ACI’s 15th Advanced Global Legal and Compliance Forum on Cyber Security & Data Privacy and Protection

Privacy & Security of Consumer and Employee Information 101: Understanding the Technology & Key Laws and Regulations

This in depth focus session will create a foundation for those new to the world of privacy and information security and provide seasoned professionals with the latest changes and evolutions to the area.

Topics include:

• Privacy, data breaches, and the key technological tools and experts behind them
• Bridging the gap between legal and regulatory requirements regarding the protection of sensitive data, and the technology that protects such information
• How does IT intersect with privacy?
• Understanding IT systems utilized by companies to prevent breaches and data loss, including firewalls and private networks
• The basics of a data breach
• The basics of a data breach response
• The role of forensic and audit teams
• Best practices for assembling and working with a forensics and audit team
• Key laws, regulators, and enforcement bodies to consider when dealing with privacy concerns and data breaches
• A look at the current regulations and legislation which impact privacy & security
• The role of regulators in the realm of privacy & security
• Compliance and prior preparation: Steps to prevent data breaches; Policies and procedures in the event of a data breach

7:25 – 8:40 a.m. (separate registration required; registration opens at 7:10 a.m.)

Main Conference Registration & Continental Breakfast

Co-Chairs’ Welcoming Remarks

Federal Regulatory, Legislative, and Enforcement Landscape: Changes on the Horizon and Integrating New and Anticipated Initiatives Into Your Privacy and Compliance Program

• An update on where federal agencies are heading with cyber security and data privacy & protection: enforcement and regulatory insights
• Existing and prospective Congressional action
• Cyber security legislation and White House Initiatives
• FTC and privacy update
• Scope of authority
• Cyber security initiatives; audits; fines and penalties
• Consumer Privacy Bill of Rights
• “Do Not Track” and behavioral advertising
• FACTA
• Online privacy

Morning Break

Unique Regulatory and Enforcement Insights by State Attorneys General and Consumer Protection Agencies on Emerging Privacy Initiatives, Settlement and Enforcement Trends, Security Breach Notification Requirements, and More

• Regulatory and enforcement insights
• Security breach notification requirements
• New trends and laws and how to manage compliance
• Recent state settlement and enforcement trends
• Current focuses for state AGs

Networking Lunch for Delegates and Speakers

INTERNATIONAL: Managing a Global Privacy Program and Preparing, Collecting, Using and Transferring Data Across Borders

• “The Right to Be Forgotten”
• APEC Cross Border Privacy Rules: A New Model for Interoperability?
• Proposed EU data protection reform and what it means for those doing business in the EU
• The future of the Safe Harbor Program
• Privacy issues involved in conducting international investigation concerning discovery
• Managing cross-border data transfers
• International v. National v. Localized policies and breach response plans
• Fitting corporate rules in the framework of international privacy regulatory requirements in a way that is practical, compliant, and cost effective.
• A focus on regulation and events in Russia, Canada, Latin America, Germany, Singapore, and more

The Internet of Things: Privacy, Security, New Risks and Developing Threats

• The rise of technology that connects to the internet and the opportunity to gather data and provide predictive analytics and IT automation
• New threats and what to anticipate
• Corporate espionage and theft of IP
• Employee hack-backs
• Ransom ware and the growing cyber-component to traditional crimes
• Phishing and Spear Phishing
• Doxing and Swatting
• DDos

Afternoon Break

The Cloud: Best Practices on Third-Party Vendor Compliance and Negotiating Terms of Cloud Services Contracts and Service Level Agreements

• International privacy in the age of the cloud
• Cloud service agreements
• Initiatives and privacy compliance programs around the cloud and big data
• Third-party vendor concerns
• Contract negotiation
• Analyzing cloud transactions and virtual private clouds
• NIST guidelines on technical and security guidance
• Federal agencies’ use of cloud computing
• How the NIST guidelines impact the industry
• Forced data localization requirements
• Restrictions and local data requirements

Class Actions & Litigation Roundup: Recent Data Breach Cases, Mega Privacy Actions, TCPA and Texting Suits, and Assessing What Claims Are Worth

• Litigation trends: future of class actions and how the decisions shake out state by state
• Data breach litigation
• Assessing harm
• Statutory penalties, remedies
• Collection of data
• Retailers asking for zip code, phone numbers, etc.
• Mega privacy actions
• Civil litigation associated with free or low cost services that touch millions of people
• Statutory liability claims
• Privacy statutes with statutory damages and uniform privacy practices
• What happens when the litigation doesn’t settle?
• Assessing harm; how important is harm when law applies to statutory damages?
• Strategies for when to fight and when to settle privacy and security
• Class action suits: latest trends on TCPA and other texting cases

The Intersection of Healthcare and Data Security: OCR, HHS, and HIPAA Cyber Security and Data Privacy and Protection

Healthcare data protection, risk assessment, HIPAA, HITECH, OCR enforcement, and more, including:

• The 2014 audit program taking effect in October of 2014
• Enforcement trends
• Compliance challenges
• Mitigation measures

Conference Adjourns to Day Two

Continental Breakfast

Big Data in the Cyber Security and Privacy Protection Context: Aggregating Data, Data Analytics, Data Mining, and Privacy Rights

• Data anonymization: what does it really mean to be anonymous? What does it look like?
• Data aggregation: Concern over privacy rights
• Implementing best practices for data governance
• Layers of control for employees who access data
• The monetization of data
• Data sold for research
• Informed consent

Practicing Privacy by Design: Ensuring Cyber Security and Data Privacy & Protection Don’t Become an Afterthought

• Best practices for implementing cyber security and data protection from the start
• Working with your development team to incorporate privacy protection into all aspects of business
• Privacy engineering: Taking Privacy by Design concepts and executing them in the day-to-day practices

Morning Break

Cyber Security Preparedness: Best Practices for Data Breach Incident Response Teams With a Focus on Preemptive Measures to Take and Rehabilitating Your Image

• Incident preparedness
• Proactive crisis communications training
• Risk assessments and vulnerability audits
• The cyber defense response team and who it should include
• Managing the crisis through comprehensive crisis communications
• Post-incident recovery
• Reputation management
• Public relations and impact assessments
• Stakeholder communications, and more

Ensuring Compliance With Privacy Requirements for Online Behavioral Advertising and Marketing Initiatives: Cookies, “Do-Not-Track”, and Other Behavioral Targeting Nuances

• The latest developments in “Do-Not-Track” and other regulatory enforcement trends
• Litigation update on cookies/tracking
• Managing consumer perception on tracking and data collection
• Tracking and sharing online consumer behavior by social media companies
• The regulator perspective
• Unfair and deceptive practices using online behavioral advertising

Privacy on Mobile Platforms and Privacy Disclosures for Mobile Apps: Best Compliance Practices

• Privacy notices on mobile devices
• Collecting and using information from mobile apps
• Laws, regulatory guidance, industry self-regulation
• Drafting a privacy notice for mobile devices
• Solutions proposed by consumer advocates, including their proposal for series of icons for privacy notices
• Tools to promote compliance
• Different requirements and ability to display disclosures among app stores/platforms
• Reconciling differing global requirements when releasing an app in multiple markets

Mobile Devices (BYOD), Apps and the Workforce: Reducing Risk by Implementing Proven Security Measures and Procedures, and More

• Examining the business and technological drivers behind the “bring your own device” trend
• Understanding the privacy implications and risk exposures of a BYOD program
• What tools are in place to provide control measures and oversight for a BYOD program?
• Data loss prevention programs
• Training, audits and other ways to ensure compliance
• Identifying the risk when an employee uses company data on their personal computer
• Assessing discovery issues
• Who has control of content/data?

Main Conference Ends – Lunch for Workshop B Attendees

The Fundamentals of Cyber and Data Risk Insurance Coverage

• What is Cyber insurance? And why isn’t my current insurance enough?; Why traditional insurance policies such as CGL don’t work; Why your current property insurance may not cover the direct costs of the data breach
• How cyber and data risk insurance really works: Basics of cyber insurance policies
• Understanding the language used in the policies to better communicate to your clients: Key provisions to look for (coverage, definitions and exclusions)
• Overview on guidance from claim to post-breach costs
• Cyber Risk Insurance Nuances: Usage based insurance (UBI); General liability policies; What policyholders should be looking for in a cyber policy; Key considerations for cyber liability coverage; Pricing, selling and marketing cyber risk policies; New coverage options

2:50 – 4:50 p.m. (separate registration required; registration opens at 2:30 p.m.)