Privacy Meets Practice · EU Data Protection Bootcamp Hazel Grant, Partner, Bristows, Rocco Panett...
Transcript of Privacy Meets Practice · EU Data Protection Bootcamp Hazel Grant, Partner, Bristows, Rocco Panett...
PR
IOR
ITY C
OD
E:
Th
e IA
PP
Pr
IvA
cy
Ac
Ad
em
y 2
011
Septe
mber
14
–16
The F
airm
ont
Hote
lD
alla
s,
TX
SPO
NS
Or
S
eX
hIB
ITO
rS
Affi
nio
nB
lock
mas
ter
BN
AC
lick
4 C
om
plia
nce
Co
un
selo
r Li
bra
ryD
ebix
Eq
uifa
x
Evi
do
n
Exp
eria
nH
iSo
ftw
are
Ho
gan
Lov
ells
Iden
tity
Fin
der
Jord
an L
awre
nce
Kro
ll
Nym
ity
Ru
st C
on
sult
ing
Str
oz
Frie
db
erg
Sym
ante
cT
RU
STe
Wo
mb
le C
arly
le
Vis
it w
ww
.privacyassocia
tion.o
rg/a
cadem
y t
o r
egis
ter
onlin
e
or
regis
ter
by p
hone a
t +1
60
3.4
27.9
20
0.
PreconFerence WorkSHoP Day
cerTIFIcaTIon TraInInG anD TeSTInG
a neW reLeaSe FroM THe IaPP!
Building a Privacy Program: A Practitioner’s Guide
Early Bird Rate Regular Rate (Until August 19) (After August 19)
IAPP Member $1195 USD $1395 USD
Nonmember $1395 USD $1595 USD
www.PrIvAcyASSOcIATION.Org/AcAdemy
mAIN cONfereNce PrIcINg 5-Minute Mixer •
Welcome Reception •
Networking Dinners •
Table Topic Lunch •
Privacy Dinner and Awards Ceremony •
Early Bird Run/Walk •
neTWorkInG ToUcHPoInTS
FeaTUreD keynoTeS
The IAPP Privacy Dinner 2011Thursday, September 15The Fairmont Hotel
Rub elbows with privacy’s top innovators and leaders at the sixth annual Privacy Dinner and Awards Ceremony, where we will unveil the winners of the 2011 HP-IAPP Privacy Innovation Awards and the IAPP Privacy Vanguard Award. A ticket to this exceptional evening of celebration is included with your Academy main conference registration.
Keynote Speaker: Susan Combs, Comptroller, State of Texas
PrIVacy MeeTS eXceLLence
Be a privacy standout! Train and test for your IAPP certification at the Academy.
Training for the CIPP, CIPP/G and CIPP/IT, and testing for all modules will be offered at the Academy.
Visit the website for additional pricing information.
Rates available for corporate groups, government and higher education employees, Privacy Dinner only and privacy certification training and testing.
Get exclusive insider perspectives from some of the biggest players in the consumer privacy protection arena and learn how you can avoid being on the opposite side of the table.
Discover connections and build relationships at our many networking opportunities throughout the Academy:
8 a.m. – 12 p.m.Navigating the Maze: Federal Legislation and the Privacy Impact Assessment Process William C. Hoffman, CIPP, Senior Privacy Officer, General Dynamics Information TechnologyWhat does it take to make a privacy impact assessment (PIA) successful? As federal agencies scramble to ensure that all systems—as defined by FISMA, OMB and the Privacy Act—are covered by a PIA, it’s more important than ever to know the ins and outs of the process. Join this informative workshop for a comprehensive look at the legislative requirements and how to be prepared for them. Investigate the systematic process that can help to ensure compliance and produce a successful PIA procedure in your organization, including the pre-PIA work that can increase efficiency and improve completion and accuracy.
Protecting and Securing a Moving Target: NFC, RFID and Mobile PaymentsJacqueline Klosek, CIPP, Senior Counsel, Goodwin Procter LLP, Christopher T. Pierson, CIPP, CIPP/G, Chief Privacy Officer and Senior Vice President, Citizens Financial Group, Inc., James Shreve, CIPP, Associate Specialist, Buckley Sandler LLP
Although the broad-based adoption of Near Field Communication (NFC), RFID and mobile payments has taken longer than many anticipated, there are recent signs that the required momentum for such adoption may be close. With the expansive new capabilities of mobile phones and tablet devices, the possibility of including NFC technology in such devices, and upgrades to location tracking, it is becoming apparent that technology is starting to drive that momentum. This workshop will examine NFC, RFID and mobile payments and the regulation of such technologies under existing laws. Engage in a lively group discussion of how law and regulation—including proposed legislation—may adapt to meet privacy and data security issues raised by these technologies.
1 – 5 p.m.Debunking the Privacy Paradox Myth: Creating a Self-Synchronized Privacy ProgramMario Morel, Privacy Architect, YourPrivacyCognitive science has shown that consumers don’t make privacy decisions based on cost/benefit estimations. The apparent dissonance between what people say concerns them online and what they do in practice to protect their privacy is not a paradox; it is a call for
privacy pros to build programs people can relate to. Privacy officers who do just that give customers an optimum experience and gain a strategic asset for their business. The secret is “self-synchronization”—designing a program that can engage people’s insight, foresight and mind-sight at both an intellectual and emotional level. Using the latest research, this workshop will help you discover the nine key building blocks of a network-centric privacy infostructure and show you how to formulate a plan to dramatically increase privacy program participation from your customers, employees and partners.
EU Data Protection BootcampHazel Grant, Partner, Bristows, Rocco Panetta, Partner, Panetta & AssociatiJoin our expert European faculty for this broad overview of data protection practices across the pond. Learn about the political and legal structures in the EU, the role of data protection authorities, and the complex web of laws that guide data. You’ll leave with a strong general understanding of the roles, responsibilities and laws governing privacy in the European Union.
PrecONfereNce wOrKShOPS (Wednesday only)
One Session (half day) $545 USDTwo Sessions (full day) $695 USDPrivacy Bootcamp (full day) $695 USD
Get your copy of this essential and long-awaited guide to putting together an effective privacy operation—being released this summer! Register for the Privacy Bootcamp preconference workshop and get a free copy.
Copies will also be available for sale at the Academy bookstore. Meet the authors and get your copy signed!
WeDneSDay, SePTeMber 14
Can’t make it to our daylong Privacy Bootcamp at the Practical Privacy Series? Catch it at the Academy!
8 a.m. – 5 p.m.Privacy BootcampJ. Trevor Hughes, CIPP, President & CEO, IAPP, Kirk Nahra, CIPP, Partner, Wiley Rein LLPPrivacy can be a bewildering topic. With multiple laws, jurisdictions, technologies and business models converging, and evolving, in today’s enterprise it is hard to know how to navigate the maze of challenges you face. Privacy Bootcamp is your opportunity to get a solid grounding in this dynamic field. This two-part intensive program will introduce you to the fundamentals of privacy. Part 1 provides an overview of basic privacy concepts and philosophies. Part 2 will provide you with a “Privacy Toolkit”—practical, hands-on guidance for managing data within your organization. You’ll leave with a sound foundation that will give you the structure and understanding you need to make the right decisions for your privacy initiatives.
Attendees will receive a free copy of the IAPP’s new publication, Building a Privacy Program: A Practitioner’s Guide
Inte
rnat
iona
l Ass
ocia
tion
of P
riva
cy P
rofe
ssio
nals
Pea
se In
tern
atio
nal T
rade
port
75
Roc
hest
er A
ve.,
Sui
te 4
Por
tsm
outh
, N
H 0
38
01
USA
Scott A. KamberKamberLaw LLC
Marc RotenbergPresident, EPIC
Privacy Meets Practice
IAPP PrIvAcy AcAdemySeptember 14 –16 dallas, TX
www.privacyassociation.org/academy
cOme TOgeTher wITh The PrIvAcy PrOfeSSION
Privacy is interwoven into every facet of today’s economy, but privacy professionals often are the lone wolf in their organization—walking the fine line of protecting customers and satisfying regulators, without stifling innovation and business objectives.
Now, more than ever, privacy professionals need to come together to share challenges, get answers and improve their practices. This year, Dallas is the crossroads for the privacy profession.
MeeT THe PeoPLe WHo HaVe THe anSWerS
Come to the Academy and get information and answers to the questions that keep you up at night. Could your organization’s reputation survive a breach? Is there a possibility that you could be the target of an FTC enforcement action? How do you ensure that your organization’s products are trustworthy? Talk to your peers, hear from the experts and get unique insider perspective from top privacy enforcers that can impose real consequences on your brand and your reputation.
See HoW IT aLL FITS ToGeTHer
Join your peers in Dallas for three days of quality education and networking and return to work with the tools and experiences you need to excel in your daily practice and be a leader for your organization’s privacy efforts.
Conference Location and Hotel Accommodations
The Fairmont Hotel1717 N. Akard Street, Dallas, TX 75201Phone: +1 214.720.2020Fax: +1 214.720.7405
PR
IOR
ITY C
OD
E:
Th
e IA
PP
Pr
IvA
cy
Ac
Ad
em
y 2
011
Septe
mber
14
–16
The F
airm
ont
Hote
lD
alla
s,
TX
SPO
NS
Or
S
eX
hIB
ITO
rS
Affi
nio
nB
lock
mas
ter
BN
AC
lick
4 C
om
plia
nce
Co
un
selo
r Li
bra
ryD
ebix
Eq
uifa
x
Evi
do
n
Exp
eria
nH
iSo
ftw
are
Ho
gan
Lov
ells
Iden
tity
Fin
der
Jord
an L
awre
nce
Kro
ll
Nym
ity
Ru
st C
on
sult
ing
Str
oz
Frie
db
erg
Sym
ante
cT
RU
STe
Wo
mb
le C
arly
le
Vis
it w
ww
.privacyassocia
tion.o
rg/a
cadem
y t
o r
egis
ter
onlin
e
or
regis
ter
by p
hone a
t +1
60
3.4
27.9
20
0.
PreconFerence WorkSHoP Day
cerTIFIcaTIon TraInInG anD TeSTInG
a neW reLeaSe FroM THe IaPP!
Building a Privacy Program: A Practitioner’s Guide
Early Bird Rate Regular Rate (Until August 19) (After August 19)
IAPP Member $1195 USD $1395 USD
Nonmember $1395 USD $1595 USD
www.PrIvAcyASSOcIATION.Org/AcAdemy
mAIN cONfereNce PrIcINg 5-Minute Mixer •
Welcome Reception •
Networking Dinners •
Table Topic Lunch •
Privacy Dinner and Awards Ceremony •
Early Bird Run/Walk •
neTWorkInG ToUcHPoInTS
FeaTUreD keynoTeS
The IAPP Privacy Dinner 2011Thursday, September 15The Fairmont Hotel
Rub elbows with privacy’s top innovators and leaders at the sixth annual Privacy Dinner and Awards Ceremony, where we will unveil the winners of the 2011 HP-IAPP Privacy Innovation Awards and the IAPP Privacy Vanguard Award. A ticket to this exceptional evening of celebration is included with your Academy main conference registration.
Keynote Speaker: Susan Combs, Comptroller, State of Texas
PrIVacy MeeTS eXceLLence
Be a privacy standout! Train and test for your IAPP certification at the Academy.
Training for the CIPP, CIPP/G and CIPP/IT, and testing for all modules will be offered at the Academy.
Visit the website for additional pricing information.
Rates available for corporate groups, government and higher education employees, Privacy Dinner only and privacy certification training and testing.
Get exclusive insider perspectives from some of the biggest players in the consumer privacy protection arena and learn how you can avoid being on the opposite side of the table.
Discover connections and build relationships at our many networking opportunities throughout the Academy:
8 a.m. – 12 p.m.Navigating the Maze: Federal Legislation and the Privacy Impact Assessment Process William C. Hoffman, CIPP, Senior Privacy Officer, General Dynamics Information TechnologyWhat does it take to make a privacy impact assessment (PIA) successful? As federal agencies scramble to ensure that all systems—as defined by FISMA, OMB and the Privacy Act—are covered by a PIA, it’s more important than ever to know the ins and outs of the process. Join this informative workshop for a comprehensive look at the legislative requirements and how to be prepared for them. Investigate the systematic process that can help to ensure compliance and produce a successful PIA procedure in your organization, including the pre-PIA work that can increase efficiency and improve completion and accuracy.
Protecting and Securing a Moving Target: NFC, RFID and Mobile PaymentsJacqueline Klosek, CIPP, Senior Counsel, Goodwin Procter LLP, Christopher T. Pierson, CIPP, CIPP/G, Chief Privacy Officer and Senior Vice President, Citizens Financial Group, Inc., James Shreve, CIPP, Associate Specialist, Buckley Sandler LLP
Although the broad-based adoption of Near Field Communication (NFC), RFID and mobile payments has taken longer than many anticipated, there are recent signs that the required momentum for such adoption may be close. With the expansive new capabilities of mobile phones and tablet devices, the possibility of including NFC technology in such devices, and upgrades to location tracking, it is becoming apparent that technology is starting to drive that momentum. This workshop will examine NFC, RFID and mobile payments and the regulation of such technologies under existing laws. Engage in a lively group discussion of how law and regulation—including proposed legislation—may adapt to meet privacy and data security issues raised by these technologies.
1 – 5 p.m.Debunking the Privacy Paradox Myth: Creating a Self-Synchronized Privacy ProgramMario Morel, Privacy Architect, YourPrivacyCognitive science has shown that consumers don’t make privacy decisions based on cost/benefit estimations. The apparent dissonance between what people say concerns them online and what they do in practice to protect their privacy is not a paradox; it is a call for
privacy pros to build programs people can relate to. Privacy officers who do just that give customers an optimum experience and gain a strategic asset for their business. The secret is “self-synchronization”—designing a program that can engage people’s insight, foresight and mind-sight at both an intellectual and emotional level. Using the latest research, this workshop will help you discover the nine key building blocks of a network-centric privacy infostructure and show you how to formulate a plan to dramatically increase privacy program participation from your customers, employees and partners.
EU Data Protection BootcampHazel Grant, Partner, Bristows, Rocco Panetta, Partner, Panetta & AssociatiJoin our expert European faculty for this broad overview of data protection practices across the pond. Learn about the political and legal structures in the EU, the role of data protection authorities, and the complex web of laws that guide data. You’ll leave with a strong general understanding of the roles, responsibilities and laws governing privacy in the European Union.
PrecONfereNce wOrKShOPS (Wednesday only)
One Session (half day) $545 USDTwo Sessions (full day) $695 USDPrivacy Bootcamp (full day) $695 USD
Get your copy of this essential and long-awaited guide to putting together an effective privacy operation—being released this summer! Register for the Privacy Bootcamp preconference workshop and get a free copy.
Copies will also be available for sale at the Academy bookstore. Meet the authors and get your copy signed!
WeDneSDay, SePTeMber 14
Can’t make it to our daylong Privacy Bootcamp at the Practical Privacy Series? Catch it at the Academy!
8 a.m. – 5 p.m.Privacy BootcampJ. Trevor Hughes, CIPP, President & CEO, IAPP, Kirk Nahra, CIPP, Partner, Wiley Rein LLPPrivacy can be a bewildering topic. With multiple laws, jurisdictions, technologies and business models converging, and evolving, in today’s enterprise it is hard to know how to navigate the maze of challenges you face. Privacy Bootcamp is your opportunity to get a solid grounding in this dynamic field. This two-part intensive program will introduce you to the fundamentals of privacy. Part 1 provides an overview of basic privacy concepts and philosophies. Part 2 will provide you with a “Privacy Toolkit”—practical, hands-on guidance for managing data within your organization. You’ll leave with a sound foundation that will give you the structure and understanding you need to make the right decisions for your privacy initiatives.
Attendees will receive a free copy of the IAPP’s new publication, Building a Privacy Program: A Practitioner’s Guide
Inte
rnat
iona
l Ass
ocia
tion
of P
riva
cy P
rofe
ssio
nals
Pea
se In
tern
atio
nal T
rade
port
75
Roc
hest
er A
ve.,
Sui
te 4
Por
tsm
outh
, N
H 0
38
01
USA
Scott A. KamberKamberLaw LLC
Marc RotenbergPresident, EPIC
Privacy Meets Practice
IAPP PrIvAcy AcAdemySeptember 14 –16 dallas, TX
www.privacyassociation.org/academy
cOme TOgeTher wITh The PrIvAcy PrOfeSSION
Privacy is interwoven into every facet of today’s economy, but privacy professionals often are the lone wolf in their organization—walking the fine line of protecting customers and satisfying regulators, without stifling innovation and business objectives.
Now, more than ever, privacy professionals need to come together to share challenges, get answers and improve their practices. This year, Dallas is the crossroads for the privacy profession.
MeeT THe PeoPLe WHo HaVe THe anSWerS
Come to the Academy and get information and answers to the questions that keep you up at night. Could your organization’s reputation survive a breach? Is there a possibility that you could be the target of an FTC enforcement action? How do you ensure that your organization’s products are trustworthy? Talk to your peers, hear from the experts and get unique insider perspective from top privacy enforcers that can impose real consequences on your brand and your reputation.
See HoW IT aLL FITS ToGeTHer
Join your peers in Dallas for three days of quality education and networking and return to work with the tools and experiences you need to excel in your daily practice and be a leader for your organization’s privacy efforts.
Conference Location and Hotel Accommodations
The Fairmont Hotel1717 N. Akard Street, Dallas, TX 75201Phone: +1 214.720.2020Fax: +1 214.720.7405
PR
IOR
ITY C
OD
E:
Th
e IA
PP
Pr
IvA
cy
Ac
Ad
em
y 2
011
Septe
mber 1
4–1
6The F
airm
ont H
ote
lD
alla
s, T
X
SPO
NS
Or
S
eX
hIB
ITO
rS
Affi
nio
nB
lockm
asterB
NA
Click 4 C
om
plian
ceC
ou
nselo
r Library
Deb
ixE
qu
ifax
Evid
on
E
xperian
HiS
oftw
areH
ogan
LovellsId
entity Fin
der
Jord
an Law
rence
Kro
ll
Nym
ityR
ust C
on
sultin
gS
troz Fried
berg
Sym
antec
TR
US
TeW
om
ble C
arlyle
Vis
it ww
w.p
rivacyassocia
tion.o
rg/a
cadem
y to
regis
ter o
nlin
e
or re
gis
ter b
y p
hone a
t +1 6
03
.42
7.9
20
0.
PreconFerence WorkSHoP Day
cerTIFIcaTIon TraInInG anD TeSTInG
a neW reLeaSe FroM THe IaPP!
Building a Privacy Program: A Practitioner’s Guide
Early Bird Rate Regular Rate (Until August 19) (After August 19)
IAPP Member $1195 USD $1395 USD
Nonmember $1395 USD $1595 USD
www.PrIvAcyASSOcIATION.Org/AcAdemy
mAIN cONfereNce PrIcINg5-Minute Mixer•
Welcome Reception •
Networking Dinners•
Table Topic Lunch•
Privacy Dinner and Awards Ceremony•
Early Bird Run/Walk•
neTWorkInG ToUcHPoInTS
FeaTUreD keynoTeS
The IAPP Privacy Dinner 2011Thursday, September 15The Fairmont Hotel
Rub elbows with privacy’s top innovators and leaders at the sixth annual Privacy Dinner and Awards Ceremony, where we will unveil the winners of the 2011 HP-IAPP Privacy Innovation Awards and the IAPP Privacy Vanguard Award. A ticket to this exceptional evening of celebration is included with your Academy main conference registration.
Keynote Speaker: Susan Combs, Comptroller, State of Texas
PrIVacy MeeTS eXceLLence
Be a privacy standout! Train and test for your IAPP certification at the Academy.
Training for the CIPP, CIPP/G and CIPP/IT, and testing for all modules will be offered at the Academy.
Visit the website for additional pricing information.
Rates available for corporate groups, government and higher education employees, Privacy Dinner only and privacy certification training and testing.
Get exclusive insider perspectives from some of the biggest players in the consumer privacy protection arena and learn how you can avoid being on the opposite side of the table.
Discover connections and build relationships at our many networking opportunities throughout the Academy:
8 a.m. – 12 p.m.Navigating the Maze: Federal Legislation and the Privacy Impact Assessment Process William C. Hoffman, CIPP, Senior Privacy Officer, General Dynamics Information TechnologyWhat does it take to make a privacy impact assessment (PIA) successful? As federal agencies scramble to ensure that all systems—as defined by FISMA, OMB and the Privacy Act—are covered by a PIA, it’s more important than ever to know the ins and outs of the process. Join this informative workshop for a comprehensive look at the legislative requirements and how to be prepared for them. Investigate the systematic process that can help to ensure compliance and produce a successful PIA procedure in your organization, including the pre-PIA work that can increase efficiency and improve completion and accuracy.
Protecting and Securing a Moving Target: NFC, RFID and Mobile PaymentsJacqueline Klosek, CIPP, Senior Counsel, Goodwin Procter LLP, Christopher T. Pierson, CIPP, CIPP/G, Chief Privacy Officer and Senior Vice President, Citizens Financial Group, Inc., James Shreve, CIPP, Associate Specialist, Buckley Sandler LLP
Although the broad-based adoption of Near Field Communication (NFC), RFID and mobile payments has taken longer than many anticipated, there are recent signs that the required momentum for such adoption may be close. With the expansive new capabilities of mobile phones and tablet devices, the possibility of including NFC technology in such devices, and upgrades to location tracking, it is becoming apparent that technology is starting to drive that momentum. This workshop will examine NFC, RFID and mobile payments and the regulation of such technologies under existing laws. Engage in a lively group discussion of how law and regulation—including proposed legislation—may adapt to meet privacy and data security issues raised by these technologies.
1 – 5 p.m.Debunking the Privacy Paradox Myth: Creating a Self-Synchronized Privacy ProgramMario Morel, Privacy Architect, YourPrivacyCognitive science has shown that consumers don’t make privacy decisions based on cost/benefit estimations. The apparent dissonance between what people say concerns them online and what they do in practice to protect their privacy is not a paradox; it is a call for
privacy pros to build programs people can relate to. Privacy officers who do just that give customers an optimum experience and gain a strategic asset for their business. The secret is “self-synchronization”—designing a program that can engage people’s insight, foresight and mind-sight at both an intellectual and emotional level. Using the latest research, this workshop will help you discover the nine key building blocks of a network-centric privacy infostructure and show you how to formulate a plan to dramatically increase privacy program participation from your customers, employees and partners.
EU Data Protection BootcampHazel Grant, Partner, Bristows, Rocco Panetta, Partner, Panetta & AssociatiJoin our expert European faculty for this broad overview of data protection practices across the pond. Learn about the political and legal structures in the EU, the role of data protection authorities, and the complex web of laws that guide data. You’ll leave with a strong general understanding of the roles, responsibilities and laws governing privacy in the European Union.
PrecONfereNce wOrKShOPS (Wednesday only)
One Session (half day) $545 USDTwo Sessions (full day) $695 USDPrivacy Bootcamp (full day) $695 USD
Get your copy of this essential and long-awaited guide to putting together an effective privacy operation—being released this summer! Register for the Privacy Bootcamp preconference workshop and get a free copy.
Copies will also be available for sale at the Academy bookstore. Meet the authors and get your copy signed!
WeDneSDay, SePTeMber 14
Can’t make it to our daylong Privacy Bootcamp at the Practical Privacy Series? Catch it at the Academy!
8 a.m. – 5 p.m.Privacy BootcampJ. Trevor Hughes, CIPP, President & CEO, IAPP, Kirk Nahra, CIPP, Partner, Wiley Rein LLPPrivacy can be a bewildering topic. With multiple laws, jurisdictions, technologies and business models converging, and evolving, in today’s enterprise it is hard to know how to navigate the maze of challenges you face. Privacy Bootcamp is your opportunity to get a solid grounding in this dynamic field. This two-part intensive program will introduce you to the fundamentals of privacy. Part 1 provides an overview of basic privacy concepts and philosophies. Part 2 will provide you with a “Privacy Toolkit”—practical, hands-on guidance for managing data within your organization. You’ll leave with a sound foundation that will give you the structure and understanding you need to make the right decisions for your privacy initiatives.
Attendees will receive a free copy of the IAPP’s new publication, Building a Privacy Program: A Practitioner’s Guide
International Association of P
rivacy Professionals
Pease International Tradeport
75
Rochester A
ve., Suite 4
Portsm
outh, NH
03
80
1 U
SA
Scott A. KamberKamberLaw LLC
Marc RotenbergPresident, EPIC
Privacy Meets Practice
IAPP PrIvAcy AcAdemySeptember 14–16 dallas, TX
www.privacyassociation.org/academy
cOme TOgeTher wITh The PrIvAcy PrOfeSSION
Privacy is interwoven into every facet of today’s economy, but privacy professionals often are the lone wolf in their organization—walking the fine line of protecting customers and satisfying regulators, without stifling innovation and business objectives.
Now, more than ever, privacy professionals need to come together to share challenges, get answers and improve their practices. This year, Dallas is the crossroads for the privacy profession.
MeeT THe PeoPLe WHo HaVe THe anSWerS
Come to the Academy and get information and answers to the questions that keep you up at night. Could your organization’s reputation survive a breach? Is there a possibility that you could be the target of an FTC enforcement action? How do you ensure that your organization’s products are trustworthy? Talk to your peers, hear from the experts and get unique insider perspective from top privacy enforcers that can impose real consequences on your brand and your reputation.
See HoW IT aLL FITS ToGeTHer
Join your peers in Dallas for three days of quality education and networking and return to work with the tools and experiences you need to excel in your daily practice and be a leader for your organization’s privacy efforts.
Conference Location and Hotel Accommodations
The Fairmont Hotel1717 N. Akard Street, Dallas, TX 75201Phone: +1 214.720.2020Fax: +1 214.720.7405
PR
IOR
ITY C
OD
E:
Th
e IA
PP
Pr
IvA
cy
Ac
Ad
em
y 2
011
Septe
mber 1
4–1
6The F
airm
ont H
ote
lD
alla
s, T
X
SPO
NS
Or
S
eX
hIB
ITO
rS
Affi
nio
nB
lockm
asterB
NA
Click 4 C
om
plian
ceC
ou
nselo
r Library
Deb
ixE
qu
ifax
Evid
on
E
xperian
HiS
oftw
areH
ogan
LovellsId
entity Fin
der
Jord
an Law
rence
Kro
ll
Nym
ityR
ust C
on
sultin
gS
troz Fried
berg
Sym
antec
TR
US
TeW
om
ble C
arlyle
Vis
it ww
w.p
rivacyassocia
tion.o
rg/a
cadem
y to
regis
ter o
nlin
e
or re
gis
ter b
y p
hone a
t +1 6
03
.42
7.9
20
0.
PreconFerence WorkSHoP Day
cerTIFIcaTIon TraInInG anD TeSTInG
a neW reLeaSe FroM THe IaPP!
Building a Privacy Program: A Practitioner’s Guide
Early Bird Rate Regular Rate (Until August 19) (After August 19)
IAPP Member $1195 USD $1395 USD
Nonmember $1395 USD $1595 USD
www.PrIvAcyASSOcIATION.Org/AcAdemy
mAIN cONfereNce PrIcINg5-Minute Mixer•
Welcome Reception •
Networking Dinners•
Table Topic Lunch•
Privacy Dinner and Awards Ceremony•
Early Bird Run/Walk•
neTWorkInG ToUcHPoInTS
FeaTUreD keynoTeS
The IAPP Privacy Dinner 2011Thursday, September 15The Fairmont Hotel
Rub elbows with privacy’s top innovators and leaders at the sixth annual Privacy Dinner and Awards Ceremony, where we will unveil the winners of the 2011 HP-IAPP Privacy Innovation Awards and the IAPP Privacy Vanguard Award. A ticket to this exceptional evening of celebration is included with your Academy main conference registration.
Keynote Speaker: Susan Combs, Comptroller, State of Texas
PrIVacy MeeTS eXceLLence
Be a privacy standout! Train and test for your IAPP certification at the Academy.
Training for the CIPP, CIPP/G and CIPP/IT, and testing for all modules will be offered at the Academy.
Visit the website for additional pricing information.
Rates available for corporate groups, government and higher education employees, Privacy Dinner only and privacy certification training and testing.
Get exclusive insider perspectives from some of the biggest players in the consumer privacy protection arena and learn how you can avoid being on the opposite side of the table.
Discover connections and build relationships at our many networking opportunities throughout the Academy:
8 a.m. – 12 p.m.Navigating the Maze: Federal Legislation and the Privacy Impact Assessment Process William C. Hoffman, CIPP, Senior Privacy Officer, General Dynamics Information TechnologyWhat does it take to make a privacy impact assessment (PIA) successful? As federal agencies scramble to ensure that all systems—as defined by FISMA, OMB and the Privacy Act—are covered by a PIA, it’s more important than ever to know the ins and outs of the process. Join this informative workshop for a comprehensive look at the legislative requirements and how to be prepared for them. Investigate the systematic process that can help to ensure compliance and produce a successful PIA procedure in your organization, including the pre-PIA work that can increase efficiency and improve completion and accuracy.
Protecting and Securing a Moving Target: NFC, RFID and Mobile PaymentsJacqueline Klosek, CIPP, Senior Counsel, Goodwin Procter LLP, Christopher T. Pierson, CIPP, CIPP/G, Chief Privacy Officer and Senior Vice President, Citizens Financial Group, Inc., James Shreve, CIPP, Associate Specialist, Buckley Sandler LLP
Although the broad-based adoption of Near Field Communication (NFC), RFID and mobile payments has taken longer than many anticipated, there are recent signs that the required momentum for such adoption may be close. With the expansive new capabilities of mobile phones and tablet devices, the possibility of including NFC technology in such devices, and upgrades to location tracking, it is becoming apparent that technology is starting to drive that momentum. This workshop will examine NFC, RFID and mobile payments and the regulation of such technologies under existing laws. Engage in a lively group discussion of how law and regulation—including proposed legislation—may adapt to meet privacy and data security issues raised by these technologies.
1 – 5 p.m.Debunking the Privacy Paradox Myth: Creating a Self-Synchronized Privacy ProgramMario Morel, Privacy Architect, YourPrivacyCognitive science has shown that consumers don’t make privacy decisions based on cost/benefit estimations. The apparent dissonance between what people say concerns them online and what they do in practice to protect their privacy is not a paradox; it is a call for
privacy pros to build programs people can relate to. Privacy officers who do just that give customers an optimum experience and gain a strategic asset for their business. The secret is “self-synchronization”—designing a program that can engage people’s insight, foresight and mind-sight at both an intellectual and emotional level. Using the latest research, this workshop will help you discover the nine key building blocks of a network-centric privacy infostructure and show you how to formulate a plan to dramatically increase privacy program participation from your customers, employees and partners.
EU Data Protection BootcampHazel Grant, Partner, Bristows, Rocco Panetta, Partner, Panetta & AssociatiJoin our expert European faculty for this broad overview of data protection practices across the pond. Learn about the political and legal structures in the EU, the role of data protection authorities, and the complex web of laws that guide data. You’ll leave with a strong general understanding of the roles, responsibilities and laws governing privacy in the European Union.
PrecONfereNce wOrKShOPS (Wednesday only)
One Session (half day) $545 USDTwo Sessions (full day) $695 USDPrivacy Bootcamp (full day) $695 USD
Get your copy of this essential and long-awaited guide to putting together an effective privacy operation—being released this summer! Register for the Privacy Bootcamp preconference workshop and get a free copy.
Copies will also be available for sale at the Academy bookstore. Meet the authors and get your copy signed!
WeDneSDay, SePTeMber 14
Can’t make it to our daylong Privacy Bootcamp at the Practical Privacy Series? Catch it at the Academy!
8 a.m. – 5 p.m.Privacy BootcampJ. Trevor Hughes, CIPP, President & CEO, IAPP, Kirk Nahra, CIPP, Partner, Wiley Rein LLPPrivacy can be a bewildering topic. With multiple laws, jurisdictions, technologies and business models converging, and evolving, in today’s enterprise it is hard to know how to navigate the maze of challenges you face. Privacy Bootcamp is your opportunity to get a solid grounding in this dynamic field. This two-part intensive program will introduce you to the fundamentals of privacy. Part 1 provides an overview of basic privacy concepts and philosophies. Part 2 will provide you with a “Privacy Toolkit”—practical, hands-on guidance for managing data within your organization. You’ll leave with a sound foundation that will give you the structure and understanding you need to make the right decisions for your privacy initiatives.
Attendees will receive a free copy of the IAPP’s new publication, Building a Privacy Program: A Practitioner’s Guide
International Association of P
rivacy Professionals
Pease International Tradeport
75
Rochester A
ve., Suite 4
Portsm
outh, NH
03
80
1 U
SA
Scott A. KamberKamberLaw LLC
Marc RotenbergPresident, EPIC
Privacy Meets Practice
IAPP PrIvAcy AcAdemySeptember 14–16 dallas, TX
www.privacyassociation.org/academy
cOme TOgeTher wITh The PrIvAcy PrOfeSSION
Privacy is interwoven into every facet of today’s economy, but privacy professionals often are the lone wolf in their organization—walking the fine line of protecting customers and satisfying regulators, without stifling innovation and business objectives.
Now, more than ever, privacy professionals need to come together to share challenges, get answers and improve their practices. This year, Dallas is the crossroads for the privacy profession.
MeeT THe PeoPLe WHo HaVe THe anSWerS
Come to the Academy and get information and answers to the questions that keep you up at night. Could your organization’s reputation survive a breach? Is there a possibility that you could be the target of an FTC enforcement action? How do you ensure that your organization’s products are trustworthy? Talk to your peers, hear from the experts and get unique insider perspective from top privacy enforcers that can impose real consequences on your brand and your reputation.
See HoW IT aLL FITS ToGeTHer
Join your peers in Dallas for three days of quality education and networking and return to work with the tools and experiences you need to excel in your daily practice and be a leader for your organization’s privacy efforts.
Conference Location and Hotel Accommodations
The Fairmont Hotel1717 N. Akard Street, Dallas, TX 75201Phone: +1 214.720.2020Fax: +1 214.720.7405
September 14 – 16 • the Fairmont hotel • DallaS, tX
PrIvAcy AcAdemy 2011 PrOgrAm
cONfereNce SeSSIONS
vISIT www.PrIvAcyASSOcIATION.Org /AcAdemy TO regISTer ANd fOr uP-TO-dATe INfOrmATION
onLIne PrIVacyMonitoring and Preserving Data on Social Media SitesErik Laykin, Managing Director, Duff & PhelpsWhat options are available for the defensible and forensic preservation of social media data and usage? Gain practical guidance while getting a hands-on, visual review of the tools and technologies available for the real-time monitoring and preservation of electronic data contained on social media sites.
Online Privacy: Who’s Watching the Kids? Moderator: Nuala O’Connor Kelly, CIPP, CIPP/G, Senior Counsel, Information Governance & Chief Privacy Leader, General ElectricParry Aftab, Executive Director, WiredSafety, Michelle Dennedy, Founder & CEO, iDennedy Project, Lydia Parnes, Partner, Wilson Sonsini Goodrich & RosatiWhat do our kids really think about online privacy and what are they doing online? Join this lively session for a discussion of the practical, legal and policy implications of online privacy as applied to children and teens, and take away practical strategies and advice on talking to our kids about staying safe online.
The Self-Regulatory Principles for Online Behavioral Advertising: A How-to Compliance WorkshopGenie Barton, Director, Online Interest-Based Advertising Accountability, Council of Better Business Bureaus, Xenia Boone, Senior Vice President Corporate and Social Responsibility, Direct Marketing Association, Scott Meyer, CEO, EvidonGain a clear understanding of the requirements of the Self-Regulatory Principles, including who must implement them, how to implement them, and what to expect from the Council of Better Business Bureaus and the Direct Marketing Association, the groups that provide accountability for the Self-Regulatory Program.
HeaLTHcareA Health Privacy Segmentation of the American Public and EHR Users: Results of a National SurveyAlan Westin, Professor Emeritus, Columbia UniversityLearn the results of a national survey being conducted to measure levels of trust and its benefits in U.S. EHR systems. The survey applied a set of Health Privacy Intensity Measures developed by Dr. Alan Westin, who will report and describe the sources of high, medium and low health privacy intensity for four U.S. patient populations.
Medical Software and Its Regulation: HHS, FDA and the RulesPeter McLaughlin, CIPP, Senior Counsel, Foley & Lardner LLPThe HITECH Act directed HHS and the FTC to prescribe rules for electronic health records, systems that are made up of software and can collect patient data from numerous sources. Explore the impact of the FDA’s recently issued rules concerning medical device data systems and other software tools for developers and healthcare providers.
Top 10 New Lessons in Healthcare Privacy Kirk Nahra, CIPP, Partner, Wiley Rein LLP Join in a review of the latest developments in the world of healthcare privacy and identify the key new takeaways for healthcare companies and their business partners. Explore enforcement developments, new regulations, the latest in risk areas and the key topics for controversy involving healthcare privacy issues.
GLobaLCertifying for the Safe Harbor: The Practical AspectsKimberly A. Bubnes, CIPP, Global Privacy Director, General Motors Corporation, Robert L. Rothman, Principal, Privacy Associates International LLCRoll up your sleeves and dive into the practical aspects of how to certify a class of data for Safe Harbor. Learn the scope of Safe Harbor certification and how to create a Safe Harbor team using internal certification trees.
Mexico’s New Data Protection Law: Policy and ComplianceJonathan D. Avila, CIPP, Vice President, Counsel, Chief Privacy Officer, The Walt Disney Company, Rosa Maria Franco, Attorney, Basham, Ringe Y Correa, S.C., Jacqueline Peschard Mariscal, President Commissioner, Federal Institute for Access to Information and Data Protection, Harry A. Valetk, CIPP, Corporate Privacy Director, MetLife Join this session for an overview of the policy choices that Mexico has made in adopting comprehensive data protection legislation and discuss the practical challenges for business in implementing the law.
Migrating to a Global Shared Services Center? Consider the IssuesJon Olefson, Vice President and General Counsel (Europe), Cognizant Technology Solutions, Heidi Salow, CIPP, Shareholder, Greenberg Traurig LLP The commercial sector—and to some extent the federal government—has moved toward a shared services model, in which multiple business functions are centralized into a single global center. Learn what privacy and data security issues are associated with the use of these centers, particularly when they are outsourced in countries with no data protection laws or laws that differ from the “host” country.
New Data Protection Laws and Case Law Trends in South America Cedric Laurant, Cedric Laurant Consulting, Renato Opice Blum, Attorney, Opice Blum Advogados AssociadosJoin this topical discussion of the most recent privacy developments in Latin American countries, including new legislation in Brazil and Colombia, Uruguay’s expected “adequate protection” approval of its recent privacy law from European authorities, and how upcoming EU legislation could have important consequences for the development and implementation of online behavioral advertising in South America.
LaW anD PoLIcyEthical PrivacyEdward McNicholas, Partner, Sidley Austin LLP Join this session for an overview of practical legal ethics issues that confront privacy professionals and discussion of a possible approach to a code of ethics for all professionals in the privacy field.
How to Avoid Becoming a Privacy Class Action or FTC Enforcement TargetD. Reed Freeman, Jr., CIPP, Partner, Morrison & Foerster LLP, Jim Halpert, Partner, Communications, e-Commerce and Privacy Practice, DLA Piper US LLPJoin this session to identify the FTC enforcement priorities from among the agency’s laundry list of best practices and learn how to handle a subpoena or other initial FTC inquiry. Discover the privacy practices that give rise to significant class action risk, and discuss strategies to become a much harder target against the threat of a class action lawsuit.
How Will the Safe Harbors in Pending Privacy Legislation Work?Marty Abrams, Senior Policy Advisor, Hunton & Williams LLP, Jennifer Barrett, CIPP, Global Privacy and Public Policy Executive Privacy Leader, Acxiom Corporation, Scott Taylor, CIPP, Vice President and Chief Privacy Officer, Hewlett-Packard Company, María Elena Pérez-Jaén Zermeño, Commissioner for Access to Public Information and Data Protection of the Institute for Access to Public Information of the Federal District, MexicoThe Obama administration has proposed federal legislation that would encourage industry codes of conduct that would be safe harbors. Suggested legislation on the hill would also contain safe harbors. Find out how these would work and formulate a plan for putting safe harbors into effect.
Litigation: There’s an App for That!Sherry Ramsey, CIPP, AVP - Public Policy, AT&T Inc., Alan Raul, Partner, Sidley Austin LLP
“App privacy” is a cutting edge legal issue that has garnered acute attention from congress, privacy advocates, the FTC and plaintiffs lawyers. Explore the complaints and investigations that have been leveled to date against “apps” that collect, share, store, use or compromise user IDs, unique device identifiers, personal information or location data without (alleged) adequate disclosure and consent from the app users. Leave with best “app” practices to avoid the legal cross-hairs of the privacy enforcers in the first place.
Never Enter Your Real Data!Rocco Panetta, Partner, Panetta & AssociatiTake a focused look at the issues arising out of the data flows around the world and relevant legal consequences, especially with respect to the principle of jurisdiction, establishment and relevant applicable laws and regulations.
Will There Be a “Privacy Bill of Rights” and If So, What Will It Mean?Justin Brookman, Director, Consumer Privacy, Center for Democracy & Technology, Jules Polonetsky, CIPP, Co-Chairman and Director, Future of Privacy Forum, Christopher Wolf, Co-Chair Privacy and Data Security Practice Group, Hogan Lovells US LLPExamine the proposal for a Privacy Bill of Rights, intended to implement Fair Information Practice Principles through codes of conduct enforced by the FTC. Explore the details of the proposal as well as the political prospects for passage in the near term.
FInancIaL SerVIceSThe Designated Transfer Date under Dodd-Frank Has Come and Gone: What Does It Mean for Financial Privacy? (A two-part session)H. Leigh Feldman, Senior Vice President, Compliance Program Executive, Bank of America, L. Richard Fischer, Partner, Morrison & Foerster LLP, Lynn A. Goldstein, CIPP, Senior Vice President & Chief Privacy Officer, JP Morgan Chase Bank, N.A., Russell Schrader, Chief Privacy Officer and Global Enterprise Risk Counsel, Visa Inc.Examine the developments on the regulatory implications of the Consumer Financial Protection Bureau over the last nine months, with a focus on those sections of the Dodd-Frank Act with privacy implications. What have been the ramifications of the transfers of authority called for by the act? Is it too soon to tell, or are there clear trends developing on these and other issues important to financial privacy?
Hot Button Privacy Issues in Payments and Financial ServicesErin Fonte, CIPP, Shareholder, Cox Smith Matthews IncorporatedGet the latest updates on the hottest topics in the world of payments and financial services, including discussion of secure encrypted e-mail at financial institutions, suggested best practices for social media activities, and unique mobile transaction and marketing issues.
MobILe coMPUTInG/LocaTIon-baSeD SerVIceSAvoiding the Mobile App TrapsMark W. Brennan, Associate, Hogan Lovells US LLP, Devin Crock, Counsel, Sprint Nextel, Matthew Gerst, Counsel, External & State Affairs, CTIA—The Wireless Association®
“You snooze, you lose” in the mobile app ecosystem. But, “haste makes waste” when it comes to data privacy and security. What’s a business to do? Find out how to address privacy and security issues associated with mobile apps and still remain competitive by identifying the key traps.
Choice on the Grid: Geolocation Technologies and PrivacyDavid Keating, Attorney, Alston & Bird LLP, Mikko Niva, CIPP/E, Global Privacy Counsel, Nokia, Rod Witmond, SVP, Product Management & Marketing, CardlyticsInvestigate global data protection standards—from a U.S. perspective—for geolocation technologies on mobile devices and apply those standards to advertising driven by location-based personalization. Examine the difficult balance between large market valuations attached to location-based advertising businesses, and data protection.
Privacy by Design in the Mobile App Ecosystem: Thinking Global, Acting LocalKen Anderson, Assistant Commissioner of Privacy, Information and Privacy Commissioner of Ontario, Frank Dawson, CIPP/IT, Head of Consumer Data & Privacy Program, Nokia, Ed Schmit, Director, AT&T Developer Program, AT&T Inc., Patrick Walshe, Director of Privacy, GSMAThe convergence of mobile and the web has created a vibrant and dynamic mobile ecosystem that is dramatically changing our world for the better. Learn about leading industry approaches to addressing the challenges and creating meaningful privacy experiences for mobile users.
oPeraTIonaL PrIVacyEmployees, Smart Phones and Social Media: Best Practices for Mobile Computing and Social Media PoliciesJohn Heitmann, CIPP, Partner, Kelley Drye & Warren, LLPJoin in a discussion exploring the best ways to create mobile computing and social media policies designed to effectively address practical and legal concerns raised by the use of personal mobile devices and social media for business purposes.
Enhanced Notice and ControlJustin Brookman, Director, Consumer Privacy, Center for Democracy & Technology, Jane Horvath, CIPP, CIPP/G, Global Privacy Counsel, Google Inc., Shane Wiley, CIPP, Sr. Director, Privacy & Data Governance, Yahoo! Inc.Experts from two of the largest global Internet companies and the Center for Democracy and Technology, a neutral consumer-advocacy group, will review the global development and progress of CLEAR Ad Notice, the emergence of DNT, and where these intersect with the need for Privacy by Design.
Moving Toward Privacy by Design: The Microsoft Experience David Bowermaster, Senior Cloud Privacy Strategist, Microsoft Corporation, Javier Salido, CIPP, CIPP/IT, Senior Program Manager, Trustworthy Computing Group, Microsoft CorporationGet a “behind the scenes” look at Microsoft’s internal privacy process, which is responsible for ensuring that privacy needs are taken into account throughout the product development process and into the management of personal information within the company.
A Roadmap to Move up the Privacy Maturity CurveNancy Cohen, CIPP, Senior Technical Manager, Quality Control, American Institute of Certified Public Accountants, Marilyn Prosch, CIPP, Associate Professor, Arizona State UniversityMeasuring and monitoring privacy compliance requires the establishment of effective monitoring procedures and a baseline against which to assess performance. Learn how the Privacy Maturity Model can provide an effective tool to assess privacy compliance and progress against recognized benchmark data.
cLoUD coMPUTInGCloud Computing Compliance: The What, Who and WhereChristopher Millard, Professor, Bristows, LondonJoin this informative session to learn the key compliance issues for users and providers of cloud services, including the implications of anonymization, encryption and fragmentation of data in cloud environments, and the local law impact of geographical arrangements—such as the “long-arm” reach of the EU Directive.
Joint Data Controllership: A Silver Bullet for Cloud Computing Privacy Issues? Jan Geert Meents, Partner, Chair, DLA Piper IP & Technology Practice, Germany Cloud computing has raised significant privacy objections in the EU, making the use of cloud solutions by multinational companies problematic. Explore how joint data controller arrangements can provide a breakthrough for the privacy dilemma of modern cloud computing.
Obscured by Clouds: Privacy Audit in the CloudDoron Rotman, CIPP, National Privacy Service Leader, KPMG LLP (US)Learn how to identify the impact of the move to cloud computing on an organization’s ability to undergo a privacy audit, and the considerations that should be taken into account in the selection, contracting and ongoing management of cloud service providers.
Securing Data in the CloudKenneth E. Stavinoha, CIPP, Solutions Architect, Cisco Systems, Inc.Explore the challenges of securing data in the cloud and the role of encryption as a tool. Hear the results of extensive research into the critical factors that influence the adoption of encryption to secure data in the cloud.
Taming the Cloud: Contracting for a Cloud that Actually WorksBenjamin Hayes, CIPP, CIPP/C, CIPP/G, CIPP/IT, Americas Data Privacy Compliance Lead, Accenture, David Navetta, CIPP, Founding Partner, Information Law GroupHow can we “solve” the difficult application of privacy laws to the cloud? Discover a successful new approach to negotiating cloud contracts that attempts to re-allocate applicable privacy and security requirements between data owner, cloud provider and system integrator.
Utilization of Cloud-Based Enterprise Solutions: Google’s Business Perspective of Privacy Challenges and SolutionsMarc Crandall, CIPP, Product Counsel, Google Inc.What are the regulatory obligations and privacy impacts of cloud computing? What are the options regarding international conflicts of law? Take part in this session and gain the tools you need to identify privacy risks in moving data to the cloud.
InForMaTIon SecUrITyChanging the Culture of Low Tech Information Security: Critical Policy Elements and Compliance StrategiesRobert Johnson, Executive Director, National Association for Information DestructionHow can you implement a program to ensure compliance and avoid the embarrassment of a costly
“low tech” security breach? Explore the existing culture of low tech privacy concerns (the disposal of confidential material) and discuss how to shift the current thinking to make the subject more of a security issue and less a price-driven commodity.
The CPO and the CSO: Building Bridges to Improve Both Privacy and SecurityMartin Carmichael, Chief Security Officer, TD Ameritrade Holding Corporation, David Hale, CIPP, Chief Privacy Officer, TD Ameritrade Holding CorporationThe close relationship between privacy and security can lead to conflict—or to synergies and complementary roles. Find out how you can build a relationship between the privacy office and the security structure that can greatly facilitate both jobs.
The New World of Cyber Risk: Advanced Persistent ThreatsAlan Brill, CIPP, Senior Managing Director, Secure Information Services, KrollExamine Advanced Persistent Threats (APTs), a new and far more dangerous type of cyber attack, to learn how they work, how they target PII and PHI—among other targets—and the importance of evolving from perimeter defense to a more comprehensive doctrine of defense-in-depth.
Who Am I? Understanding Multi-Factor Authentication in Online EnvironmentsChristopher T. Pierson, CIPP, CIPP/G, Chief Privacy Officer and Senior Vice President, Citizens Financial Group, Inc., James Shreve, CIPP, Associate Specialist, Buckley Sandler LLPTake part in a lively discussion of the emergence outside the banking sector of dual-factor and tri-factor authentication, how these technologies work, and how to perform a risk-based assessment to determine the type of security one might offer.
DaTa breacHBuilding a Records Retention Policy Aligned with Privacy ObjectivesRichard L. Johnson, Manager, Global Information Compliance, John Deere & Company, Marty Provin, CIPP, EVP Business Development Group, Jordan LawrenceIn several recent high-profile data breaches, the compromised data was old and outdated. This fact underscores the importance of having a consistently executed retention policy as part of a company’s overall data security and privacy strategy. Learn how to take a more intelligent, comprehensive approach to information management and retention that approaches privacy and information governance as a single initiative.
Data Breach—Help Your Company Avoid Being a Victim of CompromiseCharles Kallenbach, General Counsel, Heartland Payment Systems, Doug Meal, Ropes & Gray, Erin Nealy Cox, Executive Managing Director and Deputy General Counsel, Stroz Friedberg LLCLots of influential companies have learned the hard way about being the victim of a data breach, even though they may have complied with regulations and standards. Join this session to learn from those who have survived a breach how you can use the tools and techniques of corporate compliance to be prepared.
Data Breach Resolution: Preparing for a Data Breach and How to Respond to ItModerator: Tony Hadley, Sr. V.P. of Government Affairs & Public Policy, Experian Tom Bowers, Managing Director, Security Constructs LLC, Patricia Wagner, Member of the Firm, EpsteinBeckerGreenWhat tools do you need to prepare for a data breach and what are the best practices? How did the breach happen and where did the data go? Join this lively session to learn how to build a forensics case once a breach happens.
FacILITaTeD neTWorkInGNetworking Session: 5-Minute MixerFacilitator: Chris Zoladz, CIPP, CIPP/G, Founder, Navigate LLC Don’t know anyone at the conference? Looking to network? Share your professional background and discover connections with other Academy attendees and privacy leaders in fast, fun five-minute one-on-one meetings.
Networking Session: To Track or Do Not Track? Browser Controls, Self Regulatory Programs or New LawsJules Polonetsky, CIPP, Co-Chair and Director, Future of Privacy Forum
Networking Session: Study Tips and Advice from Certified Professionals—Your Burning Privacy Questions Answered!Facilitated by CIPP-certified professionalsYou’ve read tons of reference material, you’ve been to training, and you’ve even attended some great conference sessions, but still you have burning questions about privacy. We have experienced privacy professionals ready to help you put out that fire! Talk to IAPP instructors about privacy-related topics that are important to you.
Networking Session: Minimize Boredom, Maximize Your Member ExperienceFacilitated by the IAPP Membership DepartmentIAPP staff members will give you the inside scoop on the many ways that you can become more involved with your professional association. Learn about volunteer career development opportunities in this casual networking session, where you’ll also have an opportunity to provide feedback on how the IAPP can better serve you.
Networking Session: Your Company and the CloudFacilitator: Tanya Forsheit, CIPP, Founding Partner, InfoLawGroup LLPFacilitator: Christine Lyon, Partner, Morrison & Foerster LLPIt’s your turn to join the discussion! Bring your questions, concerns and insights for a lively discussion about managing privacy in the cloud, including due diligence and selection of providers, data back-up, encryption options, contractual protections (or lack thereof), cross-border transfers in the cloud environment, audit and third-party certification, and other topics of interest from the day’s cloud computing sessions.
September 14 – 16 • the Fairmont hotel • DallaS, tX
PrIvAcy AcAdemy 2011 PrOgrAm
cONfereNce SeSSIONS
vISIT www.PrIvAcyASSOcIATION.Org /AcAdemy TO regISTer ANd fOr uP-TO-dATe INfOrmATION
onLIne PrIVacyMonitoring and Preserving Data on Social Media SitesErik Laykin, Managing Director, Duff & PhelpsWhat options are available for the defensible and forensic preservation of social media data and usage? Gain practical guidance while getting a hands-on, visual review of the tools and technologies available for the real-time monitoring and preservation of electronic data contained on social media sites.
Online Privacy: Who’s Watching the Kids? Moderator: Nuala O’Connor Kelly, CIPP, CIPP/G, Senior Counsel, Information Governance & Chief Privacy Leader, General ElectricParry Aftab, Executive Director, WiredSafety, Michelle Dennedy, Founder & CEO, iDennedy Project, Lydia Parnes, Partner, Wilson Sonsini Goodrich & RosatiWhat do our kids really think about online privacy and what are they doing online? Join this lively session for a discussion of the practical, legal and policy implications of online privacy as applied to children and teens, and take away practical strategies and advice on talking to our kids about staying safe online.
The Self-Regulatory Principles for Online Behavioral Advertising: A How-to Compliance WorkshopGenie Barton, Director, Online Interest-Based Advertising Accountability, Council of Better Business Bureaus, Xenia Boone, Senior Vice President Corporate and Social Responsibility, Direct Marketing Association, Scott Meyer, CEO, EvidonGain a clear understanding of the requirements of the Self-Regulatory Principles, including who must implement them, how to implement them, and what to expect from the Council of Better Business Bureaus and the Direct Marketing Association, the groups that provide accountability for the Self-Regulatory Program.
HeaLTHcareA Health Privacy Segmentation of the American Public and EHR Users: Results of a National SurveyAlan Westin, Professor Emeritus, Columbia UniversityLearn the results of a national survey being conducted to measure levels of trust and its benefits in U.S. EHR systems. The survey applied a set of Health Privacy Intensity Measures developed by Dr. Alan Westin, who will report and describe the sources of high, medium and low health privacy intensity for four U.S. patient populations.
Medical Software and Its Regulation: HHS, FDA and the RulesPeter McLaughlin, CIPP, Senior Counsel, Foley & Lardner LLPThe HITECH Act directed HHS and the FTC to prescribe rules for electronic health records, systems that are made up of software and can collect patient data from numerous sources. Explore the impact of the FDA’s recently issued rules concerning medical device data systems and other software tools for developers and healthcare providers.
Top 10 New Lessons in Healthcare Privacy Kirk Nahra, CIPP, Partner, Wiley Rein LLP Join in a review of the latest developments in the world of healthcare privacy and identify the key new takeaways for healthcare companies and their business partners. Explore enforcement developments, new regulations, the latest in risk areas and the key topics for controversy involving healthcare privacy issues.
GLobaLCertifying for the Safe Harbor: The Practical AspectsKimberly A. Bubnes, CIPP, Global Privacy Director, General Motors Corporation, Robert L. Rothman, Principal, Privacy Associates International LLCRoll up your sleeves and dive into the practical aspects of how to certify a class of data for Safe Harbor. Learn the scope of Safe Harbor certification and how to create a Safe Harbor team using internal certification trees.
Mexico’s New Data Protection Law: Policy and ComplianceJonathan D. Avila, CIPP, Vice President, Counsel, Chief Privacy Officer, The Walt Disney Company, Rosa Maria Franco, Attorney, Basham, Ringe Y Correa, S.C., Jacqueline Peschard Mariscal, President Commissioner, Federal Institute for Access to Information and Data Protection, Harry A. Valetk, CIPP, Corporate Privacy Director, MetLife Join this session for an overview of the policy choices that Mexico has made in adopting comprehensive data protection legislation and discuss the practical challenges for business in implementing the law.
Migrating to a Global Shared Services Center? Consider the IssuesJon Olefson, Vice President and General Counsel (Europe), Cognizant Technology Solutions, Heidi Salow, CIPP, Shareholder, Greenberg Traurig LLP The commercial sector—and to some extent the federal government—has moved toward a shared services model, in which multiple business functions are centralized into a single global center. Learn what privacy and data security issues are associated with the use of these centers, particularly when they are outsourced in countries with no data protection laws or laws that differ from the “host” country.
New Data Protection Laws and Case Law Trends in South America Cedric Laurant, Cedric Laurant Consulting, Renato Opice Blum, Attorney, Opice Blum Advogados AssociadosJoin this topical discussion of the most recent privacy developments in Latin American countries, including new legislation in Brazil and Colombia, Uruguay’s expected “adequate protection” approval of its recent privacy law from European authorities, and how upcoming EU legislation could have important consequences for the development and implementation of online behavioral advertising in South America.
LaW anD PoLIcyEthical PrivacyEdward McNicholas, Partner, Sidley Austin LLP Join this session for an overview of practical legal ethics issues that confront privacy professionals and discussion of a possible approach to a code of ethics for all professionals in the privacy field.
How to Avoid Becoming a Privacy Class Action or FTC Enforcement TargetD. Reed Freeman, Jr., CIPP, Partner, Morrison & Foerster LLP, Jim Halpert, Partner, Communications, e-Commerce and Privacy Practice, DLA Piper US LLPJoin this session to identify the FTC enforcement priorities from among the agency’s laundry list of best practices and learn how to handle a subpoena or other initial FTC inquiry. Discover the privacy practices that give rise to significant class action risk, and discuss strategies to become a much harder target against the threat of a class action lawsuit.
How Will the Safe Harbors in Pending Privacy Legislation Work?Marty Abrams, Senior Policy Advisor, Hunton & Williams LLP, Jennifer Barrett, CIPP, Global Privacy and Public Policy Executive Privacy Leader, Acxiom Corporation, Scott Taylor, CIPP, Vice President and Chief Privacy Officer, Hewlett-Packard Company, María Elena Pérez-Jaén Zermeño, Commissioner for Access to Public Information and Data Protection of the Institute for Access to Public Information of the Federal District, MexicoThe Obama administration has proposed federal legislation that would encourage industry codes of conduct that would be safe harbors. Suggested legislation on the hill would also contain safe harbors. Find out how these would work and formulate a plan for putting safe harbors into effect.
Litigation: There’s an App for That!Sherry Ramsey, CIPP, AVP - Public Policy, AT&T Inc., Alan Raul, Partner, Sidley Austin LLP
“App privacy” is a cutting edge legal issue that has garnered acute attention from congress, privacy advocates, the FTC and plaintiffs lawyers. Explore the complaints and investigations that have been leveled to date against “apps” that collect, share, store, use or compromise user IDs, unique device identifiers, personal information or location data without (alleged) adequate disclosure and consent from the app users. Leave with best “app” practices to avoid the legal cross-hairs of the privacy enforcers in the first place.
Never Enter Your Real Data!Rocco Panetta, Partner, Panetta & AssociatiTake a focused look at the issues arising out of the data flows around the world and relevant legal consequences, especially with respect to the principle of jurisdiction, establishment and relevant applicable laws and regulations.
Will There Be a “Privacy Bill of Rights” and If So, What Will It Mean?Justin Brookman, Director, Consumer Privacy, Center for Democracy & Technology, Jules Polonetsky, CIPP, Co-Chairman and Director, Future of Privacy Forum, Christopher Wolf, Co-Chair Privacy and Data Security Practice Group, Hogan Lovells US LLPExamine the proposal for a Privacy Bill of Rights, intended to implement Fair Information Practice Principles through codes of conduct enforced by the FTC. Explore the details of the proposal as well as the political prospects for passage in the near term.
FInancIaL SerVIceSThe Designated Transfer Date under Dodd-Frank Has Come and Gone: What Does It Mean for Financial Privacy? (A two-part session)H. Leigh Feldman, Senior Vice President, Compliance Program Executive, Bank of America, L. Richard Fischer, Partner, Morrison & Foerster LLP, Lynn A. Goldstein, CIPP, Senior Vice President & Chief Privacy Officer, JP Morgan Chase Bank, N.A., Russell Schrader, Chief Privacy Officer and Global Enterprise Risk Counsel, Visa Inc.Examine the developments on the regulatory implications of the Consumer Financial Protection Bureau over the last nine months, with a focus on those sections of the Dodd-Frank Act with privacy implications. What have been the ramifications of the transfers of authority called for by the act? Is it too soon to tell, or are there clear trends developing on these and other issues important to financial privacy?
Hot Button Privacy Issues in Payments and Financial ServicesErin Fonte, CIPP, Shareholder, Cox Smith Matthews IncorporatedGet the latest updates on the hottest topics in the world of payments and financial services, including discussion of secure encrypted e-mail at financial institutions, suggested best practices for social media activities, and unique mobile transaction and marketing issues.
MobILe coMPUTInG/LocaTIon-baSeD SerVIceSAvoiding the Mobile App TrapsMark W. Brennan, Associate, Hogan Lovells US LLP, Devin Crock, Counsel, Sprint Nextel, Matthew Gerst, Counsel, External & State Affairs, CTIA—The Wireless Association®
“You snooze, you lose” in the mobile app ecosystem. But, “haste makes waste” when it comes to data privacy and security. What’s a business to do? Find out how to address privacy and security issues associated with mobile apps and still remain competitive by identifying the key traps.
Choice on the Grid: Geolocation Technologies and PrivacyDavid Keating, Attorney, Alston & Bird LLP, Mikko Niva, CIPP/E, Global Privacy Counsel, Nokia, Rod Witmond, SVP, Product Management & Marketing, CardlyticsInvestigate global data protection standards—from a U.S. perspective—for geolocation technologies on mobile devices and apply those standards to advertising driven by location-based personalization. Examine the difficult balance between large market valuations attached to location-based advertising businesses, and data protection.
Privacy by Design in the Mobile App Ecosystem: Thinking Global, Acting LocalKen Anderson, Assistant Commissioner of Privacy, Information and Privacy Commissioner of Ontario, Frank Dawson, CIPP/IT, Head of Consumer Data & Privacy Program, Nokia, Ed Schmit, Director, AT&T Developer Program, AT&T Inc., Patrick Walshe, Director of Privacy, GSMAThe convergence of mobile and the web has created a vibrant and dynamic mobile ecosystem that is dramatically changing our world for the better. Learn about leading industry approaches to addressing the challenges and creating meaningful privacy experiences for mobile users.
oPeraTIonaL PrIVacyEmployees, Smart Phones and Social Media: Best Practices for Mobile Computing and Social Media PoliciesJohn Heitmann, CIPP, Partner, Kelley Drye & Warren, LLPJoin in a discussion exploring the best ways to create mobile computing and social media policies designed to effectively address practical and legal concerns raised by the use of personal mobile devices and social media for business purposes.
Enhanced Notice and ControlJustin Brookman, Director, Consumer Privacy, Center for Democracy & Technology, Jane Horvath, CIPP, CIPP/G, Global Privacy Counsel, Google Inc., Shane Wiley, CIPP, Sr. Director, Privacy & Data Governance, Yahoo! Inc.Experts from two of the largest global Internet companies and the Center for Democracy and Technology, a neutral consumer-advocacy group, will review the global development and progress of CLEAR Ad Notice, the emergence of DNT, and where these intersect with the need for Privacy by Design.
Moving Toward Privacy by Design: The Microsoft Experience David Bowermaster, Senior Cloud Privacy Strategist, Microsoft Corporation, Javier Salido, CIPP, CIPP/IT, Senior Program Manager, Trustworthy Computing Group, Microsoft CorporationGet a “behind the scenes” look at Microsoft’s internal privacy process, which is responsible for ensuring that privacy needs are taken into account throughout the product development process and into the management of personal information within the company.
A Roadmap to Move up the Privacy Maturity CurveNancy Cohen, CIPP, Senior Technical Manager, Quality Control, American Institute of Certified Public Accountants, Marilyn Prosch, CIPP, Associate Professor, Arizona State UniversityMeasuring and monitoring privacy compliance requires the establishment of effective monitoring procedures and a baseline against which to assess performance. Learn how the Privacy Maturity Model can provide an effective tool to assess privacy compliance and progress against recognized benchmark data.
cLoUD coMPUTInGCloud Computing Compliance: The What, Who and WhereChristopher Millard, Professor, Bristows, LondonJoin this informative session to learn the key compliance issues for users and providers of cloud services, including the implications of anonymization, encryption and fragmentation of data in cloud environments, and the local law impact of geographical arrangements—such as the “long-arm” reach of the EU Directive.
Joint Data Controllership: A Silver Bullet for Cloud Computing Privacy Issues? Jan Geert Meents, Partner, Chair, DLA Piper IP & Technology Practice, Germany Cloud computing has raised significant privacy objections in the EU, making the use of cloud solutions by multinational companies problematic. Explore how joint data controller arrangements can provide a breakthrough for the privacy dilemma of modern cloud computing.
Obscured by Clouds: Privacy Audit in the CloudDoron Rotman, CIPP, National Privacy Service Leader, KPMG LLP (US)Learn how to identify the impact of the move to cloud computing on an organization’s ability to undergo a privacy audit, and the considerations that should be taken into account in the selection, contracting and ongoing management of cloud service providers.
Securing Data in the CloudKenneth E. Stavinoha, CIPP, Solutions Architect, Cisco Systems, Inc.Explore the challenges of securing data in the cloud and the role of encryption as a tool. Hear the results of extensive research into the critical factors that influence the adoption of encryption to secure data in the cloud.
Taming the Cloud: Contracting for a Cloud that Actually WorksBenjamin Hayes, CIPP, CIPP/C, CIPP/G, CIPP/IT, Americas Data Privacy Compliance Lead, Accenture, David Navetta, CIPP, Founding Partner, Information Law GroupHow can we “solve” the difficult application of privacy laws to the cloud? Discover a successful new approach to negotiating cloud contracts that attempts to re-allocate applicable privacy and security requirements between data owner, cloud provider and system integrator.
Utilization of Cloud-Based Enterprise Solutions: Google’s Business Perspective of Privacy Challenges and SolutionsMarc Crandall, CIPP, Product Counsel, Google Inc.What are the regulatory obligations and privacy impacts of cloud computing? What are the options regarding international conflicts of law? Take part in this session and gain the tools you need to identify privacy risks in moving data to the cloud.
InForMaTIon SecUrITyChanging the Culture of Low Tech Information Security: Critical Policy Elements and Compliance StrategiesRobert Johnson, Executive Director, National Association for Information DestructionHow can you implement a program to ensure compliance and avoid the embarrassment of a costly
“low tech” security breach? Explore the existing culture of low tech privacy concerns (the disposal of confidential material) and discuss how to shift the current thinking to make the subject more of a security issue and less a price-driven commodity.
The CPO and the CSO: Building Bridges to Improve Both Privacy and SecurityMartin Carmichael, Chief Security Officer, TD Ameritrade Holding Corporation, David Hale, CIPP, Chief Privacy Officer, TD Ameritrade Holding CorporationThe close relationship between privacy and security can lead to conflict—or to synergies and complementary roles. Find out how you can build a relationship between the privacy office and the security structure that can greatly facilitate both jobs.
The New World of Cyber Risk: Advanced Persistent ThreatsAlan Brill, CIPP, Senior Managing Director, Secure Information Services, KrollExamine Advanced Persistent Threats (APTs), a new and far more dangerous type of cyber attack, to learn how they work, how they target PII and PHI—among other targets—and the importance of evolving from perimeter defense to a more comprehensive doctrine of defense-in-depth.
Who Am I? Understanding Multi-Factor Authentication in Online EnvironmentsChristopher T. Pierson, CIPP, CIPP/G, Chief Privacy Officer and Senior Vice President, Citizens Financial Group, Inc., James Shreve, CIPP, Associate Specialist, Buckley Sandler LLPTake part in a lively discussion of the emergence outside the banking sector of dual-factor and tri-factor authentication, how these technologies work, and how to perform a risk-based assessment to determine the type of security one might offer.
DaTa breacHBuilding a Records Retention Policy Aligned with Privacy ObjectivesRichard L. Johnson, Manager, Global Information Compliance, John Deere & Company, Marty Provin, CIPP, EVP Business Development Group, Jordan LawrenceIn several recent high-profile data breaches, the compromised data was old and outdated. This fact underscores the importance of having a consistently executed retention policy as part of a company’s overall data security and privacy strategy. Learn how to take a more intelligent, comprehensive approach to information management and retention that approaches privacy and information governance as a single initiative.
Data Breach—Help Your Company Avoid Being a Victim of CompromiseCharles Kallenbach, General Counsel, Heartland Payment Systems, Doug Meal, Ropes & Gray, Erin Nealy Cox, Executive Managing Director and Deputy General Counsel, Stroz Friedberg LLCLots of influential companies have learned the hard way about being the victim of a data breach, even though they may have complied with regulations and standards. Join this session to learn from those who have survived a breach how you can use the tools and techniques of corporate compliance to be prepared.
Data Breach Resolution: Preparing for a Data Breach and How to Respond to ItModerator: Tony Hadley, Sr. V.P. of Government Affairs & Public Policy, Experian Tom Bowers, Managing Director, Security Constructs LLC, Patricia Wagner, Member of the Firm, EpsteinBeckerGreenWhat tools do you need to prepare for a data breach and what are the best practices? How did the breach happen and where did the data go? Join this lively session to learn how to build a forensics case once a breach happens.
FacILITaTeD neTWorkInGNetworking Session: 5-Minute MixerFacilitator: Chris Zoladz, CIPP, CIPP/G, Founder, Navigate LLC Don’t know anyone at the conference? Looking to network? Share your professional background and discover connections with other Academy attendees and privacy leaders in fast, fun five-minute one-on-one meetings.
Networking Session: To Track or Do Not Track? Browser Controls, Self Regulatory Programs or New LawsJules Polonetsky, CIPP, Co-Chair and Director, Future of Privacy Forum
Networking Session: Study Tips and Advice from Certified Professionals—Your Burning Privacy Questions Answered!Facilitated by CIPP-certified professionalsYou’ve read tons of reference material, you’ve been to training, and you’ve even attended some great conference sessions, but still you have burning questions about privacy. We have experienced privacy professionals ready to help you put out that fire! Talk to IAPP instructors about privacy-related topics that are important to you.
Networking Session: Minimize Boredom, Maximize Your Member ExperienceFacilitated by the IAPP Membership DepartmentIAPP staff members will give you the inside scoop on the many ways that you can become more involved with your professional association. Learn about volunteer career development opportunities in this casual networking session, where you’ll also have an opportunity to provide feedback on how the IAPP can better serve you.
Networking Session: Your Company and the CloudFacilitator: Tanya Forsheit, CIPP, Founding Partner, InfoLawGroup LLPFacilitator: Christine Lyon, Partner, Morrison & Foerster LLPIt’s your turn to join the discussion! Bring your questions, concerns and insights for a lively discussion about managing privacy in the cloud, including due diligence and selection of providers, data back-up, encryption options, contractual protections (or lack thereof), cross-border transfers in the cloud environment, audit and third-party certification, and other topics of interest from the day’s cloud computing sessions.
September 14 – 16 • the Fairmont hotel • DallaS, tX
PrIvAcy AcAdemy 2011 PrOgrAm
cONfereNce SeSSIONS
vISIT www.PrIvAcyASSOcIATION.Org /AcAdemy TO regISTer ANd fOr uP-TO-dATe INfOrmATION
onLIne PrIVacyMonitoring and Preserving Data on Social Media SitesErik Laykin, Managing Director, Duff & PhelpsWhat options are available for the defensible and forensic preservation of social media data and usage? Gain practical guidance while getting a hands-on, visual review of the tools and technologies available for the real-time monitoring and preservation of electronic data contained on social media sites.
Online Privacy: Who’s Watching the Kids? Moderator: Nuala O’Connor Kelly, CIPP, CIPP/G, Senior Counsel, Information Governance & Chief Privacy Leader, General ElectricParry Aftab, Executive Director, WiredSafety, Michelle Dennedy, Founder & CEO, iDennedy Project, Lydia Parnes, Partner, Wilson Sonsini Goodrich & RosatiWhat do our kids really think about online privacy and what are they doing online? Join this lively session for a discussion of the practical, legal and policy implications of online privacy as applied to children and teens, and take away practical strategies and advice on talking to our kids about staying safe online.
The Self-Regulatory Principles for Online Behavioral Advertising: A How-to Compliance WorkshopGenie Barton, Director, Online Interest-Based Advertising Accountability, Council of Better Business Bureaus, Xenia Boone, Senior Vice President Corporate and Social Responsibility, Direct Marketing Association, Scott Meyer, CEO, EvidonGain a clear understanding of the requirements of the Self-Regulatory Principles, including who must implement them, how to implement them, and what to expect from the Council of Better Business Bureaus and the Direct Marketing Association, the groups that provide accountability for the Self-Regulatory Program.
HeaLTHcareA Health Privacy Segmentation of the American Public and EHR Users: Results of a National SurveyAlan Westin, Professor Emeritus, Columbia UniversityLearn the results of a national survey being conducted to measure levels of trust and its benefits in U.S. EHR systems. The survey applied a set of Health Privacy Intensity Measures developed by Dr. Alan Westin, who will report and describe the sources of high, medium and low health privacy intensity for four U.S. patient populations.
Medical Software and Its Regulation: HHS, FDA and the RulesPeter McLaughlin, CIPP, Senior Counsel, Foley & Lardner LLPThe HITECH Act directed HHS and the FTC to prescribe rules for electronic health records, systems that are made up of software and can collect patient data from numerous sources. Explore the impact of the FDA’s recently issued rules concerning medical device data systems and other software tools for developers and healthcare providers.
Top 10 New Lessons in Healthcare Privacy Kirk Nahra, CIPP, Partner, Wiley Rein LLP Join in a review of the latest developments in the world of healthcare privacy and identify the key new takeaways for healthcare companies and their business partners. Explore enforcement developments, new regulations, the latest in risk areas and the key topics for controversy involving healthcare privacy issues.
GLobaLCertifying for the Safe Harbor: The Practical AspectsKimberly A. Bubnes, CIPP, Global Privacy Director, General Motors Corporation, Robert L. Rothman, Principal, Privacy Associates International LLCRoll up your sleeves and dive into the practical aspects of how to certify a class of data for Safe Harbor. Learn the scope of Safe Harbor certification and how to create a Safe Harbor team using internal certification trees.
Mexico’s New Data Protection Law: Policy and ComplianceJonathan D. Avila, CIPP, Vice President, Counsel, Chief Privacy Officer, The Walt Disney Company, Rosa Maria Franco, Attorney, Basham, Ringe Y Correa, S.C., Jacqueline Peschard Mariscal, President Commissioner, Federal Institute for Access to Information and Data Protection, Harry A. Valetk, CIPP, Corporate Privacy Director, MetLife Join this session for an overview of the policy choices that Mexico has made in adopting comprehensive data protection legislation and discuss the practical challenges for business in implementing the law.
Migrating to a Global Shared Services Center? Consider the IssuesJon Olefson, Vice President and General Counsel (Europe), Cognizant Technology Solutions, Heidi Salow, CIPP, Shareholder, Greenberg Traurig LLP The commercial sector—and to some extent the federal government—has moved toward a shared services model, in which multiple business functions are centralized into a single global center. Learn what privacy and data security issues are associated with the use of these centers, particularly when they are outsourced in countries with no data protection laws or laws that differ from the “host” country.
New Data Protection Laws and Case Law Trends in South America Cedric Laurant, Cedric Laurant Consulting, Renato Opice Blum, Attorney, Opice Blum Advogados AssociadosJoin this topical discussion of the most recent privacy developments in Latin American countries, including new legislation in Brazil and Colombia, Uruguay’s expected “adequate protection” approval of its recent privacy law from European authorities, and how upcoming EU legislation could have important consequences for the development and implementation of online behavioral advertising in South America.
LaW anD PoLIcyEthical PrivacyEdward McNicholas, Partner, Sidley Austin LLP Join this session for an overview of practical legal ethics issues that confront privacy professionals and discussion of a possible approach to a code of ethics for all professionals in the privacy field.
How to Avoid Becoming a Privacy Class Action or FTC Enforcement TargetD. Reed Freeman, Jr., CIPP, Partner, Morrison & Foerster LLP, Jim Halpert, Partner, Communications, e-Commerce and Privacy Practice, DLA Piper US LLPJoin this session to identify the FTC enforcement priorities from among the agency’s laundry list of best practices and learn how to handle a subpoena or other initial FTC inquiry. Discover the privacy practices that give rise to significant class action risk, and discuss strategies to become a much harder target against the threat of a class action lawsuit.
How Will the Safe Harbors in Pending Privacy Legislation Work?Marty Abrams, Senior Policy Advisor, Hunton & Williams LLP, Jennifer Barrett, CIPP, Global Privacy and Public Policy Executive Privacy Leader, Acxiom Corporation, Scott Taylor, CIPP, Vice President and Chief Privacy Officer, Hewlett-Packard Company, María Elena Pérez-Jaén Zermeño, Commissioner for Access to Public Information and Data Protection of the Institute for Access to Public Information of the Federal District, MexicoThe Obama administration has proposed federal legislation that would encourage industry codes of conduct that would be safe harbors. Suggested legislation on the hill would also contain safe harbors. Find out how these would work and formulate a plan for putting safe harbors into effect.
Litigation: There’s an App for That!Sherry Ramsey, CIPP, AVP - Public Policy, AT&T Inc., Alan Raul, Partner, Sidley Austin LLP
“App privacy” is a cutting edge legal issue that has garnered acute attention from congress, privacy advocates, the FTC and plaintiffs lawyers. Explore the complaints and investigations that have been leveled to date against “apps” that collect, share, store, use or compromise user IDs, unique device identifiers, personal information or location data without (alleged) adequate disclosure and consent from the app users. Leave with best “app” practices to avoid the legal cross-hairs of the privacy enforcers in the first place.
Never Enter Your Real Data!Rocco Panetta, Partner, Panetta & AssociatiTake a focused look at the issues arising out of the data flows around the world and relevant legal consequences, especially with respect to the principle of jurisdiction, establishment and relevant applicable laws and regulations.
Will There Be a “Privacy Bill of Rights” and If So, What Will It Mean?Justin Brookman, Director, Consumer Privacy, Center for Democracy & Technology, Jules Polonetsky, CIPP, Co-Chairman and Director, Future of Privacy Forum, Christopher Wolf, Co-Chair Privacy and Data Security Practice Group, Hogan Lovells US LLPExamine the proposal for a Privacy Bill of Rights, intended to implement Fair Information Practice Principles through codes of conduct enforced by the FTC. Explore the details of the proposal as well as the political prospects for passage in the near term.
FInancIaL SerVIceSThe Designated Transfer Date under Dodd-Frank Has Come and Gone: What Does It Mean for Financial Privacy? (A two-part session)H. Leigh Feldman, Senior Vice President, Compliance Program Executive, Bank of America, L. Richard Fischer, Partner, Morrison & Foerster LLP, Lynn A. Goldstein, CIPP, Senior Vice President & Chief Privacy Officer, JP Morgan Chase Bank, N.A., Russell Schrader, Chief Privacy Officer and Global Enterprise Risk Counsel, Visa Inc.Examine the developments on the regulatory implications of the Consumer Financial Protection Bureau over the last nine months, with a focus on those sections of the Dodd-Frank Act with privacy implications. What have been the ramifications of the transfers of authority called for by the act? Is it too soon to tell, or are there clear trends developing on these and other issues important to financial privacy?
Hot Button Privacy Issues in Payments and Financial ServicesErin Fonte, CIPP, Shareholder, Cox Smith Matthews IncorporatedGet the latest updates on the hottest topics in the world of payments and financial services, including discussion of secure encrypted e-mail at financial institutions, suggested best practices for social media activities, and unique mobile transaction and marketing issues.
MobILe coMPUTInG/LocaTIon-baSeD SerVIceSAvoiding the Mobile App TrapsMark W. Brennan, Associate, Hogan Lovells US LLP, Devin Crock, Counsel, Sprint Nextel, Matthew Gerst, Counsel, External & State Affairs, CTIA—The Wireless Association®
“You snooze, you lose” in the mobile app ecosystem. But, “haste makes waste” when it comes to data privacy and security. What’s a business to do? Find out how to address privacy and security issues associated with mobile apps and still remain competitive by identifying the key traps.
Choice on the Grid: Geolocation Technologies and PrivacyDavid Keating, Attorney, Alston & Bird LLP, Mikko Niva, CIPP/E, Global Privacy Counsel, Nokia, Rod Witmond, SVP, Product Management & Marketing, CardlyticsInvestigate global data protection standards—from a U.S. perspective—for geolocation technologies on mobile devices and apply those standards to advertising driven by location-based personalization. Examine the difficult balance between large market valuations attached to location-based advertising businesses, and data protection.
Privacy by Design in the Mobile App Ecosystem: Thinking Global, Acting LocalKen Anderson, Assistant Commissioner of Privacy, Information and Privacy Commissioner of Ontario, Frank Dawson, CIPP/IT, Head of Consumer Data & Privacy Program, Nokia, Ed Schmit, Director, AT&T Developer Program, AT&T Inc., Patrick Walshe, Director of Privacy, GSMAThe convergence of mobile and the web has created a vibrant and dynamic mobile ecosystem that is dramatically changing our world for the better. Learn about leading industry approaches to addressing the challenges and creating meaningful privacy experiences for mobile users.
oPeraTIonaL PrIVacyEmployees, Smart Phones and Social Media: Best Practices for Mobile Computing and Social Media PoliciesJohn Heitmann, CIPP, Partner, Kelley Drye & Warren, LLPJoin in a discussion exploring the best ways to create mobile computing and social media policies designed to effectively address practical and legal concerns raised by the use of personal mobile devices and social media for business purposes.
Enhanced Notice and ControlJustin Brookman, Director, Consumer Privacy, Center for Democracy & Technology, Jane Horvath, CIPP, CIPP/G, Global Privacy Counsel, Google Inc., Shane Wiley, CIPP, Sr. Director, Privacy & Data Governance, Yahoo! Inc.Experts from two of the largest global Internet companies and the Center for Democracy and Technology, a neutral consumer-advocacy group, will review the global development and progress of CLEAR Ad Notice, the emergence of DNT, and where these intersect with the need for Privacy by Design.
Moving Toward Privacy by Design: The Microsoft Experience David Bowermaster, Senior Cloud Privacy Strategist, Microsoft Corporation, Javier Salido, CIPP, CIPP/IT, Senior Program Manager, Trustworthy Computing Group, Microsoft CorporationGet a “behind the scenes” look at Microsoft’s internal privacy process, which is responsible for ensuring that privacy needs are taken into account throughout the product development process and into the management of personal information within the company.
A Roadmap to Move up the Privacy Maturity CurveNancy Cohen, CIPP, Senior Technical Manager, Quality Control, American Institute of Certified Public Accountants, Marilyn Prosch, CIPP, Associate Professor, Arizona State UniversityMeasuring and monitoring privacy compliance requires the establishment of effective monitoring procedures and a baseline against which to assess performance. Learn how the Privacy Maturity Model can provide an effective tool to assess privacy compliance and progress against recognized benchmark data.
cLoUD coMPUTInGCloud Computing Compliance: The What, Who and WhereChristopher Millard, Professor, Bristows, LondonJoin this informative session to learn the key compliance issues for users and providers of cloud services, including the implications of anonymization, encryption and fragmentation of data in cloud environments, and the local law impact of geographical arrangements—such as the “long-arm” reach of the EU Directive.
Joint Data Controllership: A Silver Bullet for Cloud Computing Privacy Issues? Jan Geert Meents, Partner, Chair, DLA Piper IP & Technology Practice, Germany Cloud computing has raised significant privacy objections in the EU, making the use of cloud solutions by multinational companies problematic. Explore how joint data controller arrangements can provide a breakthrough for the privacy dilemma of modern cloud computing.
Obscured by Clouds: Privacy Audit in the CloudDoron Rotman, CIPP, National Privacy Service Leader, KPMG LLP (US)Learn how to identify the impact of the move to cloud computing on an organization’s ability to undergo a privacy audit, and the considerations that should be taken into account in the selection, contracting and ongoing management of cloud service providers.
Securing Data in the CloudKenneth E. Stavinoha, CIPP, Solutions Architect, Cisco Systems, Inc.Explore the challenges of securing data in the cloud and the role of encryption as a tool. Hear the results of extensive research into the critical factors that influence the adoption of encryption to secure data in the cloud.
Taming the Cloud: Contracting for a Cloud that Actually WorksBenjamin Hayes, CIPP, CIPP/C, CIPP/G, CIPP/IT, Americas Data Privacy Compliance Lead, Accenture, David Navetta, CIPP, Founding Partner, Information Law GroupHow can we “solve” the difficult application of privacy laws to the cloud? Discover a successful new approach to negotiating cloud contracts that attempts to re-allocate applicable privacy and security requirements between data owner, cloud provider and system integrator.
Utilization of Cloud-Based Enterprise Solutions: Google’s Business Perspective of Privacy Challenges and SolutionsMarc Crandall, CIPP, Product Counsel, Google Inc.What are the regulatory obligations and privacy impacts of cloud computing? What are the options regarding international conflicts of law? Take part in this session and gain the tools you need to identify privacy risks in moving data to the cloud.
InForMaTIon SecUrITyChanging the Culture of Low Tech Information Security: Critical Policy Elements and Compliance StrategiesRobert Johnson, Executive Director, National Association for Information DestructionHow can you implement a program to ensure compliance and avoid the embarrassment of a costly
“low tech” security breach? Explore the existing culture of low tech privacy concerns (the disposal of confidential material) and discuss how to shift the current thinking to make the subject more of a security issue and less a price-driven commodity.
The CPO and the CSO: Building Bridges to Improve Both Privacy and SecurityMartin Carmichael, Chief Security Officer, TD Ameritrade Holding Corporation, David Hale, CIPP, Chief Privacy Officer, TD Ameritrade Holding CorporationThe close relationship between privacy and security can lead to conflict—or to synergies and complementary roles. Find out how you can build a relationship between the privacy office and the security structure that can greatly facilitate both jobs.
The New World of Cyber Risk: Advanced Persistent ThreatsAlan Brill, CIPP, Senior Managing Director, Secure Information Services, KrollExamine Advanced Persistent Threats (APTs), a new and far more dangerous type of cyber attack, to learn how they work, how they target PII and PHI—among other targets—and the importance of evolving from perimeter defense to a more comprehensive doctrine of defense-in-depth.
Who Am I? Understanding Multi-Factor Authentication in Online EnvironmentsChristopher T. Pierson, CIPP, CIPP/G, Chief Privacy Officer and Senior Vice President, Citizens Financial Group, Inc., James Shreve, CIPP, Associate Specialist, Buckley Sandler LLPTake part in a lively discussion of the emergence outside the banking sector of dual-factor and tri-factor authentication, how these technologies work, and how to perform a risk-based assessment to determine the type of security one might offer.
DaTa breacHBuilding a Records Retention Policy Aligned with Privacy ObjectivesRichard L. Johnson, Manager, Global Information Compliance, John Deere & Company, Marty Provin, CIPP, EVP Business Development Group, Jordan LawrenceIn several recent high-profile data breaches, the compromised data was old and outdated. This fact underscores the importance of having a consistently executed retention policy as part of a company’s overall data security and privacy strategy. Learn how to take a more intelligent, comprehensive approach to information management and retention that approaches privacy and information governance as a single initiative.
Data Breach—Help Your Company Avoid Being a Victim of CompromiseCharles Kallenbach, General Counsel, Heartland Payment Systems, Doug Meal, Ropes & Gray, Erin Nealy Cox, Executive Managing Director and Deputy General Counsel, Stroz Friedberg LLCLots of influential companies have learned the hard way about being the victim of a data breach, even though they may have complied with regulations and standards. Join this session to learn from those who have survived a breach how you can use the tools and techniques of corporate compliance to be prepared.
Data Breach Resolution: Preparing for a Data Breach and How to Respond to ItModerator: Tony Hadley, Sr. V.P. of Government Affairs & Public Policy, Experian Tom Bowers, Managing Director, Security Constructs LLC, Patricia Wagner, Member of the Firm, EpsteinBeckerGreenWhat tools do you need to prepare for a data breach and what are the best practices? How did the breach happen and where did the data go? Join this lively session to learn how to build a forensics case once a breach happens.
FacILITaTeD neTWorkInGNetworking Session: 5-Minute MixerFacilitator: Chris Zoladz, CIPP, CIPP/G, Founder, Navigate LLC Don’t know anyone at the conference? Looking to network? Share your professional background and discover connections with other Academy attendees and privacy leaders in fast, fun five-minute one-on-one meetings.
Networking Session: To Track or Do Not Track? Browser Controls, Self Regulatory Programs or New LawsJules Polonetsky, CIPP, Co-Chair and Director, Future of Privacy Forum
Networking Session: Study Tips and Advice from Certified Professionals—Your Burning Privacy Questions Answered!Facilitated by CIPP-certified professionalsYou’ve read tons of reference material, you’ve been to training, and you’ve even attended some great conference sessions, but still you have burning questions about privacy. We have experienced privacy professionals ready to help you put out that fire! Talk to IAPP instructors about privacy-related topics that are important to you.
Networking Session: Minimize Boredom, Maximize Your Member ExperienceFacilitated by the IAPP Membership DepartmentIAPP staff members will give you the inside scoop on the many ways that you can become more involved with your professional association. Learn about volunteer career development opportunities in this casual networking session, where you’ll also have an opportunity to provide feedback on how the IAPP can better serve you.
Networking Session: Your Company and the CloudFacilitator: Tanya Forsheit, CIPP, Founding Partner, InfoLawGroup LLPFacilitator: Christine Lyon, Partner, Morrison & Foerster LLPIt’s your turn to join the discussion! Bring your questions, concerns and insights for a lively discussion about managing privacy in the cloud, including due diligence and selection of providers, data back-up, encryption options, contractual protections (or lack thereof), cross-border transfers in the cloud environment, audit and third-party certification, and other topics of interest from the day’s cloud computing sessions.
September 14 – 16 • the Fairmont hotel • DallaS, tX
PrIvAcy AcAdemy 2011 PrOgrAm
cONfereNce SeSSIONS
vISIT www.PrIvAcyASSOcIATION.Org /AcAdemy TO regISTer ANd fOr uP-TO-dATe INfOrmATION
onLIne PrIVacyMonitoring and Preserving Data on Social Media SitesErik Laykin, Managing Director, Duff & PhelpsWhat options are available for the defensible and forensic preservation of social media data and usage? Gain practical guidance while getting a hands-on, visual review of the tools and technologies available for the real-time monitoring and preservation of electronic data contained on social media sites.
Online Privacy: Who’s Watching the Kids? Moderator: Nuala O’Connor Kelly, CIPP, CIPP/G, Senior Counsel, Information Governance & Chief Privacy Leader, General ElectricParry Aftab, Executive Director, WiredSafety, Michelle Dennedy, Founder & CEO, iDennedy Project, Lydia Parnes, Partner, Wilson Sonsini Goodrich & RosatiWhat do our kids really think about online privacy and what are they doing online? Join this lively session for a discussion of the practical, legal and policy implications of online privacy as applied to children and teens, and take away practical strategies and advice on talking to our kids about staying safe online.
The Self-Regulatory Principles for Online Behavioral Advertising: A How-to Compliance WorkshopGenie Barton, Director, Online Interest-Based Advertising Accountability, Council of Better Business Bureaus, Xenia Boone, Senior Vice President Corporate and Social Responsibility, Direct Marketing Association, Scott Meyer, CEO, EvidonGain a clear understanding of the requirements of the Self-Regulatory Principles, including who must implement them, how to implement them, and what to expect from the Council of Better Business Bureaus and the Direct Marketing Association, the groups that provide accountability for the Self-Regulatory Program.
HeaLTHcareA Health Privacy Segmentation of the American Public and EHR Users: Results of a National SurveyAlan Westin, Professor Emeritus, Columbia UniversityLearn the results of a national survey being conducted to measure levels of trust and its benefits in U.S. EHR systems. The survey applied a set of Health Privacy Intensity Measures developed by Dr. Alan Westin, who will report and describe the sources of high, medium and low health privacy intensity for four U.S. patient populations.
Medical Software and Its Regulation: HHS, FDA and the RulesPeter McLaughlin, CIPP, Senior Counsel, Foley & Lardner LLPThe HITECH Act directed HHS and the FTC to prescribe rules for electronic health records, systems that are made up of software and can collect patient data from numerous sources. Explore the impact of the FDA’s recently issued rules concerning medical device data systems and other software tools for developers and healthcare providers.
Top 10 New Lessons in Healthcare Privacy Kirk Nahra, CIPP, Partner, Wiley Rein LLP Join in a review of the latest developments in the world of healthcare privacy and identify the key new takeaways for healthcare companies and their business partners. Explore enforcement developments, new regulations, the latest in risk areas and the key topics for controversy involving healthcare privacy issues.
GLobaLCertifying for the Safe Harbor: The Practical AspectsKimberly A. Bubnes, CIPP, Global Privacy Director, General Motors Corporation, Robert L. Rothman, Principal, Privacy Associates International LLCRoll up your sleeves and dive into the practical aspects of how to certify a class of data for Safe Harbor. Learn the scope of Safe Harbor certification and how to create a Safe Harbor team using internal certification trees.
Mexico’s New Data Protection Law: Policy and ComplianceJonathan D. Avila, CIPP, Vice President, Counsel, Chief Privacy Officer, The Walt Disney Company, Rosa Maria Franco, Attorney, Basham, Ringe Y Correa, S.C., Jacqueline Peschard Mariscal, President Commissioner, Federal Institute for Access to Information and Data Protection, Harry A. Valetk, CIPP, Corporate Privacy Director, MetLife Join this session for an overview of the policy choices that Mexico has made in adopting comprehensive data protection legislation and discuss the practical challenges for business in implementing the law.
Migrating to a Global Shared Services Center? Consider the IssuesJon Olefson, Vice President and General Counsel (Europe), Cognizant Technology Solutions, Heidi Salow, CIPP, Shareholder, Greenberg Traurig LLP The commercial sector—and to some extent the federal government—has moved toward a shared services model, in which multiple business functions are centralized into a single global center. Learn what privacy and data security issues are associated with the use of these centers, particularly when they are outsourced in countries with no data protection laws or laws that differ from the “host” country.
New Data Protection Laws and Case Law Trends in South America Cedric Laurant, Cedric Laurant Consulting, Renato Opice Blum, Attorney, Opice Blum Advogados AssociadosJoin this topical discussion of the most recent privacy developments in Latin American countries, including new legislation in Brazil and Colombia, Uruguay’s expected “adequate protection” approval of its recent privacy law from European authorities, and how upcoming EU legislation could have important consequences for the development and implementation of online behavioral advertising in South America.
LaW anD PoLIcyEthical PrivacyEdward McNicholas, Partner, Sidley Austin LLP Join this session for an overview of practical legal ethics issues that confront privacy professionals and discussion of a possible approach to a code of ethics for all professionals in the privacy field.
How to Avoid Becoming a Privacy Class Action or FTC Enforcement TargetD. Reed Freeman, Jr., CIPP, Partner, Morrison & Foerster LLP, Jim Halpert, Partner, Communications, e-Commerce and Privacy Practice, DLA Piper US LLPJoin this session to identify the FTC enforcement priorities from among the agency’s laundry list of best practices and learn how to handle a subpoena or other initial FTC inquiry. Discover the privacy practices that give rise to significant class action risk, and discuss strategies to become a much harder target against the threat of a class action lawsuit.
How Will the Safe Harbors in Pending Privacy Legislation Work?Marty Abrams, Senior Policy Advisor, Hunton & Williams LLP, Jennifer Barrett, CIPP, Global Privacy and Public Policy Executive Privacy Leader, Acxiom Corporation, Scott Taylor, CIPP, Vice President and Chief Privacy Officer, Hewlett-Packard Company, María Elena Pérez-Jaén Zermeño, Commissioner for Access to Public Information and Data Protection of the Institute for Access to Public Information of the Federal District, MexicoThe Obama administration has proposed federal legislation that would encourage industry codes of conduct that would be safe harbors. Suggested legislation on the hill would also contain safe harbors. Find out how these would work and formulate a plan for putting safe harbors into effect.
Litigation: There’s an App for That!Sherry Ramsey, CIPP, AVP - Public Policy, AT&T Inc., Alan Raul, Partner, Sidley Austin LLP
“App privacy” is a cutting edge legal issue that has garnered acute attention from congress, privacy advocates, the FTC and plaintiffs lawyers. Explore the complaints and investigations that have been leveled to date against “apps” that collect, share, store, use or compromise user IDs, unique device identifiers, personal information or location data without (alleged) adequate disclosure and consent from the app users. Leave with best “app” practices to avoid the legal cross-hairs of the privacy enforcers in the first place.
Never Enter Your Real Data!Rocco Panetta, Partner, Panetta & AssociatiTake a focused look at the issues arising out of the data flows around the world and relevant legal consequences, especially with respect to the principle of jurisdiction, establishment and relevant applicable laws and regulations.
Will There Be a “Privacy Bill of Rights” and If So, What Will It Mean?Justin Brookman, Director, Consumer Privacy, Center for Democracy & Technology, Jules Polonetsky, CIPP, Co-Chairman and Director, Future of Privacy Forum, Christopher Wolf, Co-Chair Privacy and Data Security Practice Group, Hogan Lovells US LLPExamine the proposal for a Privacy Bill of Rights, intended to implement Fair Information Practice Principles through codes of conduct enforced by the FTC. Explore the details of the proposal as well as the political prospects for passage in the near term.
FInancIaL SerVIceSThe Designated Transfer Date under Dodd-Frank Has Come and Gone: What Does It Mean for Financial Privacy? (A two-part session)H. Leigh Feldman, Senior Vice President, Compliance Program Executive, Bank of America, L. Richard Fischer, Partner, Morrison & Foerster LLP, Lynn A. Goldstein, CIPP, Senior Vice President & Chief Privacy Officer, JP Morgan Chase Bank, N.A., Russell Schrader, Chief Privacy Officer and Global Enterprise Risk Counsel, Visa Inc.Examine the developments on the regulatory implications of the Consumer Financial Protection Bureau over the last nine months, with a focus on those sections of the Dodd-Frank Act with privacy implications. What have been the ramifications of the transfers of authority called for by the act? Is it too soon to tell, or are there clear trends developing on these and other issues important to financial privacy?
Hot Button Privacy Issues in Payments and Financial ServicesErin Fonte, CIPP, Shareholder, Cox Smith Matthews IncorporatedGet the latest updates on the hottest topics in the world of payments and financial services, including discussion of secure encrypted e-mail at financial institutions, suggested best practices for social media activities, and unique mobile transaction and marketing issues.
MobILe coMPUTInG/LocaTIon-baSeD SerVIceSAvoiding the Mobile App TrapsMark W. Brennan, Associate, Hogan Lovells US LLP, Devin Crock, Counsel, Sprint Nextel, Matthew Gerst, Counsel, External & State Affairs, CTIA—The Wireless Association®
“You snooze, you lose” in the mobile app ecosystem. But, “haste makes waste” when it comes to data privacy and security. What’s a business to do? Find out how to address privacy and security issues associated with mobile apps and still remain competitive by identifying the key traps.
Choice on the Grid: Geolocation Technologies and PrivacyDavid Keating, Attorney, Alston & Bird LLP, Mikko Niva, CIPP/E, Global Privacy Counsel, Nokia, Rod Witmond, SVP, Product Management & Marketing, CardlyticsInvestigate global data protection standards—from a U.S. perspective—for geolocation technologies on mobile devices and apply those standards to advertising driven by location-based personalization. Examine the difficult balance between large market valuations attached to location-based advertising businesses, and data protection.
Privacy by Design in the Mobile App Ecosystem: Thinking Global, Acting LocalKen Anderson, Assistant Commissioner of Privacy, Information and Privacy Commissioner of Ontario, Frank Dawson, CIPP/IT, Head of Consumer Data & Privacy Program, Nokia, Ed Schmit, Director, AT&T Developer Program, AT&T Inc., Patrick Walshe, Director of Privacy, GSMAThe convergence of mobile and the web has created a vibrant and dynamic mobile ecosystem that is dramatically changing our world for the better. Learn about leading industry approaches to addressing the challenges and creating meaningful privacy experiences for mobile users.
oPeraTIonaL PrIVacyEmployees, Smart Phones and Social Media: Best Practices for Mobile Computing and Social Media PoliciesJohn Heitmann, CIPP, Partner, Kelley Drye & Warren, LLPJoin in a discussion exploring the best ways to create mobile computing and social media policies designed to effectively address practical and legal concerns raised by the use of personal mobile devices and social media for business purposes.
Enhanced Notice and ControlJustin Brookman, Director, Consumer Privacy, Center for Democracy & Technology, Jane Horvath, CIPP, CIPP/G, Global Privacy Counsel, Google Inc., Shane Wiley, CIPP, Sr. Director, Privacy & Data Governance, Yahoo! Inc.Experts from two of the largest global Internet companies and the Center for Democracy and Technology, a neutral consumer-advocacy group, will review the global development and progress of CLEAR Ad Notice, the emergence of DNT, and where these intersect with the need for Privacy by Design.
Moving Toward Privacy by Design: The Microsoft Experience David Bowermaster, Senior Cloud Privacy Strategist, Microsoft Corporation, Javier Salido, CIPP, CIPP/IT, Senior Program Manager, Trustworthy Computing Group, Microsoft CorporationGet a “behind the scenes” look at Microsoft’s internal privacy process, which is responsible for ensuring that privacy needs are taken into account throughout the product development process and into the management of personal information within the company.
A Roadmap to Move up the Privacy Maturity CurveNancy Cohen, CIPP, Senior Technical Manager, Quality Control, American Institute of Certified Public Accountants, Marilyn Prosch, CIPP, Associate Professor, Arizona State UniversityMeasuring and monitoring privacy compliance requires the establishment of effective monitoring procedures and a baseline against which to assess performance. Learn how the Privacy Maturity Model can provide an effective tool to assess privacy compliance and progress against recognized benchmark data.
cLoUD coMPUTInGCloud Computing Compliance: The What, Who and WhereChristopher Millard, Professor, Bristows, LondonJoin this informative session to learn the key compliance issues for users and providers of cloud services, including the implications of anonymization, encryption and fragmentation of data in cloud environments, and the local law impact of geographical arrangements—such as the “long-arm” reach of the EU Directive.
Joint Data Controllership: A Silver Bullet for Cloud Computing Privacy Issues? Jan Geert Meents, Partner, Chair, DLA Piper IP & Technology Practice, Germany Cloud computing has raised significant privacy objections in the EU, making the use of cloud solutions by multinational companies problematic. Explore how joint data controller arrangements can provide a breakthrough for the privacy dilemma of modern cloud computing.
Obscured by Clouds: Privacy Audit in the CloudDoron Rotman, CIPP, National Privacy Service Leader, KPMG LLP (US)Learn how to identify the impact of the move to cloud computing on an organization’s ability to undergo a privacy audit, and the considerations that should be taken into account in the selection, contracting and ongoing management of cloud service providers.
Securing Data in the CloudKenneth E. Stavinoha, CIPP, Solutions Architect, Cisco Systems, Inc.Explore the challenges of securing data in the cloud and the role of encryption as a tool. Hear the results of extensive research into the critical factors that influence the adoption of encryption to secure data in the cloud.
Taming the Cloud: Contracting for a Cloud that Actually WorksBenjamin Hayes, CIPP, CIPP/C, CIPP/G, CIPP/IT, Americas Data Privacy Compliance Lead, Accenture, David Navetta, CIPP, Founding Partner, Information Law GroupHow can we “solve” the difficult application of privacy laws to the cloud? Discover a successful new approach to negotiating cloud contracts that attempts to re-allocate applicable privacy and security requirements between data owner, cloud provider and system integrator.
Utilization of Cloud-Based Enterprise Solutions: Google’s Business Perspective of Privacy Challenges and SolutionsMarc Crandall, CIPP, Product Counsel, Google Inc.What are the regulatory obligations and privacy impacts of cloud computing? What are the options regarding international conflicts of law? Take part in this session and gain the tools you need to identify privacy risks in moving data to the cloud.
InForMaTIon SecUrITyChanging the Culture of Low Tech Information Security: Critical Policy Elements and Compliance StrategiesRobert Johnson, Executive Director, National Association for Information DestructionHow can you implement a program to ensure compliance and avoid the embarrassment of a costly
“low tech” security breach? Explore the existing culture of low tech privacy concerns (the disposal of confidential material) and discuss how to shift the current thinking to make the subject more of a security issue and less a price-driven commodity.
The CPO and the CSO: Building Bridges to Improve Both Privacy and SecurityMartin Carmichael, Chief Security Officer, TD Ameritrade Holding Corporation, David Hale, CIPP, Chief Privacy Officer, TD Ameritrade Holding CorporationThe close relationship between privacy and security can lead to conflict—or to synergies and complementary roles. Find out how you can build a relationship between the privacy office and the security structure that can greatly facilitate both jobs.
The New World of Cyber Risk: Advanced Persistent ThreatsAlan Brill, CIPP, Senior Managing Director, Secure Information Services, KrollExamine Advanced Persistent Threats (APTs), a new and far more dangerous type of cyber attack, to learn how they work, how they target PII and PHI—among other targets—and the importance of evolving from perimeter defense to a more comprehensive doctrine of defense-in-depth.
Who Am I? Understanding Multi-Factor Authentication in Online EnvironmentsChristopher T. Pierson, CIPP, CIPP/G, Chief Privacy Officer and Senior Vice President, Citizens Financial Group, Inc., James Shreve, CIPP, Associate Specialist, Buckley Sandler LLPTake part in a lively discussion of the emergence outside the banking sector of dual-factor and tri-factor authentication, how these technologies work, and how to perform a risk-based assessment to determine the type of security one might offer.
DaTa breacHBuilding a Records Retention Policy Aligned with Privacy ObjectivesRichard L. Johnson, Manager, Global Information Compliance, John Deere & Company, Marty Provin, CIPP, EVP Business Development Group, Jordan LawrenceIn several recent high-profile data breaches, the compromised data was old and outdated. This fact underscores the importance of having a consistently executed retention policy as part of a company’s overall data security and privacy strategy. Learn how to take a more intelligent, comprehensive approach to information management and retention that approaches privacy and information governance as a single initiative.
Data Breach—Help Your Company Avoid Being a Victim of CompromiseCharles Kallenbach, General Counsel, Heartland Payment Systems, Doug Meal, Ropes & Gray, Erin Nealy Cox, Executive Managing Director and Deputy General Counsel, Stroz Friedberg LLCLots of influential companies have learned the hard way about being the victim of a data breach, even though they may have complied with regulations and standards. Join this session to learn from those who have survived a breach how you can use the tools and techniques of corporate compliance to be prepared.
Data Breach Resolution: Preparing for a Data Breach and How to Respond to ItModerator: Tony Hadley, Sr. V.P. of Government Affairs & Public Policy, Experian Tom Bowers, Managing Director, Security Constructs LLC, Patricia Wagner, Member of the Firm, EpsteinBeckerGreenWhat tools do you need to prepare for a data breach and what are the best practices? How did the breach happen and where did the data go? Join this lively session to learn how to build a forensics case once a breach happens.
FacILITaTeD neTWorkInGNetworking Session: 5-Minute MixerFacilitator: Chris Zoladz, CIPP, CIPP/G, Founder, Navigate LLC Don’t know anyone at the conference? Looking to network? Share your professional background and discover connections with other Academy attendees and privacy leaders in fast, fun five-minute one-on-one meetings.
Networking Session: To Track or Do Not Track? Browser Controls, Self Regulatory Programs or New LawsJules Polonetsky, CIPP, Co-Chair and Director, Future of Privacy Forum
Networking Session: Study Tips and Advice from Certified Professionals—Your Burning Privacy Questions Answered!Facilitated by CIPP-certified professionalsYou’ve read tons of reference material, you’ve been to training, and you’ve even attended some great conference sessions, but still you have burning questions about privacy. We have experienced privacy professionals ready to help you put out that fire! Talk to IAPP instructors about privacy-related topics that are important to you.
Networking Session: Minimize Boredom, Maximize Your Member ExperienceFacilitated by the IAPP Membership DepartmentIAPP staff members will give you the inside scoop on the many ways that you can become more involved with your professional association. Learn about volunteer career development opportunities in this casual networking session, where you’ll also have an opportunity to provide feedback on how the IAPP can better serve you.
Networking Session: Your Company and the CloudFacilitator: Tanya Forsheit, CIPP, Founding Partner, InfoLawGroup LLPFacilitator: Christine Lyon, Partner, Morrison & Foerster LLPIt’s your turn to join the discussion! Bring your questions, concerns and insights for a lively discussion about managing privacy in the cloud, including due diligence and selection of providers, data back-up, encryption options, contractual protections (or lack thereof), cross-border transfers in the cloud environment, audit and third-party certification, and other topics of interest from the day’s cloud computing sessions.
September 14 – 16 • the Fairmont hotel • DallaS, tX
PrIvAcy AcAdemy 2011 PrOgrAm
cONfereNce SeSSIONS
vISIT www.PrIvAcyASSOcIATION.Org /AcAdemy TO regISTer ANd fOr uP-TO-dATe INfOrmATION
onLIne PrIVacyMonitoring and Preserving Data on Social Media SitesErik Laykin, Managing Director, Duff & PhelpsWhat options are available for the defensible and forensic preservation of social media data and usage? Gain practical guidance while getting a hands-on, visual review of the tools and technologies available for the real-time monitoring and preservation of electronic data contained on social media sites.
Online Privacy: Who’s Watching the Kids? Moderator: Nuala O’Connor Kelly, CIPP, CIPP/G, Senior Counsel, Information Governance & Chief Privacy Leader, General ElectricParry Aftab, Executive Director, WiredSafety, Michelle Dennedy, Founder & CEO, iDennedy Project, Lydia Parnes, Partner, Wilson Sonsini Goodrich & RosatiWhat do our kids really think about online privacy and what are they doing online? Join this lively session for a discussion of the practical, legal and policy implications of online privacy as applied to children and teens, and take away practical strategies and advice on talking to our kids about staying safe online.
The Self-Regulatory Principles for Online Behavioral Advertising: A How-to Compliance WorkshopGenie Barton, Director, Online Interest-Based Advertising Accountability, Council of Better Business Bureaus, Xenia Boone, Senior Vice President Corporate and Social Responsibility, Direct Marketing Association, Scott Meyer, CEO, EvidonGain a clear understanding of the requirements of the Self-Regulatory Principles, including who must implement them, how to implement them, and what to expect from the Council of Better Business Bureaus and the Direct Marketing Association, the groups that provide accountability for the Self-Regulatory Program.
HeaLTHcareA Health Privacy Segmentation of the American Public and EHR Users: Results of a National SurveyAlan Westin, Professor Emeritus, Columbia UniversityLearn the results of a national survey being conducted to measure levels of trust and its benefits in U.S. EHR systems. The survey applied a set of Health Privacy Intensity Measures developed by Dr. Alan Westin, who will report and describe the sources of high, medium and low health privacy intensity for four U.S. patient populations.
Medical Software and Its Regulation: HHS, FDA and the RulesPeter McLaughlin, CIPP, Senior Counsel, Foley & Lardner LLPThe HITECH Act directed HHS and the FTC to prescribe rules for electronic health records, systems that are made up of software and can collect patient data from numerous sources. Explore the impact of the FDA’s recently issued rules concerning medical device data systems and other software tools for developers and healthcare providers.
Top 10 New Lessons in Healthcare Privacy Kirk Nahra, CIPP, Partner, Wiley Rein LLP Join in a review of the latest developments in the world of healthcare privacy and identify the key new takeaways for healthcare companies and their business partners. Explore enforcement developments, new regulations, the latest in risk areas and the key topics for controversy involving healthcare privacy issues.
GLobaLCertifying for the Safe Harbor: The Practical AspectsKimberly A. Bubnes, CIPP, Global Privacy Director, General Motors Corporation, Robert L. Rothman, Principal, Privacy Associates International LLCRoll up your sleeves and dive into the practical aspects of how to certify a class of data for Safe Harbor. Learn the scope of Safe Harbor certification and how to create a Safe Harbor team using internal certification trees.
Mexico’s New Data Protection Law: Policy and ComplianceJonathan D. Avila, CIPP, Vice President, Counsel, Chief Privacy Officer, The Walt Disney Company, Rosa Maria Franco, Attorney, Basham, Ringe Y Correa, S.C., Jacqueline Peschard Mariscal, President Commissioner, Federal Institute for Access to Information and Data Protection, Harry A. Valetk, CIPP, Corporate Privacy Director, MetLife Join this session for an overview of the policy choices that Mexico has made in adopting comprehensive data protection legislation and discuss the practical challenges for business in implementing the law.
Migrating to a Global Shared Services Center? Consider the IssuesJon Olefson, Vice President and General Counsel (Europe), Cognizant Technology Solutions, Heidi Salow, CIPP, Shareholder, Greenberg Traurig LLP The commercial sector—and to some extent the federal government—has moved toward a shared services model, in which multiple business functions are centralized into a single global center. Learn what privacy and data security issues are associated with the use of these centers, particularly when they are outsourced in countries with no data protection laws or laws that differ from the “host” country.
New Data Protection Laws and Case Law Trends in South America Cedric Laurant, Cedric Laurant Consulting, Renato Opice Blum, Attorney, Opice Blum Advogados AssociadosJoin this topical discussion of the most recent privacy developments in Latin American countries, including new legislation in Brazil and Colombia, Uruguay’s expected “adequate protection” approval of its recent privacy law from European authorities, and how upcoming EU legislation could have important consequences for the development and implementation of online behavioral advertising in South America.
LaW anD PoLIcyEthical PrivacyEdward McNicholas, Partner, Sidley Austin LLP Join this session for an overview of practical legal ethics issues that confront privacy professionals and discussion of a possible approach to a code of ethics for all professionals in the privacy field.
How to Avoid Becoming a Privacy Class Action or FTC Enforcement TargetD. Reed Freeman, Jr., CIPP, Partner, Morrison & Foerster LLP, Jim Halpert, Partner, Communications, e-Commerce and Privacy Practice, DLA Piper US LLPJoin this session to identify the FTC enforcement priorities from among the agency’s laundry list of best practices and learn how to handle a subpoena or other initial FTC inquiry. Discover the privacy practices that give rise to significant class action risk, and discuss strategies to become a much harder target against the threat of a class action lawsuit.
How Will the Safe Harbors in Pending Privacy Legislation Work?Marty Abrams, Senior Policy Advisor, Hunton & Williams LLP, Jennifer Barrett, CIPP, Global Privacy and Public Policy Executive Privacy Leader, Acxiom Corporation, Scott Taylor, CIPP, Vice President and Chief Privacy Officer, Hewlett-Packard Company, María Elena Pérez-Jaén Zermeño, Commissioner for Access to Public Information and Data Protection of the Institute for Access to Public Information of the Federal District, MexicoThe Obama administration has proposed federal legislation that would encourage industry codes of conduct that would be safe harbors. Suggested legislation on the hill would also contain safe harbors. Find out how these would work and formulate a plan for putting safe harbors into effect.
Litigation: There’s an App for That!Sherry Ramsey, CIPP, AVP - Public Policy, AT&T Inc., Alan Raul, Partner, Sidley Austin LLP
“App privacy” is a cutting edge legal issue that has garnered acute attention from congress, privacy advocates, the FTC and plaintiffs lawyers. Explore the complaints and investigations that have been leveled to date against “apps” that collect, share, store, use or compromise user IDs, unique device identifiers, personal information or location data without (alleged) adequate disclosure and consent from the app users. Leave with best “app” practices to avoid the legal cross-hairs of the privacy enforcers in the first place.
Never Enter Your Real Data!Rocco Panetta, Partner, Panetta & AssociatiTake a focused look at the issues arising out of the data flows around the world and relevant legal consequences, especially with respect to the principle of jurisdiction, establishment and relevant applicable laws and regulations.
Will There Be a “Privacy Bill of Rights” and If So, What Will It Mean?Justin Brookman, Director, Consumer Privacy, Center for Democracy & Technology, Jules Polonetsky, CIPP, Co-Chairman and Director, Future of Privacy Forum, Christopher Wolf, Co-Chair Privacy and Data Security Practice Group, Hogan Lovells US LLPExamine the proposal for a Privacy Bill of Rights, intended to implement Fair Information Practice Principles through codes of conduct enforced by the FTC. Explore the details of the proposal as well as the political prospects for passage in the near term.
FInancIaL SerVIceSThe Designated Transfer Date under Dodd-Frank Has Come and Gone: What Does It Mean for Financial Privacy? (A two-part session)H. Leigh Feldman, Senior Vice President, Compliance Program Executive, Bank of America, L. Richard Fischer, Partner, Morrison & Foerster LLP, Lynn A. Goldstein, CIPP, Senior Vice President & Chief Privacy Officer, JP Morgan Chase Bank, N.A., Russell Schrader, Chief Privacy Officer and Global Enterprise Risk Counsel, Visa Inc.Examine the developments on the regulatory implications of the Consumer Financial Protection Bureau over the last nine months, with a focus on those sections of the Dodd-Frank Act with privacy implications. What have been the ramifications of the transfers of authority called for by the act? Is it too soon to tell, or are there clear trends developing on these and other issues important to financial privacy?
Hot Button Privacy Issues in Payments and Financial ServicesErin Fonte, CIPP, Shareholder, Cox Smith Matthews IncorporatedGet the latest updates on the hottest topics in the world of payments and financial services, including discussion of secure encrypted e-mail at financial institutions, suggested best practices for social media activities, and unique mobile transaction and marketing issues.
MobILe coMPUTInG/LocaTIon-baSeD SerVIceSAvoiding the Mobile App TrapsMark W. Brennan, Associate, Hogan Lovells US LLP, Devin Crock, Counsel, Sprint Nextel, Matthew Gerst, Counsel, External & State Affairs, CTIA—The Wireless Association®
“You snooze, you lose” in the mobile app ecosystem. But, “haste makes waste” when it comes to data privacy and security. What’s a business to do? Find out how to address privacy and security issues associated with mobile apps and still remain competitive by identifying the key traps.
Choice on the Grid: Geolocation Technologies and PrivacyDavid Keating, Attorney, Alston & Bird LLP, Mikko Niva, CIPP/E, Global Privacy Counsel, Nokia, Rod Witmond, SVP, Product Management & Marketing, CardlyticsInvestigate global data protection standards—from a U.S. perspective—for geolocation technologies on mobile devices and apply those standards to advertising driven by location-based personalization. Examine the difficult balance between large market valuations attached to location-based advertising businesses, and data protection.
Privacy by Design in the Mobile App Ecosystem: Thinking Global, Acting LocalKen Anderson, Assistant Commissioner of Privacy, Information and Privacy Commissioner of Ontario, Frank Dawson, CIPP/IT, Head of Consumer Data & Privacy Program, Nokia, Ed Schmit, Director, AT&T Developer Program, AT&T Inc., Patrick Walshe, Director of Privacy, GSMAThe convergence of mobile and the web has created a vibrant and dynamic mobile ecosystem that is dramatically changing our world for the better. Learn about leading industry approaches to addressing the challenges and creating meaningful privacy experiences for mobile users.
oPeraTIonaL PrIVacyEmployees, Smart Phones and Social Media: Best Practices for Mobile Computing and Social Media PoliciesJohn Heitmann, CIPP, Partner, Kelley Drye & Warren, LLPJoin in a discussion exploring the best ways to create mobile computing and social media policies designed to effectively address practical and legal concerns raised by the use of personal mobile devices and social media for business purposes.
Enhanced Notice and ControlJustin Brookman, Director, Consumer Privacy, Center for Democracy & Technology, Jane Horvath, CIPP, CIPP/G, Global Privacy Counsel, Google Inc., Shane Wiley, CIPP, Sr. Director, Privacy & Data Governance, Yahoo! Inc.Experts from two of the largest global Internet companies and the Center for Democracy and Technology, a neutral consumer-advocacy group, will review the global development and progress of CLEAR Ad Notice, the emergence of DNT, and where these intersect with the need for Privacy by Design.
Moving Toward Privacy by Design: The Microsoft Experience David Bowermaster, Senior Cloud Privacy Strategist, Microsoft Corporation, Javier Salido, CIPP, CIPP/IT, Senior Program Manager, Trustworthy Computing Group, Microsoft CorporationGet a “behind the scenes” look at Microsoft’s internal privacy process, which is responsible for ensuring that privacy needs are taken into account throughout the product development process and into the management of personal information within the company.
A Roadmap to Move up the Privacy Maturity CurveNancy Cohen, CIPP, Senior Technical Manager, Quality Control, American Institute of Certified Public Accountants, Marilyn Prosch, CIPP, Associate Professor, Arizona State UniversityMeasuring and monitoring privacy compliance requires the establishment of effective monitoring procedures and a baseline against which to assess performance. Learn how the Privacy Maturity Model can provide an effective tool to assess privacy compliance and progress against recognized benchmark data.
cLoUD coMPUTInGCloud Computing Compliance: The What, Who and WhereChristopher Millard, Professor, Bristows, LondonJoin this informative session to learn the key compliance issues for users and providers of cloud services, including the implications of anonymization, encryption and fragmentation of data in cloud environments, and the local law impact of geographical arrangements—such as the “long-arm” reach of the EU Directive.
Joint Data Controllership: A Silver Bullet for Cloud Computing Privacy Issues? Jan Geert Meents, Partner, Chair, DLA Piper IP & Technology Practice, Germany Cloud computing has raised significant privacy objections in the EU, making the use of cloud solutions by multinational companies problematic. Explore how joint data controller arrangements can provide a breakthrough for the privacy dilemma of modern cloud computing.
Obscured by Clouds: Privacy Audit in the CloudDoron Rotman, CIPP, National Privacy Service Leader, KPMG LLP (US)Learn how to identify the impact of the move to cloud computing on an organization’s ability to undergo a privacy audit, and the considerations that should be taken into account in the selection, contracting and ongoing management of cloud service providers.
Securing Data in the CloudKenneth E. Stavinoha, CIPP, Solutions Architect, Cisco Systems, Inc.Explore the challenges of securing data in the cloud and the role of encryption as a tool. Hear the results of extensive research into the critical factors that influence the adoption of encryption to secure data in the cloud.
Taming the Cloud: Contracting for a Cloud that Actually WorksBenjamin Hayes, CIPP, CIPP/C, CIPP/G, CIPP/IT, Americas Data Privacy Compliance Lead, Accenture, David Navetta, CIPP, Founding Partner, Information Law GroupHow can we “solve” the difficult application of privacy laws to the cloud? Discover a successful new approach to negotiating cloud contracts that attempts to re-allocate applicable privacy and security requirements between data owner, cloud provider and system integrator.
Utilization of Cloud-Based Enterprise Solutions: Google’s Business Perspective of Privacy Challenges and SolutionsMarc Crandall, CIPP, Product Counsel, Google Inc.What are the regulatory obligations and privacy impacts of cloud computing? What are the options regarding international conflicts of law? Take part in this session and gain the tools you need to identify privacy risks in moving data to the cloud.
InForMaTIon SecUrITyChanging the Culture of Low Tech Information Security: Critical Policy Elements and Compliance StrategiesRobert Johnson, Executive Director, National Association for Information DestructionHow can you implement a program to ensure compliance and avoid the embarrassment of a costly
“low tech” security breach? Explore the existing culture of low tech privacy concerns (the disposal of confidential material) and discuss how to shift the current thinking to make the subject more of a security issue and less a price-driven commodity.
The CPO and the CSO: Building Bridges to Improve Both Privacy and SecurityMartin Carmichael, Chief Security Officer, TD Ameritrade Holding Corporation, David Hale, CIPP, Chief Privacy Officer, TD Ameritrade Holding CorporationThe close relationship between privacy and security can lead to conflict—or to synergies and complementary roles. Find out how you can build a relationship between the privacy office and the security structure that can greatly facilitate both jobs.
The New World of Cyber Risk: Advanced Persistent ThreatsAlan Brill, CIPP, Senior Managing Director, Secure Information Services, KrollExamine Advanced Persistent Threats (APTs), a new and far more dangerous type of cyber attack, to learn how they work, how they target PII and PHI—among other targets—and the importance of evolving from perimeter defense to a more comprehensive doctrine of defense-in-depth.
Who Am I? Understanding Multi-Factor Authentication in Online EnvironmentsChristopher T. Pierson, CIPP, CIPP/G, Chief Privacy Officer and Senior Vice President, Citizens Financial Group, Inc., James Shreve, CIPP, Associate Specialist, Buckley Sandler LLPTake part in a lively discussion of the emergence outside the banking sector of dual-factor and tri-factor authentication, how these technologies work, and how to perform a risk-based assessment to determine the type of security one might offer.
DaTa breacHBuilding a Records Retention Policy Aligned with Privacy ObjectivesRichard L. Johnson, Manager, Global Information Compliance, John Deere & Company, Marty Provin, CIPP, EVP Business Development Group, Jordan LawrenceIn several recent high-profile data breaches, the compromised data was old and outdated. This fact underscores the importance of having a consistently executed retention policy as part of a company’s overall data security and privacy strategy. Learn how to take a more intelligent, comprehensive approach to information management and retention that approaches privacy and information governance as a single initiative.
Data Breach—Help Your Company Avoid Being a Victim of CompromiseCharles Kallenbach, General Counsel, Heartland Payment Systems, Doug Meal, Ropes & Gray, Erin Nealy Cox, Executive Managing Director and Deputy General Counsel, Stroz Friedberg LLCLots of influential companies have learned the hard way about being the victim of a data breach, even though they may have complied with regulations and standards. Join this session to learn from those who have survived a breach how you can use the tools and techniques of corporate compliance to be prepared.
Data Breach Resolution: Preparing for a Data Breach and How to Respond to ItModerator: Tony Hadley, Sr. V.P. of Government Affairs & Public Policy, Experian Tom Bowers, Managing Director, Security Constructs LLC, Patricia Wagner, Member of the Firm, EpsteinBeckerGreenWhat tools do you need to prepare for a data breach and what are the best practices? How did the breach happen and where did the data go? Join this lively session to learn how to build a forensics case once a breach happens.
FacILITaTeD neTWorkInGNetworking Session: 5-Minute MixerFacilitator: Chris Zoladz, CIPP, CIPP/G, Founder, Navigate LLC Don’t know anyone at the conference? Looking to network? Share your professional background and discover connections with other Academy attendees and privacy leaders in fast, fun five-minute one-on-one meetings.
Networking Session: To Track or Do Not Track? Browser Controls, Self Regulatory Programs or New LawsJules Polonetsky, CIPP, Co-Chair and Director, Future of Privacy Forum
Networking Session: Study Tips and Advice from Certified Professionals—Your Burning Privacy Questions Answered!Facilitated by CIPP-certified professionalsYou’ve read tons of reference material, you’ve been to training, and you’ve even attended some great conference sessions, but still you have burning questions about privacy. We have experienced privacy professionals ready to help you put out that fire! Talk to IAPP instructors about privacy-related topics that are important to you.
Networking Session: Minimize Boredom, Maximize Your Member ExperienceFacilitated by the IAPP Membership DepartmentIAPP staff members will give you the inside scoop on the many ways that you can become more involved with your professional association. Learn about volunteer career development opportunities in this casual networking session, where you’ll also have an opportunity to provide feedback on how the IAPP can better serve you.
Networking Session: Your Company and the CloudFacilitator: Tanya Forsheit, CIPP, Founding Partner, InfoLawGroup LLPFacilitator: Christine Lyon, Partner, Morrison & Foerster LLPIt’s your turn to join the discussion! Bring your questions, concerns and insights for a lively discussion about managing privacy in the cloud, including due diligence and selection of providers, data back-up, encryption options, contractual protections (or lack thereof), cross-border transfers in the cloud environment, audit and third-party certification, and other topics of interest from the day’s cloud computing sessions.
September 14 – 16 • the Fairmont hotel • DallaS, tX
PrIvAcy AcAdemy 2011 PrOgrAm
cONfereNce SeSSIONS
vISIT www.PrIvAcyASSOcIATION.Org /AcAdemy TO regISTer ANd fOr uP-TO-dATe INfOrmATION
onLIne PrIVacyMonitoring and Preserving Data on Social Media SitesErik Laykin, Managing Director, Duff & PhelpsWhat options are available for the defensible and forensic preservation of social media data and usage? Gain practical guidance while getting a hands-on, visual review of the tools and technologies available for the real-time monitoring and preservation of electronic data contained on social media sites.
Online Privacy: Who’s Watching the Kids? Moderator: Nuala O’Connor Kelly, CIPP, CIPP/G, Senior Counsel, Information Governance & Chief Privacy Leader, General ElectricParry Aftab, Executive Director, WiredSafety, Michelle Dennedy, Founder & CEO, iDennedy Project, Lydia Parnes, Partner, Wilson Sonsini Goodrich & RosatiWhat do our kids really think about online privacy and what are they doing online? Join this lively session for a discussion of the practical, legal and policy implications of online privacy as applied to children and teens, and take away practical strategies and advice on talking to our kids about staying safe online.
The Self-Regulatory Principles for Online Behavioral Advertising: A How-to Compliance WorkshopGenie Barton, Director, Online Interest-Based Advertising Accountability, Council of Better Business Bureaus, Xenia Boone, Senior Vice President Corporate and Social Responsibility, Direct Marketing Association, Scott Meyer, CEO, EvidonGain a clear understanding of the requirements of the Self-Regulatory Principles, including who must implement them, how to implement them, and what to expect from the Council of Better Business Bureaus and the Direct Marketing Association, the groups that provide accountability for the Self-Regulatory Program.
HeaLTHcareA Health Privacy Segmentation of the American Public and EHR Users: Results of a National SurveyAlan Westin, Professor Emeritus, Columbia UniversityLearn the results of a national survey being conducted to measure levels of trust and its benefits in U.S. EHR systems. The survey applied a set of Health Privacy Intensity Measures developed by Dr. Alan Westin, who will report and describe the sources of high, medium and low health privacy intensity for four U.S. patient populations.
Medical Software and Its Regulation: HHS, FDA and the RulesPeter McLaughlin, CIPP, Senior Counsel, Foley & Lardner LLPThe HITECH Act directed HHS and the FTC to prescribe rules for electronic health records, systems that are made up of software and can collect patient data from numerous sources. Explore the impact of the FDA’s recently issued rules concerning medical device data systems and other software tools for developers and healthcare providers.
Top 10 New Lessons in Healthcare Privacy Kirk Nahra, CIPP, Partner, Wiley Rein LLP Join in a review of the latest developments in the world of healthcare privacy and identify the key new takeaways for healthcare companies and their business partners. Explore enforcement developments, new regulations, the latest in risk areas and the key topics for controversy involving healthcare privacy issues.
GLobaLCertifying for the Safe Harbor: The Practical AspectsKimberly A. Bubnes, CIPP, Global Privacy Director, General Motors Corporation, Robert L. Rothman, Principal, Privacy Associates International LLCRoll up your sleeves and dive into the practical aspects of how to certify a class of data for Safe Harbor. Learn the scope of Safe Harbor certification and how to create a Safe Harbor team using internal certification trees.
Mexico’s New Data Protection Law: Policy and ComplianceJonathan D. Avila, CIPP, Vice President, Counsel, Chief Privacy Officer, The Walt Disney Company, Rosa Maria Franco, Attorney, Basham, Ringe Y Correa, S.C., Jacqueline Peschard Mariscal, President Commissioner, Federal Institute for Access to Information and Data Protection, Harry A. Valetk, CIPP, Corporate Privacy Director, MetLife Join this session for an overview of the policy choices that Mexico has made in adopting comprehensive data protection legislation and discuss the practical challenges for business in implementing the law.
Migrating to a Global Shared Services Center? Consider the IssuesJon Olefson, Vice President and General Counsel (Europe), Cognizant Technology Solutions, Heidi Salow, CIPP, Shareholder, Greenberg Traurig LLP The commercial sector—and to some extent the federal government—has moved toward a shared services model, in which multiple business functions are centralized into a single global center. Learn what privacy and data security issues are associated with the use of these centers, particularly when they are outsourced in countries with no data protection laws or laws that differ from the “host” country.
New Data Protection Laws and Case Law Trends in South America Cedric Laurant, Cedric Laurant Consulting, Renato Opice Blum, Attorney, Opice Blum Advogados AssociadosJoin this topical discussion of the most recent privacy developments in Latin American countries, including new legislation in Brazil and Colombia, Uruguay’s expected “adequate protection” approval of its recent privacy law from European authorities, and how upcoming EU legislation could have important consequences for the development and implementation of online behavioral advertising in South America.
LaW anD PoLIcyEthical PrivacyEdward McNicholas, Partner, Sidley Austin LLP Join this session for an overview of practical legal ethics issues that confront privacy professionals and discussion of a possible approach to a code of ethics for all professionals in the privacy field.
How to Avoid Becoming a Privacy Class Action or FTC Enforcement TargetD. Reed Freeman, Jr., CIPP, Partner, Morrison & Foerster LLP, Jim Halpert, Partner, Communications, e-Commerce and Privacy Practice, DLA Piper US LLPJoin this session to identify the FTC enforcement priorities from among the agency’s laundry list of best practices and learn how to handle a subpoena or other initial FTC inquiry. Discover the privacy practices that give rise to significant class action risk, and discuss strategies to become a much harder target against the threat of a class action lawsuit.
How Will the Safe Harbors in Pending Privacy Legislation Work?Marty Abrams, Senior Policy Advisor, Hunton & Williams LLP, Jennifer Barrett, CIPP, Global Privacy and Public Policy Executive Privacy Leader, Acxiom Corporation, Scott Taylor, CIPP, Vice President and Chief Privacy Officer, Hewlett-Packard Company, María Elena Pérez-Jaén Zermeño, Commissioner for Access to Public Information and Data Protection of the Institute for Access to Public Information of the Federal District, MexicoThe Obama administration has proposed federal legislation that would encourage industry codes of conduct that would be safe harbors. Suggested legislation on the hill would also contain safe harbors. Find out how these would work and formulate a plan for putting safe harbors into effect.
Litigation: There’s an App for That!Sherry Ramsey, CIPP, AVP - Public Policy, AT&T Inc., Alan Raul, Partner, Sidley Austin LLP
“App privacy” is a cutting edge legal issue that has garnered acute attention from congress, privacy advocates, the FTC and plaintiffs lawyers. Explore the complaints and investigations that have been leveled to date against “apps” that collect, share, store, use or compromise user IDs, unique device identifiers, personal information or location data without (alleged) adequate disclosure and consent from the app users. Leave with best “app” practices to avoid the legal cross-hairs of the privacy enforcers in the first place.
Never Enter Your Real Data!Rocco Panetta, Partner, Panetta & AssociatiTake a focused look at the issues arising out of the data flows around the world and relevant legal consequences, especially with respect to the principle of jurisdiction, establishment and relevant applicable laws and regulations.
Will There Be a “Privacy Bill of Rights” and If So, What Will It Mean?Justin Brookman, Director, Consumer Privacy, Center for Democracy & Technology, Jules Polonetsky, CIPP, Co-Chairman and Director, Future of Privacy Forum, Christopher Wolf, Co-Chair Privacy and Data Security Practice Group, Hogan Lovells US LLPExamine the proposal for a Privacy Bill of Rights, intended to implement Fair Information Practice Principles through codes of conduct enforced by the FTC. Explore the details of the proposal as well as the political prospects for passage in the near term.
FInancIaL SerVIceSThe Designated Transfer Date under Dodd-Frank Has Come and Gone: What Does It Mean for Financial Privacy? (A two-part session)H. Leigh Feldman, Senior Vice President, Compliance Program Executive, Bank of America, L. Richard Fischer, Partner, Morrison & Foerster LLP, Lynn A. Goldstein, CIPP, Senior Vice President & Chief Privacy Officer, JP Morgan Chase Bank, N.A., Russell Schrader, Chief Privacy Officer and Global Enterprise Risk Counsel, Visa Inc.Examine the developments on the regulatory implications of the Consumer Financial Protection Bureau over the last nine months, with a focus on those sections of the Dodd-Frank Act with privacy implications. What have been the ramifications of the transfers of authority called for by the act? Is it too soon to tell, or are there clear trends developing on these and other issues important to financial privacy?
Hot Button Privacy Issues in Payments and Financial ServicesErin Fonte, CIPP, Shareholder, Cox Smith Matthews IncorporatedGet the latest updates on the hottest topics in the world of payments and financial services, including discussion of secure encrypted e-mail at financial institutions, suggested best practices for social media activities, and unique mobile transaction and marketing issues.
MobILe coMPUTInG/LocaTIon-baSeD SerVIceSAvoiding the Mobile App TrapsMark W. Brennan, Associate, Hogan Lovells US LLP, Devin Crock, Counsel, Sprint Nextel, Matthew Gerst, Counsel, External & State Affairs, CTIA—The Wireless Association®
“You snooze, you lose” in the mobile app ecosystem. But, “haste makes waste” when it comes to data privacy and security. What’s a business to do? Find out how to address privacy and security issues associated with mobile apps and still remain competitive by identifying the key traps.
Choice on the Grid: Geolocation Technologies and PrivacyDavid Keating, Attorney, Alston & Bird LLP, Mikko Niva, CIPP/E, Global Privacy Counsel, Nokia, Rod Witmond, SVP, Product Management & Marketing, CardlyticsInvestigate global data protection standards—from a U.S. perspective—for geolocation technologies on mobile devices and apply those standards to advertising driven by location-based personalization. Examine the difficult balance between large market valuations attached to location-based advertising businesses, and data protection.
Privacy by Design in the Mobile App Ecosystem: Thinking Global, Acting LocalKen Anderson, Assistant Commissioner of Privacy, Information and Privacy Commissioner of Ontario, Frank Dawson, CIPP/IT, Head of Consumer Data & Privacy Program, Nokia, Ed Schmit, Director, AT&T Developer Program, AT&T Inc., Patrick Walshe, Director of Privacy, GSMAThe convergence of mobile and the web has created a vibrant and dynamic mobile ecosystem that is dramatically changing our world for the better. Learn about leading industry approaches to addressing the challenges and creating meaningful privacy experiences for mobile users.
oPeraTIonaL PrIVacyEmployees, Smart Phones and Social Media: Best Practices for Mobile Computing and Social Media PoliciesJohn Heitmann, CIPP, Partner, Kelley Drye & Warren, LLPJoin in a discussion exploring the best ways to create mobile computing and social media policies designed to effectively address practical and legal concerns raised by the use of personal mobile devices and social media for business purposes.
Enhanced Notice and ControlJustin Brookman, Director, Consumer Privacy, Center for Democracy & Technology, Jane Horvath, CIPP, CIPP/G, Global Privacy Counsel, Google Inc., Shane Wiley, CIPP, Sr. Director, Privacy & Data Governance, Yahoo! Inc.Experts from two of the largest global Internet companies and the Center for Democracy and Technology, a neutral consumer-advocacy group, will review the global development and progress of CLEAR Ad Notice, the emergence of DNT, and where these intersect with the need for Privacy by Design.
Moving Toward Privacy by Design: The Microsoft Experience David Bowermaster, Senior Cloud Privacy Strategist, Microsoft Corporation, Javier Salido, CIPP, CIPP/IT, Senior Program Manager, Trustworthy Computing Group, Microsoft CorporationGet a “behind the scenes” look at Microsoft’s internal privacy process, which is responsible for ensuring that privacy needs are taken into account throughout the product development process and into the management of personal information within the company.
A Roadmap to Move up the Privacy Maturity CurveNancy Cohen, CIPP, Senior Technical Manager, Quality Control, American Institute of Certified Public Accountants, Marilyn Prosch, CIPP, Associate Professor, Arizona State UniversityMeasuring and monitoring privacy compliance requires the establishment of effective monitoring procedures and a baseline against which to assess performance. Learn how the Privacy Maturity Model can provide an effective tool to assess privacy compliance and progress against recognized benchmark data.
cLoUD coMPUTInGCloud Computing Compliance: The What, Who and WhereChristopher Millard, Professor, Bristows, LondonJoin this informative session to learn the key compliance issues for users and providers of cloud services, including the implications of anonymization, encryption and fragmentation of data in cloud environments, and the local law impact of geographical arrangements—such as the “long-arm” reach of the EU Directive.
Joint Data Controllership: A Silver Bullet for Cloud Computing Privacy Issues? Jan Geert Meents, Partner, Chair, DLA Piper IP & Technology Practice, Germany Cloud computing has raised significant privacy objections in the EU, making the use of cloud solutions by multinational companies problematic. Explore how joint data controller arrangements can provide a breakthrough for the privacy dilemma of modern cloud computing.
Obscured by Clouds: Privacy Audit in the CloudDoron Rotman, CIPP, National Privacy Service Leader, KPMG LLP (US)Learn how to identify the impact of the move to cloud computing on an organization’s ability to undergo a privacy audit, and the considerations that should be taken into account in the selection, contracting and ongoing management of cloud service providers.
Securing Data in the CloudKenneth E. Stavinoha, CIPP, Solutions Architect, Cisco Systems, Inc.Explore the challenges of securing data in the cloud and the role of encryption as a tool. Hear the results of extensive research into the critical factors that influence the adoption of encryption to secure data in the cloud.
Taming the Cloud: Contracting for a Cloud that Actually WorksBenjamin Hayes, CIPP, CIPP/C, CIPP/G, CIPP/IT, Americas Data Privacy Compliance Lead, Accenture, David Navetta, CIPP, Founding Partner, Information Law GroupHow can we “solve” the difficult application of privacy laws to the cloud? Discover a successful new approach to negotiating cloud contracts that attempts to re-allocate applicable privacy and security requirements between data owner, cloud provider and system integrator.
Utilization of Cloud-Based Enterprise Solutions: Google’s Business Perspective of Privacy Challenges and SolutionsMarc Crandall, CIPP, Product Counsel, Google Inc.What are the regulatory obligations and privacy impacts of cloud computing? What are the options regarding international conflicts of law? Take part in this session and gain the tools you need to identify privacy risks in moving data to the cloud.
InForMaTIon SecUrITyChanging the Culture of Low Tech Information Security: Critical Policy Elements and Compliance StrategiesRobert Johnson, Executive Director, National Association for Information DestructionHow can you implement a program to ensure compliance and avoid the embarrassment of a costly
“low tech” security breach? Explore the existing culture of low tech privacy concerns (the disposal of confidential material) and discuss how to shift the current thinking to make the subject more of a security issue and less a price-driven commodity.
The CPO and the CSO: Building Bridges to Improve Both Privacy and SecurityMartin Carmichael, Chief Security Officer, TD Ameritrade Holding Corporation, David Hale, CIPP, Chief Privacy Officer, TD Ameritrade Holding CorporationThe close relationship between privacy and security can lead to conflict—or to synergies and complementary roles. Find out how you can build a relationship between the privacy office and the security structure that can greatly facilitate both jobs.
The New World of Cyber Risk: Advanced Persistent ThreatsAlan Brill, CIPP, Senior Managing Director, Secure Information Services, KrollExamine Advanced Persistent Threats (APTs), a new and far more dangerous type of cyber attack, to learn how they work, how they target PII and PHI—among other targets—and the importance of evolving from perimeter defense to a more comprehensive doctrine of defense-in-depth.
Who Am I? Understanding Multi-Factor Authentication in Online EnvironmentsChristopher T. Pierson, CIPP, CIPP/G, Chief Privacy Officer and Senior Vice President, Citizens Financial Group, Inc., James Shreve, CIPP, Associate Specialist, Buckley Sandler LLPTake part in a lively discussion of the emergence outside the banking sector of dual-factor and tri-factor authentication, how these technologies work, and how to perform a risk-based assessment to determine the type of security one might offer.
DaTa breacHBuilding a Records Retention Policy Aligned with Privacy ObjectivesRichard L. Johnson, Manager, Global Information Compliance, John Deere & Company, Marty Provin, CIPP, EVP Business Development Group, Jordan LawrenceIn several recent high-profile data breaches, the compromised data was old and outdated. This fact underscores the importance of having a consistently executed retention policy as part of a company’s overall data security and privacy strategy. Learn how to take a more intelligent, comprehensive approach to information management and retention that approaches privacy and information governance as a single initiative.
Data Breach—Help Your Company Avoid Being a Victim of CompromiseCharles Kallenbach, General Counsel, Heartland Payment Systems, Doug Meal, Ropes & Gray, Erin Nealy Cox, Executive Managing Director and Deputy General Counsel, Stroz Friedberg LLCLots of influential companies have learned the hard way about being the victim of a data breach, even though they may have complied with regulations and standards. Join this session to learn from those who have survived a breach how you can use the tools and techniques of corporate compliance to be prepared.
Data Breach Resolution: Preparing for a Data Breach and How to Respond to ItModerator: Tony Hadley, Sr. V.P. of Government Affairs & Public Policy, Experian Tom Bowers, Managing Director, Security Constructs LLC, Patricia Wagner, Member of the Firm, EpsteinBeckerGreenWhat tools do you need to prepare for a data breach and what are the best practices? How did the breach happen and where did the data go? Join this lively session to learn how to build a forensics case once a breach happens.
FacILITaTeD neTWorkInGNetworking Session: 5-Minute MixerFacilitator: Chris Zoladz, CIPP, CIPP/G, Founder, Navigate LLC Don’t know anyone at the conference? Looking to network? Share your professional background and discover connections with other Academy attendees and privacy leaders in fast, fun five-minute one-on-one meetings.
Networking Session: To Track or Do Not Track? Browser Controls, Self Regulatory Programs or New LawsJules Polonetsky, CIPP, Co-Chair and Director, Future of Privacy Forum
Networking Session: Study Tips and Advice from Certified Professionals—Your Burning Privacy Questions Answered!Facilitated by CIPP-certified professionalsYou’ve read tons of reference material, you’ve been to training, and you’ve even attended some great conference sessions, but still you have burning questions about privacy. We have experienced privacy professionals ready to help you put out that fire! Talk to IAPP instructors about privacy-related topics that are important to you.
Networking Session: Minimize Boredom, Maximize Your Member ExperienceFacilitated by the IAPP Membership DepartmentIAPP staff members will give you the inside scoop on the many ways that you can become more involved with your professional association. Learn about volunteer career development opportunities in this casual networking session, where you’ll also have an opportunity to provide feedback on how the IAPP can better serve you.
Networking Session: Your Company and the CloudFacilitator: Tanya Forsheit, CIPP, Founding Partner, InfoLawGroup LLPFacilitator: Christine Lyon, Partner, Morrison & Foerster LLPIt’s your turn to join the discussion! Bring your questions, concerns and insights for a lively discussion about managing privacy in the cloud, including due diligence and selection of providers, data back-up, encryption options, contractual protections (or lack thereof), cross-border transfers in the cloud environment, audit and third-party certification, and other topics of interest from the day’s cloud computing sessions.
PRIORITY CODE:
The IAPP PrIvAcy AcAdemy 2011
September 14–16The Fairmont HotelDallas, TX
SPONSOrS
eXhIBITOrSAffinionBlockmasterBNAClick 4 ComplianceCounselor LibraryDebixEquifax
Evidon ExperianHiSoftwareHogan LovellsIdentity FinderJordan LawrenceKroll
NymityRust ConsultingStroz FriedbergSymantecTRUSTeWomble Carlyle
Visit www.privacyassociation.org/academy to register online or register by phone at +1 603.427.9200.
Pr
ec
on
Fer
en
ce
W
or
kS
Ho
P D
ay
cer
TIF
IcaTIo
n
Tr
aIn
InG
an
D
TeS
TIn
Ga
neW
reLea
Se
Fr
oM
TH
e Ia
PP!
Build
ing
a Pr
ivac
y Pr
ogra
m:
A Pr
actit
ione
r’s G
uide
Ea
rly
Bir
d Ra
te
Regu
lar R
ate
(U
ntil
Augu
st 1
9)
(Afte
r Aug
ust 1
9)
IAPP
Mem
ber
$119
5 US
D $1
395
USD
Non
mem
ber
$139
5 US
D $1
595
USD
ww
w.P
rIv
Ac
yA
SS
Oc
IATIO
N.O
rg
/Ac
Ad
em
y
mA
IN c
ON
fer
eN
ce P
rIc
INg
5-M
inut
e M
ixer
•
Wel
com
e Re
cept
ion
•
Net
wor
king
Din
ners
•
Tabl
e To
pic
Lunc
h•
Priv
acy
Dinn
er a
nd A
war
ds C
erem
ony
•
Early
Bird
Run
/Wal
k•
ne
TW
or
kIn
G T
oU
cH
Po
InTS
FeaTU
reD
k
eyn
oTeS
The
IAPP
Priv
acy
Dinn
er 2
011
Thur
sday
, Sep
tem
ber 1
5Th
e Fa
irmon
t Hot
el
Rub
elbo
ws
with
priv
acy’s
top
inno
vato
rs a
nd le
ader
s at
the
sixt
h an
nual
Priv
acy
Din
ner a
nd A
war
ds
Cere
mon
y, w
here
we
will
unv
eil t
he
win
ners
of t
he 2
011
HP-
IAPP
Priv
acy
Inno
vatio
n Aw
ards
and
the
IAPP
Pr
ivac
y Va
ngua
rd A
war
d. A
tick
et to
th
is e
xcep
tiona
l eve
ning
of c
eleb
ratio
n is
incl
uded
with
you
r Aca
dem
y m
ain
conf
eren
ce re
gist
ratio
n.
Keyn
ote
Spea
ker:
Susa
n Co
mbs
, Co
mpt
rolle
r, St
ate
of T
exas
Pr
IVa
cy M
eeTS
e
Xc
eLLen
ce
Be
a pr
ivac
y st
ando
ut!
Trai
n an
d te
st fo
r you
r IA
PP
cert
ifica
tion
at th
e A
cade
my.
Trai
ning
for t
he C
IPP,
CIPP
/G a
nd
CIPP
/IT, a
nd te
stin
g fo
r all
mod
ules
w
ill b
e of
fere
d at
the
Acad
emy.
Visi
t the
web
site
for a
dditi
onal
pr
icin
g in
form
atio
n.
Rate
s av
aila
ble
for c
orpo
rate
gro
ups,
go
vern
men
t and
hig
her e
duca
tion
empl
oyee
s, P
rivac
y Di
nner
onl
y an
d pr
ivac
y ce
rtific
atio
n tra
inin
g an
d te
stin
g.
Get e
xclu
sive
insi
der p
ersp
ectiv
es
from
som
e of
the
bigg
est p
laye
rs
in th
e co
nsum
er p
rivac
y pr
otec
tion
aren
a an
d le
arn
how
you
can
avo
id
bein
g on
the
oppo
site
sid
e of
th
e ta
ble.
Disc
over
con
nect
ions
and
bu
ild re
latio
nshi
ps a
t our
man
y ne
twor
king
opp
ortu
nitie
s th
roug
hout
the
Aca
dem
y:
8 a
.m.
– 1
2 p
.m.
Nav
igat
ing
the
Maz
e: F
eder
al L
egis
latio
n an
d th
e Pr
ivac
y Im
pact
Ass
essm
ent P
roce
ss
Will
iam
C. H
offm
an, C
IPP,
Sen
ior P
rivac
y Of
ficer
, Ge
nera
l Dyn
amic
s In
form
atio
n Te
chno
logy
Wha
t doe
s it
take
to m
ake
a pr
ivac
y im
pact
as
sess
men
t (PI
A) s
ucce
ssfu
l? A
s fe
dera
l ag
enci
es s
cram
ble
to e
nsur
e th
at a
ll sy
stem
s—as
defi
ned
by F
ISM
A, O
MB
and
the
Priv
acy
Act—
are
cove
red
by a
PIA
, it’s
m
ore
impo
rtan
t tha
n ev
er to
kno
w th
e in
s an
d ou
ts o
f the
pro
cess
. Joi
n th
is in
form
ativ
e w
orks
hop
for a
com
preh
ensi
ve lo
ok a
t the
le
gisl
ativ
e re
quire
men
ts a
nd h
ow to
be
prep
ared
for t
hem
. Inv
estig
ate
the
syst
emat
ic
proc
ess
that
can
hel
p to
ens
ure
com
plia
nce
and
prod
uce
a su
cces
sful
PIA
pro
cedu
re in
yo
ur o
rgan
izat
ion,
incl
udin
g th
e pr
e-PI
A w
ork
that
can
incr
ease
effi
cien
cy a
nd im
prov
e co
mpl
etio
n an
d ac
cura
cy.
Prot
ectin
g an
d Se
curi
ng a
Mov
ing
Targ
et:
NFC
, RFI
D a
nd M
obile
Pay
men
tsJa
cque
line
Klos
ek, C
IPP,
Sen
ior C
ouns
el,
Good
win
Pro
cter
LLP
, Chr
isto
pher
T. P
iers
on,
CIPP
, CIP
P/G
, Chi
ef P
rivac
y Of
ficer
and
Sen
ior
Vice
Pre
side
nt, C
itize
ns F
inan
cial
Gro
up, I
nc.,
Jam
es S
hrev
e, C
IPP,
Ass
ocia
te S
peci
alis
t, Bu
ckle
y Sa
ndle
r LLP
Alth
ough
the
broa
d-ba
sed
adop
tion
of N
ear
Fiel
d Co
mm
unic
atio
n (N
FC),
RFID
and
mob
ile
paym
ents
has
take
n lo
nger
than
man
y an
ticip
ated
, the
re a
re re
cent
sig
ns th
at th
e re
quire
d m
omen
tum
for s
uch
adop
tion
may
be
clo
se. W
ith th
e ex
pans
ive
new
cap
abili
ties
of m
obile
pho
nes
and
tabl
et d
evic
es, t
he
poss
ibili
ty o
f inc
ludi
ng N
FC te
chno
logy
in s
uch
devi
ces,
and
upg
rade
s to
loca
tion
track
ing,
it
is b
ecom
ing
appa
rent
that
tech
nolo
gy
is s
tart
ing
to d
rive
that
mom
entu
m. T
his
wor
ksho
p w
ill e
xam
ine
NFC
, RFI
D a
nd
mob
ile p
aym
ents
and
the
regu
latio
n of
suc
h te
chno
logi
es u
nder
exi
stin
g la
ws.
Eng
age
in a
live
ly g
roup
dis
cuss
ion
of h
ow la
w a
nd
regu
latio
n—in
clud
ing
prop
osed
legi
slat
ion—
may
ada
pt to
mee
t priv
acy
and
data
sec
urity
is
sues
rais
ed b
y th
ese
tech
nolo
gies
.
1 –
5 p
.m.
Debu
nkin
g th
e Pr
ivac
y Pa
rado
x M
yth:
Cr
eatin
g a
Self-
Sync
hron
ized
Priv
acy
Prog
ram
Mar
io M
orel
, Priv
acy
Arch
itect
, You
rPriv
acy
Cogn
itive
sci
ence
has
sho
wn
that
con
sum
ers
don’
t mak
e pr
ivac
y de
cisi
ons
base
d on
cos
t/be
nefit
est
imat
ions
. The
app
aren
t dis
sona
nce
betw
een
wha
t peo
ple
say
conc
erns
them
on
line
and
wha
t the
y do
in p
ract
ice
to p
rote
ct
thei
r priv
acy
is n
ot a
par
adox
; it i
s a
call
for
priv
acy
pros
to b
uild
pro
gram
s pe
ople
can
re
late
to. P
rivac
y of
ficer
s w
ho d
o ju
st th
at
give
cus
tom
ers
an o
ptim
um e
xper
ienc
e an
d ga
in a
stra
tegi
c as
set f
or th
eir b
usin
ess.
Th
e se
cret
is “s
elf-
sync
hron
izat
ion”
—de
sign
ing
a pr
ogra
m th
at c
an e
ngag
e pe
ople
’s in
sigh
t, fo
resi
ght a
nd m
ind-
sigh
t at
bot
h an
inte
llect
ual a
nd e
mot
iona
l le
vel.
Usi
ng th
e la
test
rese
arch
, thi
s w
orks
hop
will
hel
p yo
u di
scov
er th
e ni
ne
key
build
ing
bloc
ks o
f a n
etw
ork-
cent
ric
priv
acy
info
stru
ctur
e an
d sh
ow y
ou h
ow to
fo
rmul
ate
a pl
an to
dra
mat
ical
ly in
crea
se
priv
acy
prog
ram
par
ticip
atio
n fro
m y
our
cust
omer
s, e
mpl
oyee
s an
d pa
rtner
s.
EU D
ata
Prot
ectio
n B
ootc
amp
Haz
el G
rant
, Par
tner
, Bris
tow
s, R
occo
Pa
netta
, Par
tner
, Pan
etta
& A
ssoc
iati
Join
our
exp
ert E
urop
ean
facu
lty fo
r th
is b
road
ove
rvie
w o
f dat
a pr
otec
tion
prac
tices
acr
oss
the
pond
. Lea
rn a
bout
the
polit
ical
and
lega
l stru
ctur
es in
the
EU, t
he
role
of d
ata
prot
ectio
n au
thor
ities
, and
the
com
plex
web
of l
aws
that
gui
de d
ata.
You
’ll
leav
e w
ith a
stro
ng g
ener
al u
nder
stan
ding
of
the
role
s, re
spon
sibi
litie
s an
d la
ws
gove
rnin
g pr
ivac
y in
the
Euro
pean
Uni
on.
Pr
ec
ON
fer
eN
ce
wO
rK
Sh
OPS
(W
edne
sday
onl
y)
One
Ses
sion
(hal
f day
) $5
45 U
SDTw
o Se
ssio
ns (f
ull d
ay)
$695
USD
Priv
acy
Boo
tcam
p (fu
ll da
y)
$695
USD
Get y
our c
opy
of th
is e
ssen
tial a
nd lo
ng-a
wai
ted
guid
e to
put
ting
toge
ther
an
effe
ctiv
e pr
ivac
y op
erat
ion—
bein
g re
leas
ed th
is s
umm
er! R
egis
ter f
or th
e Pr
ivac
y Bo
otca
mp
prec
onfe
renc
e w
orks
hop
and
get a
free
cop
y.
Copi
es w
ill a
lso
be a
vaila
ble
for s
ale
at th
e Ac
adem
y bo
okst
ore.
Mee
t the
aut
hors
and
get
you
r cop
y si
gned
!
WeD
ne
SD
ay,
SeP
TeM
be
r 1
4
Can’
t mak
e it
to o
ur d
aylo
ng P
rivac
y B
ootc
amp
at th
e Pr
actic
al P
riva
cy
Seri
es?
Catc
h it
at th
e A
cade
my!
8 a
.m.
– 5
p.m
.Pr
ivac
y B
ootc
amp
J. T
revo
r Hug
hes,
CIP
P, P
resi
dent
& C
EO, I
APP,
Ki
rk N
ahra
, CIP
P, P
artn
er, W
iley
Rein
LLP
Priv
acy
can
be a
bew
ilder
ing
topi
c. W
ith
mul
tiple
law
s, ju
risdi
ctio
ns, t
echn
olog
ies
and
busi
ness
mod
els
conv
ergi
ng, a
nd e
volv
ing,
in
toda
y’s e
nter
pris
e it
is h
ard
to k
now
how
to
nav
igat
e th
e m
aze
of c
halle
nges
you
face
. Pr
ivac
y Bo
otca
mp
is y
our o
ppor
tuni
ty to
get
a
solid
gro
undi
ng in
this
dyn
amic
fiel
d. T
his
two-
part
inte
nsiv
e pr
ogra
m w
ill in
trodu
ce
you
to th
e fu
ndam
enta
ls o
f priv
acy.
Part
1 pr
ovid
es a
n ov
ervi
ew o
f bas
ic p
rivac
y co
ncep
ts a
nd p
hilo
soph
ies.
Par
t 2 w
ill p
rovi
de
you
with
a “
Priv
acy
Tool
kit”—
prac
tical
, ha
nds-
on g
uida
nce
for m
anag
ing
data
with
in
your
org
aniza
tion.
You
’ll le
ave
with
a s
ound
fo
unda
tion
that
will
giv
e yo
u th
e st
ruct
ure
and
unde
rsta
ndin
g yo
u ne
ed to
mak
e th
e rig
ht d
ecis
ions
for y
our p
rivac
y in
itiat
ives
.
Atte
ndee
s w
ill re
ceiv
e a
free
cop
y of
the
IAPP
’s ne
w p
ublic
atio
n, B
uild
ing
a Pr
ivac
y Pr
ogra
m: A
Pra
ctiti
oner
’s Gu
ide
International Association of Privacy ProfessionalsPease International Tradeport75 Rochester Ave., Suite 4Portsmouth, NH 03801 USA
Scot
t A. K
ambe
rKa
mbe
rLaw
LLC
Mar
c Ro
tenb
erg
Pres
iden
t, EP
IC
Pr
iva
cy
M
eets
Pr
ac
tic
e
IAP
P
Pr
IvA
cy
Ac
Ad
em
yS
eptem
ber 1
4–1
6
dalla
s, T
X
www.p
rivacya
ssociation
.org/a
cadem
y
cO
me T
Og
eTh
er
wIT
h
Th
e P
rIv
Ac
y P
rO
feS
SIO
N
Privacy is interwoven into every facet of today’s econom
y, but privacy professionals often are the lone w
olf in their organization—w
alking the fine line of protecting customers and satisfying
regulators, without stifling innovation and business objectives.
Now
, more than ever, privacy professionals need to com
e together to share challenges, get answ
ers and improve their practices. This
year, Dallas is the crossroads for the privacy profession.
MeeT T
He P
eo
PLe W
Ho
HaVe T
He a
nS
Wer
S
Come to the A
cademy and get inform
ation and answers to the
questions that keep you up at night. Could your organization’s reputation survive a breach? Is there a possibility that you could be the target of an FTC enforcem
ent action? How do you ensure that
your organization’s products are trustworthy? Talk to your peers,
hear from the experts and get unique insider perspective from
top privacy enforcers that can im
pose real consequences on your brand and your reputation.
See H
oW
IT a
LL F
ITS
To
GeTH
er
Join your peers in Dallas for three days of quality education and netw
orking and return to work w
ith the tools and experiences you need to excel in your daily practice and be a leader for your organization’s privacy efforts.
Conference Location and Hotel Accomm
odations
The Fairmont Hotel
1717 N. Akard Street, Dallas, TX 75201
Phone: +1 214.720.2020Fax: +1 214.720.7405