Privacy and Data Security Law Institute (Thirteenth Annual)

Day One:  9:00 a.m. - 5:00 p.m.

Morning Session:  9:00 a.m. - 12:45 p.m.

9:00  Welcome and Opening Remarks

Francoise Gilbert

9:15  Legislative and Regulatory Trends in U.S. Privacy and Security Law  

• Are we starting on a new direction for privacy and security regulation?
• Key federal legislative and regulatory developments
• Federal policy and enforcement initiatives
• Key state legislative and regulatory developments
• Self-regulation vs. government regulation: Where are we headed?

Holly K. Towle, Stephen S. Wu

10:15  Health Privacy and Security:  HIPAA Applies to Everyone Now!

• HIPAA and HITECH Act overview
• Understanding the primary HITECH changes and their application beyond covered entities
  - Evaluating the biggest risk areas for covered entities and business associates
  - Assessing what's still to come
  - Updates on enforcement and investigations
  - Health care privacy and the impact on health care reform

Sharon A. Anolik, Reece Hirsch

11:15  Networking Break

11:30  Information Security Breaches: The Saga Continues

• Identifying an incident
• Undertaking the initial response
• Conducting a forensic investigation
• Coordinating with law enforcement
• Implementing an incident response plan
• Coordinating notification to affected individuals
• Setting up the call center and identity restoration service
• Preparing website materials
• Managing state attorneys general and federal agencies
• Managing the press
• Handling litigation risks

Cathy Bump, Jeanette Fitzgerald, Beth Givens, Winston Krone

12:45  Lunch Break

Afternoon Session:  1:45 p.m. - 5:00 p.m.

1:45  The Rise of Privacy Litigation - New Causes of Action, New Legal Theories

• Survey of claims related to marketing, unfair competition, misuse of data, security breach
• Liability and damage issues
• Statutes with private right of action
• Unsolicited fax and junk email cases
• Behavioral advertising, zombie cookies, and tracking cases
• Social networking and social gaming litigation
• Apps, mobile, texting and location issues
• How to successfully defend privacy class action suits

Ian C. Ballon, James G. Snell

2:45  Networking Break

3:00  Ethics and Risk Management for Privacy Professionals

• Ethical challenges in e-discovery
• Rules of the road for lawyer use of social media
• Protecting the attorney-client privilege in the digital domain
• Data security concerns for law firms and law departments
• Special ethics concerns for privacy lawyers

Merri A. Baldwin, Kathryn J. Fritz

4:00  Being a Chief Privacy Officer - Greater Challenges, Smaller Budget

• How to integrate privacy compliance and best practices
• How to measure success
• The many layers of the training program
• How to address privacy challenges in an ailing economy

Rudy Guyon (Moderator), Jonathan D. Avila, Rebecca Matthias, MeMe Rasmussen

5:00  Adjourn

DAY TWO:  9:00 A.M. - 4:45 P.M.

Morning Session:  9:00 a.m. - 12:15 p.m.

9:00  Global Issues - Privacy and Data Protection in a Global Environment

• Data Protection 2.0 in the European Union; the overhaul of the EU Data Protection Regime; recent developments
• Creating and managing a multi-jurisdictional privacy program for a B2C company
• How to respond to a security breach in a global environment
• Risks and pitfall in conducting an employee investigation in a global organization

Francoise Gilbert, Christine E. Lyon, Rosanne Model, Paola Zeni

11:00  Networking Break

11:15  Clouds Without Borders - How to Ensure Privacy and Security in the Cloud

• Jurisdictional uncertainties
• Regulatory compliance concerns in borderless clouds
• Best practices in selecting services providers
• Poking holes in your vendor’s privacy and security policies
• Negotiating effective contractual protections for privacy and data security

Francoise Gilbert (Moderator), Geff Brown, Lindsey Finch, Felix S. Sterling

12:15  Lunch Break

Afternoon Session:  1:30 p.m. - 4:45 p.m.

1:30  Understanding the Current Online Behavioral Advertising Landscape

• The business case for behavioral advertising
• How behavioral advertising works
• Emerging legislation and regulation in the U.S. and EU
• Current industry self-regulatory efforts
• Enforcement trends
• Super cookies: The next frontier

Dominique R. Shelton, Liisa M. Thomas

2:30  Networking Break

2:45  Privacy and Security Enforcement Agenda:  The Regulator’s Perspective

• What privacy and security practices are currently in regulators' sights?
• The changing focus of regulator priorities
• Practical insights businesses can gain from recent privacy and security enforcement actions
• When under a regulator’s scrutiny, what can you do to show yourself in the best possible light?
• Breach notification as a trigger for regulatory scrutiny
• What regulators wish companies knew about privacy and security

Alexandra Ross (Moderator), Laura Berger, Matthew F. Fitzsimmons, Paula Selis

3:45  Trend Lines in Privacy and Cybersecurity Law and Policy:  Converging or Diverging?  

• Are legislative and administrative policies for data privacy and data security complementary, or are they in conflict?
• Has the recent wave of data security laws (such as state breach notification laws) enhanced consumer privacy?
• What does the increasing focus on national cybersecurity portend for U.S. data privacy law and policy in general in the coming years?
• What are the collective effects on privacy of government surveillance and private sector “dataveillance”
• How have EU-style approaches to privacy as a fundamental right been affected by government and private sector initiatives on cybersecurity?

Marc Crandall, Joanne McNabb, Jishnu Menon

4:45  Adjourn