Privacy Advisor

Four Themes To Focus on at the Data Protection Intensive this April

April 1, 2013


By Angelique Carson, CIPP/US

With three full days of programming, the IAPP’s Data Protection Intensive, happening April 23 through 25 in London, can look nigh-on-impenetrable. Don’t worry, though, the IAPP publications team will be on site gathering the news of what happens while you’re in other sessions, and we’ve compiled a handy guide to focus your energies while there, depending on your interests.

Whether you’re looking to better manage your risk, better understand the upcoming privacy landscape or just network and get to know your fellow privacy pros better, we’ve got you covered.

1)   Should I Be Trembling in my Proverbial Boots?

There have been many headlines in recent years on enforcement actions taken against companies that inadvertently—in the best cases—or intentionally skirt around privacy rules. Now, the UK Information Commissioner’s Office (ICO) and the U.S. Federal Trade Commission have promised to increase enforcement actions in coming months.

In a session on “How Scared Should You Really Be,” Field Fisher Waterhouse’s Stewart Room, CIPP/E, will take you through all of the ICO’s enforcement actions in 2012. Research undertaken by the firm’s privacy lawyers will give data controllers a benchmark for implementing or renewing internal compliance programs.

Room says research indicates “some surprising facts,” including that while regulatory action for security breaches remain the ICO’s number-one focus, “enforcement across the public and private sectors is much more balanced than people have realized.”

Stewart says the session will drill down into statistics to give us “an unfiltered view” of what the enforcement arena really looks like.

Then you can decide for yourself whether to tremble.

2)   The Regulation, The Regulation, The Regulation

It’s not over yet. The European Parliament and the Council have yet to adopt the European Commission’s proposed revision to European data protection rules which is still hotly debated. It’s difficult to know how to prepare for the final version and whether to start implementing change now. But if you’re going to get insight on what’s to come, you might as well get it from someone on the inside: Monika Kuschewsky, CIPP/E, of Covington & Burling will moderate two sessions hosting European Data Protection Supervisor (EDPS) Peter Hustinx, the first called “Update on the Data Protection Regulation: Main Drivers and Key Elements” and the second “Update on the Data Protection Regulation: The Role of the DPAS.”

“It will be information, firsthand from the European regulator's point of view, into what will change, why and who this will impact,” Kuschewsky said. “In the second session the EDPS will share its perspective as the supervisory and enforcement body for the EU institutions and shed some light as to how its role and that of other DPAs is going to change.”

Bridget Treacy of Hunton & Williams, who will chair a session on data processors’ new role under the revised regulation, says the revision “fundamentally changes the risks the data processors will need to manage,” from contractual, negotiated obligations with the controller to direct, statutory obligations.

Such changes “require a fundamental re-think of risk management strategies for data processors,” Treacy said, adding that the session, “Data Processors Beware—Managing Risk Under Proposed Regulation,” will help processors learn “practical strategies for managing risk.” 

Eduardo Ustaran, CIPP/E, of Field Fisher Waterhouse, who will co-chair the EU reform track at the event, said, “The current EU legislative reform will have massive implications for every privacy professional on the planet. This is the time and the place to debate the options, influence the outcome and build a credible framework for the future.”

3)   Access To Real, Live Regulators and Leaders

As mentioned above, EDPS Peter Hustinx will be there—as if you need more reason than that to attend. Besides Hustinx, Irish Data Protection Authority Billy Hawkes will attend, as will Wojciech Wiewiorowski, inspector general for the protection of personal data (GIODO) Polish DPA; Rosa Barcelo of the European Commission; Rafael Garcia Gozalo, head of the International Department, Agencia Espanola de Proteccion de Datos, and David Evans and Geraldine Dersely of the UK’s ICO. Speaking at various sessions throughout the event, regulators, commissioners and leaders in the privacy field will clue you in to the most relevant and cautionary tales in the global data protection and privacy landscape to date. And maybe you’ll bump elbows with one of them in a hallway or over a cocktail.

4)   “The Football Friendly”

Sure you go to the Data Protection Intensive to gain perspective, practical knowledge you can apply when you get back to the office and newly forged relationships. But there’s no harm in having some fun while you’re there. The Football Friendly is your chance to get sweaty with your colleagues--or just stand on the sidelines watching other people get sweaty--across several fields provided just for the IAPP. And it really is friendly. Check out some scenes from the 2011 Friendly on Facebook, if you’d like. People ought to play for about an hour and a half or so, and then probably retire somewhere close by for a pint.

Editor’s Note: Look for on-site dispatches from the event from Associate Editor Angelique Carson and Publications Director Sam Pfeifle.