PrivSec Global

 

AGENDA

29th & 30th June 2022

 

Register & Access The Event Platform

PrivSec Global brings together leading experts from around the globe, for a 2-day livestream experience that ensures attendees have access to the latest information, guidance and advice on data protection, privacy and security.

PrivSec Global returns on 29th & 30th June 2022, and will once again deliver a carefully curated agenda that taps into the expertise of subject matter experts, industry leaders and academics.

Session times shown below in Greenwich Mean Time (GMT). All sessions will be recorded and available on-demand.

Agenda - 29th June 2022

Day 1, Steam 1&2

(Timings shown in British Summer Time (BST)

Day 1 - Stream 1: Wednesday 29th June 2022

PrivSec Global Agenda | Timings shown in British Summer Time (BST)

Scroll left/right to view

BST Wednesday 29th June 2022
08:00

Data Protection Update: Asia-Pacific
08:00 AM - 08:45 AM

With a fast-developing and diverse set of laws and regulations, aligning your privacy program to ensure legal compliance across the APAC region can be a challenge. Our panel will explore the latest developments to data protection law in APAC.

Host

Speakers

08:15
08:30
08:45
09:00

Building a Privacy Management Program
09:00 AM - 09:45

A privacy management programme must be well-informed, accesible, and dynamic enough to adapt to fast-changing requirements.

Our panel will consider the key components of a privacy management programme to help you meet or exceed legal and consumer demands.

Host

Speakers

09:15
09:30
09:45
10:00

Re-Thinking Trusted Data
10:00 AM - 10:30 AM

The explosive growth of data and the value it creates calls on data professionals to level up their programs to build, demonstrate, and maintain trust. The days of fine print, pre-ticked boxes, and data hoarding are gone and strong collaboration from data, privacy, marketing and ethics teams is necessary to design trustworthy data-driven practices.

Join us for a discussion on the latest trends in trusted data and how you can take critical steps to build trust in data practices by:

    - Embedding privacy by design into data operations
    - Respecting individual choice and optimizing the ongoing relationship with consumers
    - Preparing for future data challenges including responsible AI and sustainability

Speaker

10:15
10:30

The ROI of Data Privacy
10:30 AM - 11:00 AM

Turning privacy into a business enabler by raising data privacy awareness and business accountability with key GDPR requirements. Implementing a data privacy programme that will channel data privacy to boost revenue, market reputation & customer trust leading to a meaningful ROI.

Speakers

10:45
11:00

Conducting a Transfer Impact Assessment: Best Practice
11:00 - 11:45

The transfer impact assessment (TIA) might be among the most demenading of the GDPR's requirements.

Assessing the surveillance regime of a third country can be a daunting task even for an experienced legal department—not to mention the thousands of SMEs engaged in international data transfers.

Our panel will provide actionable advice on getting TIAs right.

Host

Speakers

11:15
11:30
11:45
12:00

Break
12:00 - 12:45

12:15
12:30
12:45
13:00

Why Effective Process and Governance is as Important as Technology When IAM issues arise
13:00 - 13:45

When IAM issues arise, organizations often lean too heavily on implementing technology with the idea that it will solve all issues related to identity and access. This leads to short-term solutions with an incomplete understanding of the real business need and accompanying requirements, and issues often resurface. Organizations investing too heavily in technology often have a limited view on the overall business value of IAM initiatives and thus struggle to realize maximum gains. Successful IAM programs look to focus efforts on the strategy, process and governance of an IAM program first, then tackle technology with all the right requirements in place.

Effective process and governance helps remediate elements outside of technology, such as organizational structure, risk management, and standard procedures and processes. Complying with existing IAM standards, such as managing privileged accounts through an enterprise IAM tool, can be enforced without the use of technology by utilizing existing enterprise gates, like change management processes, release management or a system development lifecycle. Root problems often lie within the process and governance in place (or the lack thereof), which make up organizations’ IAM. Increasing the focus on establishing IAM methodologies and governance frameworks, reengineering processes, improving standards, and employing playbooks will have long-term benefits to organizations.

Host

Speakers

13:15
13:30
13:45
14:00

Secure SAP Development at the Speed of Digital Transformation
14:00 - 14:30

SAP applications are the cornerstone of business operations and have become a top attack vector for enterprises.The need for secure development and testing of applications have never been greater. Yet there is a lack of tools that sufficiently support SAP languages, components, and development environments, resulting in the use of manual code reviews which are error prone. The accelerated pace of digital transformation has led organizations to balance speed with security as well as rely on third-party code and outsourced development teams, both of which can introduce security flaws and risk.

Join our session and learn best practices for coping with the interconnected risk and challenges of today’s accelerated development cycles.

Speakers

14:15
14:30

Keeping Pace with Emerging Threats
14:30 - 15:00

Cyber criminals are leveraging innovative techniques and taking advantage of new security vulnerabilities. Organizations must evolve and adapt their defenses to protect against the next wave of cybersecurity threats.

In this timely webinar, Egress' Cyber Intelligence Analyst, Ben du Parc Braham, offers advice on how to keep up to date with the threat landscape, as well as the steps businesses should take to protect employees, customers, and their overall brand from sophisticated cyberattacks.

Speakers

14:45
15:00

How to Manage Third-Party Risk in Your Supply Chain
15:00 - 15:45

Supply chain risks take many forms and can be devastating to your organisation if not properly mitigated. From cybersecurity to reputational and legal issues, managing risk among your vendors and other third parties can be a daunting task.

This panel will consider how to improve the effectiveness and efficiency of your third-party risk management process, including due diligence, ongoing risk monitoring and issue management.

Host

Speakers

  • Sandeep Bhide, VP of Product Management, ProcessUnity
  • Vincent D'Angelo, Global Director, Strategic Alliances, Partnerships & Corporate Strategy, CSC Digital Brand Services
  • Regine Bonneau, CEO and Founder, RB Advisory
15:15
15:30
15:45
16:00

Privacy Enhancing Technologies (PETs): Looking Beyond the Hype and Leveraging the Benefits
16:00 - 16:45

Privacy Enhancing Technologies (PETs) are often promoted as the answer to data protection's most difficult questions.

But how much of this is "hype"? How are PETs already helping organisations improve privacy? And what does the future hold for promising early-stage PETs?

Host

Speakers

  • Victoria van Roosmale, CIPP/E, CIPP/US, CIPP/C, CIPM, CIPT, FIP, CDPSE, CISO & DPO, Coosto
  • Martin Gomberg, Senior Privacy Consultant
  • Cameron Brown, Cybersecurity Commentator and Editorial Board Member for the Journal of Data Protection and Privacy
16:15
16:30
16:45
17:00

Nation-State Cyber Attacks and the Destabilised Future
17:00 - 17:45

Cyber attacks are becoming an increasingly important tool in war, espionage and destablisation.

Our panel will explore the history and implications of state-backed cyberattacks, and consider what organisations and government can do to protect against them.

Host

  • Cameron Brown, Cybersecurity Commentator and Editorial Board Member for the Journal of Data Protection and Privacy

Speakers

17:15
17:30
17:45
18:00

Prepare for Schrems III? Unpacking the Trans-Atlantic Data Privacy Framework
18:00 - 18:45

The Trans Atlanic Dat Privacy Framework (TADPF) could be the solution to one of data protection's toughest problems: exporting personal data from the EU to the US.

But privacy campaigner Max Schrems—whose court cases demolished the previous two transatlantic data transfer frameworks, Safe Harbor and Privacy Shield—has already suggested that the agreement does not meet EU standards for protecting fundamental rights.

Our panel will explore what we know about the proposals so far and consider whether they are likely to survive a court challenge.

Host

Speakers

18:15
18:30
18:45
19:00

The Ukraine Refugee Crisis: Why Data Protection Matters
19:00 - 19:45

From the use of Clearview AI to identify Russian soldiers to processing the biometric data of Ukrainian refugees; the war in Ukraine reminds us of how data protection permeates almost every facet of life.

As the crisis continues and leaves thousands of Ukranians displaced, what role can privacy advocates and professionals play in limiting some of the war's harms?

Host

Speakers

19:15
19:30
19:45
20:00

Day 1 - Stream 2: Wednesday 29th June 2022

PrivSec Global Agenda | Timings shown in British Summer Time (BST)

Scroll left/right to view

BST Wednesday 29th June 2022
08:00

Vendor Risk Management: Can You Trust Vendor Risk Questionnaires?
08:00 AM - 08:45 AM

Vendor risk management questionnaires are often seen as a vital part of the TRPM due diligence process

But how far can you trust your vendors' responses? Is there a way to improve transparency? And do we have any better options?

Speakers

Speakers

08:15
08:30
08:45
09:00

Data Retention and Minimisation: Best Practice
09:00 AM - 09:45

Getting data retention and minimisation right is crucial to ensuring effective data protection compliance. Only collecting the data you need, and only storing it for as long as required, significantly reduces the likelihood of a data breach or other violation.

This panel will explore the fundamentals of data retention and data minimisation with actionable tips for how to improve your practices.

Host

Speakers

09:15
09:30
09:45
10:00

Break
10:00 AM - 10:45 AM

10:15
10:30
10:45
11:00

Choosing the Right Cybersecurity Framework
11:00 AM - 11:45 AM

Implementing a cybersecurity framework is a great way to improve your company's security posture. But there are a lot of frameworks to choose from, and their suitability varies depending on your company's industry, size and resources.

Our panel will explore the most popular cybersecurity frameworks and help you decide which one is right for your organisation.

Host

  • Yanya Viskovich, Chair of Cyber Law & Governance Working Group, Swiss Cyber Institute

Speakers

11:15
11:30
11:45
12:00

The human element: Fixing the behaviors that lead to breaches
12:00 AM - 12:30

Cybercriminals continue to launch increasingly sophisticated social engineering attacks. Coupled with a rise in human error, it’s no surprise that 85% of today’s security breaches involve a human element.* Traditional approaches fall short of solving this problem, with legacy technology and security awareness training unable to reduce human-activated risk on email.

Speakers

  • Steve Malone, VP of Product Management, Egress Software Technologies
  • Jack Chapman, Experienced cybersecurity expert and VP of Threat Intelligence, Egress
12:15
12:30

Digital Identity: Will We Ever See a World Without Passwords?
12:30 - 13:15

Even with good password management techniques, passwords are a flawed approach to account security. Many of the world's major tech companies are proposing alternative mechanisms to verify identity and manage access. But what works best—and are there privacy trade-offs?

Speaker

Speaker

12:45
13:00
13:15

Security Risks in Web3 and the Metaverse
13:15 PM - 14:00

If the future of the internet truly lies in Web3 or the Metaverse, security experts need to carefully consider the risks involved.

From well-established social engineering attacks to emerging threats to the blockchain, our panel will explore the security issues potentially involved in Web3 and the Metaverse.

Host

  • Justin Daniels, General Counsel/Cybersecurity/Data Protection, Baker Donelson

Speakers

13:30
13:45
14:00
14:15

Maintaining an Effective and Efficient Record of Processing Activities (ROPA)
14:15 - 15:00

The record of processing activities (RoPA) is, perhaps unfairly, sometimes maligned as an example of the GDPR's tendency to create excessive bureaucracy.

But the RoPA is arguably an important accountability tool that—if maintained correctly—does not need to create a lot of extra work for your data protection team.

Our panel will explore how to maintain an effective and efficient RoPA.

Host

  • Nishu Mittal, CISM, CIPT, CIPP/E, Manager - Business Information Security at Emirates NBD

Speakers

14:30
14:45
15:00
15:15

Should Everyone Have a Digital Identity?
15:15 - 16:00

Governments worldwide are developing digital identity schemes that, they claim, will improve bureaucracy and ensure fairer access to state welfare.

But privacy campaigners are skeptical about the prospect of every individual's identity being digitised.

Our panel will debate the benefits and risks of the push towards digital identity.

Host

Speakers

15:30
15:45
16:00
16:15

Should Society Tolerate Widespread Use of Facial Recognition?
16:15 - 17:00

Facial recognition has become increasingly common, for law enforcement and identity verification purposes. The technology is everywhere from airport security to school lunch queues.

But do the privacy risks of facial recognition technology outweigh the benefits? Can those risks be mitigated? And will upcoming changes to AI regulation impact the facial recognition industry?

Host

Speakers

16:30
16:45
17:00
17:15

Data Protection Update: United States
17:15 - 18:00

Connecticut and Utah joined the ranks of US states with a comprehensive privacy law this year. The privacy patchwork continues to stitch itself together—but how should privacy professionals respond. And is anyone still hoping for a federal privacy law?

Our panel will explore the year's privacy developments in the United States and consider what lies ahead.

Host

Speakers

17:30
17:45
18:00

Agenda - 30th June 2022

Day 2, Steam 1&2

(Timings shown in British Summer Time (BST)

Day 2 - Stream 1: Thursday 30th June 2022

PrivSec Global Agenda | Timings shown in British Summer Time (BST)

Scroll left/right to view

BST Thursday 30th June 2022
08:00

Insider Threats: Detecting and Mitigating the Threat From Within
08:00 AM - 08:45 AM

Insider threats can lead to devestating security incidents—whether intentional or negligent, and perpetrated by a from a trusted employee, ex-employee, or contractor.

Our panel will explore how organsations can detect and stop insider threats.

Host

Speakers

08:15
08:30
08:45
09:00

Data Protection Update: United Kingdom
09:00 AM - 09:45

The UK is set to overhaul its data protection and privacy rules, with changes to cookies, accountability and regulation all on the table.

Our panel will explore what is around the corner in the UK and consider how it might affect organisations—and the UK's EU "adequacy" decision.

Host

Speakers

09:15
09:30
09:45
10:00

Taking Control of Your Sensitive Data
10:00 AM - 10:45 AM

To comply with increasingly strict data protection rules, organizations need to maintain total oversight of the personal data they’re collecting, storing, using, or sharing—particularly when it comes to sensitive data. A breach or legal violation involving sensitive data can cause major problems, both for the organization and the people whose data they’re required to protect.

Remote work, the data-driven economy, and a complex regulatory landscape have only increased the complexity involved in taking—and maintaining—control of sensitive data inventories. But doing so is a must in the modern business world.

Join us on 30th June at 10am BST where a panel of data experts will explore the best ways to improve oversight of your organization’s sensitive data while mitigating the risks of legal violations and data breaches.

Moderator

Speaker

10:15
10:30
10:45
11:00

Beyond the US: A Look At Transfers to Other Third Countries
11:00 AM - 11:45

The focus on data transfers post-Schrems II has been squarely on the US. But the same rules apply to any third country without an adequacy decision.

Our panel will consider how the data protection regimes in other major economies might impact EEA and UK organisations' data transfer operations.

Host

Speakers

11:15
11:30
11:45
12:00

Break
12:00 - 12:45

12:15
12:30
12:45
13:00

Can Privacy Enhancing Technologies (PETs) Solve the Data Transfer Puzzle?
13:00 - 13:45

The legal issues around data transfers continue to cause confusion and consume resources. Many believe the solution lies in Privacy Enhancing Technologies (PETs). The US and UK governments are even collaborating on an "innovation prize challenge" to encourage the development of PETs for data transfers.

Our panel will consider whether PETs could solve the data transfer puzzle.

Host

  • James Robson, Data Protection Officer, What Works for Children's Social Care

Speakers

  • Mark Chang, Esq, MBA, CIPP/E, Senior Corporate Counsel, Privacy Compliance, SHEIN
  • PD Prasad, Co-founder & CPO, Lightbeam.ai
13:15
13:30
13:45
14:00

Cyber Insurance: The Looming Systemic Crisis
14:00 - 14:45

This panel will look at three core areas: Pricing cyber risk: this is a real challenge for all players given the complexity of cyber security; Perverse incentives: even regulators have commented on the inability of insurers to price risk and also on the perverse incentives in the market; and lastly, There is not enough capital to cover a major cyber pandemic.

Host

  • Bill Mew, Founder and CEO, Crisis Team

Speakers

14:15
14:30
14:45
15:00

NFTs: Just a Craze or Here to Stay?
15:00 - 15:45

Many non-fungible token (NFT) investors are not yet seeing the returns they hoped for. But some argue that the price of NFTs could rebound—and that the truly game-changing nature of NFTs has yet to be realised.

Our panel will disuss the possible use cases of NFTs and consider whether the technology has a future.

Host

  • Debra J Farber, CEO | Privacy & Ethical Tech Strategist, Advisor, & Angel Investor at Principled LLC

Speakers

  • Luca Egitto LL.M., Avvocato specializzato in proprietà intellettuale e information technology at RP Legal & Tax
  • Haim Ravia, Pearl Cohen, Israel
  • Rubén Cano Pérez, Intellectual Property - Information Technology & Communications Associate, Baker McKenzie
15:15
15:30
15:45
16:00

Data Centres: Just How Bad Is the Environmental Impact?
16:00 - 16:45

Data minimisation and storage limitation are key principles of data protection. But alongside the impact on privacy, minimising the amount of personal data you're processing has another benefit: reducing carbon emissions.

Is the environment paying an unacceptable price for the expansion of the digital ecosystem and the increasingly vital role of data to many businesses? Or is the shift to the cloud creating a more efficient way to process large amounts of data?

Host

  • Jennifer Riggins, Tech Storyteller | Freelance Writer | Podcast Host | Tech Analyst

Speakers

16:15
16:30
16:45
17:00

How to Avoid Software Supply Chain Attacks
17:00 - 17:45

From Solarwinds to Kaseya to Log4j—the security risk from software supply chain attacks shows no sign of abating. Our panel will consider the best technical and organisational controls to help minimise the possibility of suffering a software supply chain attack.

Host

Speakers

  • Kevin Neslage, US Incident Response Claims Counsel, Resilience Insurance
  • Selin Özbek Cittone, Dual qualified lawyer (Turkey and solicitor in England & Wales), CIPP/E, Managing Partner, Ozbek Attorney Partnership
17:15
17:30
17:45
18:00

Using First-Party Data In the Post-Cookie Landscape
18:00 - 18:45

The third-party cookie isn't dead yet, but expect it to be phased out over the next half a decade. And as marketing teams search for new solutions to target prospective customers, they must take privacy into account.

Our panel will consider the potential data protection issues that arise when using first-party data in the post-cookie landscape.

Host

Speakers

18:15
18:30
18:45
19:00

Day 2 - Stream 2: Thursday 30th June 2022

PrivSec Global Agenda | Timings shown in British Summer Time (BST)

Scroll left/right to view

BST Thursday 30th June 2022
08:00

The Dangers of AI-Driven Mass Surveillance
08:00 AM - 08:45 AM

Artificial intelligence is driving huge improvements in fields as diverse as medicine and climate monitoring. But from biometric identification to "social credit" scoring systems, AI is also providing new ways for governments and large corporations to track and surveil people—with significant implications for their privacy and freedom.

How is AI contributing to the mass surveillance of vulnerable populations? What role is the private sector playing in supporting—and resisting—such activities? And can regulation catch up with the worrying advancements already made in this field?

Host

  • Wajahat Raja, Global GRC and GDPR Solutions at Copenhagen Compliance, Consultant at Saudi Stock Exchange

Speakers

  • Nerushka Bowan, Technology and Privacy Lawyer / Director, Norton Rose Fulbright South Africa
  • Alex Gheorghe, Data Protection & Privacy Consultant and Cybersecurity Program Implementer, Inperspective Business
  • Redina Hasani, More information to follow
08:15
08:30
08:45
09:00

Exploring the Updates to ISO/IEC 27001
09:00 AM - 09:45

This panel will explore the updates to the ISO/IEC 27001 framework—what's new? What stays the same? And what do organisations need to do to maintain compliance with the new version?

Host

Speakers

09:15
09:30
09:45
10:00

Is Google Analytics Now Illegal in the EU?
10:00 AM - 10:45 AM

Decisions from the French and Austrian DPAs suggest that Google Analytics is not compatible with the GDPR. Does this extend to the rest of the EU? What about the UK? Might there be some Google Analytics configurations that are GDPR-compliant?

Our panel will consider the implications of recent Google Analytics decisions for the millions of websites that use the tool.

Speakers

  • Dotan Hammer, Partner - Internet, Cyber & Copyright Practice Group

Speakers

10:15
10:30
10:45
11:00

Break
11:00 AM - 11:45

11:15
11:30
11:45
12:00

The Changing Role of the CISO
12:00 - 12:45

Remote work, COVID-19-related fraud, the escalation in cyberattacks—CISOs have overseen a turbulant few years, and good leadership in security is more important than ever.

This panel will explore how the role of the CISO is changing and what lies ahead for security leaders.

Host

Speakers

  • Jigar Shah, Head of Identity Access Management, R1RCM.
  • Alain De Maght, CISO & DPO, Hôpitaux Iris Sud
  • Amarjeet Khanuja, CISSP | CISM | CDPSE, Chief Information Security Officer, Star Health and Allied Insurance Co. Ltd
  • Andrew Hart, VP Services, Ownbackup
12:15
12:30
12:45
13:00

Best Practices for Detecting, Preventing and Recovering From Ransomware
13:00 - 13:45

Ransomware continues to cause huge losses and harms across the globe. But taking a proactive approach to security and business continuity can reduce the likelihood of falling victim to an attack—and reduce the damage that occurs if you are targeted.

Our panel will explore the best practices on detecting, preventing and recovering from ransomware.

Host

  • Hugo Teufel, Chief Privacy Officer, Lumen Technologies

Speakers

13:15
13:30
13:45
14:00

Data Protection Update: Latin America
14:00 - 14:45

The Latin American region has a diverse and fast-developing data protection landscape. Beyond Brazil's LGPD, a number of LATAM countries have strong data protection frameworks.

Our panel will explore recent data protection developments in the LATAM region

Host

  • Paula Bauer, Partner & Head of IP Department at C.R. & F. ROJAS ABOGADOS

Speakers

14:15
14:30
14:45
15:00

Diversity, Equity, and Inclusion in Security: Closing the Gap
15:00 - 15:45

The security industry is diversifying, with a broader range of genders and ethnicities now making their mark on the profession. But there's still work to do.

Our panel will consider how to attract the full range of talent to the exciting and vibrant security sector.

Host

  • Toni McLelland, Director, Management Consultant, Business Mentor, 1st Life Group.

Speakers

15:15
15:30
15:45
16:00

Complying With State Privacy Laws Across the US
16:00 - 16:45

Five US states now have comprehensive privacy laws. The privacy patchwork is looking more and more complex. This panel will explore the best approach for complying with America's varying privacy laws.

Host

Speakers

16:15
16:30
16:45
17:00

To Manage or Not to Manage: Reconciling Bring Your Own Device (BYOD) with the Corporate Network
17:00 - 17:45

To manage or not to manage—there really is no choice between the two for today’s enterprises. Employees, contractors, partners, and others are bringing in personal devices and connecting to the corporate network for professional and personal reasons.

The challenge with BYOD is not whether outside devices are brought into the enterprise network, but whether IT can react quickly enough to protect the organization’s business assets—without disrupting employee productivity and while offering freedom of choice.

Nearly every company has some sort of BYOD policy that allows users to access secure resources from their own devices. However, accessing internal and SaaS applications on a mobile device can be more cumbersome than doing so from a networked laptop or desktop workstation. In addition, IT staff may struggle to manage who has access privileges to corporate data and which devices they’re using to access it.

Host

Speakers

  • Alexis Perdereaux-Weekes, CISA, CISM, CRISC, Msc, Associate Reserch Fellow, Americas Institute for Cybersecurity Leadership.
  • Joel Schwarz, J.D., CIPP, CDPSE, Director, Privacy & Data Protection Lead, MBL Technologies
  • Manuel Garat Loureiro, Head of IAM (Identity and Access Management), booking.com
17:15
17:30
17:45
18:00