Wednesday, May 24th, 2017
9:00 AM – 4:00 PM
Courtyard Boston Downtown
The Boston Bar Association’s inaugural Privacy Conference will bring together attorneys from private practice and in-house legal departments to network and discuss key topics and trends in privacy and cybersecurity.
This full-day conference will cover a wide range of topics from data breach response and litigation to compliance and transactional issues. Panelists will discuss new developments in the legal and regulatory landscape, while providing strategies to effectively prepare and respond to your client’s needs and offer insights into challenges and opportunities ahead.
KEYNOTE SPEAKER
Lou Bladel is an executive director in the Fraud Investigations & Dispute Services practice of Ernst & Young, LLP. He is the National Coordinator for Insider Risk and Threat Management services, which assists clients in responding to, investigating and remediating insider threats, as well as developing and implementing comprehensive insider threat programs and services. Lou consults with U.S. federal law enforcement agency directors, government regulators and key executives of Fortune 100 companies, Fortune 500 C-suite officials and boards of directors from across industry sectors on matters of economic espionage and insider threats.
Louis Bladel
Executive Director
Fraud Investigations & Dispute Services
Ernst & Young, LLP
CONFERENCE AGENDA & SPEAKERS
Speakers
Brenda Sharton
Partner, Chair, Business Litigation
Goodwin
Glenn Daly
Chief Privacy Officer
John Hancock Financial Services
Eric M. Friedberg
Co-President
Stroz Freidberg
GDPR – 12 Months and Counting, Where Should You Be?
It’s T minus 12 months until the European General Data Protection Regulation (GDPR) effective date. Whether you have a count-down programmed into your Outlook calendar or you have been covering your ears whenever someone mentions the GDPR, there is no hiding the fact that May 25, 2018, is fast approaching. So now what? This session will delve into some of the new requirements for privacy programs under GDPR, such as formalized documentation requirements, data subject access rights, and the appointment of a DPO, and provide insight into what activities companies are undertaking to ready their privacy programs for GDPR. Join us to hear from the panel of seasoned in-house privacy counsel and professionals on common challenges to and potential solutions for GDPR compliance preparations, as well as practical ways to prioritize implementation activities over the coming months.
Panel Chair
Sara Berkson
Senior Director, Assistant General Counsel
Vertex Pharmaceuticals
Speakers
Renard Francois
Global Chief Privacy Officer, General Electric
Richard Reynolds
Senior Privacy Counsel, Boston Scientific
Ken Mortensen
Data Protection Officer
Intersystems Corporation
Connected Devices for Consumers and Industry
The Internet of Things brings together devices, networks and vast amounts of data, which poses challenges for attorneys and cybersecurity professionals advising entities that release, support and use IoT devices. This panel will explore (1) the range of IoT devices available to consumers and industry, (2) legal issues when offering or buying connected devices, (3) cybersecurity considerations for IoT deployments, and (4) recent legal developments and enforcement trends, in the US and abroad. The panel will also look at emerging issues that could affect the growth of IoT, including the GDPR and data localization regimes around the world.
Panel Chair
Peter Lefkowitz
GE Digital
Speakers
Brian Bloch
Vice President & General Counsel
SimpliSafe
Seth Harrington
Partner
Ropes & Gray
Chris Poulin
Principal/Director
IoT Security Cyber Futures, Booz Allen
Mark Merolli
Senior Counsel, Connected Fitness
Under Armour
Post-Breach: Class Actions and Business to Business Disputes
The possibility of litigation often looms large following discovery of a data security incident. Class actions continue to generate most of the developing case law in this area. But potential business-to-business disputes – with software vendors, service providers, insurers and others – increasingly demand significant attention. The advent of cyber-insurance has also given rise to new and interesting planning considerations and legal questions. Join our panelists as they walk through the latest developments in the emerging data breach litigation landscape.
Panel Chair
Mark Szpak
Ropes & Gray
Speakers
Dan Routh
Ropes & Gray
John Doernberg
Area Vice President
Arthur J. Gallagher & Co.
Kent Sinclair
Sinclair Law
Vendor Management – Priorities, Audits & Security
The panel will provide practical guidance on management of a vendor privacy & security compliance program, including efficient contract intake, risk assessment, prioritization, audits, and security review (with a focus on encryption). While it has always been important to manage vendors, renewed attention is warranted given the upcoming European General Data Protection Regulation (“GDPR”) requirements and severe potential fines, as well as the stronger emphasis on supply chain risk management in the January 2017 update of the National Institute of Standards and Technologies (“NIST”) Cybersecurity Framework.
Panel Chairs
Alexis Goltra
Vice President, Legal & Chief Privacy Officer
Oracle
Sayoko Blodgett-Ford
Member and Chief Privacy Officer
GTC Law Group PC & Affiliates
Speakers
Elaine Call
Technology and Privacy Counsel
Cengage
Andrew Graziani
Senior Legal Director
Cimpress
Katherine Fick
Privacy Counsel
IBM Corp.
Cybersecurity – What Lawyers Need to Know
This panel of cybersecurity experts will provide an overview of (1) common and emerging cyber threats and how to combat them – from ransom ware to the dark web and beyond, (2) the law of cybersecurity – what lawyers need to know, (3) how lawyers and compliance groups can better work with information security teams to reduce cyber risk, including tips for avoiding common mistakes in incident response, and for conducting effective cybersecurity assessments, and more.
Panel Chair
Heather Sussman
Partner, Co-Head Privacy and Data Security Practice
Ropes & Gray
Speakers
Moderator
Heather Sussman
Ropes & Gray
Laura Galante
Galante Strategies
Andy Obucheski
Charles River Associates
Adam Bookbinder
Cybercrime Unit
U.S. Attorney’s Office
Rob Feldman
Vice President and Deputy General Counsel, Citrix
Privacy and Digital Advertising: A tale of Self-Regulation and Shopping for Cars Online
This panel discussion will focus on digital advertising and the many privacy issues encountered by technology providers, advertisers and lawyers. The group of industry veteran privacy professionals and lawyers will describe the nuts and bolts of gathering behavioral data (car shopping produces a lot) and its use in advertising, regulatory schemes covering the industry, key players and challenging cases/enforcement actions. Finally, the panelists will focus on looking forward, discussing things like global advertising issues, the FCC’s recently overturned ISP Privacy Rules and Addressable TV advertising.
Panel Chair
Andy Dale
Dataxu
Speakers
Julia Shullman
Sr. Director, Deputy GC, Commercial and Privacy
AppNexus
Reed Freeman
Partner, Co-Chair, Privacy and Communications Practice
WilmerHale
Colin O’Malley
The Lucid Privacy Group and PLOW
Privacy and Security in M&A
The panel will focus on the key due diligence, risk mitigation, deal documents, and post-closing areas of focus with respect to data privacy and security in M&A transactions. Special focus will be on lessons learned from recent cases such as the Verizon/Yahoo merger, samples of important requests to make of targets during due diligence, and how to plan for the time and resources needed for pre- and post-closing work.
Panel Chair
Matthew Garvey
TJX
Speakers
Mark Belanger
Fidelity Investments
Seth Berman
Stroz Friedberg
Cynthia Larose
Mintz Levin
Privacy Issues for Life Sciences Companies
Panel Chair
Colin Zick
Foley Hoag
Speakers
Maria D. Buckley
General Counsel
Joslin Diabetes Center
Andrew DiMichele
Head of Product & Technology
Onduo
Enforcement and Regulatory Trends
These have been tumultuous political times, but that has not stopped key privacy and security enforcement from continuing their mission. This panel will discuss recent enforcement actions by their agencies over the past 12-24 months, and enforcement priorities going forward. From the recent privacy settlement by the MA Attorney General’s office and the FTC’s report on cross-device tracking, to what’s driving OCR’s enforcement priorities in the health industry, and what to expect in the area of financial services enforcement in 2017 – these panelists will give their views and take questions from the audience.
Panel Chair
Heather Sussman
Partner, Co-Head Privacy and Data Security Practice
Ropes & Gray
Speakers
Moderator
Ed Zacharias
Partner, McDermott Will & Emery
Cora Han
Federal Trade Commission
Agnes Bundy Scanlan
Treliant (Formerly Regional Director, Northeast Region, Consumer Financial Protection Bureau)
Sara Cable
Assistant Attorney General, Consumer Protection Division, Massachusetts Attorney General’s Office (invited)
Susan Rhodes
Office of Civil Rights, U.S. Department of Health and Human Services
Speakers
Karen Neuman
Goodwin
Former Chief Privacy Officer with the U.S. Department of Homeland Security
Sam Curry
Chief Product Officer, Cybereason
Leah Perry
Chief Privacy Counsel, S&P Global
Stephen Charkoudian
Goodwin
CONFERENCE PRICING
BOSTON BAR MEMBER – $450.00
To reserve your seat, click REGISTER, then LOGIN to your Boston Bar member account.
NON MEMBER – $525.00
To reserve your seat, click REGISTER, then Login to Attend to create a New User account -or- contact Margaret DeMoura: 617.778.1946 | mdemoura@bostonbar.org.
BOSTON BAR MEMBER EXCLUSIVE OFFERS:
Boston Bar Member | Early Registration Discount
Early registration rate of $395 available to Boston Bar members registering
prior to April 30, 2017. Login to your member account and register for the
conference using promo code: PRIVACY395 or contact Margaret DeMoura: 617.778.1946 | mdemoura@bostonbar.org.
Boston Bar Membership + Conference Offer
Not a Boston Bar member? No problem. If you’re a practicing lawyer or a law student in the Boston area and you’d like to join the Boston Bar to receive all the advantages of membership, you can register to attend the Privacy and Cybersecurity Conference as a member.
To take advantage of the Membership + Conference offer, contact
Tara Trask: 617.778.1984 | ttrask@bostonbar.org.
CONFERENCE SPONSORS
Law Firm Partners
Conference Sponsors
For conference sponsorship opportunities, please contact Erica Southerland:
617.778.1930 | esoutherland@bostonbar.org
FEATURED SPEAKERS
Adam Bookbinder
Adam J. Bookbinder is the chief of the Cybercrime Unit in the U.S. Attorney’s Office for the District of Massachusetts. This unit is responsible for the investigation and prosecution of computer and intellectual property crime, including: computer intrusions, data breaches, network attacks, theft of trade secrets, trafficking in counterfeit goods, and on-line fraud. He has been an assistant U.S. Attorney since 1999, spending the past 10 years in the Cybercrime Unit and the previous four in the Economic Crimes Unit. Before joining the U.S. Attorney’s Office, he worked as an assistant D.A. in the Essex County D.A.’s Office, an associate at Bingham, Dana, and Gould, and a clerk for Ninth Circuit Judge Stephen Trott. He has a B.A. from Dartmouth College and a J.D. from Harvard Law School.
Renard François
Renard François is GE’s Global Chief Privacy Officer with responsibility for privacy and data rights management and leading the privacy practice group across GE; supporting GE’s corporate functions, including HR, labor & employment, IT, and litigation teams; and coordinating with the Government Affairs team on relevant issues. Before becoming Chief Privacy Officer, he was GE Capital’s Chief Privacy & Data Protection Counsel. In this role, Renard provided legal support, chaired the Privacy & Data Protection Committee, and oversaw the development and implementation of GE Capital’s privacy policies, standards, and practices. For seven years, Renard served on the U.S. Department of Homeland Security’s Data Privacy & Integrity Advisory Committee. He earned a B.A. from the University of Pennsylvania and his law degree from the George Washington University Law School.
Cora Han
Cora Han is a senior attorney in the Federal Trade Commission’s Division of Privacy and Identity Protection where she investigates and prosecutes violations of federal laws protecting the privacy and security of consumer information, and works on related policy matters. She has played a leading role working on health privacy matters for the FTC, including organizing the FTC’s seminar on Consumer Generated and Controlled Health Data, and moderating the discussion on connected health at the FTC’s workshop on the Internet of Things. Her law enforcement actions include the Commission’s settlement with Facebook. Prior to joining the FTC, Cora was an attorney with WilmerHale, where her practice focused on trademark, copyright, and media law.
Karen Neuman
Karen Neuman is an internationally recognized privacy lawyer. She recently joined Goodwin after serving as the Chief Privacy Officer for the US Department of Homeland Security (DHS). A solution-oriented practitioner with highly specialized expertise in complex privacy law matters at the intersection of technology and innovation, Ms. Neuman provides strategic guidance and legal advice to organizations and management on a broad range of issues related to data privacy, cybersecurity, and regulatory compliance. During her tenure at DHS she was a member of the US delegation that negotiated an umbrella Data Privacy Protection Agreement with the EU and was part of the high-level US team that supported negotiations for the EU – US Privacy Shield.
ADVISORY COMMITTEE
Sara Berkson
Vertex Pharmaceuticals
Peter Lefkowitz
GE Digital
Brenda Sharton
Goodwin
Heather Sussman
Ropes & Gray
Colin Zick
Foley Hoag
SEE WHO IS COMING
Akamai
American Student Assistance
AppNexus
Arthur Gallagher
Assistant Attorney General, Consumer Protection Division, Massachusetts Attorney General’s Office
Bank of America Corporation – Legal Department
Beth Israel Deaconess Medical Center
Boston Scientific
Brightcove, Inc.
Cambridge Public Schools
Charles River Associates
Chief, Cybercrime Unit, U.S. Attorney’s Office
Cimpress
Dana-Farber Cancer Institute
Dataxu
Duffy & Sweeney, LTD.
Ernst & Young
Fidelity Investments
Foley Hoag LLP
FTI Consulting
GE
GE Digital
Goodwin
GTC Law Group PC & Affiliates
Harvard Business School Publishing
Harvard Pilgrim Healthcare, Inc.
IBM Corp.
Intersystems Corporation
Intralinks Inc.
John Hancock
Liberty Mutual Group
LPL Financial LLC
Mintz Levin
Morse, Barnes-Brown & Pendleton, PC
Nicholls Data Recovery, LLC
Office of Massachusetts Attorney General
Office of Civil Rights, U.S. Department of Health and Human Services
Onduo
Oracle
Peabody & Arnold LLP
Robinson & Cole LLP
Ropes & Gray LLP
Sinclair Law
Spartan Race, Inc.
Stroz Freidberg
The Lucid Privacy Group and PLOW
TJX
Treliant
U.S. Federal Trade Commission
United States Attorney’s Office for the District of Massachusetts
Vertex Pharmaceuticals
WilmerHale