation in this three-part, 90-minute session. The first portion will cover “zip code litigation” in California, Massachusetts (following the decision in Tyler v. Michaels Stores), DC, New Jersey and elsewhere, and will explore a variety plaintiff theories, the expanding nature of this litigation and similar statutes in other states. Part two will focus on data security litigation trends, with a look into the latest theories of liability by the plaintiffs’ bar and how the companies targeted by these theories and their counsel have sought to defend against them. Finally, in the third portion, you’ll gain insight into so-called tracking cases (cookies, LSOs, etc.) in both federal and state court, and litigation developments under the Video Privacy Protection Act.

Presentation

Regulatory Enforcement: Around the World in 90 Minutes

Shaun Brown, Partner, nNovation LLP
David Holtzman, CIPP/G, Vice President, Compliance Services, Privacy & Security, CynergisTek, Inc.
Alysa Z. Hutnik, Partner, Kelley Drye & Warren, LLP
María Elena Pérez-Jaén
Zermeño, Commissioner, Federal Institute for Access to Information and Data Protection (IFAI), Mexico
Eduardo Ustaran, CIPP/E
, Board of Directors, IAPP

Take a journey through the latest regulatory enforcement trends on privacy and data security. You’ll start in the U.S., covering the FTC, OCR and state enforcement developments and trends under the FTC Act, HIPAA, the HITECH Act and similar state laws, and state AG enforcement authority. Next stop is the EU, with discussion of developments under member state laws implementing the Data Protection Directive and the Cookie Directive. Them on to Asia, with an emphasis on South Korea and Japan, and finally Canada, with an emphasis on what to expect under the new CASL regulations.

Presentation

 

  FINANCIAL SERVICES

 

Debt, Data and Decision-making

Dan Munz, Deputy Assistant Director for Consumer Engagement, Consumer Financial Protection Bureau
Claire Stapleton, CIPP/US, CIPP/G
, Chief Privacy Officer, Consumer Financial Protection Bureau
John Yuda
, Senior UX Designer, Consumer Financial Protection Bureau

In the age of big data, industry is constantly looking for new ways to better influence how consumers make decisions and improve their profits, relying on obvious service improvements or cost discounts to offset the loss of privacy associated with analyzing the consumer’s personal information. System design establishes defaults that promote implicit and explicit values, but what if those assumptions are wrong? What if the very tools created to help individuals make better purchasing decisions don’t allow them to make good decisions about their own privacy? How do we think about usability in a world with evolving user expectations regarding personal privacy? What are some of the simple steps your organization can take to build user trust in your brand with regards to privacy? Come hear firsthand insights on efforts to provide technology tools that help build user trust without sacrificing functionality, see some of the decision-making tools offered by the CFPB to help consumers make better financial decisions for themselves and their families and explore the privacy issues/concerns raised by each tool and how they were addressed.

What you’ll take away:

  • Examples of how Privacy by Design works for privacy and for operations
  • An understanding of how privacy builds brand trust
  • Learn to better understand your users so they can better understand you

Developing a Practical Insider-threat Program: Employee Monitoring, Access Control and Best Practices in the Financial Industry

Manisha A. McArthur, CIPP/US, Manager, Data Protection & Privacy, Ernst & Young
Philipp Raether, Executive Director and Global Lead Data Management & Protection, UBS
James T. Shreve, CIPP/US, CIPP/IT, Attorney, BuckleySandler LLP

Insiders are of particular concern to organizations because they are granted legitimate access to organizational resources based on their job responsibilities. We’ve all heard the stories: Julian Assange, Snowden, Bradley Manning, etc., but how can an organization be prepared for data leaks like this? What policies, procedures and controls can be put into place to avoid less dramatic but similarly dangerous day-to-day data loss? Damages in many of these crimes whether large or small are not only financial, but widespread public reporting of the event can also severely damage an organization’s reputation. Employee monitoring and access control figure prominently into many prevention strategies, but legal requirements can vary greatly across jurisdictions and require careful attention. Join us in this interactive session in which you’ll receive an overview of the current and projected legal landscapes, have the opportunity to engage with the panelists through an illustrative, realistic scenario and leave with practical guidance on both policy development and implementation within your organization.

Presentation

 

  GOVERNANCE/RISK MANAGEMENT

 

Are You Covered, or Will You Just Duck and Cover? Essential Cyber Insurance Tips

Moderator: Scott Godes, Partner, Barnes & Thornburg LLP
George Liddy, Manager, Risk Management, Sprint Corporation
Toby Merrill, Vice President, National Product Manager, ACE USA
Meredith Schnur, Senior Vice President, Wells Fargo Insurance

If someone asked you right now whether your company had insurance for cyber risks, could you answer (truthfully)? Would you like to know what you should look for when considering cyber insurance or other insurance for cyber risks? If so, this is the session for you!

What you’ll take away:

  • A better understanding of cyber insurance
  • Tips for evaluating a cyber insurance policy
  • Insights on assessing whether other insurance policies cover privacy and data security risks

Presentation

Attack Privacy and Security from a Spy's Point of View!

Nat Brooks, Principal, Strategy Shapers LLC
Sandra R. Hughes, CIPP/US, CEO/President, Sandra Hughes Strategies

Competitive intelligence is essential for organizations to win in the marketplace, no matter the size or mission of the organization—even non-profits have to compete for money! Having knowledge of the competitive landscape is a key element for successful organization strategies. This session will provide an overview of competitive intelligence practices and some techniques such as social media information collection, competitor profiling, strategic counter-intelligence, trade show quarterbacking and competitive war games. We will even do some interactive hands-on exercises to deepen understanding. On the flip side, with this new awareness, security and privacy managers can develop approaches to better integrate into business processes those practices that protect their company from competitors as well as ensure employees are adhering to policy. Here, you’ll learn best practices from both sides of the data coin—how to collect and how to protect.

What you’ll take away:

  • Learn how and where data can be collected and how it is used for strategic competitive intelligence analysis
  • Understand where competitive intelligence functions often fly under the radar, creating potential policy risk that can be avoided
  • Share best practices for supporting the importance of competitive intelligence while building the case for integration of security and privacy

Presentation

Protecting Privacy under the Cybersecurity Microscope

Victoria King, CIPP/US, CIPP/IT, Global Privacy Officer, United Parcel Service, Inc.
Karen Neuman, Chief Privacy Officer, U.S. Department of Homeland Security
Lisa J. Sotto, CIPP/US, CIPM, Partner & Head, Privacy and Cybersecurity Practice, Hunton & Williams LLP

Cybersecurity is all the rage. While significant corporate resources are being devoted to influencing federal cybersecurity policy and managing cyber threats and incidents, who’s looking out for the privacy concerns? How should privacy professionals engage with those in their organizations who are managing cybersecurity issues? This session will arm privacy professionals with the information they need to ensure that their cybersecurity colleagues are appropriately considering privacy issues in the context of cyber threats. We will address rules of the road when sharing cyber threat information with the government. In addition, we will explore privacy considerations associated with the federal policy framework that is currently under development. We also will discuss the privacy concerns that arise when responding to cybersecurity events. Finally, we will discuss how one large, global organization is addressing privacy issues in the context of the quickly-evolving cybersecurity landscape.

What you’ll take away:

  • An understanding of the privacy issues that should be considered in the current cyber policy debate so they are armed to engage most effectively with their cybersecurity colleagues
  • Insight on how one large, global organization is addressing the relevant privacy issues in the context of the larger cyber landscape (through the use of a case study)

Presentation

The Risks in Assessing Risks

Adam Turteltaub, Society of Corporate Compliance and Ethics

Companies have embraced risk management to an unprecedented degree with real benefits. However, behavioral economics and psychology have revealed significant gaps in the abilities of humans to adequately assess risk. This highly interactive session will review the traps people can fall in and how to avoid them.

What you’ll take away:

  • Identify the common traps that people fall into when identifying risk
  • Techniques for avoiding common mistakes that can skew risk assessments
  • The value of thinking of approaches that cover a wide range of potential risks

Presentation

 

  GOVERNMENT/PUBLIC SECTOR

 

Governmental Access to Private-sector Data: The Realities and Impacts in the U.S. and EU

Moderator: Christopher Wolf, Director, Global Privacy and Information Management Practice, Hogan Lovells US LLP
Stewart Baker, Steptoe & Johnson LLP, Former General Counsel, National Security Agency
Chris Calabrese, American Civil Liberties Union
Alexander Joel, CIPP/US, CIPP/G, Civil Liberties Protection Officer, Office of the Director of National Intelligence/Privacy and Civil Liberties Office

In the wake of the Snowden NSA revelations, this session will provide a balanced perspective on the national security, civil liberties and international relations aspects of the much-talked-about governmental access to private-sector data. The experienced panelists, representing diverse viewpoints, will drill down on what actually is being exposed in the U.S. and in the EU; what checks and oversight exists in the various jurisdictions; what those holding the data and those whose data is held can do to address privacy and free expression concerns; and what impact the publicity over national security access is having on public policy and international relations.

What you’ll take away:

  • How the respective international frameworks for governmental access to data held by intermediaries compare
  • How the NSA revelations have affected domestic policy, and the impact on global data flows
  • What intermediaries and individuals can do to advance privacy of material subject to governmental requests for data from intermediaries

Presentation

The Privacy Pro's Guide to the NIST Cybersecurity Framework

Moderator: Harriet Pearson, CIPP/US, Partner, Hogan Lovells US LLP
Ari Schwartz, Director for Cybersecurity Privacy, Civil Liberties and Policy on National Security Staff, White House
Karen Zacharia, CIPP/US, Chief Privacy Officer, Verizon

In 2013, President Obama directed the National Institute for Standards and Technology—an agency that usually develops standards on technical subjects like encryption—to develop a cybersecurity framework that includes methodologies to protect privacy and civil liberties. NIST’s deadline to deliver the new framework is right before the Summit, and the panel will share their thoughts and advice to help understand and comply with the new framework. All of the panelists have been directly involved in the development of the framework, including the privacy methodology. You will learn how the cybersecurity framework is meant to be used and to whom it applies, what the new privacy methodology means in practice, the pitfalls to avoid and how privacy pros can use the new framework to engage IT, security and senior management.

Presentation

Top 10 Issues for Privacy Professionals in State Government

Daren Arnold, CIPP/US, Chief Privacy Officer, State of Ohio
Elizabeth Rogers, Chief Privacy Officer, Texas Comptroller of Public Accounts

Many of us in state government face similar challenges when it comes to addressing privacy. Join me for a discussion of the common issues we face and possible solutions to them, from finding the right talent for our privacy teams to the need for executive support for privacy initiatives to insights on BYOD for state business and much more. Through an interactive discussion, we’ll explore the top issues, and you’ll learn valuable insights from your counterparts in other states.

What you’ll take away:

  • Build your network of state privacy professionals
  • New knowledge and education about enhancing privacy programs
  • Insight on increasing standards of state government privacy professionals
 

  HEALTHCARE

 

Breaking the Code on De-identification

Khaled El Emam, Canada Research Chair, Electronic Health Information Laboratory – CHEO Research Institute
Mitchell Granberg, CIPP/US, Chief Privacy Counsel, Optum
Kimberly S. Gray, CIPP/US, Chief Privacy Officer, Global, IMS Health

This session will discuss HITECH de-identification guidance and the initiative taken by a working group of healthcare organizations, industry practitioners and de-identification experts to create a framework and methodology for organizations to de-identify their data. You will leave knowing how to define levels of anonymity, identify use cases and evaluate de-identification methodologies. We will also discuss the use of experts to certify compliance and a framework for mitigating the risks associated with the use, storage and maintenance of de-identified data.

What you’ll take away:

  • The ability to define levels of anonymity, identify use cases and evaluate de-identification methodologies
  • The ability to use experts to certify de-identification compliance
  • A framework for mitigating the risks associated with the use, storage and maintenance of de-identified data

Presentation

Digital Medicine—Healthcare Innovation and Data Privacy

Moderator: Stanley Crosley, CIPP/US, CIPM, Director, IU CLEAR Health Information, Crosley Law Offices, LLC
Sheila Colclasure, CIPP/US
, Americas Privacy and Public Policy Director, Acxiom Corporation
George Savage, Co-Founder, Chief Medical Officer, Proteus Digital Medicine

This session, which explores medical innovation and the related privacy concerns, includes a demonstration of Proteus Digital Health’s latest innovation: ingestible smart micro-sensors that enable “digital medicine.” This product is a digital sensor the size of a grain of sand that is co-formulated in pharmaceutical products and which, when swallowed, emits a signal like a digital heartbeat that is detected by a Band Aid-like patch monitor worn by the patient. The patch also tracks the patient’s heart rate, sleep pattern, activity and other physiologic parameters. The health data generated by this technology, including the capability for healthcare professionals to track their patients’ actual use of medicines, is ground-breaking and portends tremendous health benefits and efficiencies. But what about the privacy issues accompanying the new era of innovative digital medicines? How should we as privacy professionals consider, frame and address these concerns and still enable this valuable use? George Savage, co-founder and chief medical officer of Proteus, explains the digital medicines revolution Proteus is advancing. In compliment, data privacy innovation expert Sheila Colclasure, global privacy and policy officer of Acxiom, will suggest a framework approach that should be considered as we encounter innovative data generation and use.

Presentation

Medical and Lifestyle Devices and Apps: Who Says You Can’t Collect That Data?
Sponsored by:    

James DeGraw, CIPP/US, Partner, Ropes & Gray LLP
Michelle Visser
, Ropes & Gray LLP

Regulators are increasingly focused on the proliferation of devices and apps that collect and monitor health and lifestyle data. With the types and amounts of data that these applications can access or construct continuing to expand, industry and regulators both at times express some confusion over how and by whom these applications should be regulated. Meanwhile, the FTC has stepped up its enforcement efforts in this area and will hold a seminar on consumer-generated and controlled health data later this spring. This session will focus on how wearable technologies and lifestyle apps and devices may fit into the evolving privacy security regulatory frameworks.

What you’ll take away:

  • Practical guidance for privacy compliance in novel applications
  • Survey of how existing players in the space are approaching privacy and security

Preventing and Responding to Data Breaches after the Omnibus Rule

Corey M. Dennis, CIPP/US, Associate Counsel & Privacy Officer, Pharmaceutical Product Development, LLC (PPD)
Patrice Malloy
, Senior Assistant Attorney General, Florida Attorney General’s Office
Alfred Saikali, CIPP/US
, Partner, Shook Hardy & Bacon, LLP
Kimarie Stratos, Senior Vice President, General Counsel, Chief Privacy Officer, Memorial Healthcare System

The Omnibus Rule changed the definition of what is considered a breach under the Breach Notification Rule of HITECH. Join us to discuss what healthcare organizations should be doing to prevent breaches and respond to them in light of this new definition. Additionally, we’ll explore what organizations can expect regulatory authorities to focus on when investigating reported breaches.

What you’ll take away:

  • An understanding of the new changes to HITECH's new breach notification rule
  • Practical tips on how to avoid breaches and respond to them
  • Insight on how regulators will enforce the new definition of a data breach under the Omnibus Rule

Handout 1, Handout 2, Presentation

 

  INFORMATION/CYBERSECURITY

 

Cybersecurity Goes Global

Larry Clinton, President, Internet Security Alliance
Jim Halpert, Partner, DLA Piper LLP (US)
Thomas Jansen, Partner, DLA Piper UK LLP

Deploying cybersecurity solutions globally has become increasingly difficult as cybersecurity frameworks begin diverging and fragmenting. These differences may make the Internet even less secure. Learn the requirements of the Obama administration’s cybersecurity framework from the Internet Security Alliance, which played a central role in developing the administration’s incentives approach. Join us as key experts compare the Obama administration’s requirements with Europe's draft cybersecurity directive and requirements in other parts of the world. Finally, we’ll discuss cybersecurity standards that work globally and strategies for investing in security solutions amidst both technical and regulatory uncertainty.

What you’ll take away:

  • What the new U.S. cybersecurity framework requires
  • How other regions are addressing cybersecurity requirements
  • IT security standards that work best globally, and other considerations for allocating and deploying resources amidst regulatory flux and uncertainty

Presentation

The SEC and Cybersecurity: What Every Publicly Traded Company Must Know

Moderator: Elaine Wolff, Partner Corporate Finance and Securities, Jenner & Block
Mary Ellen Callahan, CIPP/US, Chair of Privacy and Information Governance Practice, Jenner & Block LLP
Nicole Maddrey, Vice President, Deputy General Counsel and Assistant Secretary, Graham Holdings
Tangela Richter, General Counsel, Direct Bank and Brokerage, Capital One

Since 2011, the Securities and Exchange Commission has issued guidance about disclosure obligations of publicly traded companies relating to cybersecurity risks and intrusions. New SEC Chair Mary Jo White has ordered a re-evaluation of this guidance, including analyzing the compliance level with the 2011 guidance to determine whether it is adequate and whether further action is required. Where is the SEC going with this requirement? What does the SEC’s renewed focus mean for proper and timely disclosure in the event of a cybersecurity incident at publicly traded companies? What should we expect next?

What you’ll take away:

  • Understanding of the current SEC guidance
  • Practical advice on compliance and approaches to SEC guidance, particularly on cybersecurity risk
  • Steps to create proper and timely disclosure in the event of a cybersecurity incident

Presentation

 

  MARKETING/ONLINE

 

Advertising and Privacy: Global Perspectives from the U.S. and Europe

Moderator: Jeremy S. Goldman, CIPP/US, Counsel, Litigation Group, Frankfurt Kurnit Klein and Selz PC
S. Gregory Boyd, CIPM, Partner & Chair, Interactive Entertainment Group, Frankfurt Kurnit Klein and Selz PC
Felix Hofer, Partner, Hofer Loesch Torricelli

Come hear an impassioned discussion between two experienced advertising lawyers—one based in New York and the other in Florence—about the key privacy-related issues that their brand and agency clients are facing both domestically and abroad. The discussion will address similarities and differences in the ways that the U.S. and Europe have elected to regulate, and are proposing to regulate, online tracking, social media, children's sites, big data, GPS, mobile and other emerging technologies, with a focus on how the panelists have helped their clients balance the opportunities and risks of these developments. We also will cover cross-border privacy issues facing advertisers. Members of the audience will be encouraged to participate throughout the session by sharing their own experiences as advertisers and privacy professionals who help to advise advertisers.

What you’ll take away:

  • Similarities and differences between U.S. and European privacy regimes
  • Key privacy-related issues facing domestic and global advertisers and brands
  • Cross-border privacy-related issues facing advertisers and brands

Handout 1, Handout 2, Presentation 1, Presentation 2

The Digital Marketing Ecosystem: Trends, Risks and Obligations

Teena H. Lee, CIPP/US, Vice President, Privacy and E-commerce Counsel, The Estée Lauder Companies Inc.
Bridget C. Treacy, Partner, Hunton & Williams LLP

Join this discussion of trends in digital marketing. Specifically, we’ll explore omni-channel marketing, including the challenges of implementing omni-channel marketing programs worldwide, the issues you need to be aware of when implementing such programs and practical tips and solutions for navigating the digital marketing ecosystem.

What you’ll take away:

  • An awareness of the intersection of several bodies of disciplines concerning privacy when launching multimedia marketing campaigns
  • Practical approaches for implementing global programs

Presentation

 

  MOBILE PRIVACY

 

The FCC’s Role in Mobile Privacy

Debbie Matties, CIPP/US, Vice President, Privacy, CTIA-The Wireless Association
Natalie G. Roisman, Partner, Wilkinson Barker Knauer
Jennifer Tatel
, Office of General Counsel, Federal Communications Commissioner

In 2013, the Federal Communications Commission (FCC) issued a declaratory ruling addressing the intersection of its Customer Proprietary Network Information (CPNI) rules with the mobile ecosystem. In the absence of authority on the part of the Federal Trade Commission (FTC) to regulate common carriers such as wireless providers, the FCC announced that its CPNI rules apply to data collected on mobile devices pursuant to the direction of a carrier, provided the carrier can access such data. One result of this ruling is that privacy obligations relating to mobile devices will vary depending on whether an app developer, equipment manufacturer or carrier is the responsible party. Should the FCC step in on privacy issues where the FTC cannot tread? What is the scope of the FCC’s authority, and to what extent does it overlap with that of the FTC? And what is the practical effect on industry of regulation by multiple agencies?

What you’ll take away:

  • Even experienced privacy professionals will benefit from a better understanding of the FCC’s role, which is not typically discussed at privacy conferences
  • How the “common carrier exemption” under the FTC Act potentially prevents the FTC from privacy enforcement actions against mobile service providers
  • Understanding of another issue that likely needs to be addressed if and when Congress adopts federal baseline consumer privacy legislation

Presentation

From 0–60: Privacy and the New Generation of Connected Cars

Moderator: Joshua Harris, Director of Policy, Future of Privacy Forum
Hilary M. Cain, Director, Technology and Innovation Policy, Toyota
Alan Prescott, Attorney, Corporate & Compliance, Ford Motor Company USA
Boris Reibach, External Data Protection Officer, Scheja und Partner, Bonn (Germany)

A new car nowadays has over 50 different control devices that store a wide variety of data, keeping it ready for internal and external processing purposes, including car-to-x communications, pay-as-you-drive insurance services and fleet management, to name a few. Additionally, drivers use modern infotainment systems with connections to the Internet and other interfaces, as well as numerous linked assistance systems. All of this requires the installation of mobile SIM cards, which provide access to the services. By using remote control apps for the vehicle as well as profiles, possibilities for personalized and connected cars are virtually endless. However, this rapid technical development is accompanied by the use of (partially sensitive) personal data. Here, we’ll explore the new technologies and their risks for the privacy of individuals, and demonstrate best practices and solutions for ensuring compliance and transparency within the connected automobile environment.

What you’ll take away:

  • Better understanding of the newest connected car technologies and the privacy impacts
  • Insights on how a complex privacy environment can be set up to satisfy both the rights of data subjects and the needs of the providers

Presentation 1, Presentation 2, Presentation 3, Presentation 4

Pitfalls of New Payment Methods and How to Avoid Them

Nicole Ibbotson, General Counsel, InComm
Tanya Madison Cunningham, CIPP/US, Financial Privacy Counsel, eBay Inc.
Mercedes Tunstall, Of Counsel, Ballard Spahr LLP

Join us for a discussion of new payment methods and the privacy risks they present. We’ll begin with an overview of these new methods, including virtual currency, mobile wallets and P2P payments, and then we’ll offer very practical guidance on how you can evaluate products and services involving emerging payments and catch privacy and data security concerns.

What you’ll take away:

  • Overview of the types of emerging payments available
  • Specific privacy and data security concerns
  • A review process that identifies known concerns and uncovers unknown ones

Protecting Children's Data Online

Jonathan Avila, CIPP/US, CIPP/E, VP & Chief Privacy Officer, Wal-Mart Stores Inc.
Dona J. Fraser
, Vice President, Privacy Certified, Entertainment Software Rating Board (ESRB)
Sue Gold
, Partner, Osborne Clarke

Here, we’ll examine the current and proposed guidelines for collecting children’s data and getting parental consent in Europe and in the U.S. under COPPA.

What you’ll take away:

  • Understanding of how consent is obtained in practice
  • Understanding of the impact of U.S. changes

Handout, Presentation 1, Presentation 2, Presentation 3

 

  OPERATIONAL PRIVACY

 

Accountability Metrics—A Pragmatic, Scalable Solution

Michael E. Katz, Data Privacy Manager, BP America
Ellis Parry, Global Lead - Data Privacy, BP International Ltd.
Lauren Reid, CIPP/US, CIPM, Director, Compliance Solutions, NYMITY Inc.

How do you develop meaningful privacy accountability metrics? Come find out in this illuminating session. As a global organization with complex privacy compliance requirements, BP sought to answer two questions: (1) Is our privacy program effectively embedded throughout the organization? (2) How can we monitor the status of the program on an ongoing basis? Here, we’ll share how BP implemented a pragmatic, scalable framework to measure and provide evidence of the implementation of our binding corporate rules across over 80 countries in which BP processes personal information, and to develop meaningful privacy accountability metrics and monitor them on an ongoing basis. We’ll share our experience and lessons learned, and provide you with the framework and templates to help you implement data privacy accountability metrics at your organization.

What you’ll take away:

  • Understanding of how to develop meaningful privacy accountability metrics
  • Framework and templates for developing and monitoring privacy accountability metrics
  • Drivers and benefits for privacy accountability metrics

Presentation

Big Release, Big Privacy Strategy: The Story of Xbox One

Alison Howard, CIPP/US, Senior Attorney, Microsoft Corporation
Lyn R. Watts, CIPP/US
, Senior Privacy Manager, Xbox, Microsoft Corporation

Some product launches are more challenging than others, and getting your privacy story right can help make or break a product’s success. In the just-launched version of Xbox, we knew from the earliest planning meetings that Xbox’s success would require that our new technology needed to be viewed with trust by our customers. We knew we could get there if we built privacy into the product from the beginning and then told the privacy story well to our customers and to government and private leaders. In this session, we’ll outline how we crafted the privacy strategy and story, drafting everyone from executives to interns as partners, and then told the story to as many regulators and government officials as possible. We learned quite a bit along the way, and in this session we’ll share our list of must-do’s and never-do’s with you.

What you’ll take away:

  • How to create a privacy communications strategy
  • Privacy by Design: Who needs to buy in and how to be successful
  • Mistakes we made, wins we are proud of

Presentation

Data Protection in Germany: A Compliance Case Study

Aaron Mendelsohn, CIPP/US, CIPP/E, CIPM, Associate-Innovations, Information Technology & Intellectual Property, Benesch Attorneys at Law
Felix Wittern, Partner, Field Fisher Waterhouse LLP

For many data protection issues, Germany continues to be the focal point from a privacy program management standpoint. Here, we’ll focus on how Eaton, a large U.S.–based company with 100,000 employees in 170+ countries, has managed its compliance obligation in Germany and the partnership it’s developed over the past two years with Field Fisher Waterhouse (FFW), who serves as Eaton’s DPO in Germany. This session will review the role of the DPO in Germany and how/why Eaton decided to outsource the role to FFW, and then we’ll discuss how we’ve developed Eaton’s privacy program to meet German and global requirements. You’ll hear the perspectives of the internal program manager as well as the external DPO, and learn details of the compliance work we’re doing within the privacy program with our businesses, DPO and work councils.

What you’ll take away:

  • Practical knowledge on how a large U.S. company is dealing with compliance obligations in Germany
  • German-specific information on laws and regulations and how they could impact your compliance program

Presentation

Integration Is the New Black: Multidisciplinary Strategies for Managing Privacy Risk and Compliance

Timothy Lisko, CIPP/US, CIPP/G, Manager, Data Protection & Privacy, Accenture
Ram Ramadoss, CIPP/US, Director – Privacy and Information Security, Catholic Health Initiatives
Jamie Tomasello, CIPP/US, CIPP/IT, Policy and Investigation, CloudFlare

Come learn how to embrace a multidisciplinary approach to building a successful privacy program to manage risk and compliance within your organization, be it large enterprise, healthcare, government or start-up. Taking a more holistic approach to intertwine security, compliance, engineering, product development and legal will enable you to build programs that are widely adopted, respected and integrated across the organization while remaining flexible and not limiting technical development. We will discuss how our multidisciplined backgrounds have impacted our view of policy, compliance and product offering, and discuss some of the challenges we faced when integrating these functions, as well as solutions. You’ll leave with real-life strategies for integrating the privacy program at your organization, as well as practical tips for overcoming challenges along the way.

Privacy 101—Setting Up the Function

Heather Egan Sussman, Partner, McDermott Will & Emery
Evie Kyriakides, Chief Privacy Officer and Associate General Counsel Digital, Privacy and Security, Mars, Incorporated
Mac Macmillan, Of Counsel, Hogan Lovells LLP

This session will approach privacy from the beginning. We’ll answer questions like: How do you go about setting up a function? Why and how do you get buy-in from stakeholders and recruitment? Then, we’ll move into the substantive areas of privacy law to hone in on the first year, including how to implement these new practice areas within a global organization.

What you’ll take away:

  • Practical guidance for creating a privacy function
  • Tips for engaging stakeholders and ensuring focus areas remain relevant to your business

Presentation

 

  ADDITIONAL EXPERTISE

 

Contracting About Privacy: Challenges and Solutions
Sponsored by:    

Barbara Cosgrove, Chief Privacy Officer, Workday, Inc.
Lothar Determann, Partner, Baker & McKenzie LLP

Companies have to address data privacy and security law requirements in contract terms with vendors, enterprise customers, consumers and channel partners. Customers and data protection authorities require companies to flow privacy-related terms through to their affiliates and subcontractors. As more and more countries are promulgating their own standard contractual clauses and standards, global companies experience a proliferation of forms, clauses and requirements that are increasingly difficult to manage. Join us for an overview of the existing challenges, with a focus on laws in the U.S. (including HIPAA), the EU and other jurisdictions, as well as developing industry trends, and discover practical solutions for approaches, implementation and negotiation of privacy-related contract terms.

What you’ll take away:

  • Requirements and trends around data processing contracts for clouds and vendors
  • Solutions for multinationals regarding intercompany contracts and binding corporate rules
  • Understanding of consumer consents and contracts—privacy 2.0

Presentation

Cross-Border Data Breach Response: The Next Frontier
Sponsored by:    

Michael Bruemmer, CIPP/US, Vice President, Data Breach Resolution, Experian Data Breach Resolution
Jim Harvey, Partner, Alston & Bird LLP

Much has been said about the various state laws in the U.S. pushing companies to examine their practices to ensure they are compliant in how they are handling sensitive information. But what happens when a breach impacts customers across state or even country lines? Join in this discussion of the rise of the cloud and what happens when the growth of online data opens the door to vulnerabilities that cross borders and laws, forcing risk managers to be compliant with myriad regulations.

Presentation

The Data Breach Lifecycle: From Prevention to Response
Sponsored by:    

Carolyn Holcomb, CIPP/US, Partner & Leader, Risk Assurance Data Protection & Privacy Practice, PricewaterhouseCoopers
Emily Stapf
, Director, Forensic Technology, PricewaterhouseCoopers 

Stories of data breaches play out in the media every day. No industry is safe and no company is too big or too small. But was does a breach look like from an end-to-end perspective? Is there ever really an end to a major data breach? This session will explore the lifecycle of a data breach—from proactive breach preparedness to day-one response to remediation/ongoing assurance and everything in between. We will cover topics such as data inventory and mapping, breach response planning, data preservation, forensic analysis, managing through disclosure and litigation, remediation and ongoing review and assurance.

What you’ll take away:

  • Practical insights into the lifecycle of a breach
  • Good practices in breach response and preparedness
  • Common pitfalls in responding to a breach

Presentation

Ed Tech, Data and Student Privacy

Moderator: Larry Magid, Co-Director, ConnectSafety.org
Andrew Bloom, CIPP/US, CIPP/IT, Chief Privacy Officer, McGraw-Hill Education
Jules Polonetsky, CIPP/US, Executive Director, Future of Privacy Forum
Kathleen Styles, CIPP/G
, Chief Privacy Officer, U.S. Department of Education

The arrival of new technologies in the field of education presents tremendous opportunities as well as privacy risks. Education technologies (ed tech) include personalized learning and the use of data to measure student and school performance; tablets and social networks used by teachers and students; and massive open online courses (MOOCs) attended by hundreds of thousands students worldwide. They allow schools to customize programs tailored to individual students; make education more collaborative and engaging through social media, gamification and learning management systems; and facilitate access to education for anyone with an Internet connection. At the same time, the confluence of enhanced data collection with highly sensitive, sometimes fateful information about children and teens makes for a combustive mix from a privacy perspective. This session will focus on responsible use of ed tech, examining how schools, school districts and vendors can comply with COPPA and FERPA while also developing best practices to protect students’ personal information.

Handout, Presentation

Eraser Buttons, the Right to Delete and the Rise of Tech Solutions for Ephemeral Data
Sponsored by:    

Moderator: Jules Polonetsky, CIPP/US, Executive Director, Future of Privacy Forum
Steve Chung
, CEO, Frankly
Emma Lanso
, Director of the Free Expression Project, Center for Democracy and Technology
Joseph Wender
, Senior Policy Advisor, Office of Senator Ed Markey, State of Massachusetts

California has passed an “eraser button” law requiring websites to allow minors to remove postings, and other states are considering similar legislation. In Europe, the proposed Right to Be Forgotten continues to generate debate, and regulatory efforts in Congress have been proposed. At the same time, new consumer services that make data ephemeral such as SnapChat, Frankly and Whisper have started to catch on with a mass audience. This panel will look at the ways law, technology, free speech, privacy and child protection are intersecting and conflicting.

Presentation

FTC Privacy and Data Security Jurisprudence

Moderator: Omer Tene, Vice President, Research and Education, IAPP
Kelsey Finch
, IAPP Westin Fellow
Jessica Rich
, Director, Bureau of Consumer Protection, Federal Trade Commission
Christopher Wolf, Director, Global Privacy and Information Management Practice, Hogan Lovells US LLP

Starting in the mid-1990s, the FTC has actively pursued its authority to regulate “unfair and deceptive trade practices” in the realm of privacy and information security. In doing so, it has emerged as a de facto standard bearer of U.S. privacy law. Through a series of more than 150 consent decrees, the FTC has established what some call a “new common law of privacy,” which serves as an invaluable reference and guidance tool for corporate data managers not only in the U.S. but also globally. Recognizing the tremendous impact that this body of law has had for privacy professionals on the ground, the IAPP Westin Research Center has embarked on a project to collate, index, annotate and make available to policymakers and practitioners a “Comprehensive Casebook of FTC Privacy and Information Security Law.” In this session, we’ll discuss the findings and initial conclusions with senior FTC staff.

Healthcare in the Cloud
Sponsored by:    

Natalie Mosallam, Chief Health IT Attorney, Verizon
Marcy Wilder
, Partner, Hogan Lovells US LLP

Healthcare is moving to the cloud and the efficiency, cost savings and improved access to information, tools and resources guarantees that healthcare clouds are here to stay. While cloud technologies can be implemented securely and in compliance with HIPAA/HITECH, there are still privacy and security risks. Join this session to discover the top five data protection related issues for healthcare cloud environments and how to ensure that healthcare providers, health insurers, life sciences companies, health and wellness app developers and cloud providers understand the most significant data protection, privacy and contracting issues and how they apply in the healthcare cloud environment.

What you’ll take away:

  • Understanding of when cloud providers are really business associates under the HIPAA Privacy and Security Rules
  • Criteria for assessing cloud provider HIPAA/HITECH compliance
  • Considerations for HIPAA-covered entities and cloud providers when negotiating a business associate contract

Healthcare Privacy and Security: Workforce Competency

Sean Murphy, Vice President, Healthcare Information Security and Privacy Officer, Leidos Health Solutions Group

The healthcare industry will spend a projected $70 billion by 2015 on information technology. The spending will include dollars for hardware and software to protect information. The buzz is about next-generation security. Healthcare organizations will invest in data loss prevention, intrusion protection and other solutions like application firewalls, vulnerability management systems, distributed denial of service (DDoS) protection at the gateway and much more. The solutions have demonstrated benefits in industries like retail, industrial control and banking. But that does not mean they can be copied indiscriminately in healthcare. Even proven information security practices can harm patients or obstruct clinical workflow if implemented without a proper understanding of healthcare operations. The healthcare industry must be able to measure and assure that its workforce is able to not only implement these privacy and security technologies, but can do it with an understanding of patient safety and clinical practice. Otherwise, the billions of dollars spent in healthcare information technology will be largely wasted.

What you’ll take away:

  • Workforce competency measures address mitigating the very real threats to the healthcare organization’s privacy and security maturity stage, including third-party risk management
  • Having a healthcare-savvy privacy and security process will avoid introducing patient safety and clinical workflow issues when implementing proven information security practices in the healthcare organization
  • Executives can expect returns on the billions of dollars invested on healthcare information technology, including privacy and security tools, if it is complemented by a qualified and credentialed workforce

Presentation

How to Prevent and Respond to Data Breaches—Perspectives from a Dataholder and a Regulator

Moderator: Adam G. Kardash, Partner, Osler, Hoskin & Harcourt LLP
Chantal Bernier, Interim Privacy Commissioner, Office of the Privacy Commissioner of Canada
Erika Rottenberg, VP, General Counsel and Secretary, LinkedIn

Breaches today are technologically more sophisticated, happen more frequently, and are far more serious than ever before. This new context calls for a new approach. For dataholders, it means better safeguards to prevent breaches and standard practices for responding when the inevitable happens. For regulators, it means the ability to assess dataholders’ accountability in that regard. In this session, you’ll learn how to prevent and respond to breaches in the face of a new context of risk from a dataholder’s perspective and discover the regulator’s point of view on the appropriate standards to assess accountability in relation to risk and the appropriate enforcement action to reflect responsibility.

Judge, Jury and Executioner: Are Federal Courts Giving Privacy Class Actions a Fair Chance?

Moderator: Christopher Wolf, Director, Global Privacy and Information Management Practice, Hogan Lovells US LLP
Jeffrey S. Jacobson
, Partner, Debevoise & Plimpton LLP
Scott A. Kamber
, Managing Partner, KamberLaw LLC

Ever since the DoubleClick case in 2002, plaintiffs have struggled to devise successful legal strategies for privacy class actions. One of the main hurdles has been the articulation of a theory of harm that is sufficient to confer standing in a federal court. Other challenges include proof of causation, commonality and the likelihood that a plaintiff’s injury will be redressed by a favorable decision. At the same time, privacy class actions are a growth industry, with an increasing volume of litigation and privacy related cy pres awards. This panels brings together some of the leading plaintiff and defendant attorneys in the country for what will no doubt be a lively discussion.

Privacy and Information Governance: Completing the Compliance Circle

Diane K. Carlisle, Executive Director, ARMA International

There is growing recognition within the professional community that privacy and information governance and records and information management (RIM) intersect and can be powerful allies. Much of the information governance structure in an organization can actually make privacy compliance easier to implement. And, the wide array of privacy requirements for how information is managed needs to be integrated into information governance programs. This session will provide a comprehensive understanding of information governance, identify the parallels between information governance and privacy management and enable you to collaborate more effectively with your counterparts in RIM.

Presentation

Privacy by Design: Automating Your Privacy Impact Assessments
Sponsored by:    

Dana L. Simberkoff, CIPP/US, Senior Vice President, Risk Management and Compliance, AvePoint, Inc.

Understanding the impact that any technology system has on your privacy and security protection policies is critical to truly measuring the value a system can deliver for your organization. With the proliferation of mobile devices, cloud technologies and collaboration platforms, establishing a repeatable, scalable process for assessing these systems and understanding their nature is more critical now than ever. These technologies empower information workers to create and consume content like never before. In order to ensure your organization can continue to collaborate with confidence, these technologies must not compromise your privacy and security controls. Privacy impact assessments (PIA) have been introduced as a requirement of many global privacy laws for developing or procuring any information technology that collects, maintains or disseminates personally identifiable information. However, PIAs can be a time-consuming and manual process, delaying the time to value for desired enterprise collaboration systems. In this session, we’ll review proven practices for introducing PIAs into your technology procurement and development processes. In addition, we’ll showcase an educational, automated privacy impact assessment from AvePoint that can help automate the PIA process and decrease time to value for critical collaborative platforms and IT systems.

The Risk-based Approach to Data Breach Response
Sponsored by:    

Moderator: Steven Littleson, Director, Cybersecurity, Kroll
Brian Lapidus, SVP, Strategic Partnerships, Kroll
Mark Melodia
, Partner, Reed Smith
Timothy Ryan, Managing Director, Kroll

Evidence-based strategies, concrete statistics and expert opinion in the wake of a data breach are imperative to assembling solutions that will hold up to the increased scrutiny of lawmakers, consumer advocates and the public at large. Join this expert panel to discuss how to meet mounting expectations for effective, relevant solutions.

Presentation

The Risks of Processing Personal Information

Moderator: Bojana Bellamy, CIPP/E, President, Centre for Information Policy Leadership, Hunton & Williams LLP
Peter Cullen, CIPP/US, General Manager Trustworthy Computing, Microsoft Corporation
Isabelle Falque-Pierrotin, President, Commission Nationale de l’Informatique et des Libertés (CNIL)
Florence Raynal
, Head of the Department of European and International Affairs, Commission Nationale de l’Informatique et des Libertés (CNIL)
Richard Thomas
, Former UK Information Commissioner

Join this exceptional panel to explore what is meant by a “risk-based approach” to privacy and data protection. The panel will discuss the threats and harms that good practice should seek to avoid while providing ways to identify and reduce the specific risks raised by data processing. The president of CNIL and former UK ICO will also provide the regulator’s point of view, explaining their approaches to risk management when setting their priorities and taking enforcement action.

Thinking Ahead vs. Keeping Up: The Challenge to Think Strategically

Moderator: Fred H. Cate, Distinguished Professor and C. Ben Dutton Professor of Law, Indiana University, Co-Director, CLEAR Health Information
Sharon Anolik, CIPP/US, President, Privacy Panacea 
Stanley Crosley, CIPP/US, CIPM, Director, IU CLEAR Health Information, Crosley Law Offices LLC
Peter Lefkowitz, CIPP/US, Chief Privacy Officer, General Electric

Privacy professionals face a growing challenge: How to balance their day-to-day responsibilities with the need to address more strategic issues. The press and academic and professional literature are full of exciting developments about data-based innovations that have the potential to revolutionize the field—especially in healthcare—yet many privacy professionals find that their days are so packed that there is little time for strategic thought. This presents real challenges both to the deployment of innovations as well as the protection of privacy if/when these innovations are deployed. Join this distinguished panel to explore how busy privacy professionals in healthcare move beyond the all-consuming nature of daily fire-fighting to engage in the strategic thinking that innovation will require and that only privacy professionals can provide.

What’s Next? Five Things Every Privacy Officer Needs to Tell Their CEO
Sponsored by:    

Keith Enright, CIPP/US, CIPP/G, Senior Privacy Counsel, Google Inc.
James H. Koenig, CIPP/US, Principal, Global Leader, Commercial Privacy Practice; and Co-Leader, Cybersecurity Practice, Booz Allen Hamilton
Jill Phillips, CIPP, CIPP/C
, Chief Privacy Officer, General Motors

The future business and operations models of many companies are dependent on global expansion and international data transfers and/or adopting new technologies (such as cloud, data analytics, mobile, social, internet of things, wearable technologies, connected cars, electronic health records, genetics). Yet many CEOs first think of regulatory compliance and breaches when privacy is mentioned. This panel covers the key messages that industry leaders have used with CEOs, boards and top management on how privacy and security are critical to enable these future business goals, technologies and global plans.

What you’ll take away:

  • Which new technologies and business models to be aware of, and which to be wary of
  • Approaches and messages that have been successful with CEOs, boards and management to drive attention and resources to privacy and security as a competitive advantage and new business and technology enabler
  • Techniques and tools successfully used to build privacy and security safeguards by design into new product and system development and into real-time monitoring
  • Approaches to message to the public and regulators about the use of new paradigm-changing technologies