PrivSec Global

 

PrivSec Global

 

AGENDA

29th & 30th November 2022

 

CATCH-UP & WATCH ON-DEMAND

 

PrivSec Global brings together leading experts from around the globe, for a 2-day livestream experience that ensures attendees have access to the latest information, guidance and advice on data protection, privacy and security.

PrivSec Global returns on 29th & 30th November 2022, and will once again deliver a carefully curated agenda that taps into the expertise of subject matter experts, industry leaders and academics.

Session times shown below in Greenwich Mean Time (GMT). All sessions will be recorded and available on-demand.

Agenda - 29th November 2022

Day 1

(Timings shown in Greenwich Mean Time (GMT)

Day 1: Tuesday 29th November 2022

PrivSec Global Agenda | Timings shown in Greenwich Mean Time (GMT)

Scroll left/right to view

GMT Tuesday 29th November 2022
09:00

Preparing for the UK’s GDPR and PECR Reforms
09:00 - 09:45

Data protection practitioners in the UK have had a rocky couple of years. From Dominic Cumming's 2018 comments on "binning" the "idiotic" GDPR, to the TIGRR Report, the DCMS consultation and the now possibly-binned Data Protection and Digital Information Bill.

Uncertainty is the only certainty in UK data protection landscape. As such, this panel will consider the current possibilities and help you prepare for the future of GDPR and PECR in the UK.

Host

Speakers

09:15
09:30
09:45
10:00

Bridging Borders: How to Manage International Data Transfers
10:00 - 10:45

Personal data can be an organization's most valuable, but also riskiest type of data. This data is governed by an ever-evolving regulatory landscape as reflected by the complexity of managing cross-border data transfers. Most recently the Schrems II case which has highlighted the direct conflict between US surveillance law and EU data protection. It is now, in the Golden Age of Data, that privacy professionals ask - how do we maintain a global data-driven economy while ensuring that it is not at the expense of the rights and freedoms of individuals?

This session will cover:

- Regulatory drivers impacting how organizations handle international data transfers

- Step by step guidance on how to conduct a Transfer Impact Assessment (TIA) and key considerations for streamlining processes

- Relevant measures to put in place to mitigate risk and ensure regulatory compliance

Speakers

10:15
10:30
10:45
11:00

That’s The Way The Third-Party Cookie Crumbles: The Future of Online Marketing
11:00 AM - 11:45 AM

As a sector, digital marketing has long been beset by compliance issues and has been subject to a great deal of high-profile enforcement action.

As Google finalises its plans to phase out third-party cookies, the company claims its new approach to ad-targeting will be more privacy friendly. But is this true? And what about considerations beyond privacy—most notably Google's market dominance?

This session will explore the future of online marketing and consider the implications for various stakeholders in the sector.

Speakers

11:15
11:30
11:45

What is ESG, how does it work and why is privacy such a key driver for Trust and the shareholder community
11:45 - 12:30

Speakers

12:00
12:15
12:30

Data Rights Management: Creating a Seamless, Efficient and Compliant Process
12:30 - 13:00

Data subjects are becoming increasingly aware of their data rights (Article 15) through to automated individual decision-making (Article 22). The challenge is, how do data controllers continue to meet the increasing demand for such requests.

This session will explore how a fully automated, self-service solution will improve your organisation's data rights management processes and significantly reduce costs.

Host

Speakers

12:45
13:00

Draft EU Legislation You Need to Know: AI Act, Cyber Resilience, Data Act and More
13:00 - 13:45

The GDPR changed the data protection sector immeasurably. But other upcoming EU laws could be equally significant in other ways.

This session will help ensure you are aware of what's coming next in the European regulatory landscape.

Host

Speakers

13:15
13:30
13:45
14:00

Turning a Hacker's Toolkit Against Them - Sponsored by Egress
14:00 - 14:45

Toolkits make a hacker’s life easy and democratize cybercrime. These kits are constantly evolving, but it is imperative that defenders understand how they work so that they can create defenses to protect their organization.
Join Egress' VP of Intelligence, Jack Chapman and Senior Director of Global Market Strategy, Duncan Mills, as they present the findings from their latest research into the tools that support the early stages of an attack:

  • Reconnaissance – the latest tools an attacker uses to discover what security controls their target has in place.
  • Weaponization – guided walk through of how easy tool kits are to acquire and how they are used.
  • Delivery – toolkits for the dominant threat channel, email.

Speakers

  • Duncan Mills, Senior Director Global Market Strategy, Egress Software Technologies
  • Jack Chapman, VP of Threat Intelligence, Egress Software Technologies
14:15
14:30
14:45
15:00

Could Meta Really Pull Out of Europe? The (Unintended?) Consequences of International Data Transfer Rules
15:00 - 15:45

Schrems II affected many companies' ability to transfer data from the EU to the US. Meta has repeatedly stated that an order to stop transfers could force the company to stop offering Facebook and Instagram services in Europe.

Could this be true, or is it a bluff? Could Meta change relocate its infrastructure to keep EU users' data in Europe—and if so, would this actually solve the problem?

This panel will explore this controversial topic through the lens of data transfer rules.

Host

Speakers

15:15
15:30
15:45
16:00

OT and IT: Differences, Controls, and Key Integration Points
16:00 - 16:45

We all know IT - the laptops, phones, applications, and cloud applications we use at work and home, that manage information. Systems that run industrial systems – electric utilities, gas pipelines, water systems, and manufacturing plants – are Operational Technology (OT).

OT cyber protection has many differences from IT – different systems, threats, requirements for managing vulnerabilities, and especially implications of a significant incident. Cyber incidents often require close coordination of IT and OT security domains.

During this session, we’ll explore some of the unique characteristics of OT environments, critical controls for OT cyber security, and key integration points between IT and OT security that streamline investigations and incident resolution.

Speakers

  • Jan Hoff, Principal Industrial Incident Responder; Dragos, Inc.
  • Kai Thomsen, Director, Global INcident Response Services; Dragos, Inc.
  • Trish McGill, SME Cyber Security IT/OT, Self
16:15
16:30
16:45
17:00

Who Would be a Chief Privacy Officer? Pressures, Workflow and Future Trends in the Role
17:00 - 17:45

The role of Chief Privacy Officer (CPO) has existed since the early 90s, but CPOs have become increasingly commonplace as companies use more personal data in increasingly innovative—and sometimes risky—ways.

CPOs are tasked with coordinating technical and legal teams in a fast-paced regulatory landscape, and are responsible for what can sometimes be a company's most valuable asset—data.

This session will bring together CPOs from leading companies to discuss their day-to-day and explore how the role is evolving.

Speakers

17:15
17:30
17:45
18:00

Security Lessons From the Year’s Biggest Hacks
18:00 - 18:45

Every year, high-profile security incidents make headlines—and 2022 has been no exception.

From Uber to Optus, this year's biggest data breaches have had major impacts on the companies and individuals they affect. But analysis of these incidents can teach privacy and security professionals a lot about how to keep systems and data safe.

This session will examine some of 2022's most significant security incidents, and consider how we can learn from them.

Host

Speakers

  • Susanne Bitter, Digital Security GRC Analyst - Business Partner Security, BP
18:15
18:30
18:45
19:00

Understanding US Privacy Law Developments: State Patchwork, FTC Rulemaking and Federal Law
19:00 - 19:45

US privacy law was once relatively simple for most companies not handling sensitive data. With a patchwork of comprehensive privacy state laws, an increasingly busy federal regulator, and an ever-more privacy-conscious general public, this is no longer the case.

This session will bring together experts in US privacy law to assess the current landscape—to help ensure you understand your responsibilities, wherever your company is based.

Host

  • Julia Mehlman, Assistant Vice President & Associate Counsel, Data Privacy, L'Oreal

Speakers

19:15
19:30
19:45
20:00

Agenda - 30th November 2022

Day 2

(Timings shown in Greenwich Mean Time (GMT)

Day 2: Wednesday 30th November 2022

PrivSec Global Agenda | Timings shown in Greenwich Mean Time (GMT)

Scroll left/right to view

GMT Wednesday 30th November 2022
09:00

Unifying Privacy Management and Information Security Compliance: Building a Bridge to Improved Efficiency
09:00 - 09:45

The work of privacy and security professionals looks quite different day-to-day. But these two disciplines share a lot in common, and there are areas where working in silos does not best serve the interests of employees, organisations or even users.

This session will explore how to integrate privacy management and information security compliance work: What are the overlaps, and how can organisations leverage these for a more effective and efficient workflow?

Speakers

09:15
09:30
09:45
10:00

Managing Third-Party Risk: The Role of Data Protection and Privacy Professionals
10:00 - 10:45

Organisations find themselves working with an ever-larger network of third-party companies. And much of the work of managing these third parties falls to privacy professionals: from preventing data breaches to drawing up data processing agreements and facilitating international data transfers.

This session will explore best practices for data protection professionals when managing risk among third-party controllers, processors and sub-processors.

Host

Speakers

10:15
10:30
10:45
11:00

Insider Threats and Accidental Disclosure: The Biggest Causes of Data Breaches?
11:00 AM - 11:45 AM

Much of the work of security professionals focuses on securing an organisation’s perimeter and keeping malicious actors out. But one of the most significant threats to privacy and security is accidental disclosure of data by employees.

This session will take an in-depth look at how leading organisations manage the risk from insider threats—and how you can build an effective and systematic insider threat programme.

Speakers

11:15
11:30
11:45
12:00

Should Data Protection Experts Also Be AI Experts?
12:00 - 12:45

AI is advancing fast, and playing an increasingly important role in many organisations' operations and business models.

Any company developing or using AI systems must ensure the risks are mitigated—from ensuring privacy and security to preventing discrimination and bias.

Given the presence of personal data in most training sets, and the "automated processing" requirements under the GDPR and other privacy laws, to what extent should data protection officers (DPOs) and other privacy professionals be responsible for AI governance?

Speakers

12:15
12:30
12:45
13:00

Leveraging Data in your Ethics and Compliance Programs
13:00 - 13:45

Ethics and compliance programs have more data available to them than ever before. Capturing data on program activity and impact can be a powerful tool to assess whether your ethics and compliance program works in practice. Many companies also find value in benchmarking their programs against industry norms and in response to risks. That said, data’s nascency in the ethics and compliance space means we are still struggling to understand what to do with all this data, and how to know what it is telling us.

In this discussion, you will learn:

- Data metrics available to ethics and compliance programs and how to use them

- The benefits and limitations of external benchmarking

- The role AI plays in data and analytics

Speakers

13:15
13:30
13:45
14:00

Children’s Privacy: Steps Towards a Less Data-Hungry Web for Kids
14:00 - 14:45

Regulators worldwide are getting serious about children's privacy. From the "children's codes" established in jurisdictions like the UK and Califorina, to the recent enforcement action against Instagram and TikTok—it's becoming increasingly clear that the web is likely to change so that children are better protected.

This session will explore the challenges of compliance with child privacy laws and consider how the online world would have to change to help ensure kids' privacy.

Host

Speakers

14:15
14:30
14:45
15:00

Privacy Risk Assessments in the US: Why, When, and What?
15:00 - 15:45

A standard practice from other global privacy laws has hit the US: privacy risk or data protection assessments (commonly known as PIAs) are now required under certain criteria for the processing of personal data in all new state laws, except Utah.

Beyond regulatory compliance, a comprehensive and integrated assessment program embeds privacy by design into your organization’s data strategy and enables you to manage risk at scale. In this session, join OneTrust experts to understand:

- Requirements for conducting PIAs: why they exist, when you should do them, and what they should include

- Best practices for administering PIAs

- Operational considerations based on your PIA program maturity

Speakers

15:15
15:30
15:45
16:00

Emerging Trends in Data Governance: What You Need to Know to Stay Ahead
16:00 - 16:45

As companies process more and more data, and regulation becomes increasingly demanding, it's more important than ever to keep control of the information your company holds.

With data governance technology improving, there are new opportunities to leverage the power of data while ensuring its security and maintaining stakeholder privacy.

This panel will explore emerging trends in data governance to help you stay ahead and make the most of new technology.

Host

  • Richard Self, Senior Lecturer in Governance of Advanced and Emerging Technologies, University of Derby

Speakers

16:15
16:30
16:45
17:00

Sponsor Session
17:00 - 17:45

Speakers

17:15
17:30
17:45
18:00

Emerging Risks in Artificial Intelligence: Bias, Discrimination and Security
18:00 - 18:45

Recent months have seen a boom in the effectiveness and accessibility of AI technologies. Automation is helping companies work more efficiently in more and more fields.

But there is a significant risk in failing to recognise and address the potential downsides of AI, including bias, discrimination and functional limitations.

This session will explore how organisations can manage and mitigate AI risks.

Host

Speakers

18:15
18:30
18:45
19:00

The Transatlantic Data Privacy Framework (TADPF): Will It Survive Schrems?
19:00 - 19:45

The EU and US have concluded negotiations on a new international data transfer framework to replace Privacy Shield. But before the ink was dry (and indeed, before the agreement was finalised), Max Schrems had already announced his intention to challenge the new framework in court.

This session will explore the Transatlantic Data Privacy Framework (TADPF) and consider whether the agreement is capable of providing any certainty for privacy professionals on both sides of the Atlantic.

Host

Speakers

19:15
19:30
19:45
20:00