Privacy and Security of Consumer and Employee Information

Tuesday, January 27, 2009

About

An ounce of prevention is worth a pound of cure…especially when it comes to privacy protection.

We all understand that the privacy and security of customer and employee data is one of the pre-eminent issues of our time and that the threats can sometimes be overwhelming. But, in today’s world, it is a shared threat. No organization exists in isolation in our technology-driven world, and every entity is reliant on the best practices of others to ensure that all of our customer and employee data is secure.

Every front-page news story about the mishandling of customer data impacts us all; competitors, vendors, partners, affiliates, and clients alike. It goes without saying that we all want to do the right thing by our customers and employees to protect their information. But in order to do so, we all have to ensure that the knowledge is shared, and our practices are benchmarked against each other.

ACI’s 8th National Symposium on Privacy & Security of Consumer and Employee Information will provide privacy leaders with a forum for gaining best practices that will benefit the entire industry. This event is designed to be part learning, part networking and part insurance policy. At the very least, attending this event will ensure that you form contacts and relationships which will prove invaluable when the “worst” should happen. And, by attending this essential event you will:

  • Ensure compliance with the latest FTC rules on identity theft and affiliate-marketing
  • Protect sensitive information in the hands of third parties through effective vendor management
  • Develop a comprehensive international privacy program for the collection, use and transfer of data
  • Prevent insider threats from infiltrating your organization and minimize data breaches
  • Implement privacy and security policies for a remote and mobile workforce

 

Contents & Contributors

About

An ounce of prevention is worth a pound of cure…especially when it comes to privacy protection.

We all understand that the privacy and security of customer and employee data is one of the pre-eminent issues of our time and that the threats can sometimes be overwhelming. But, in today’s world, it is a shared threat. No organization exists in isolation in our technology-driven world, and every entity is reliant on the best practices of others to ensure that all of our customer and employee data is secure.

Every front-page news story about the mishandling of customer data impacts us all; competitors, vendors, partners, affiliates, and clients alike. It goes without saying that we all want to do the right thing by our customers and employees to protect their information. But in order to do so, we all have to ensure that the knowledge is shared, and our practices are benchmarked against each other.

ACI’s 8th National Symposium on Privacy & Security of Consumer and Employee Information will provide privacy leaders with a forum for gaining best practices that will benefit the entire industry. This event is designed to be part learning, part networking and part insurance policy. At the very least, attending this event will ensure that you form contacts and relationships which will prove invaluable when the “worst” should happen. And, by attending this essential event you will:

  • Ensure compliance with the latest FTC rules on identity theft and affiliate-marketing
  • Protect sensitive information in the hands of third parties through effective vendor management
  • Develop a comprehensive international privacy program for the collection, use and transfer of data
  • Prevent insider threats from infiltrating your organization and minimize data breaches
  • Implement privacy and security policies for a remote and mobile workforce

 

Contents & Contributors

Regulators and Enforcers Speak Out: New Expectations Created by Emerging Privacy & Data Security Priorities
Betsy Broder, Assistant Director, Division of Privacy and Identity Protection, Bureau of Consumer Protection, Federal Trade Commission
John H. Walsh , Associate Director - Chief Counsel, Office of Compliance Inspections and Examinations, U.S. Securities and Exchange Commission
William H. Henley, Jr., Director, IT Examinations , Office of Thrift Supervision

Managing and Controlling Vendor Relationships Through Proven Methods of Due Diligence and Contract Negotiation
Debra Hampson, Assistant Vice President and Assistant General Counsel, The Hartford
Campbell Tucker, Director of Privacy Office, Wachovia
Molly A. Meegan, Counsel, Skadden, Arps, Slate, Meagher & Flom LLP

Third Party Oversight: Monitoring and Auditing Vendors and Service Providers to Ensure Data Protection
Sharon A. Anolik, Esq., CIPP, Director, Corporate Compliance & Ethics, Chief Privacy Official , Blue Shield of California
Zoe Strickland, Vice President, Chief Privacy Officer, Wal-Mart Stores, Inc.
Frances A. Rao, CIPP/G, Executive Director, Compliance and Ethics Office, Medco Health Solutions, Inc.

Collecting, Using and Transferring Data Overseas: Implementing a Multinational Privacy Program
Orrie Dinstein, Chief Privacy Leader & Senior Counsel – IT & IP, GE Commercial Finance
Fiona Buckley, Records Management Counsel, British American Tobacco (Holdings) Limited

Cost-Effective Approaches for Achieving and Maintaining PCI Compliance
Russell Schrader, Associate General Counsel, Global Enterprise Risk & Chief Privacy Officer, Visa Inc.
JoAnn P. Carlton, Associate General Counsel, Bank of America

Successfully Navigating the Nuances of the Affiliate-Marketing Rule
Anthony Rodriguez, Attorney, Division of Privacy and Identity Protection , Bureau of Consumer Protection, Federal Trade Commission
Lynn Goldstein, Senior Vice President, Chief Privacy Officer, JP Morgan Chase Bank, NA
Andrew Smith, Partner, Morrison & Foerster LLP

Testing Key Systems and Controls to Ensure Compliance with GLB Standards
Marc Loewenthal, Senior Vice President – Chief Security/Privacy Officer, LPL Financial
Nancy Baran, Vice President, Privacy Office, Prudential

What Organizations Need to Know About Insider Cyber Crime
Andrew P. Moore, Senior Member of the Technical Staff, CERT® Program, Software Engineering Institute, Carnegie Mellon University

Remote and Mobile Workforce: Policies, Procedures, and Security Measures for Privacy Protection
Miriam Wugmeister, Partner, Morrison & Foerster LLP

Conducting a Privacy Risk Assessment: Understanding the New Methodology for Putting a Price on Data Security & Compliance
Nancy Callahan, CPCU, CIPP, Vice President, AIG Executive Liability



DOCUMENT TYPES: PPT PDF DOC PRESENTATIONS AVAILABLE: 18

8:00
Registration Opens and Continental Breakfast
9:00
Opening Remarks
Moderator: Russell Schrader
Chief Privacy Officer and Associate General Counsel, Global Enterprise Risk
Visa, Inc.
Ms. Nancy Baran
Vice President, Privacy Office
The Prudential Insurance Company of America
9:15
Regulators and Enforcers Speak Out: New Expectations Created by Emerging Privacy & Data Security Priorities
Ms. Betsy Broder
Assistant Director‚ Division of Privacy & Identity Protection
Federal Trade Commission
1 file
Security in Numbers - SSNs and ID Theft
738.4 KB 21 pages Presentation
PDF - Security in Numbers - SSNs and ID Theft
Mr. John Walsh
U.S. Attorney
U.S. Attorney’s Office, District of Colorado
3 files
LPL FINANCIAL CORPORATION
242 KB 8 pages Presentation
PDF - LPL FINANCIAL CORPORATION
NEXT FINANCIAL GROUP, INC.
1.5 MB 55 pages Presentation
PDF - NEXT FINANCIAL GROUP, INC.
SIDNEY MONDSCHEIN
107.3 KB 3 pages Presentation
PDF - SIDNEY MONDSCHEIN
Mr. William H. Henley, Jr.
Director‚ IT Risk Management
Office of Thrift Supervision
1 file
Identity Theft Rules and Guidelines
654.5 KB 15 pages Presentation
PPT - Identity Theft Rules and Guidelines
Ms. Susan McAndrew
Deputy Director‚ Privacy Division
Office for Civil Rights‚ U.S. Department of Health and Human Services
Moderator: Mr. Orson Swindle
Chair Security Projects - Center for Info Policy Leadership
Hunton & Williams
10:45
Coffee Break
11:00
Managing and Controlling Vendor Relationships Through Proven Methods of Due Diligence and Contract Negotiation
Deb Hampson
Chief Privacy Officer and Senior Counsel
Cigna Legal
1 file
Practical Considerations for Vendor Privacy and Security Due Diligence
203 KB 8 pages Presentation
PPT - Practical Considerations for Vendor Privacy and Security Due Diligence
Mr. Campbell Tucker
Diretcor of Privacy Office
Novant Health
1 file
Managing and Controlling Vendor Relationships Through Proven Methods of Due Diligence and Contract Negotiation
184 KB 14 pages Presentation
PPT - Managing and Controlling Vendor Relationships Through Proven Methods of Due Diligence and Contract Negotiation
Ms. Molly Meegan
Counsel
Skadden‚ Arps‚ Slate‚ Meagher & Flom LLP
1 file
Enforcement Risks and Vendor Relationships
374.5 KB 16 pages Presentation
PPT - Enforcement Risks and Vendor Relationships
12:30
Networking Lunch for Speakers and Delegates
13:45
Third Party Oversight: Monitoring and Auditing Vendors and Service Providers to Ensure Data Protection
Ms. Sharon Anolik
Director‚ Corporate Compliance and Ethics‚ Chief Privacy Official
Blue Shield of California
Ms. Zoe Strickland
Vice President, Chief Privacy Officer
Wal-Mart Stores, Inc.
Ms. Frances Rao
Executive Director, Compliance and Ethics Office
Medco Health Solutions, Inc.
1 file
Third Party Oversight
892.5 KB 44 pages Presentation
PPT - Third Party Oversight
14:45
Afternoon Refreshment Break
15:00
Collecting‚ Using and Transferring Data Overseas: Implementing a Multinational Privacy Program
Orrie Dinstein
Chief Privacy Leader and Senior IT & IP Counsel
GE Capital
Ms. Fiona Buckley
ecords Management Counsel
British American Tobacco (BAT)
1 file
Collecting, Using and Transferring Data Overseas
810.5 KB 32 pages Presentation
PPT - Collecting, Using and Transferring Data Overseas
16:00
Cost-Effective Approaches for Achieving and Maintaining PCI Compliance
Moderator: Russell Schrader
Chief Privacy Officer and Associate General Counsel, Global Enterprise Risk
Visa, Inc.
1 file
Visa’s Strategy to Protect the Payment System
1.1 MB 14 pages Presentation
PPT - Visa’s Strategy to Protect the Payment System
Ms. Joann Carlton
Associate General Counsel
Bank of America Legal Dept
1 file
Managing PCI Compliance of Merchants and Third Parties – An Acquirer’s Perspective
531 KB 12 pages Presentation
PPT - Managing PCI Compliance of Merchants and Third Parties – An Acquirer’s Perspective
17:00
Conference Adjourns for the Day
8:30
Continental Breakfast
9:00
Recap and Remarks
Ms. Lynn A. Goldstein
Former Senior Vice President & Chief Privacy Officer
JP Morgan Chase
Miriam Wugmeister
Partner
Morrison & Foerster LLP
9:10
Ensuring your Red Flags Program Meets FTC Expectations
Ms. Pavneet Singh
Attorney‚ Division of Privacy and Identity Protection
Bureau of Consumer Protection‚ FTC
Ms. Jill A. Smith
Assistant General Counsel
Bank of America Legal Dept
Mr. Luis Salazar
Partner
Greenberg Traurig‚ P.A.
10:15
Successfully Navigating the Nuances of the Affiliate-Marketing Rule
Mr. Anthony Rodriguez
Attorney‚ Division of Privacy and Identity Protection
Bureau of Consumer Protection‚ FTC
Ms. Lynn A. Goldstein
Former Senior Vice President & Chief Privacy Officer
JP Morgan Chase
Andrew H. Smith
Associate General Counsel
Citigroup
1 file
FCRA Affiliate Marketing Rule
197 KB 16 pages Presentation
PPT - FCRA Affiliate Marketing Rule
11:15
Coffee Break
11:30
Testing Key Systems and Controls to Ensure Compliance with GLB Standards
Mr. Marc Loewenthal
Senior Vice President‚ Chief Security Officer/Privacy Officer
LPL Financial
Ms. Nancy Baran
Vice President, Privacy Office
The Prudential Insurance Company of America
1 file
Testing Key Systems and Controls to Ensure Compliance with GLB Standards
155.5 KB 19 pages Presentation
PPT - Testing Key Systems and Controls to Ensure Compliance with GLB Standards
12:30
Networking Lunch for Speakers and Delegates
13:45
What Organizations Need to Know About Insider Cyber Crime
Mr. Andrew P. Moore
Senior Member of the Technical Staff, CERT Program
Carnegie Mellon University
1 file
What Organizations Need to Know About Insider Cyber Crimes
1.1 MB 34 pages Presentation
PDF - What Organizations Need to Know About Insider Cyber Crimes
14:45
Afternoon Refreshment Break
15:00
Remote and Mobile Workforce: Policies‚ Procedures‚ and Security Measures for Privacy Protection
Mr. Brian McKeen
Privacy Officer
AFLAC
Miriam Wugmeister
Partner
Morrison & Foerster LLP
2 files
Remote and Mobile Workforce
234 KB 14 pages Presentation
PPT - Remote and Mobile Workforce
THE MOST OVERLOOKED COMPONENT OF DATA SECURITY: EMPLOYEES
86 KB 7 pages Presentation
DOC - THE MOST OVERLOOKED COMPONENT OF DATA SECURITY: EMPLOYEES
16:00
Conducting a Privacy Risk Assessment: Understanding the New Methodology for Putting a Price on Data Security & Compliance
Ms. Nancy Callahan
Vice President
AIG Executive Liability
1 file
Conducting a Privacy Risk Assessment
489 KB 25 pages Presentation
PPT - Conducting a Privacy Risk Assessment
16:45
Wrap Up & Conference Concludes