Privacy and Data Security Law Institute (Tenth Annual)

Overview

This live program has been approved for Continuing Privacy Education credit, pursuant to the rules and regulations set by the International Association of Privacy Professionals (IAPP).  All IAPP-certified professionals (CIPP, CIPP/G, CIPP/C) must satisfy 30 hours of CPRE credit over the initial three year period and then 10 hours of CPRE every year following the initial three year term.

Why You Should Attend

This program focuses on critical issues of information privacy, security and data protection faced by all companies. The Internet and other evolving information technologies, wired and wireless, have prompted the development of powerful tools for the collection, processing, storage and use of personal information. These trends create numerous issues regarding limitations on corporate rights to use that information and obligations to protect it from a variety of risks and vulnerabilities. Legislators, regulators and the courts are rapidly developing new law and compliance obligations to address the privacy and security implications of the information economy.
 

PLI’s Annual Institute on Privacy and Data Security Law focuses on these developments with the goal of keeping attorneys and other privacy professionals informed and up-to-date in this complex and dynamic area of laws and regulations.

 

What You Will Learn

• The latest federal and state legislation, regulations and decisions regarding privacy and security
• Foreign developments in data protection law and their impact on U.S. companies
• The unique issues of privacy in the workplace, including privacy of workplace communications and monitoring
• Best practices in managing security breach risks and the latest legislative developments pertaining to information security requirements
• Government requests for information - how to respond
• Developments regarding liability for privacy breaches
• Ethical and privilege issues for lawyers in using information technology
• Update on the implementation of Red Flags Rules, identity management and online authentication
• Evolving online data collection and marketing techniques and their impact on privacy law
• News from the future: what privacy and security law will look like five years from now

Special Features

• Update on the federal and state laws affecting corporate obligations to protect the privacy and security of
  personal information
• Panel of FTC and State Attorney General representatives

Special Bonus to all Registrants

All attendees will receive a complimentary copy of PLI's comprehensive Course Handbook. This softcover, bound volume was written to augment the program and to stand alone as a permanent reference. PLI's Course Handbooks represent the definitive thinking of the nation's finest legal minds, and are often the standard reference in the field.

PLI Group Discounts

Groups of 4-14 from the same organization, all registering at the same time, for a PLI program scheduled for presentation at the same site, are entitled to receive a group discount.  For further discount information, please contact membership@pli.edu or call (800) 260-4PLI.

Cancellations

All cancellations received 3 business days prior to the program will be refunded 100%. If you do not cancel within the allotted time period, payment is due in full. You may substitute another individual to attend the program at any time.

Schedule

Please plan to arrive with enough time to register before the conference begins. A continental breakfast will be available upon your arrival.

Day One: 9:00 a.m. - 5:00 p.m.

Morning Session: 9:00 a.m. - 12:30 p.m.

9:00  Welcome and Opening Remarks

Thomas J. Smedinghoff

9:15  State Security Laws and Regulations - The New Deal

• Update on state information security laws; legislative trends
• Impact of the regulations in Massachusetts, Nevada and elsewhere
• Applying the duty to provide security to all businesses
• Defining reasonable security
• The expanding duty to encrypt data
• Requirements for a comprehensive information security program
• Emerging information security standards

Matthew H. Meade, Thomas J. Smedinghoff

10:15  Recent Federal Initiatives in Privacy and Information Security

• Federal breach notice and security legislation
• Implementation of the Red Flags Rules
• Update on Real ID
• Recent actions and guidance from GLB regulators
• Federal efforts in electronic healthcare records and systems
• Prospects for federalizing information security requirements

Christopher Wolf, Maureen A. Young

11:15  Break

11:30  Data Breaches: Lessons Learned and Guidelines for Developing an Incident Response Plan

• Dealing with the initial emergency
• Addressing the ambiguities in state breach notification laws
• Working with State Attorneys General and other state officials where required
• The breach notification letter - dos and don’ts
• Legal requirements for incident response plan
• Best practices for developing and implementing incident response plans
• Post-security breach class actions

William J. Cook, Diana J. McKenzie

12:30  Lunch Break

Afternoon Session: 1:45 p.m. - 5:00 p.m.

1:45  Privacy Developments in the Workplace: Monitoring, Surveillance, Background Checks and Remote Computing

• Use of email, blogging, and Internet access
• Use of portable devices (BlackBerrys, cell phones, USB flash drives)
• Monitoring employees’ text messages
• Use of video, RFID, and biometrics
• Background checks, drug testing and medical privacy in the workplace
• Web searches of potential hires
• Recent workplace privacy litigation

Ruth Hill Bro

2:45  Break

3:00  European Union Developments: Data Protection Compliance from a U.S. Perspective

• Overview of the in-country obligations and approaches to compliance
• Overview of the means of compliant data transfer (Safe Harbor, Model Contract Clauses, Binding Corporate Rules, etc.)
• Evaluating which approach is right for your organization
• Recent data commission decisions, enforcement actions and regulatory guidance
• Developing law regarding breach notification and data retention

Rebecca S. Eisner, Francoise Gilbert

4:00  The Rest of the World: New Developments in Asia, the Pacific and Elsewhere

• Overview of recent legal and regulatory developments
• Emerging privacy and security compliance issues
• Special concerns in outsourcing to offshore vendors
• Security obligations and breach notification

Christine E. Lyon, Jeff Rohlmeier

5:00  Adjourn

Day Two: 9:00 a.m. - 4:45 p.m.

Morning Session: 9:00 a.m. - 12:15 p.m.

9:00  Ethical Aspects of Privacy and Information Security for Lawyers

• Ethical risks in electronic communications with clients, including waiver of the attorney-client privilege
• Metadata risks 
• Ethical issues in advising clients on the applicability of breach notice requirements 
• Is there a duty to warn consumers even in the absence of a legal duty to disclose a breach? 
• Dealing with situations where clients seek to use intentionally vague or ambiguous privacy disclosures 
• Ethical and liability issues in e-discovery

John P. Hutchins

10:00  Privacy in Litigation: Responding to Litigant Requests for Personal Information 

• What rules govern the discovery of personal information in litigation?
• The rights of individuals to restrict disclosure of their information in discovery
• Cross-border discovery: the conflict between U.S. discovery obligations and foreign data protection law
• What rights does the government have to personal data in the control of a corporation? 
• Specific issues associated with response to FISA and warrantless searches and National Security Letters
• Best practices for managing company compliance with third party requests for personal data

J. Beckwith Burr, Todd S. Schulman

11:00  Break

11:15  Regulators and Enforcers Speak Out: New Expectations Created by Emerging Privacy and Data Security Priorities

• Recent FTC enforcement actions and initiatives
• How the FTC views its enforcement priorities
• State enforcement of privacy and security laws; recent actions
• Special concerns for childrens’ privacy

C. Steven Baker, Christine Nielsen, Scott D. Schafer, Thomas J. Smedinghoff

12:15  Lunch Break

Afternoon Session: 1:30 p.m. - 4:45 p.m.

1:30  Privacy Concerns in Marketing and Commercial Communications

• CAN SPAM: Overview of current laws and regulations
• Understanding the CAN SPAM FTC July 2008 Regulations
• Recent SPAM litigation
• CAN SPAM and mobile communications (FCC Rule)
• Marketing in the mobile environment
• Telemarketing

Liisa M. Thomas

2:30  Break

2:45  Privacy in the Web 2.0 Environment: Social Networking, Blogging and Behavioral Targeting

• Privacy considerations in the expanding realm of web commerce and social networking
• Blogging policies
• State of the art privacy policies and disclosure practices 
• Age verification concerns
• The role of search engines
• Emerging guidelines and best practices on self-regulation in behavioral marketing

Benjamin T. Duranske, Andy Serwin

3:45  News from the Future: Impact of the Privacy and Security Law Policies of the New Administration

• What changes are in store for federal privacy and security law and policy?
• Will privacy law in the U.S. substantially “federalize”?
• Will the efforts to develop binding international standards on privacy and security succeed?
• What are the new challenges for privacy and security law?

James X. Dempsey

4:45  Adjourn

Faculty

Co-Chair(s)

John B. Kennedy, Dewey & LeBoeuf LLP
Thomas J. Smedinghoff, Wildman, Harrold, Allen & Dixon, LLP

Speaker(s)

C. Steven Baker, Director, Midwest Region, Federal Trade Commission
Ruth Hill Bro
J. Beckwith Burr, Wilmer Hale
William J. Cook, Wildman Harrold
James X. Dempsey, Vice President for Public Policy, Center for Democracy & Technology
Benjamin T. Duranske, Pillsbury Winthrop Shaw Pittman LLP
Rebecca S. Eisner, Mayer Brown LLP
Francoise Gilbert, Managing Director, IT Law Group
John P. Hutchins, Troutman Sanders LLP
Christine E. Lyon, Morrison & Foerster LLP
Diana J. P. McKenzie, Neal Gerber Eisenberg LLP
Matthew H. Meade, Buchanan Ingersoll & Rooney PC
Christine Nielsen, Assistant Attorney General, Illinois Attorney General Office
Jeff Rohlmeier, Director of Privacy & Compliance, Thomson Reuters
Scott D. Schafer, Chief, Consumer Protection Division, Commonwealth of Massachusetts Office of the Attorney General
Todd S. Schulman, Assistant General Counsel, Verizon Communications
Andy Serwin, Foley & Lardner LLP
Liisa M. Thomas, Winston & Strawn LLP
Christopher Wolf, Hogan & Hartson LLP
Maureen A. Young, Bingham McCutchen LLP

Program Attorney(s)

Lauren Esposito, Practising Law Institute

CLE Credit

Travel Information

Chicago Seminar Location

University of Chicago Gleacher Center, 450 N. Cityfront Plaza Drive, Chicago, Il 60611. (312) 464-8787.

Chicago Hotel Accommodations

Omni Hotel Chicago, 676 N. Michigan Avenue, Chicago, IL 60611. Please contact the hotel directly at 1-800-THE-OMNI or (312) 944-6664. When calling, mention PLI and the name of the program you are attending.

Click this Omni Hotel Chicago link to facilitate the reservation process. You will be directed to the property's customized reservation page for this program