PLI “Safe Return” Policy for In-Person Programs
See Credit Details Below
Why You Should Attend
Complying with laws governing privacy and cross-border data flows has never been more complicated. U.S. companies can no longer effectively compete in today’s interconnected marketplace without leveraging data, monetizing it, and freely moving it across country borders. That is why implementing appropriate programs to comply with data protection laws emerging around the world has never been more important.
In 2018, companies with operations in the EU, or those that otherwise deal directly with consumers in the European Union (B2C), or offer services to European companies (B2B), were forced to address the European Union’s General Data Protection Regulation (“GDPR”) requirements. In 2020, California’s Consumer Privacy Act of 2018 (“CCPA”) become operative. CCPA introduced a new comprehensive privacy framework for businesses that fall within its scope by expanding the definition of “personal information,” creating new data privacy rights for California consumers, including rights to know, access, delete, and opt out of the “sale” of their personal information, and creating a new statutory damages framework for violators that fail to implement and maintain reasonable security procedures and practices to prevent data security breaches.
Since then, Californians voted to enact the California Privacy Rights Act (CPRA), expanding and revising the California Consumer Privacy Act of 2018 (CCPA) effective January 1, 2023. Companies around the world with ties to California must now prepare for new requirements under the statute and expect revised regulations to be issued by a new California Privacy Protection Agency, the first of its kind in the United States. CPRA calls on businesses to develop internal protocols for personal information “sharing” and “selling,” prepare for data minimization and deletion requirements, enable and process consumer requests regarding “sensitive personal information,” update data subject request protocols and procedures, update notices and privacy policies at collection, comply with requirements regarding the processing of information of minors, and upgrade and document security measures, among others. Other states have enacted similar legislation (Virginia), and Brazil enacted its General Data Protection Law.
In the midst of this transformational landscape, and to complicate an already complex area of law, companies are dealing with a spike in ransomware and security incidents impacting global operations. Those concerns have been more pronounced during the pandemic and the move to move an entire workforce to a remote work arrangement around the world.
This half-day boot camp – now in its sixth year – brings together individuals charged with formulating their organization’s global privacy compliance strategy. It is for those of you who must implement the “nuts and bolts” of GDPR, CCPA, CPRA, Virginia’s Consumer Data Protection Act, Brazil’s General Data Privacy Law (“GDPL”), and other privacy laws, and evaluate the right approach for your organization. What are the practical implications of your chosen approach? What are the risks? And how do you implement the procedural enhancements now commonly required? This program is for privacy practitioners within every organization – legal, compliance, IT security, and audit – hoping to gain insights and practical information about the ongoing conversation surrounding GDPR, CCPA, CPRA, VCDPA, GDPL and other privacy laws.
What You Will Learn
- Gain insights on key substantive and procedural compliance recommendations for GDPR CCPA, CPRA, VCDPA, GDPL, and other privacy laws
- What are the fundamental requirements for notice, consent, contracting, and other requirements now mandated by CPRA and other similar laws in the US?
- Discuss practical considerations on how to set your organization’s compliance strategy
- Hear distinguished experts from both government and industry tell you what you should be doing to manage and avoid enforcement risks
Earn Continuing Privacy Education credit
Prerequisites: An interest in global data protection issues.
Intended Audience: This program is intended for general and solo practitioners, transactional attorneys, general and corporate counsels, in-house lawyers and legal professionals supporting any client with information risk issues.
Other Prerequisites: None.
Advanced Prep: None.