Practical Privacy Series 2013

Program

 

New York, NY
November 6: Data Breach
November 7: Financial Services and Online Marketing

 

At-A-Glance

Wednesday, November 6: Data Breach
8 – 9 a.m.
Registration and Breakfast
9 – 9:15 a.m.
Welcome
9:15 – 10 a.m.
The Dark Side of a Payment Card Breach
10 – 10:45 a.m.
HIPAAs and Other Mythical Beasts: Practical Breach Considerations in a World of Shifted Presumptions
10:45 – 11:15 a.m. Refreshment Break
11:15 a.m. – 12 p.m. Defending Data Breach Litigations: Trends and Strategies
12 – 12:45 p.m.
Data Security and Breach Notification Outside of the U.S.
12:45 – 2 p.m. Lunch
1:15 – 2 p.m. Lunchtime Discussion: The EU and You—What You Need to Know about the New EU Data Protection Regulation
2 – 2:45 p.m. U.S. Data Breach Enforcement
2:45 – 3:30 p.m. We’ve All Been Hacked (!), Now What? Beyond Personal Data
3:30 – 3:45 p.m. Refreshment Break
3:45 – 4:45 p.m. Coming to Theaters Near You: The World After Snowden, Prism and XKeyscore
4:45 – 5 p.m. Closing Remarks

 

Thursday, November 7: Financial Services
8 – 9 a.m.
Registration and Breakfast
9 – 9:15 a.m.
Welcome
9:15 – 10 a.m.
How Customers Define Trust and Privacy within Financial Services
10 – 11 a.m.
Emerging Trends in Cross-border Transfer
11 – 11:15 a.m. Refreshment Break
11:15 a.m. – 12:30 p.m. Building Trust with Your Regulators—Listen to Them!
12:30 – 1:30 p.m.
Lunch
1:30 – 2:30 p.m. The Convergence of Privacy and Info Security within Financial Services
2:30 – 3:45 p.m. Driving Trust with Emerging Technology: Privacy Considerations in the Online and Mobile Space
3:45 – 4 p.m. Refreshment Break
4 – 5 p.m. How Do You Know You Are Doing It Right? Elevating Privacy to a Business Imperative

 

Thursday, November 7: Online Marketing
8 – 9 a.m.
Registration and Breakfast
9 – 9:15 a.m.
Welcome
9:15 – 10:30 a.m.
Children’s Advertising
10:30 – 10:45 a.m. Refreshment Break
10:45 a.m. – 12 p.m.
Behavioral Advertising, Do Not Track and Other Tracking Practices
12 – 1:15 p.m. Lunch
1:15 – 2:30 p.m. Mobile Marketing
2:30 – 2:45 p.m. Refreshment Break
2:45 – 4 p.m. Social Media
4 – 5 p.m. Big Data Roundtable
 

  DATA BREACH

 

The Dark Side of a Payment Card Breach

Serge Jorgensen, Chief Technical Officer and Partner, The Sylint Group, Inc.
David Navetta, CIPP/US, Partner, InfoLawGroup LLP

Breaches involving payment card data can have devastating financial effects on businesses. Based on complex assessments of payment card breaches, payment card processors and merchant banks may impose millions of dollars in fines, penalties, fraud assessments and operating expenses assessments to breached merchants each year. For smaller and mid-sized retailers in particular, the costs associated with providing breach notice and responding to the card brands’ assessment processes, combined with the levied fines, penalties and assessment amounts, can threaten the viability of the company. Hear expert speakers explain the payment card breach assessment processes and provide practical strategies for breached entities to contest the fines, penalties and assessment they may face as a result of the breach.

Presentation

HIPAAs and Other Mythical Beasts: Practical Breach Considerations in a World of Shifted Presumptions

Gerard M. Stegmaier, CIPP/US, Attorney, Wilson Sonsini Goodrich & Rosati LLP

Join a lively discussion of the practical scenarios routinely encountered in connection with incidents involving health information. You’ll discuss the nature and implications of shifted presumptions under the recently revised HIPAA rule, common investigatory and remediation considerations and the role of consultants and advisors. You’ll also explore anticipating incidents and planning in a PHI world.

Presentation

Defending Data Breach Litigations: Trends and Strategies

Tonia Klausner, CIPP/US, Partner, Wilson Sonsini Goodrich & Rosati LLP
Sasha Romanosky, Associate Policy Researcher, RAND Corporation

Breach litigation remains a significant concern. Explore the trends in data breach litigation and defense strategies based both on practical experience and sophisticated statistical analysis of breach litigation matters and their outcomes. The session will focus of the issues of standing and injury, the nature of the claims asserted, settlement, arbitration, insurance and FTC and state regulator actions.

Presentation

Data Security and Breach Notification Outside of the U.S.

Miriam Wugmeister, Partner, Morrison & Foerster LLP

Did you know that Korea is the only country that requires encryption of data at rest? How about that Uruguay requires notice of any loss of personal data? The data security laws outside the U.S. are varied and stringent. Join this discussion of data security and breach notification obligations outside of the U.S. You’ll return to your organization with insight into the changing dynamics and key issues to consider.

Presentation

Lunchtime Discussion: The EU and You—What You Need to Know about the New EU Data Protection Regulation

Omer Tene, Vice President of Research and Education, IAPP
Miriam Wugmeister, Partner, Morrison & Foerster LLP

The EU Parliament has given the thumbs up for an amended version of the new EU Data Protection Regulation, which will replace the 1995 directive. This lunchtime discussion will address the political process going forward, some key new terms (such as pseudonymous data, profiling and third party) and the fallout from the PRISM affair.

U.S. Data Breach Enforcement

Daniel Kaufman, Deputy Director, Bureau of Consumer Protection, Federal Trade Commission
Kenneth Ray Sharpe, CIPP/US, Supervising Deputy Attorney General, Computer Analysis and Technology Unit, New Jersey Attorney General’s Office

The FTC and state regulators continue to actively take enforcement actions in connection with data breaches. Understanding federal and state enforcement trends is a key step in understating how organizations can proactively safeguard information to demonstrate their commitment to reasonable security.

We’ve All Been Hacked (!), Now What? Beyond Personal Data

Joseph V. DeMarco, Partner, DeVore & DeMarco LLP
Timothy P. Ryan, Managing Director, Kroll Advisory Solutions

Recent developments and revelations in the news have highlighted the threats posed to American businesses in the area of cyber-crime and cyber-espionage. Yet beyond attention-grabbing headlines, there is scant analysis to put this problem in context and to provide concrete analysis and solutions to this seemingly amorphous issue. Every company holds data. And every company uses computers. But what are the implications if every company has had its computers hacked? This session will address what is behind the recent surge of press on cybercrime, why it matters and what a company should—and should not—be doing about it. Come gain insight, analysis and practical tips you can use in addressing this critical issue.

Presentation

Coming to Theaters Near You: The World After Snowden, Prism and XKeyscore

Omer Tene, Vice President of Research and Education, IAPP

Come explore whether and how the Snowden revelations have changed our views of data security and data breach; whether access to personal data by the U.S. government is now a concern on which companies need to focus; and what, if anything, companies can and should do to address this new reality.

 

  FINANCIAL SERVICES

 

How Customers Define Trust and Privacy within Financial Services

Larry Ponemon, CIPP/US, Chairman and Founder, Ponemon Institute, LLC

The Ponemon Institute is the leading consumer research firm focused on privacy and information security, and in this session Dr. Larry Ponemon will use fact-based customer research to define how customers perceive trust—and what financial institutions can do to increase trust with their customers. Learning what customers value, and where they see risk, can focus a privacy program on items with the best return on investment.

Presentation

Emerging Trends in Cross-border Transfer

Moderator: Christopher Wolf, Co-chair Privacy and Data Security Practice Group, Hogan Lovells US LLP
Cameron Craig, Deputy General Counsel, Data Privacy and Information Governance, HSBC U.S.
Joel Reidenberg, Microsoft Visiting Professor, Information Technology Policy, Princeton University
Brendon Tavelli, CIPP/US, Associate, JPMorgan Chase

Moving customer and employee data around the globe is business as usual for many financial institutions. For the others, developments in managing financial crime risk, mitigating fraud and meeting tax liabilities will soon make it so. Today’s privacy practitioner must be adept at navigating the movement and sharing of data with affiliates, vendors and global jurisdictions. In this session, you’ll get up to speed on trends in this area.

Presentation

Building Trust with Your Regulators—Listen to Them!

Moderator: Pamela Jones Harbour, Partner, Fulbright & Jaworski LLP
Katherine Armstrong
, Attorney, Division of Privacy and Identity Protection, Federal Trade Commission  
Elizabeth Anne Khalil, Senior Compliance Policy Analyst, FDIC
Deborah Morris, Deputy Enforcement Director, Consumer Financial Protection Bureau
William M. Rubenstein, Commissioner of Consumer Protection, State of Connecticut

What do your regulators want from you? Why play a guessing game? Come hear Pamela Jones Harbour, FTC commissioner from 2003–2009, host a panel of current regulators to explore what regulatory expectations are and what they require from you. You’ll leave with a better understanding of current best practices and future enforcement trends.

Presentation 1, Presentation 2, Presentation 3, Presentation 4

The Convergence of Privacy and Info Security within Financial Services

Moderator: James Shreve, CIPP/US, CIPP/IT, Attorney, BuckleySandler LLP
Orrie Dinstein, CIPP/US, Chief Privacy Leader & Senior IT & IP Counsel, GE Capital
Rebekah Kaufman
, Partner, Morrison & Foerster LLP
Ari Schwartz
, Senior Internet Policy Advisor, National Institute of Standards and Technology

In today’s hyper-connected world, privacy and information security are increasingly converging. Whether the motive is profit or disruption, cyberspace is the preferred channel for criminals to target financial institutions. Financial loss and reputational damage—the impact to a financial institution is real and significant. Discover the latest developments in information security threats and how they affect data privacy in your financial institution.

Driving Trust with Emerging Technology: Privacy Considerations in the Online and Mobile Space

Moderator: Jules Polonetsky, CIPP/US, Co-Chairman and Director, Future of Privacy Forum
Brian R. Chase
, General Counsel, Foursquare
Stephen Kline, CIPP/US
, Senior Counsel, Privacy and Regulatory Matters, Omnicom Media Group
Adam Towvim
, Vice President, Business Development, Jumptap
John Verdi
, Director of Privacy Initiatives, National Telecommunications & Information Administration, U.S. Department of Commerce

Privacy risks inherent to mobile technology, social media and online behavioral advertising coupled with new global requirements and increased customer expectations create the perfect storm for a privacy practitioner today. Polonetsky, a leader in online, technology and privacy will lead a panel of experts to discuss how to manage the often conflicting requirements to stay on the right side of the law, customers and financial returns.

How Do You Know You Are Doing It Right? Elevating Privacy to a Business Imperative

Moderator: Al Silipigni, CIPP/US, SVP, Chief Privacy Officer, HSBC U.S.
Jacqueline Wagner
, Managing Director, Data Protection & Privacy, PricewaterhouseCoopers LLP
Aaron K. Weller, CIPP/US, CIPP/IT
, Managing Director, Data Protection & Privacy, PricewaterhouseCoopers LLP

How do privacy practitioners get the attention of the board and executives about privacy risks and challenges? Based on recent surveys, many boards and executives feel privacy is a top 10 risk to their organization—but what does that mean and what actions are required? Executives often confuse security and privacy and may not fully understand specific privacy risks across the full data lifecycle. Or, they assume that the security organization “has it covered.” This discussion will highlight good practices that work within financial services to communicate privacy effectively to the board—without using fear uncertainty and doubt.

Handout

 

  ONLINE MARKETING

 

Children’s Advertising

Moderator: Allison Fitzpatrick, Partner, Davis & Gilbert LLP

Wayne Keeley
, VP & Director, Children’s Advertising Review Unit (CARU)
Peder Magee, Senior Staff Attorney, Federal Trade Commission, Division of Privacy and Identity Protection

This summer, updates to COPPA took effect. FAQs have been published by the FTC, but many questions still remain. The expanded reach of COPPA should cause all companies engaged in online marketing to consider their obligations to ensure compliance—not just those marketing to children.

Presentation

Behavioral Advertising, Do Not Track and Other Tracking Practices

Moderator: Todd Ruback, CIPP/US, CIPP/E, CIPP/IT, Chief Privacy Officer, Evidon
Marc Groman, CIPP/US
, Executive Director and General Counsel, Network Advertising Initiative
Brian Miller
, General Counsel, MediaMath

The collection and exploitation of data in the interactive marketing space is complex, extensive and effective. However, concerns about consumer transparency and control persist. Join this discussion of how interactive companies, trade associations, regulators and advocacy groups continue to try and find the right balance.

Presentation

Mobile Marketing

Moderator: Alan Chapell, CIPP/US, President, Chapell & Associates, LLC
Lael E. Bellamy, CIPP/US
, Chief Privacy Officer, The Weather Channel
Mark Connon
, Chief Revenue Officer & EVP Corporate Development, Nexage

Mobile continues to grow and grow as a source of commerce, media, advertising and data collection. These days, the device and the individual are inextricably linked. Location-based services, targeting advertising, advancement in devices and enhanced use of data are driving more companies to expand their marketing activities beyond the desktop to the mobile environment. If your organization is engaged in mobile marketing—or wants to be—don’t miss this discussion.

Social Media

Moderator: Gary Kibel, CIPP/US, Partner, Davis & Gilbert LLP 
Drew Bordages
, Senior Vice President, General Counsel, Specific Media
Albert Raymond, CIPP/US
, AVP Privacy, TD Bank

In a medium where users voluntarily provide vast amounts of personal information, the marketing opportunities are boundless and the privacy concerns are significant. Nearly every company is involved in social, but not all have successfully exploited the opportunity or mastered the legitimate privacy concerns. And as there are no shortages of social media success stories, there are also no shortages of social media failures. Explore key points and lessons learned on the social media front.

Presentation

Big Data Roundtable

The marketing industry both feeds, and feeds on, big data. Join all of our panelists for an interactive discussion and debate about big data and the marketing industry.