The Evergreen Privacy Program: How to move beyond the CCPA and GDPR Compliance Dates and Structure and Get Budget for more Everlasting Programs

Far too often, upper management at organizations views compliance with privacy laws such as the CCPA and GDPR as projects to complete.  But as seasoned privacy professionals know, the May 25, 2018 GDPR date is really a beginning, not an end.  So, too, with the January 1, 2020 date for the CCPA.  In this session,…

Vendor Management Best Practices: Do’s and Don’ts

The explosion of privacy tech vendors raises complex questions for practitioners, privacy professionals, lawyers, and scholars. How do privacy leaders choose vendors? What questions must be asked during due diligence? What constitutes good vendor management and what distinguishes good vendors from bad? Can vendors promise that their tools will make their clients compliant with privacy…

How Local Regulation of Disruptive Technologies Can Threaten Privacy

More and more states/cities are trying to regulative disruptors like Airbnb, or scooter companies by issuing regulations that require companies to broadly disclose customer lists to municipal or state government without the need for formal legal process.  These regulations are in the name of “consumer protection,” but have the effect of giving governments unprecedent access…

Harmonizing Your Access Requests: Localizing your GDPR Processes for CCPA

As privacy practitioners shift their focus from Europe to California this year, many wonder what processes can be adapted from GDPR to CCPA. This session examines how best to transform your organization’s data subject access request (DSAR) policies and procedures for use in connection with the California Consumer Privacy Act (CCPA). How should organizations authenticate…