PrivSec Global returns on 29th & 30th June 2022, and will once again deliver a carefully curated agenda that taps into the expertise of subject matter experts, industry leaders and academics.
(Timings shown in British Summer Time (BST)
PrivSec Global Agenda | Timings shown in British Summer Time (BST)
| BST | Wednesday 29th June 2022 |
|---|---|
| 08:00 | Data Protection Update: Asia-Pacific With a fast-developing and diverse set of laws and regulations, aligning your privacy program to ensure legal compliance across the APAC region can be a challenge. Our panel will explore the latest developments to data protection law in APAC. Host
Speakers
|
| 08:15 | |
| 08:30 | |
| 08:45 | |
| 09:00 | Building a Privacy Management Program A privacy management programme must be well-informed, accesible, and dynamic enough to adapt to fast-changing requirements. Our panel will consider the key components of a privacy management programme to help you meet or exceed legal and consumer demands. Host
Speakers
|
| 09:15 | |
| 09:30 | |
| 09:45 | |
| 10:00 | Re-Thinking Trusted Data The explosive growth of data and the value it creates calls on data professionals to level up their programs to build, demonstrate, and maintain trust. The days of fine print, pre-ticked boxes, and data hoarding are gone and strong collaboration from data, privacy, marketing and ethics teams is necessary to design trustworthy data-driven practices. Join us for a discussion on the latest trends in trusted data and how you can take critical steps to build trust in data practices by:
Speaker
|
| 10:15 | |
| 10:30 | The ROI of Data Privacy Turning privacy into a business enabler by raising data privacy awareness and business accountability with key GDPR requirements. Implementing a data privacy programme that will channel data privacy to boost revenue, market reputation & customer trust leading to a meaningful ROI. Speakers
|
| 10:45 | |
| 11:00 | Conducting a Transfer Impact Assessment: Best Practice The transfer impact assessment (TIA) might be among the most demenading of the GDPR's requirements. Assessing the surveillance regime of a third country can be a daunting task even for an experienced legal department—not to mention the thousands of SMEs engaged in international data transfers. Our panel will provide actionable advice on getting TIAs right. Host
Speakers
|
| 11:15 | |
| 11:30 | |
| 11:45 | |
| 12:00 | Break |
| 12:15 | |
| 12:30 | |
| 12:45 | |
| 13:00 | Why Effective Process and Governance is as Important as Technology When IAM issues arise When IAM issues arise, organizations often lean too heavily on implementing technology with the idea that it will solve all issues related to identity and access. This leads to short-term solutions with an incomplete understanding of the real business need and accompanying requirements, and issues often resurface. Organizations investing too heavily in technology often have a limited view on the overall business value of IAM initiatives and thus struggle to realize maximum gains. Successful IAM programs look to focus efforts on the strategy, process and governance of an IAM program first, then tackle technology with all the right requirements in place. Effective process and governance helps remediate elements outside of technology, such as organizational structure, risk management, and standard procedures and processes. Complying with existing IAM standards, such as managing privileged accounts through an enterprise IAM tool, can be enforced without the use of technology by utilizing existing enterprise gates, like change management processes, release management or a system development lifecycle. Root problems often lie within the process and governance in place (or the lack thereof), which make up organizations’ IAM. Increasing the focus on establishing IAM methodologies and governance frameworks, reengineering processes, improving standards, and employing playbooks will have long-term benefits to organizations. Host
Speakers
|
| 13:15 | |
| 13:30 | |
| 13:45 | |
| 14:00 | Secure SAP Development at the Speed of Digital Transformation SAP applications are the cornerstone of business operations and have become a top attack vector for enterprises.The need for secure development and testing of applications have never been greater. Yet there is a lack of tools that sufficiently support SAP languages, components, and development environments, resulting in the use of manual code reviews which are error prone. The accelerated pace of digital transformation has led organizations to balance speed with security as well as rely on third-party code and outsourced development teams, both of which can introduce security flaws and risk. Join our session and learn best practices for coping with the interconnected risk and challenges of today’s accelerated development cycles. Speakers
|
| 14:15 | |
| 14:30 | Keeping Pace with Emerging Threats Cyber criminals are leveraging innovative techniques and taking advantage of new security vulnerabilities. Organizations must evolve and adapt their defenses to protect against the next wave of cybersecurity threats. In this timely webinar, Egress' Cyber Intelligence Analyst, Ben du Parc Braham, offers advice on how to keep up to date with the threat landscape, as well as the steps businesses should take to protect employees, customers, and their overall brand from sophisticated cyberattacks. Speakers
|
| 14:45 | |
| 15:00 | How to Manage Third-Party Risk in Your Supply Chain Supply chain risks take many forms and can be devastating to your organisation if not properly mitigated. From cybersecurity to reputational and legal issues, managing risk among your vendors and other third parties can be a daunting task. This panel will consider how to improve the effectiveness and efficiency of your third-party risk management process, including due diligence, ongoing risk monitoring and issue management. Host
Speakers
|
| 15:15 | |
| 15:30 | |
| 15:45 | |
| 16:00 | Privacy Enhancing Technologies (PETs): Looking Beyond the Hype and Leveraging the Benefits
Privacy Enhancing Technologies (PETs) are often promoted as the answer to data protection's most difficult questions. But how much of this is "hype"? How are PETs already helping organisations improve privacy? And what does the future hold for promising early-stage PETs? Host
Speakers
|
| 16:15 | |
| 16:30 | |
| 16:45 | |
| 17:00 | Nation-State Cyber Attacks and the Destabilised Future
Cyber attacks are becoming an increasingly important tool in war, espionage and destablisation. Our panel will explore the history and implications of state-backed cyberattacks, and consider what organisations and government can do to protect against them. Host
Speakers
|
| 17:15 | |
| 17:30 | |
| 17:45 | |
| 18:00 | Prepare for Schrems III? Unpacking the Trans-Atlantic Data Privacy Framework The Trans Atlanic Dat Privacy Framework (TADPF) could be the solution to one of data protection's toughest problems: exporting personal data from the EU to the US. But privacy campaigner Max Schrems—whose court cases demolished the previous two transatlantic data transfer frameworks, Safe Harbor and Privacy Shield—has already suggested that the agreement does not meet EU standards for protecting fundamental rights. Our panel will explore what we know about the proposals so far and consider whether they are likely to survive a court challenge. Host
Speakers
|
| 18:15 | |
| 18:30 | |
| 18:45 | |
| 19:00 | The Ukraine Refugee Crisis: Why Data Protection Matters From the use of Clearview AI to identify Russian soldiers to processing the biometric data of Ukrainian refugees; the war in Ukraine reminds us of how data protection permeates almost every facet of life. As the crisis continues and leaves thousands of Ukranians displaced, what role can privacy advocates and professionals play in limiting some of the war's harms? Host
Speakers
|
| 19:15 | |
| 19:30 | |
| 19:45 | |
| 20:00 |
PrivSec Global Agenda | Timings shown in British Summer Time (BST)
| BST | Wednesday 29th June 2022 |
|---|---|
| 08:00 | Vendor Risk Management: Can You Trust Vendor Risk Questionnaires?
Vendor risk management questionnaires are often seen as a vital part of the TRPM due diligence process But how far can you trust your vendors' responses? Is there a way to improve transparency? And do we have any better options? Speakers
Speakers
|
| 08:15 | |
| 08:30 | |
| 08:45 | |
| 09:00 | Data Retention and Minimisation: Best Practice Getting data retention and minimisation right is crucial to ensuring effective data protection compliance. Only collecting the data you need, and only storing it for as long as required, significantly reduces the likelihood of a data breach or other violation. This panel will explore the fundamentals of data retention and data minimisation with actionable tips for how to improve your practices. Host
Speakers
|
| 09:15 | |
| 09:30 | |
| 09:45 | |
| 10:00 | Break |
| 10:15 | |
| 10:30 | |
| 10:45 | |
| 11:00 | Choosing the Right Cybersecurity Framework Implementing a cybersecurity framework is a great way to improve your company's security posture. But there are a lot of frameworks to choose from, and their suitability varies depending on your company's industry, size and resources. Our panel will explore the most popular cybersecurity frameworks and help you decide which one is right for your organisation. Host
Speakers
|
| 11:15 | |
| 11:30 | |
| 11:45 | |
| 12:00 | The human element: Fixing the behaviors that lead to breaches Cybercriminals continue to launch increasingly sophisticated social engineering attacks. Coupled with a rise in human error, it’s no surprise that 85% of today’s security breaches involve a human element.* Traditional approaches fall short of solving this problem, with legacy technology and security awareness training unable to reduce human-activated risk on email. Speakers
|
| 12:15 | |
| 12:30 | Digital Identity: Will We Ever See a World Without Passwords? Even with good password management techniques, passwords are a flawed approach to account security. Many of the world's major tech companies are proposing alternative mechanisms to verify identity and manage access. But what works best—and are there privacy trade-offs? Speaker
Speaker
|
| 12:45 | |
| 13:00 | |
| 13:15 | Security Risks in Web3 and the Metaverse If the future of the internet truly lies in Web3 or the Metaverse, security experts need to carefully consider the risks involved. From well-established social engineering attacks to emerging threats to the blockchain, our panel will explore the security issues potentially involved in Web3 and the Metaverse. Host
Speakers
|
| 13:30 | |
| 13:45 | |
| 14:00 | |
| 14:15 | Maintaining an Effective and Efficient Record of Processing Activities (ROPA) The record of processing activities (RoPA) is, perhaps unfairly, sometimes maligned as an example of the GDPR's tendency to create excessive bureaucracy. But the RoPA is arguably an important accountability tool that—if maintained correctly—does not need to create a lot of extra work for your data protection team. Our panel will explore how to maintain an effective and efficient RoPA. Host
Speakers
|
| 14:30 | |
| 14:45 | |
| 15:00 | |
| 15:15 | Should Everyone Have a Digital Identity? Governments worldwide are developing digital identity schemes that, they claim, will improve bureaucracy and ensure fairer access to state welfare. But privacy campaigners are skeptical about the prospect of every individual's identity being digitised. Our panel will debate the benefits and risks of the push towards digital identity. Host
Speakers
|
| 15:30 | |
| 15:45 | |
| 16:00 | |
| 16:15 | Should Society Tolerate Widespread Use of Facial Recognition? Facial recognition has become increasingly common, for law enforcement and identity verification purposes. The technology is everywhere from airport security to school lunch queues. But do the privacy risks of facial recognition technology outweigh the benefits? Can those risks be mitigated? And will upcoming changes to AI regulation impact the facial recognition industry? Host
Speakers
|
| 16:30 | |
| 16:45 | |
| 17:00 | |
| 17:15 | Data Protection Update: United States Connecticut and Utah joined the ranks of US states with a comprehensive privacy law this year. The privacy patchwork continues to stitch itself together—but how should privacy professionals respond. And is anyone still hoping for a federal privacy law? Our panel will explore the year's privacy developments in the United States and consider what lies ahead. Host
Speakers
|
| 17:30 | |
| 17:45 | |
| 18:00 |
(Timings shown in British Summer Time (BST)
PrivSec Global Agenda | Timings shown in British Summer Time (BST)
| BST | Thursday 30th June 2022 |
|---|---|
| 08:00 | Insider Threats: Detecting and Mitigating the Threat From Within Insider threats can lead to devestating security incidents—whether intentional or negligent, and perpetrated by a from a trusted employee, ex-employee, or contractor. Our panel will explore how organsations can detect and stop insider threats. Host
Speakers
|
| 08:15 | |
| 08:30 | |
| 08:45 | |
| 09:00 | Data Protection Update: United Kingdom
The UK is set to overhaul its data protection and privacy rules, with changes to cookies, accountability and regulation all on the table. Our panel will explore what is around the corner in the UK and consider how it might affect organisations—and the UK's EU "adequacy" decision. Host
Speakers
|
| 09:15 | |
| 09:30 | |
| 09:45 | |
| 10:00 | Taking Control of Your Sensitive Data To comply with increasingly strict data protection rules, organizations need to maintain total oversight of the personal data they’re collecting, storing, using, or sharing—particularly when it comes to sensitive data. A breach or legal violation involving sensitive data can cause major problems, both for the organization and the people whose data they’re required to protect. Remote work, the data-driven economy, and a complex regulatory landscape have only increased the complexity involved in taking—and maintaining—control of sensitive data inventories. But doing so is a must in the modern business world. Join us on 30th June at 10am BST where a panel of data experts will explore the best ways to improve oversight of your organization’s sensitive data while mitigating the risks of legal violations and data breaches. Moderator
Speaker
|
| 10:15 | |
| 10:30 | |
| 10:45 | |
| 11:00 | Beyond the US: A Look At Transfers to Other Third Countries The focus on data transfers post-Schrems II has been squarely on the US. But the same rules apply to any third country without an adequacy decision. Our panel will consider how the data protection regimes in other major economies might impact EEA and UK organisations' data transfer operations. Host
Speakers
|
| 11:15 | |
| 11:30 | |
| 11:45 | |
| 12:00 | Break |
| 12:15 | |
| 12:30 | |
| 12:45 | |
| 13:00 | Can Privacy Enhancing Technologies (PETs) Solve the Data Transfer Puzzle? The legal issues around data transfers continue to cause confusion and consume resources. Many believe the solution lies in Privacy Enhancing Technologies (PETs). The US and UK governments are even collaborating on an "innovation prize challenge" to encourage the development of PETs for data transfers. Our panel will consider whether PETs could solve the data transfer puzzle. Host
Speakers
|
| 13:15 | |
| 13:30 | |
| 13:45 | |
| 14:00 | Cyber Insurance: The Looming Systemic Crisis This panel will look at three core areas: Pricing cyber risk: this is a real challenge for all players given the complexity of cyber security; Perverse incentives: even regulators have commented on the inability of insurers to price risk and also on the perverse incentives in the market; and lastly, There is not enough capital to cover a major cyber pandemic. Host
Speakers
|
| 14:15 | |
| 14:30 | |
| 14:45 | |
| 15:00 | NFTs: Just a Craze or Here to Stay? Many non-fungible token (NFT) investors are not yet seeing the returns they hoped for. But some argue that the price of NFTs could rebound—and that the truly game-changing nature of NFTs has yet to be realised. Our panel will disuss the possible use cases of NFTs and consider whether the technology has a future. Host
Speakers
|
| 15:15 | |
| 15:30 | |
| 15:45 | |
| 16:00 | Data Centres: Just How Bad Is the Environmental Impact? Data minimisation and storage limitation are key principles of data protection. But alongside the impact on privacy, minimising the amount of personal data you're processing has another benefit: reducing carbon emissions. Is the environment paying an unacceptable price for the expansion of the digital ecosystem and the increasingly vital role of data to many businesses? Or is the shift to the cloud creating a more efficient way to process large amounts of data? Host
Speakers
|
| 16:15 | |
| 16:30 | |
| 16:45 | |
| 17:00 | How to Avoid Software Supply Chain Attacks From Solarwinds to Kaseya to Log4j—the security risk from software supply chain attacks shows no sign of abating. Our panel will consider the best technical and organisational controls to help minimise the possibility of suffering a software supply chain attack. Host
Speakers
|
| 17:15 | |
| 17:30 | |
| 17:45 | |
| 18:00 | Using First-Party Data In the Post-Cookie Landscape The third-party cookie isn't dead yet, but expect it to be phased out over the next half a decade. And as marketing teams search for new solutions to target prospective customers, they must take privacy into account. Our panel will consider the potential data protection issues that arise when using first-party data in the post-cookie landscape. Host
Speakers
|
| 18:15 | |
| 18:30 | |
| 18:45 | |
| 19:00 |
PrivSec Global Agenda | Timings shown in British Summer Time (BST)
| BST | Thursday 30th June 2022 |
|---|---|
| 08:00 | The Dangers of AI-Driven Mass Surveillance Artificial intelligence is driving huge improvements in fields as diverse as medicine and climate monitoring. But from biometric identification to "social credit" scoring systems, AI is also providing new ways for governments and large corporations to track and surveil people—with significant implications for their privacy and freedom. How is AI contributing to the mass surveillance of vulnerable populations? What role is the private sector playing in supporting—and resisting—such activities? And can regulation catch up with the worrying advancements already made in this field? Host
Speakers
|
| 08:15 | |
| 08:30 | |
| 08:45 | |
| 09:00 | Exploring the Updates to ISO/IEC 27001
This panel will explore the updates to the ISO/IEC 27001 framework—what's new? What stays the same? And what do organisations need to do to maintain compliance with the new version? Host
Speakers
|
| 09:15 | |
| 09:30 | |
| 09:45 | |
| 10:00 | Is Google Analytics Now Illegal in the EU? Decisions from the French and Austrian DPAs suggest that Google Analytics is not compatible with the GDPR. Does this extend to the rest of the EU? What about the UK? Might there be some Google Analytics configurations that are GDPR-compliant? Our panel will consider the implications of recent Google Analytics decisions for the millions of websites that use the tool. Speakers
Speakers
|
| 10:15 | |
| 10:30 | |
| 10:45 | |
| 11:00 | Break |
| 11:15 | |
| 11:30 | |
| 11:45 | |
| 12:00 | The Changing Role of the CISO Remote work, COVID-19-related fraud, the escalation in cyberattacks—CISOs have overseen a turbulant few years, and good leadership in security is more important than ever. This panel will explore how the role of the CISO is changing and what lies ahead for security leaders. Host
Speakers
|
| 12:15 | |
| 12:30 | |
| 12:45 | |
| 13:00 | Best Practices for Detecting, Preventing and Recovering From Ransomware Ransomware continues to cause huge losses and harms across the globe. But taking a proactive approach to security and business continuity can reduce the likelihood of falling victim to an attack—and reduce the damage that occurs if you are targeted. Our panel will explore the best practices on detecting, preventing and recovering from ransomware. Host
Speakers
|
| 13:15 | |
| 13:30 | |
| 13:45 | |
| 14:00 | Data Protection Update: Latin America The Latin American region has a diverse and fast-developing data protection landscape. Beyond Brazil's LGPD, a number of LATAM countries have strong data protection frameworks. Our panel will explore recent data protection developments in the LATAM region Host
Speakers
|
| 14:15 | |
| 14:30 | |
| 14:45 | |
| 15:00 | Diversity, Equity, and Inclusion in Security: Closing the Gap The security industry is diversifying, with a broader range of genders and ethnicities now making their mark on the profession. But there's still work to do. Our panel will consider how to attract the full range of talent to the exciting and vibrant security sector. Host
Speakers
|
| 15:15 | |
| 15:30 | |
| 15:45 | |
| 16:00 | Complying With State Privacy Laws Across the US Five US states now have comprehensive privacy laws. The privacy patchwork is looking more and more complex. This panel will explore the best approach for complying with America's varying privacy laws. Host
Speakers
|
| 16:15 | |
| 16:30 | |
| 16:45 | |
| 17:00 | To Manage or Not to Manage: Reconciling Bring Your Own Device (BYOD) with the Corporate Network To manage or not to manage—there really is no choice between the two for today’s enterprises. Employees, contractors, partners, and others are bringing in personal devices and connecting to the corporate network for professional and personal reasons. The challenge with BYOD is not whether outside devices are brought into the enterprise network, but whether IT can react quickly enough to protect the organization’s business assets—without disrupting employee productivity and while offering freedom of choice. Nearly every company has some sort of BYOD policy that allows users to access secure resources from their own devices. However, accessing internal and SaaS applications on a mobile device can be more cumbersome than doing so from a networked laptop or desktop workstation. In addition, IT staff may struggle to manage who has access privileges to corporate data and which devices they’re using to access it. Host
Speakers
|
| 17:15 | |
| 17:30 | |
| 17:45 | |
| 18:00 |
