Day 1 - Monday, January 30, 2017

PRIVACY & SECURITY 101: UNDERSTANDING THE TECHNOLOGY & KEY LAWS AND REGULATIONS

Jan 30, 2017 7:25am – 8:40am

Speakers

Lisa E. Branner
Senior Manager, Information Protection and Privacy
Marriott International

Jim Lai
Privacy Officer
HERE

Courtney Manzel
Counsel, Office of Privacy, Law Department
Sprint

Lori E. Lesser
Partner
Simpson Thacher & Bartlett LLP

8:10
MAIN CONFERENCE REGISTRATION AND CONTINENTAL BREAKFAST
8:40
CO-CHAIRS’ WELCOMING REMARKS
8:45
ACCLIMATING TO CHANGING REGULATORY, LEGISLATIVE & ENFORCEMENT ACTIVITIES AND BREACH NOTIFICATION REQUIREMENTS
9:55
MORNING BREAK
10:05
IN-HOUSE THINK TANK: SOCIAL ENGINEERING AND EMPLOYEE TRAINING, THE BOARD OF DIRECTORS ROLE IN COMPLIANCE, UPDATE ON CYBER THREAT SHARING LEGISLATION, GOVERNANCE AND BUDGETING
11:15
GLOBAL CYBER SECURITY AND DATA PRIVACY CONCERNS WITH A FOCUS ON GDPR, EU – U.S. CROSSBORDER TRANSFERS AND PRIVACY SHIELD: MANAGING AN INTERNATIONAL PRIVACY PROGRAM AND PREPARING, COLLECTING, USING AND TRANSFERRING DATA ACROSS BORDERS
12:25
NETWORKING LUNCH FOR ATTENDEES AND SPEAKERS
1:25
BEST PRACTICES ON VENDOR MANAGEMENT: DEALING WITH VENDORS WITH ACCESS TO YOUR NETWORK AND NEGOTIATING TERMS OF SERVICE CONTRACTS AND SERVICE LEVEL AGREEMENTS
2:35
THE FUTURE OF BIG DATA, TRACKING AND DIGITAL ADVERTISING AND THE FCRA: AGGREGATING DATA, DATA ANALYTICS, DATA MINING, PRIVACY RIGHTS AND THE DANGER OF DAD ALGORITHMS
3:45
BREAK
3:55
INFOSEC STANDARDS: BUILDING INFORMATION SECURITY COMPLIANCE PROGRAMS
4:45
CROSS DEVICE TARGETING: PRIVACY ON MOBILE PLATFORMS AND PRIVACY DISCLOSURES FOR MOBILE APPS, BEHAVIORAL ADVERTISING AND MARKETING INITIATIVES
5:35
CONFERENCE ADJOURNS TO DAY TWO

Day 2 - Tuesday, January 31, 2017

7:30
CONTINENTAL BREAKFAST
8:00
RANSOMWARE: NOTIFICATION NECESSARY AS A DATA BREACH EVENT?
9:15
EMERGING THREATS AND DEVELOPING REMEDIES: SMART DEVICES AND CONNECTED DATA SOURCES
10:15
MORNING BREAK
10:25
HEALTHCARE AND DATA SECURITY: OCR, HHS AND HIPAA CYBERSECURITY AND DATA PRIVACY AND PROTECTION AND DIGITAL MEDICINE
11:25
CYBER SECURITY PREPAREDNESS: DATA BREACH INCIDENT RESPONSE TEAMS AND REPUTATION MANAGEMENT
12:25
DEFENDING AND MANAGING PRIVATE PARTY SUITS: RECENT CASES IN CLASS ACTION CLAIMS AND DATA USE AND DATA SECURITY LITIGATION
1:30
LUNCH FOR POST-CONFERENCE WORKSHOP PARTICIPANTS

Post-Conference Workshop

CYBER SECURITY AND CYBER & DATA RISK INSURANCE: THE STATE OF THE MARKET AND WHAT PRIVACY AND COMPLIANCE OFFICERS AND ATTORNEYS NEED TO CONSIDER DURING DATA BREACH COSTS ASSESSMENT

Jan 31, 2017 2:30pm – 4:30pm

Speakers

Hillary A. Russell-Pelletier
Senior Vice President, Privacy & Vendor Risk Management, CIPP/US
LPL Financial

David Winters
Partner
Butler Rubin Saltarelli & Boyd LLP

Day 1 - Monday, January 30, 2017

8:10
MAIN CONFERENCE REGISTRATION AND CONTINENTAL BREAKFAST
8:40
CO-CHAIRS’ WELCOMING REMARKS

Douglas H. Meal
Partner
Ropes & Gray LLP

Susan Duarte
In-House Litigation, Marketing and Financial Services Counsel
Sprint

8:45
ACCLIMATING TO CHANGING REGULATORY, LEGISLATIVE & ENFORCEMENT ACTIVITIES AND BREACH NOTIFICATION REQUIREMENTS

Cameron L. Schroeder
Assistant United States Attorney Cyber and Intellectual Property Crimes Section
U.S. Attorney’s Office

Joseph Murphy
Attorney Advisor
U.S. Securities and Exchange Commission

Joseph P. Borg
Director
Alabama Securities Commission

Paul Singer
Deputy Chief - Consumer Protection Division
Office of the Texas Attorney General

Moderator:

Kirk J. Nahra
Partner
Wiley Rein LLP

FEDERAL

  • Update on where federal agencies are heading with cyber security and date privacy & protection
  • Existing and prospective Congressional action
  • Cyber security legislation and White House initiatives
  • FTC v. Wyndham
  • Scope of authority and data security standards
  • Deception and materially false representations
  • Cyber security initiatives; audits; fines and penalties
  • Consumer Privacy Bill of Rights
  • “Do Not Track” and behavioral advertising
  • FACTA
  • Online privacy

STATE

  • Current areas of focuses for state AGs
  • What a national notification law would mean for the states
  • “Reasonable” safeguards and encryption requirements
  • Acquisition of information v. access to information
  • Regulatory and enforcement insights
  • Security breach notification requirements
  • New trends and how to effectively remain compliant
  • Recent state settlement and enforcement trends

9:55
MORNING BREAK
10:05
IN-HOUSE THINK TANK: SOCIAL ENGINEERING AND EMPLOYEE TRAINING, THE BOARD OF DIRECTORS ROLE IN COMPLIANCE, UPDATE ON CYBER THREAT SHARING LEGISLATION, GOVERNANCE AND BUDGETING

Christopher T. Pierson
EVP, General Counsel and Chief Security Officer
Viewpost

John Ansbach
General Counsel
General Datatech, L.P.

Adam Rubin
General Counsel
PRIZELOGIC

Erez Liebermann
Chief Counsel, Cybersecurity & Privacy
Prudential Financial

  • Board Level Communication and the Enforcement of the Self-Regulatory Principles
  • What role should the Board of Directors play in ensuring compliance? What are regulators expecting from boards?
  • What to focus on during annual/quarterly privacy review process
  • Telephone Consumer Protection Act: how are companies dealing with the increased use of texting for communications with consumers in light of increasing regulatory enforcement and class action litigation risks under the TCPA?
  • How much “due diligence” is required for a decision to be considered “reasonable” in making the decision not to notify?
  • Finding the balance between using customer data and conserving customer privacy
  • Voluntary sharing of information with government agencies
    • To what extent do new laws and regulations limit the circumstances under which a company will be liable?
  • What strategies have companies employed to make themselves feel comfortable with sharing information, while remaining compliant?

11:15
GLOBAL CYBER SECURITY AND DATA PRIVACY CONCERNS WITH A FOCUS ON GDPR, EU – U.S. CROSSBORDER TRANSFERS AND PRIVACY SHIELD: MANAGING AN INTERNATIONAL PRIVACY PROGRAM AND PREPARING, COLLECTING, USING AND TRANSFERRING DATA ACROSS BORDERS

Carly L. Huth
Global Privacy Law and Data Protection Counsel
The Coca-Cola Company

Matthew Haies
Senior VP, General Counsel
Xaxis

Corey M. Dennis
Associate Counsel & Privacy Officer
PPD

Françoise Gilbert
Shareholder
Greenberg Traurig, LLP

  • Companies that transmit personal data from an EU member nation to the United States now have to comply with EU law on the security of that data.
    • Starting in early 2018, the financial penalties and otherwise can be expected.
  • “The Right to Be Forgotten”
  • Privacy issues involved in conducting international investigation concerning discovery
  • International v. National v. Localized policies and breach response plans
  • Fitting corporate rules in the framework of international privacy regulatory requirements in a way that is practical, compliant, and cost effective.

12:25
NETWORKING LUNCH FOR ATTENDEES AND SPEAKERS
1:25
BEST PRACTICES ON VENDOR MANAGEMENT: DEALING WITH VENDORS WITH ACCESS TO YOUR NETWORK AND NEGOTIATING TERMS OF SERVICE CONTRACTS AND SERVICE LEVEL AGREEMENTS

Cody Wamsley
IT Risk & Information Security Manager
American Express

Nestor J. Rivera
Executive Privacy & IT Counsel HIPAA Privacy Officer
GE Healthcare

Bert Kaminski
Assistant General Counsel
Oracle

  • Data encryption and third party vendors
  • What constitutes due diligence when dealing with third party vendors
  • OCC guidance
  • FedRAMP
  • International privacy in the age of the cloud
  • Cloud service agreements
  • Initiatives and privacy compliance programs around the cloud and big data
  • Third party vendor concerns
  • Contract negotiation
  • Analyzing cloud transactions and virtual private clouds
  • Forced data localization requirements

2:35
THE FUTURE OF BIG DATA, TRACKING AND DIGITAL ADVERTISING AND THE FCRA: AGGREGATING DATA, DATA ANALYTICS, DATA MINING, PRIVACY RIGHTS AND THE DANGER OF DAD ALGORITHMS

Cara Dearman
Senior Counsel – Privacy and Data Security
Sears Holdings Corporation

Shiv Sankar
Corporate Counsel
Google Inc.

William A. Tanenbaum
Co-Head, Technology Transactions
Arent Fox LLP

  • FCRA and identify theft
  • Complying with COPPA
  • Disposal of big data
  • The new data culture – predicting and understanding what your customers need
  • Data anonymization: what does it really mean to be anonymous?
    What does it look like?
  • Data aggregation and the concern over privacy rights

3:45
BREAK
3:55
INFOSEC STANDARDS: BUILDING INFORMATION SECURITY COMPLIANCE PROGRAMS

Joseph Cvelbar
Privacy Program Manager
ADT

William R. Daugherty
Counsel
BakerHostetler

  • The importance of upper level support in creating your InfoSec program
  • Best practices on plan creation on how companies can build an effective relationship between privacy and information security departments
  • Decoding and translating tech language to include non-IT members of your organization

4:45
CROSS DEVICE TARGETING: PRIVACY ON MOBILE PLATFORMS AND PRIVACY DISCLOSURES FOR MOBILE APPS, BEHAVIORAL ADVERTISING AND MARKETING INITIATIVES

Susan Duarte
In-House Litigation, Marketing and Financial Services Counsel
Sprint

D. Reed Freeman Jr.
Partner
Wilmer Cutler Pickering Hale and Dorr LLP

  • Privacy notices on mobile devices
  • Collecting and using information from mobile apps
  • Laws, regulatory guidance, industry self-regulation
  • Drafting a privacy notice for mobile devices
  • Solutions proposed by consumer advocates, including their proposal for series of icons for privacy notices
  • Tools to promote compliance
  • Different requirements and ability to display disclosures among app stores/platforms
  • Reconciling differing global requirements when releasing an app in multiple markets
  • Cookies, “Do-Not-Track”, and Other Behavioral Targeting Nuances
  • Opt out policies
  • The impact on technology and innovation
  • The latest developments in “Do-Not-Track” and other regulatory enforcement trends
  • Litigation update on cookies/tracking
  • Managing consumer perception on tracking and data collection
  • Tracking and sharin
  • g online consumer behavior by social media companies
  • The regulator perspective
  • Unfair and deceptive practices using online behavioral advertising

5:35
CONFERENCE ADJOURNS TO DAY TWO

Day 2 - Tuesday, January 31, 2017

7:30
CONTINENTAL BREAKFAST
8:00
RANSOMWARE: NOTIFICATION NECESSARY AS A DATA BREACH EVENT?

Allison J. Bender

Hogan Lovells
(Formerly of the U.S. Department of Homeland Security)

Nathan D. Taylor
Partner
Morrison Foerster

Brenda R. Sharton
Partner
Goodwin Procter LLP

Gregory Bautista
Partner
Wilson Elser

  • Ransomware and the growing cyber-component to traditional crimes
  • Determining whether data has been breached and whether there was an unauthorized use of data
  • When is notification required?
  • Paying ransom and insurance coverage

9:15
EMERGING THREATS AND DEVELOPING REMEDIES: SMART DEVICES AND CONNECTED DATA SOURCES

Christopher S. Lee
Directorate Privacy Officer, Science & Technology Directorate
Department of Homeland Security

Edwin C. Koehler
Director
Avaya

Dominique R. Shelton
Partner
Alston & Bird LLP

  • Biometrics and behavior recognition
  • Consumer protection against unfair and deceptive trade practices
  • How computers, sensors and objects are processing your data
  • The Internet of Things
  • The ubiquitous collection of data and the challenges presented
  • Predictive analytics and IT automation
  • The latest security threats and where hackers are looking next
  • Financial services institutions as prime targets
  • Corporate espionage and theft of IP
  • Employee hack-backs
  • Phishing and Spear Phishing
  • Doxing and Swatting
  • DDos

10:15
MORNING BREAK
10:25
HEALTHCARE AND DATA SECURITY: OCR, HHS AND HIPAA CYBERSECURITY AND DATA PRIVACY AND PROTECTION AND DIGITAL MEDICINE

Alison Brunelle
Director of Privacy and Regulation
H-E-B

Steve Abrahamson
Director, Product Security Programs
GE Healthcare

Nathan Leong
Corporate, External & Legal Affairs
Microsoft

  • Risk analysis and management
  • Content and timeliness of breach notifications
  • Transmission security and privacy safeguards
  • Training policies and procedures
  • Compliance challenges
  • Mitigation Measures

11:25
CYBER SECURITY PREPAREDNESS: DATA BREACH INCIDENT RESPONSE TEAMS AND REPUTATION MANAGEMENT

Abra Cooper
Associate Counsel
Knowledge Universe, U.S.

Patrick Dempsey
VP – High Tech Investigations Unit
Prudential

Mark Storts
Managing Counsel
Nationwide Mutual Insurance Company

  • Penetration testing and security assessments
  • Incident preparedness
    • Proactive crisis communications training
    • Risk assessments and vulnerability audits
  • The cyber defense response team and who it should include
    • Managing the crisis through comprehensive crisis communications
  • Post-incident recovery
    • Reputation management
    • Public relations and impact assessments
    • Stakeholder communications, and more
  • The Whole Company Approach
    • Working with your IT department to safeguard networks, dataand information
  • Best practices for implementing cyber security and data protection from the start
  • Working with your development team to incorporate privacy protection into all aspects of business
  • Privacy engineering
    • Taking Privacy/Security by Design concepts and executing them in the day-to-day practices

12:25
DEFENDING AND MANAGING PRIVATE PARTY SUITS: RECENT CASES IN CLASS ACTION CLAIMS AND DATA USE AND DATA SECURITY LITIGATION

Douglas H. Meal
Partner
Ropes & Gray LLP

Brooks R. Magratten
Partner
Pierce Atwood LLP

  • Card issuing banks and class certification
  • The applicability of the attorney-client privilege and work product doctrine to pre and post incident response files
  • Class action suits: latest trends on TCPA and other texting cases
  • Litigation trends: future of class actions and how the decisions shake out state by state
  • Data breach litigation
  • Assessing harm
  • Statutory penalties, remedies
  • Collection of data
  • Retailers asking for zip code, phone numbers, etc.
  • Mega privacy actions
  • Civil litigation associated with free or low cost services that touch millions of people
  • Statutory liability claims
  • Privacy statutes with statutory damages and uniform privacy practices
  • What happens when the litigation doesn’t settle?
  • Assessing harm; how important is harm when law applies to statutory damages?
  • Strategies for when to fight and when to settle privacy and security

1:30
LUNCH FOR POST-CONFERENCE WORKSHOP PARTICIPANTS

PRIVACY & SECURITY 101: UNDERSTANDING THE TECHNOLOGY & KEY LAWS AND REGULATIONS

Jan 30, 2017 7:25am – 8:40am

Lisa E. Branner
Senior Manager, Information Protection and Privacy
Marriott International

Jim Lai
Privacy Officer
HERE

Courtney Manzel
Counsel, Office of Privacy, Law Department
Sprint

Lori E. Lesser
Partner
Simpson Thacher & Bartlett LLP

What is it about?

separate registration required; registration opens at 7:10 a.m.)
  • Overview of key privacy and data security laws, including data breach laws and regulatory requirements
  • Data loss and breach prevention strategies, tools, and tips
  • Incident management plans and data breach response strategies
  • Privacy, data breaches, and the key technological tools and experts behind them
    • Bridging the gap between legal and regulatory requirements regarding the protection of sensitive data, and the technology that protects such information
    • How does IT intersect with privacy?
    • Understanding IT systems utilized by companies to prevent breaches and data loss, including firewalls and private networks
    • The basics of a data breach
    • The basics of a data breach response
    • The role of forensic and audit teams
    • Best practices for assembling and working with a forensics and audit team
  • Key laws, regulators, and enforcement bodies to consider when dealing with privacy concerns and data breaches
    • A look at the current regulations and legislation which impact privacy & security
    • The role of regulators in the realm of privacy & security

CYBER SECURITY AND CYBER & DATA RISK INSURANCE: THE STATE OF THE MARKET AND WHAT PRIVACY AND COMPLIANCE OFFICERS AND ATTORNEYS NEED TO CONSIDER DURING DATA BREACH COSTS ASSESSMENT

Jan 31, 2017 2:30pm – 4:30pm

Hillary A. Russell-Pelletier
Senior Vice President, Privacy & Vendor Risk Management, CIPP/US
LPL Financial

David Winters
Partner
Butler Rubin Saltarelli & Boyd LLP

What is it about?

(separate registration required; registration opens at 2 p.m.)
  • Usage based insurance
  • GL policies
  • What policyholders should be looking for in these policies
  • Key considerations for coverage applicants
  • Pricing, selling and marketing
  • New coverage options
  • Cyber security issues
  • Sharing of information

ElitePass Workshops Bundle