Day One: 9:00 a.m. - 5:00 p.m.
Morning Session: 9:00 a.m. - 12:45 p.m.
9:00 Welcome and Opening Remarks
9:15 Legislative and Regulatory Trends in U.S. Privacy and Security Law
- Are we starting on a new direction for privacy and security regulation?
- Key federal legislative and regulatory developments
- Federal policy and enforcement initiatives
- Key state legislative and regulatory developments
- Self-regulation vs. government regulation: Where are we headed?
Holly K. Towle, Stephen S. Wu
10:15 Health Privacy and Security: HIPAA Applies to Everyone Now!
- HIPAA and HITECH Act overview
- Understanding the primary HITECH changes and their application beyond covered entities
- Evaluating the biggest risk areas for covered entities and business associates
- Assessing what's still to come
- Updates on enforcement and investigations
- Health care privacy and the impact on health care reform
Sharon A. Anolik, Reece Hirsch
11:15 Networking Break
11:30 Information Security Breaches: The Saga Continues
- Identifying an incident
- Undertaking the initial response
- Conducting a forensic investigation
- Coordinating with law enforcement
- Implementing an incident response plan
- Coordinating notification to affected individuals
- Setting up the call center and identity restoration service
- Preparing website materials
- Managing state attorneys general and federal agencies
- Managing the press
- Handling litigation risks
Cathy Bump, Jeanette Fitzgerald, Beth Givens, Winston Krone
12:45 Lunch Break
Afternoon Session: 1:45 p.m. - 5:00 p.m.
1:45 The Rise of Privacy Litigation - New Causes of Action, New Legal Theories
- Survey of claims related to marketing, unfair competition, misuse of data, security breach
- Liability and damage issues
- Statutes with private right of action
- Unsolicited fax and junk email cases
- Behavioral advertising, zombie cookies, and tracking cases
- Social networking and social gaming litigation
- Apps, mobile, texting and location issues
- How to successfully defend privacy class action suits
Ian C. Ballon, James G. Snell
2:45 Networking Break
3:00 Ethics and Risk Management for Privacy Professionals
- Ethical challenges in e-discovery
- Rules of the road for lawyer use of social media
- Protecting the attorney-client privilege in the digital domain
- Data security concerns for law firms and law departments
- Special ethics concerns for privacy lawyers
Merri A. Baldwin, Kathryn J. Fritz
4:00 Being a Chief Privacy Officer - Greater Challenges, Smaller Budget
- How to integrate privacy compliance and best practices
- How to measure success
- The many layers of the training program
- How to address privacy challenges in an ailing economy
Rudy Guyon (Moderator), Jonathan D. Avila, Rebecca Matthias, MeMe Rasmussen
DAY TWO: 9:00 A.M. - 4:45 P.M.
Morning Session: 9:00 a.m. - 12:15 p.m.
9:00 Global Issues - Privacy and Data Protection in a Global Environment
- Data Protection 2.0 in the European Union; the overhaul of the EU Data Protection Regime; recent developments
- Creating and managing a multi-jurisdictional privacy program for a B2C company
- How to respond to a security breach in a global environment
- Risks and pitfall in conducting an employee investigation in a global organization
Francoise Gilbert, Christine E. Lyon, Rosanne Model, Paola Zeni
11:00 Networking Break
11:15 Clouds Without Borders - How to Ensure Privacy and Security in the Cloud
- Jurisdictional uncertainties
- Regulatory compliance concerns in borderless clouds
- Best practices in selecting services providers
- Poking holes in your vendor’s privacy and security policies
- Negotiating effective contractual protections for privacy and data security
Francoise Gilbert (Moderator), Geff Brown, Lindsey Finch, Felix S. Sterling
12:15 Lunch Break
Afternoon Session: 1:30 p.m. - 4:45 p.m.
1:30 Understanding the Current Online Behavioral Advertising Landscape
- The business case for behavioral advertising
- How behavioral advertising works
- Emerging legislation and regulation in the U.S. and EU
- Current industry self-regulatory efforts
- Enforcement trends
- Super cookies: The next frontier
Dominique R. Shelton, Liisa M. Thomas
2:30 Networking Break
2:45 Privacy and Security Enforcement Agenda: The Regulator’s Perspective
- What privacy and security practices are currently in regulators' sights?
- The changing focus of regulator priorities
- Practical insights businesses can gain from recent privacy and security enforcement actions
- When under a regulator’s scrutiny, what can you do to show yourself in the best possible light?
- Breach notification as a trigger for regulatory scrutiny
- What regulators wish companies knew about privacy and security
Alexandra Ross (Moderator), Laura Berger, Matthew F. Fitzsimmons, Paula Selis
3:45 Trend Lines in Privacy and Cybersecurity Law and Policy: Converging or Diverging?
- Are legislative and administrative policies for data privacy and data security complementary, or are they in conflict?
- Has the recent wave of data security laws (such as state breach notification laws) enhanced consumer privacy?
- What does the increasing focus on national cybersecurity portend for U.S. data privacy law and policy in general in the coming years?
- What are the collective effects on privacy of government surveillance and private sector “dataveillance”
- How have EU-style approaches to privacy as a fundamental right been affected by government and private sector initiatives on cybersecurity?
Marc Crandall, Joanne McNabb, Jishnu Menon
Sharon A. Anolik
~ Vice President, Global Privacy Risk and Strategy Leader, McKesson Corporation
Jonathan D. Avila
~ Vice President - Counsel, Chief Trust Officer, The Walt Disney Company
~ Attorney, Division of Privacy and Identity Protection, Federal Trade Commission
~ Assistant General Counsel, Microsoft Corporation
~ Senior Privacy Compliance Counsel, Expedia, Inc.
~ Senior Manager of Global Compliance, Enterprise, Google Inc.
Matthew F. Fitzsimmons
~ Chair, Privacy Task Force, Assistant Attorney General, Office of the Attorney General
~ Senior Corporate Counsel, Hitachi Global Storage Technologies
~ Corporate Compliance Officer, Bio-Rad Laboratories Inc.
~ VP, Chief Privacy Officer, Adobe Systems Incorporated
~ Senior Counsel, Washington State Attorney General's Office
Felix S. Sterling
~ Senior Vice President and General Counsel, Trend Micro Incorporated
~ Director, Global Privacy - Legal and Public Affairs, Symantec Corporation
San Francisco Seminar Location
PLI California Center, 685 Market Street, San Francisco, California 94105. (415) 498-2800.
San Francisco Hotel Accommodations
The Palace Hotel, 2 New Montgomery Street, San Francisco, California 94105. Call (800) 917-7456 seven days a week from 6:00 am to 12:00 am (PDT) and mention you are attending this program at Practising Law Institute to receive the preferred rate. For online reservations, go to www.sfpalace.com/pli to receive the preferred rate.
Due to high demand we recommend reserving hotel rooms as early as possible.