Data Breach in the EU: The New Landscape

The session focuses on the way that data security and breach notification are developing under the GDPR – the security standards that are emerging as the consensus choices, trends and lessons from GDPR enforcement for data security, and general developments about data breach in the EU. Tilly Lang, Data Protection Director & Corporate Governance Counsel Room…

Vendor Management Best Practices: Do’s and Don’ts

The explosion of privacy tech vendors raises complex questions for practitioners, privacy professionals, lawyers, and scholars. How do privacy leaders choose vendors? What questions must be asked during due diligence? What constitutes good vendor management and what distinguishes good vendors from bad? Can vendors promise that their tools will make their clients compliant with privacy…

How Local Regulation of Disruptive Technologies Can Threaten Privacy

More and more states/cities are trying to regulative disruptors like Airbnb, or scooter companies by issuing regulations that require companies to broadly disclose customer lists to municipal or state government without the need for formal legal process.  These regulations are in the name of “consumer protection,” but have the effect of giving governments unprecedent access…

Secondary Uses of Health Data for Research and Development Purposes

The secondary use of health data initially collected for purposes of patient care or clinical research can be extremely valuable to a wide variety of entities, including the following: Artificial intelligence developers that wish to harness such data to train algorithms and develop new products Pharmaceutical and medical device companies gathering real word evidence regarding…

Cybersecurity+Risk Summit

The Cybersecurity + Risk Summit is a new full-day seminar on the pre-conference day, Oct 14, 2019. The summit will examine emerging issues and risks in security, and offer best practices and benchmarking to help your organization address these complex issues. It will combine thought leaders from legal, compliance, business and Boards of Directors. Chairs:…

Implementing the CIS Critical Security Controls for the CCPA and Other Laws

This session will help attendees understand the Center for Internet Security’s (CIS) 20 Critical Security Controls (CSC 20), which are increasingly becoming one of the leading standards for reasonable security.  Recently, the California Attorney General stated that failure to implement the CSC 20 constitutes a lack of reasonable security.  This session will discuss how to…