IAPP Privacy Academy 2013
  • I learned something valuable at every session, the networking opportunities were fantastic, and the keynote speakers were really great too.
  • The entire structure of the program is outstanding. Good speakers, great networking opportunities and good exhibits. One of the best conferences.
  • Very well organized, privacy-specific education, and great networking opportunities. Great educational resource as well.
  • Valuable information.
  • Maybe one of the best [experiences] I’ve had. Great to see some prior colleagues, and meet some new ones.
  • Great format and content.
  • I enjoyed the diversity of the speakers’ topics and professional backgrounds.
  • Hard choice to make for breakout sessions.
  • Overall experience was great!
  • The breakout sessions I attended were informative and interesting.
  • Fantastic gathering of privacy professionals.
  • Great topic range, knowledgeable and skilled professionals, great networking.
  • Solid conference. Great content and networking.

Preconference Workshops


For the overachievers among us. Add another day of education with a preconference workshop, where you’ll find in-depth, intensive training and instruction. Additional registration fee required.

For session times and to view a complete conference schedule, visit the At-A-Glance.

The A to Z’s of Vendor Management

Tom Garrubba, CIPP/IT, Senior Manager, Technical Assessments Group, Information Governance & Privacy, CVS Caremark
, Senior Privacy & Compliance Specialist, Iron Mountain Information Management, Inc.
Brad Keller
, SVP & Program Director, The Santa Fe Group
Linnea Solem, CIPP/US, CIPP/C
, Chief Privacy Officer, Director of Business Risk & Privacy Management, Deluxe Corporation

Join our panel of experts who have thousands of vendors or are vendors to hundreds of thousands customers as they outline and describe the key elements of an effective vendor management program, including the reasons to have a vendor management program; vendor selection; vendor contracts; auditing and monitoring; pre- and post-contract risk and due-diligence assessments; privacy, data protection, security and compliance requirements; regulatory requirements; “selling” a vendor management program to your company; what to do when something goes wrong; cloud vendors; working with colleagues in your company, including procurement, information security, legal and business managers; the role of standards such as PCI & SSAE 16; and a whole lot more. In this interactive session, you’ll gain practical tips for implementing and maintaining a comprehensive vendor management program, have the opportunity to have your questions answered during Q&As throughout the session, review a case study, and receive valuable handouts, including requirements for a program, guidance, model documents and more.

What you’ll take away:

  • An understanding of the key elements of an effective vendor management program
  • Practical tips for implementation at your organization
  • Information about where you can get further assistance

Privacy Bootcamp

J. Trevor Hughes, CIPP, President & CEO, IAPP
Kirk J. Nahra, CIPP/US
, Partner, Wiley Rein LLP

Privacy can be a bewildering topic: With multiple laws, jurisdictions, technologies and business models converging and evolving in today’s enterprise, it’s hard to know how to navigate the maze of challenges you face. Privacy Bootcamp is your opportunity to get a solid grounding in this dynamic field. Our expert speakers will lay a foundation to give you the structure and understanding you need to make the right decisions for your privacy initiatives.

What you’ll take away:

  • Learn the multiple definitions of “privacy” and how privacy is managed as a policy issue
  • Understand the fair information practices and how they are used to construct privacy laws and regulations
  • Explore the myriad laws in the U.S. that relate to data, and which ones may apply to your organization

The Privacy Pro’s Field Guide to Contracting and Compliance in the Cloud

Workshop Leaders
Christopher Millard
, Of Counsel, Bristows LLP, Director, Cloud Legal Project, Queen Mary, University of London
Mark Watts
, Partner and Head of Information Technology Practice, Bristows LLP

Thomas C. Bell
, Partner, Perkins Coie LLP
Albert Gidari, Jr.
, Partner, Perkins Coie LLP
John Howie, CIPP/US, CIPP/IT
, Chief Operating Officer, Cloud Security Alliance

Hosted by leading practitioners in the field, this workshop will equip you to provide practical and constructive input to cloud services procurement and deployment projects. We’ll take a detailed look at current market research on cloud transactions and compliance risks and the key compliance issues from both the U.S. and EU perspective. Additionally, we’ll present practical case studies and offer insight into the privacy implications of sample contract clauses.

What you’ll take away:

  • Learn how cloud services work in practice
  • Unpack the key privacy implications of cloud arrangements
  • Understand how cloud contracts work and how you can use them to manage privacy risks

Privacy Engineering Primer

Robert Jason Cronk, CIPP/US, Privacy Engineering Consultant, Enterprivacy Consulting Group
Stuart Shapiro, CIPP/US, CIPP/G
, Principal Information Privacy and Security Engineer, The MITRE Corporation

Privacy by Design (PbD) provides lofty tenets but lacks the specific tools necessary to really engineer privacy into products and services. Join us to learn how to situate privacy within an engineering context and how to identify and address privacy needs and issues within that context. The speakers will guide you through analyzing user experience to identify those privacy risks that may damage user trust and branding beyond standard compliance risks, reviewing technologies and strategies available to control these and other privacy risks, and assessing relevant trade-offs. The workshop is highly interactive and will be organized around distinct modules, each including an instructional component, an illustrative example and a structured exercise. To bring the topics to life, we’ll explore high-level concepts and specific techniques, which we’ll then apply to a single ongoing example and, by the participants, to a single ongoing project.

What you’ll take away:

  • The distinction between security engineering and privacy engineering
  • How to think of privacy as a system property and privacy risk beyond compliance risk
  • How to integrate privacy into system development/engineering lifecycles so as to systematically control privacy risk