PPS 2012


A Year in Review: Data Breaches and Lessons Learned

Healthcare data breaches, accidental data exposure including credit cards, and lost laptops resulted in a very busy 2011 and early 2012 for data breaches. Join us to reflect on the major data breaches of the year, hear about the lessons learned and find out what steps the affected organizations took to minimize the risks of future data breaches. 

Aaron Tantleff, Senior Counsel, Foley & Lardner LLP

Presentation 1


Overview of State Data Breach Notification Laws and the HITECH Act

Almost every state and territory has enacted a data breach notification statute. Get an overview of the specific requirements and how to determine which statutes apply to your business. 

 Jean Pechette, Partner, McDermott Will & Emery LLP

Presentation 1


Data Breach Hypothetical

Every company that manages data is at risk of a data breach, no matter how mature their privacy program may be. Don’t miss this session, where you’ll walk through a complex data breach hypothetical from the discovery phase to remediation. 

 Jennifer L. Rathburn, Partner, Quarles & Brady LLP
Frances Wiet, CIPP/US, Chief Privacy Officer, Takeda Pharmaceuticals

Handout 1


International Developments in Data Breach

In this discussion, we’ll explore the evolving nature of breach notification requirements outside the U.S., including Canada, Europe, Japan, Mexico, Australia and Korea. 

 Brian Hengesbaugh, CIPP/US, Partner, Privacy/Information Technology/Commerce, Baker & McKenzie LLP
Frances Wiet, CIPP/US, Chief Privacy Officer, Takeda Pharmaceuticals

Presentation 1


Is It a Breach? Forensic Investigations and Law Enforcement Involvement

You’ve had a breach and you have questions. What really happened? Who was exposed? Can you demonstrate that records were not exposed? If your data was inappropriately accessed or stolen, can you identify the culprit? Join in-house privacy counsel and forensic experts for an overview of the steps required to obtain the answers needed in a breach investigation. 

 Nestor J. Rivera, Senior Counsel and Global Privacy Leader, GE Healthcare
Emily Stapf, Director – Forensic Technology, PricewaterhouseCoopers, LLP

Presentation 1


After the Breach: Communications and Offerings

If and when a breach occurs, will you know how to respond to multiple audiences and provide those impacted with an accurate and clear communication? Do you know what reasonable offerings to provide to assist in the protection of liability and identity theft? In this session, you’ll learn a systematic approach from experts in breach communications and offerings. 

 Lisa Acevedo, Partner, Quarles & Brady LLP
Nestor J. Rivera, Senior Counsel and Global Privacy Leader, GE Healthcare

Handout 1, Presentation 1


Remediation Activities

There are many steps that companies can take to reduce the likelihood of future data breach occurrences and minimize the consequences of a breach. Learn practical, cost-effective tips for minimizing risks associated with incidents, and examine remediation products and services so you know what to offer for various types of incidents. 

 Nicholas Cramer, Director, Data Breach Response Service, AllClear ID

Presentation 1


Regulators Panel

Hear the regulators explore the role of government and the expectation of industry to balance business needs with individual privacy and work to prevent data breach. 

 Nicholas Brescia, Investigator, U.S. Department of Health & Human Services, Office for Civil Rights
Kurt Temple, Deputy Regional Manager, U.S. Department of Health & Human Services, Office for Civil Rights

Presentation 1


Litigation Considerations

Hear the latest developments in litigation from the business perspective, and gain an understanding of the environment surrounding class action litigation in the courts; regulatory oversight by the DHHS, FTC, FCC, and self-regulatory bodies; and litigation currently pending regarding data breach and targeted ads. 

 Dominique R. Shelton, Partner, Edwards Wildman Palmer LLP

Presentation 1


Consumer Financial Protection Bureau: The Newest Financial Services Regulator

Learn all about the CFPB, from its jurisdiction and powers to how it will figure into the overall picture of regulatory compliance for financial services. Some of the key privacy provisions of Dodd-Frank will be reviewed, such as the customer complaint process, the CFPB examination manual and enforcement mechanisms. You’ll also hear some recommended strategies for implementation. 

 Lynn Goldstein, CIPP/US, Senior Vice President, Privacy General Counsel & Chief Privacy Officer, JP Morgan Chase

Presentation 1


Using a Balanced Scorecard to See if Your Privacy Program Is Meeting Its Objectives

The “balanced scorecard” approach of managing by metrics revolutionized business schools in the 1990s and continues to shape how companies make decisions and reward success. But few corporate privacy programs manage against a documented strategy, and still fewer are quantifying their progress against their strategies. This session will outline a risk-based and a compliance-based strategy for a hypothetical financial services privacy program and the associated scorecards that would accompany them. You’ll walk away with a tool for building business cases for budget requests and optimal privacy program positioning. 

 Jay Cline, CIPP/US, President, Minnesota Privacy Consultants

Presentation 1


Navigating Regulatory Impacts of a Financial Service Data Breach

Financial services providers deal with highly sensitive information as a matter of course. In this session, learn how a structured approach to data breach prevention and response, including engagement with stakeholders and regulators, will help you navigate the challenge. 

 Stacey Bolton, CIPP/US, Senior Vice President, Northern Trust

Presentation 1


Privacy Implications of Mergers and Acquisitions and Outsourcing: Post-acquisition Integration of IT Systems, Shared Service Centers and IT Transformation

Acquisitions are riddled with data privacy issues, particularly surrounding customer data, employee data, a variety of IT systems and multiple locations across the country or across the world. Through a case study of a hypothetical global organization, you'll work with a typical project plan to build the facts, understand the specific tasks to bridge the gaps between two organizations, and develop an implementation plan to address the privacy, outsourcing and data restriction issues. 

 Peter George, Partner, Baker & McKenzie LLP
Brian Hengesbaugh, CIPP/US
, Partner, Privacy/Information Technology/Commerce, Baker & McKenzie LLP
Additional Contributors: Dan Burks, CIPP/US, Chief Privacy Officer/Director of Vendor Risk Management, U.S. Bank
Mary Gardner, CIPP/US, Senior Manager, Allstate Insurance Company

Presentation 1


Refreshing and Enhancing Your Privacy Program

When was the last time you did an end-to-end review of your privacy program? While many companies have effective privacy programs in place, many programs haven’t been reviewed and refreshed since implementation. Given the changing economic conditions and dynamic legal environment, many companies are forced to rethink how to be successful with fewer workers and compete in a global environment. One thing remains constant: We must protect the privacy of each and every individual that entrusts personal information to us and with whom we do business. Hear some new ideas for reinvigorating your privacy program using a Privacy by Design approach, establishing privacy principles that are right for your organization and embedding them within your business and engaging privacy experts throughout your company. 

 Mary Gardner, CIPP/US, Senior Manager, Allstate Insurance Company

Presentation 1


Privacy Considerations in the Online and Mobile Space: Mobile Payments, Behavioral Advertising and Social Media

A panel of professionals will dig into the ways businesses, especially financial services companies, are using mobile payments to meet their customers’ growing demands, the benefits and potential pitfalls of behavioral advertising and tracking and how social media can be used to reinforce and expand the reach of your message for sales and servicing. 

 Dan Burks, CIPP/US, Chief Privacy Officer/Director of Vendor Risk Management, U.S. Bank
Richard O'Brien, President & CEO, Payment Pathways
Michael O'Neil, Partner, DLA Piper LLP (US)
Barbara Rozgonyi, Principal, CoryWest Media

Handout 1, Presentation 1, Presentation 2, Presentation 3, Presentation 4


Tracking Technologies, Behavioral Advertising and the Current Self-regulatory Programs

Tracking of consumers digitally carries the potential for both great rewards and significant risks. It is truly a hot topic, and it is essential that companies, website publishers and those marketing to consumers in the online and mobile space understand the privacy issues and how they may impact the organization, as well as compliance options. This don’t-miss session will provide an in-depth look at how tracking technologies work, how they are being used, new tracking technologies that are taking hold and the current legal landscape of consumer tracking, Do Not Track and behavioral targeting. 

 Fran Maier, Founder and Chair of the Board, TRUSTe
Mike Sands, President and Chief Executive Officer, BrightTag
Blane Sims, SVP of Product, BrightTag

Presentation 1


E-mail and Text Message Campaigns

E-mail and text message marketing campaigns remain the backbone of most organizations’ communications with consumers. Join us as we discuss the legal requirements, privacy considerations and current legislative and regulatory framework surrounding the use of these channels in a marketing campaign. 

 Justine Gottshall, CIPP/US, Partner, InfoLawGroup LLP

Presentation 1


Marketing via Mobile Applications, QR Codes and Third-party Platforms

Everywhere you look, companies are launching mobile applications, Facebook pages and other marketing initiatives through third-party platforms. These initiatives raise unique considerations given the technology used, the third parties involved and, more recently, the regulatory scrutiny on the mobile ecosystem. In this session you’ll gain baseline knowledge of the key privacy and legal issues in the mobile and platform space, including addressing privacy policies, marketing disclosures, complying with the terms set by third-party platforms and self-regulatory programs. 

 Jamie Rubin, Partner, InfoLawGroup LLP

Presentation 1


Endorsements, Testimonials and Promotions

The FTC guidelines on endorsements and testimonials are relevant to organizations with regard to marketing activities in word of mouth, social media and influencer programs, including celebrity spokespersons, bloggers, consumers or others making endorsements or statements on their behalf. Join us for an informative discussion on the requirements you must address when undertaking these marketing activities, leveraging social platforms (Twitter, Facebook, LinkedIn, Pinterest, G+, etc.) and specific compliance guidelines for a number of situations where these issues arise. In addition, you’ll learn how similar disclosure methods and best practices can be used to address contest, promotion and privacy issues in standardizing and addressing notices across multiple platforms (web, mobile, tablet, apps and social media). 

 Tom Chernaik, CEO, CMP.LY

Presentation 1


Marketing to Children

Marketing to children, whether through e-mail, text messages, mobile apps or more traditional marketing, raises a host of legal and privacy issues, including compliance with COPPA and increased scrutiny by regulators. Learn about the important role parents play for legal compliance and the issues surrounding children and privacy on the Internet. You’ll gain in-depth and practical information every marketer should know regarding the current legal climate and other considerations when marketing to children. 

 Ed Lewis, CEO, Media Chaperone

Presentation 1


Passport to the EU: Cookies, Consent and Other Marketing Issues

Companies have a legal obligation to be aware of the laws surrounding privacy in whatever region they are doing business in, and wherever they may be transferring, accessing or storing that information. Join us for a discussion of the marketing issues in the EU, and how compliance may differ from the U.S., including the issues that arise with regard to online tracking, the use of social media and data transfer. You’ll return to your company with a basic understanding of the domestic and international regulations around privacy and e-marketing. You’ll also hear an overview of the current legal issues as well as firsthand knowledge of addressing these issues in a real-world business setting. 

 Kristine Scott, CIPP/US, Corporate Compliance Director, Privacy, Aon Service Corporation

Presentation 1