PrivSec Global

 

Headline Sponsor

OneTrust

 

The Largest Data Protection, Privacy and
Security Event of 2021 returns

30 November - 1 December 2021

 

CATCH UP & WATCH PRIVSEC GLOBAL ON DEMAND

PrivSec Global brings together leading experts from around the globe, for a 2-day livestream experience that ensures attendees have access to the latest information, guidance and advice on data protection, privacy and security.

PrivSec Global returns on 30 November - 1 December, and will once again deliver a carefully curated agenda that taps into the expertise of subject matter experts, industry leaders and academics.

Session times shown below in Greenwich Mean Time (GMT). All sessions will be recorded and available on-demand.

Agenda Themes at PrivSec Global: 

PrivSec RegTech

PrivSec RegTech forms part of PrivSec Global—a two-day live-stream experience bringing together thought-leaders, experts and industry leaders from across the privacy, security, and digital sectors.

RegTech (regulatory technology) is transforming how organisations meet compliance demands, improve productivity and fulfil their social obligations to detect and prevent criminal activity.

But as technical solutions improve, important questions remain about how they impact organisations’ security and resilience—and consumers’ privacy rights.

Join RegTech industry leaders as they discuss, debate and educate on the practical and legal issues surrounding this exciting and fast-developing field—and learn key insights to help enhance your organisation’s compliance strategy.

Enterprise Risk Management

PrivSec Enterprise Risk Management forms part of PrivSec Global—a two-day live-stream experience bringing together thought-leaders, experts and industry leaders from across the privacy, security, and digital sectors.

Vulnerabilities are impacting organisations at all stages of the supply chain like never before—and governments worldwide are imposing increasingly tough sanctions for those enterprises that fail to appropriately manage risk.

Enterprise Risk Management has become an extremely complex and demanding process. PrivSec Enterprise Risk Management will provide practical guidance and thought-provoking discussions to help you identify, evaluate and mitigate organisational risk.

The Future of Data Protection and Privacy Law

Data protection law has grown into a flourishing and vital area of legal practice and regulatory oversight. But the rules change on a near-daily basis—and approaches continue to vary considerably between jurisdictions.

With consumer data protection law strengthening in countries like China and Brazil—but possibly liberalising in the UK - PrivSec Global will draw on expert analyses to help data protection and privacy professionals prepare for the future.

Digital Identity

The question of how to deliver secure digital identity permeates through many fields -from payment processing to access management to government services. But beyond security, the question of how—or whether—individuals should be tied to a single digital identity raises ethical and privacy issues, too.

PrivSec Global will consider how various fields approach the topic digital identity, and look at how secure and proficient implementation of digital identity can improve trust and efficiency.

Trust and Transparency

Trust is a crucial part of your organisation’s relationship with its customers. Transparency - the key to earning consumer trust—is a legal requirement. And embracing trust and transparency can help your organisation thrive in the digital age. Run down the list of GDPR fines and privacy class actions—you’ll see that a lack of transparency remains one of the main stumbling blocks for businesses’ compliance regimes.

PrivSec Global will explore how trust and transparency permeate all aspects of governance, risk, and compliance—and provide practical guidance for how your organisation can earn the trust of its stakeholders.

Privacy and Security in AI Systems

Think AI, security, and data protection are entirely separate fields? Think again. The complex processing of personal data that fuels AI systems will be the number one concern for many privacy and security professionals over the coming years.

PrivSec Global will explore the crucial role of data protection and cybersecurity professionals in ensuring AI systems are private, unbiased, and secure - and consider how you can secure your place in this increasingly important field.

PrivSec Business Continuity

PrivSec Business Continuity forms part of PrivSec Global—a two-day live-stream experience bringing together thought-leaders, experts and industry leaders from across the privacy, security, and digital sectors.

Business Continuity strategies should be top of mind for every organisation. Threat actors are constantly learning new ways to take down businesses—and even a short outage can be devastating in a data and communications-driven world.

Join leaders and innovators in the field of Business Continuity and discover new ways to mitigate the damage caused by a successful attack or an unexpected event affecting your organisation.

The Future of Digital Advertising

Rumours of the death of the third-party cookie may have been greatly exaggerated, with Google’s FLoC proposals being repeatedly delayed and the UK planning to liberalise online consent rules. But forward-thinking businesses should still be preparing for a digital advertising space designed to appease increasingly privacy-conscious consumers.

PrivSec Global will consider what lies ahead for the multi-billion dollar digital advertising industry, and offer guidance on how businesses can continue to advertise online in a more ethical and trustworthy way.

Data and Security in Emerging Technologies

Data protection and security are crucial considerations when developing nascent or innovative technologies. If our homes, cities, roads, and workplaces are to be inseparably connected to autonomous devices and vehicles, building in privacy and security from the start is essential.

PrivSec Global will explore how the fields of data protection, data science, and cybersecurity form a crucial part of increasingly important innovative technologies—from IoT to blockchain to autonomous drones and vehicles.

Securing your Supply Chain

The SolarWinds and Kaseya attacks brought supply chain attacks into mainstream awareness. But this threat isn’t new. So why do organisations continue to struggle to secure their supply chains?

From software supply chain attacks to third-party risk management strategies, PrivSec Global will provide expert, practical guidance on how your business can protect itself, its partners, and its customers from this increasingly widespread and harmful threat.

The Agenda

Day 1: Tuesday 30 November 2021

View The Agenda

Scroll left/right to view

GMT Stream 1 Stream 2
08:00

Data Protection and Privacy Laws - a Bright Future or a Decade of Decline Ahead?
08:00 AM - 08:45 AM

Gartner reports that by 2023, 65% of the World’s population will have its personal information covered under modern privacy regulations (up from 10% in 2020). But there is a growing point of view that as technology and AI enhances, there will be no such thing as Data Privacy in the future.

This panel will dissect our future, discuss how regulation can embed its position and whether there is a future without Data Protection and Privacy Law.

Host

Speakers

         

How will the UK’s Divergence from EU GDPR affect Digital Advertising?
08:00 AM - 08:45 AM

Theoretically, without these consumer privacy protections, the life of a marketer "intent on web-based tracking" would be made easier. But, the World has moved on. Couple this with the fact that Wired confirmed that "the free flow of data to the EU from the UK is worth over £85bn to the UK (13% of UK GDP)", it is vitally important that the UK's data adequacy is not endangered.

This panel will explore this future journey, the challenges and opportunities, and what the future may hold.

Host

Speakers

08:15
08:30
08:45
09:00

Privacy, Security and AI Systems: Automated Decision Making and Human Oversight
09:00 AM - 09:45 AM

Human oversight in AI is an ethical and legal safeguard against bias and unfair outcomes. The requirement for human oversight of some types of automated-decision making is present in the GDPR and will be a major element of the upcoming EU AI Regulation. But automated decision-making rules are causing many organisations confusion—how far does the right to human oversight extend, and in what contexts? Additionally, the UK is considering scrapping the GDPR's automated decision-making rights altogether.

PrivSec Global will explore the legal and ethical dimensions of human oversight and automated decision-making and provide practical tips on how to fulfil your obligations.

Host

Speakers

The Global Cyber-Pandemic; Organisational Cyber-Resilience: Readiness, Details and Tactics
09:00 AM - 09:45 AM

A recent Swiss Re/GEC Risk White paper talked about Cyber-resilience as being “...an organisation’s ability to sustainably maintain, build and deliver intended business outcomes despite adverse cyber-events.” Effective cyber-crisis preparedness is an essential part of this resilience.

This panel will explore readiness, details and tactics, discussing the five T’s set out by the World Economic Forum: Talent and Planning, Technology and InfoSec governance, Training and communication, Technology tools and Triangulation and continuous improvement.

Host

Speakers

09:15
09:30
09:45
10:00

Make Risk Management SMARTer, Not Harder with a Data-Driven Approach
10:00 AM - 10:30 AM

Relying on an individual’s experience and perspective to apply a likelihood and impact score is a highly variable exercise, making the subjective nature of risk a challenge for organizations.

Additionally, digital transformation has given businesses more information than they know what to do with. Organizations can map information to harness real-time updates and standardize risk using data classification methods and flexible risk formulas.

We’ll discuss how organizations can take a S.M.A.R.T. approach to connect enterprise data and translate the information into meaningful risk insights

Speakers

DSARs and Data Management: The Importance of a People-Centric Approach
10:00 AM - 10:45 AM

Enterprise organisations endeavour to build a people-centered view of data by undertaking a people-centric approach that places personal data at the center of all compliance processes. Transparency lies at the heart of DSAR processes, and this people-centric approach aids this fulfilment, as well as data mapping, and data retention management.

This panel will discuss best practices, the importance of trust and transparency in process, and how this people-centric approach can be constantly improved.

Host

Speakers

10:15
10:30
10:45

Sponsor Led Session
10:30 AM - 11:00 AM

More information to follow

Speakers

11:00

Trust and transparency: Why Are Companies Not Learning the Importance of These Things?
11:00 AM - 11:45 AM

It is reported that as high as one-third of businesses acknowledge that they use data in unethical ways? Why is this still happening to such a large degree? How can these companies rebuild trust with their consumers?

This panel will explore this question of rebuilding trust, implementing new company-wide policies of trust and transparency, and why this should be prioritised.

Host

Data and Security in Emerging Technologies: The Place of Blockchain Technology in Data Protection
11:00 AM - 11:45 AM

Blockchain advocates view the technology as part of a new era of privacy protection, with potential applications across healthcare, finance, and many other fields. But due to the immutable nature of blockchain transactions, there is still a debate around whether blockchain technology actually squares with data protection law. And several high-profile blockchain-related data breaches have left some observers questioning the robustness of the technology's privacy protections.

Join our panel of blockchain experts as they debate the extent and merits of using blockchain technology for data protection purposes.

Host

Speakers

11:15
11:30
11:45
12:00

Break
12:00 PM - 12:45 PM

UK Data Protection: Working with International Data Transfer Agreements (IDTAs) (sponsored by TrustArc)
12:00 PM - 12:30 PM

Standard Contractual Clauses (SCCs) got a re-brand as part of the UK's departure from the EU. Data transfers out of the UK can now be governed by an International Data Transfer Agreement (IDTA). But as the EU updates its own SCCs, the UK is now out-of-step with Europe., and plans to overhaul the UK's international transfer regime could complicate matters further.

Join our panel of experts as they explore the new UK rules on international data transfers and clarify the steps organisations should take before transferring personal data out of the UK.

Host

Speakers

12:15
12:30
12:45

Transfers Under a Microscope: ​Impact and Third Country Assessments (sponsored by OneTrust)
12:30 PM - 13:00 PM

2021 began full of anticipation for the release of two key documents: the European Commission's finalized standard contractual clauses, and the European Data Protection Board's finalized guidance on supplementary measures.

Since their arrival, organizations have been working hard to operationalize them, but challenges remain regarding the particular assessments of third countries that must be undertaken as well as understanding the risk and impact of all transfers at large.

In this session, we share astep by step guide to undertaking a Transfer Impact Assessment (TIA), the considerations when conducting Third Country Assessments (TCA), and the relevant measures that can be put in place to mitigate risk and ensure regulatory compliance.

Speakers

13:00

The Data Protection and Security Challenges in Mergers and Acquisitions (sponsored by LexisNexis)
13:00 PM - 13:45 PM

More-and-more companies are falling prey to cyber attacks throughout the M&A process - it can be detrimental to both brands if this kind of incident occurs and leads to costs and loss of IP. This panel will explore some of the scenarios where this can occur and discuss why companies are not more aware, the steps they can take to mitigate the situation, the impacts and positive opportunities post-breach.

Host

Speakers

  • Olumide Babalola, Esq, MCIArb (UK), Managing Partner, Olumide Babalola LP
  • Shyam Mishra, VP of Risk, Compliance & Audit, Quantum Security
  • Chirag Patel, Technology, E-Commerce, Data Privacy & Cybersecurity Attorney, Beckage
  • Fay Godfree, Legal Counsel & Senior Data Protection Manager, Nuffield Health
         

Staff Working from Abroad: What Are the Data Protection and Security Implications?
13:00 PM - 13:45 PM

Recent studies have shown that 6 out of 10 people who work from home would consider moving abroad if remote working were permanent.

This panel will explore the Data Protection & Privacy and Data Security implications from data flow mapping exercises to data protection impact assessments, and what would be the best practices with staff working remotely in other countries from the Head Office.

Host

Speakers

  • Mark Chang, JD, MBA, CIPP/E, Director of Risk, Compliance, & Privacy, Florida State University
  • K Royal, Associate General Counsel - Privacy Intelligence, TrustArc
13:15
13:30
13:45
14:00

The Global Cyber-Pandemic; Work’s New Normal and the Increased Battles for Cybersecurity (sponsored by HYCU)
14:00 PM - 14:45 PM

Recent studies have shown that over 70% of organisations have reported cyberattacks due to vulnerabilities of technology put in place during the pandemic, and just under 70% suffered attacks that targeted remote workers. Mistakes were made during the early stages of the pandemic, supporting remote workers as soon as possible but with tech that wasn’t protected or secure.

What lessons have we learned from, what will be done differently now and in the future, and what increasing battles does the cybersecurity universe see in this new normal?

Host

  • Tina Gravel, SVP Global Channels and Alliances, Appgate

Speakers

Break
14:00 PM - 14:45 PM

More information to follow

Speakers

14:15
14:30
14:45
15:00

Keynote: Deborah Westphall
15:00 PM - 15:45 PM

Author Deborah Westphal, a leader in future-focused strategy, leverages her experiences working with some of the world’s most innovative business leaders, to show how the interests of people (as human beings, not customers), overlap with those of companies in ways never before seen. Convergence charts the path forward for those leaders―particularly in business―who seek to shift to a human-centric mental model.

This approach addresses realities from our converging world not necessarily related to a company’s business operations, often integrating a tangible response with a change in the company’s core values. Simply put, to be human-centric prioritizes the success of people and redefines success for a company.

Host

Speakers

Why enterprise risk management Is key to organizational resilience
15:00 PM - 15:45 PM

ERM allows management to identify, prioritize, and mitigate all the risks that can adversely impact organizational goals. Having an ERM strategy in place will enable enterprises to stay a step ahead of risks that threaten their current and future operations. This session takes deep dive into how to initiate an active preparedness strategy in order to become resilient.

Types of risks to consider - Thinking about risk differently - Building an ERM plan:Pitfalls and potential stumbling blocks and how to overcome them

Speakers

15:15
15:30
15:45
16:00

How Can Regulation Maintain Pace with Healthcare AI?
16:00 PM - 16:45 PM

More AI-driven healthcare products are coming to market than ever before, regulators are frantically reviewing how they can keep pace with this technology that rapidly changes and evolves.

This panel will explore some of the greatest challenges facing regulators, how AI is becoming the most important factor in healthcare, and how this uncharted territory is to be mapped.

Host

  • Luca Egitto, Avvocato specializzato in proprietà intellettuale e information technology at RP Legal & Tax

Speakers

  • Emma Martins, Data Protection Commissioner, Bailiwick of Guernsey

The Role of Cybersecurity in Enterprise Risk Management (ERM) (sponsored by Process Unity)
16:00 PM - 16:45 PM

As businesses continue to undergo digital transformation, cybersecurity must be included in enterprise risk management. Without a comprehensive ERM program, organisations have no way to identify and assess the relationship between cyber risk and its impact on the business.

This session takes a look at how, integrated risk management has become a popular process for managing the risks facing an organisation, and is the new method of choice for business leaders and security managers alike.

Speakers

16:15
16:30
16:45
17:00

Securing Your Supply Chain: Ransomware: Why a Holistic Approach to Vulnerability Management Works Best
17:00 PM - 17:45 PM

The ransomware epidemic continues to cause chaos worldwide and there is no clear end in sight. The only answer, some claim, is to take a continuous and holistic approach to vulnerability management.

PrivSec Global will explore the elements of holistic vulnerability management and consider how it can help your organisation's resilience against ransomware.

Host

  • Patrick D. McNally, Esq., Litigator, Former Senior Government Advisor and National Technology and Data Manager for Voter Protection, Beckage

Speakers

Break
17:00 PM - 17:45 PM

Discover the building blocks of integrated risk management

Find out how to evolve a compliance-driven GRC or risk management program into a responsive integrated risk management program

Understand the limits of traditional approaches to risk management in today’s era of digital risk.

Speakers

  • David Vose, Vice President of Risk Management, Archer Integrated Risk Management
  • Michael Rassmussen, GRC Pundit & Analyst, GRC 20/20 Research
17:15
17:30
17:45
18:00

The Scam Who Loved Me: Romance Fraud in the 21st Century
18:00 PM - 18:45 PM

Older adults lost over $100 million to COVID-related fraud in 2020 and it is forecast that this will increase this year. The FBI has reported that online romance scams in 2021 have already reached over $133 million. This panel brings together experts from the universes of Fraud, Data Protection and the World of Romance to discuss the highs and lows of online love, and what you can do to spot “Catfish” and avoid the ignominy of romance fraud.

Host

Speakers

Managing risk in a connected world: A systems approach to the demands of managing uncertainty (sponsored by Process Unity)
18:00 PM - 18:45 PM

The nature of risk as measurable uncertainty

Soft and Hard systems: two sides of the same coin

Design challenges for socio-technical systems

The threat landscape and the search for viability

Emergent conditions and the move from the designed for state

Speakers

18:15
18:30
18:45
19:00

The Future of Data Protection and Privacy Law; Forget a US Federal Privacy Law: Build Your Compliance Around State Laws
19:00 PM - 19:45 PM

As more and more States follow California in passing Privacy Legislation, it looks ever unlikely that a comprehensive federal law, that would govern data protection and privacy across the whole country, will come to fruition.

This panel of experts will discuss current states reviewing legislation, which are likely to pass in the next decade, what this will mean for North American privacy, and what the future holds for a federal law under the Biden administration.

Host

  • Mark Smith, Esq., CIPP/C/US, CIPM, Principal Legal Analyst – Privacy & Data Security, Bloomberg Law

Speakers

Privacy, Security and AI Systems; AI Systems and Social Justice: The Great Battle for Human Rights
19:00 PM - 19:45 PM

There are a number of recent examples of human rights violations linked to advances in AI - whether it be algorithms that were created to regulate speech online that have censored commentary on religion or sexual orientation, or AI systems invented to assess illegal activities being used to track and target human rights defenders.

From ethics and values, through to the addressing of biases, this panel will discuss this great battle for human rights and social justice, while there is a need for technological advancement and AI regulation.

Host

  • Stacey King, Visiting Policy Fellow, Oxford Internet Institute

Speakers

19:15
19:30
19:45
20:00

Digital Identity; Can Governments and the Private Sector work together to take Digital Identity to the next level?
20:00 PM - 20:45 PM

Whether it be Australia’s digital identity scheme (a whole-of-government federal program, which wants to provide identity verification across both government and private sector offerings), the UK’s work around Digital Identity Trust Frameworks, or recent recommendations to the South African government to “prioritise policies that give room for the development of digital identity”, these initiatives are at the forefront of future political decisions.

This panel will explore the needs for digital identity schemes, the usage of biometric ID systems and what the future collaboration of the Public and Private sector will look like to advance these technologies.

Host

Speakers

Closing Remarks
20:00 PM - 20:10 PM

20:15
20:30
20:45

Closing Remarks
20:45 PM - 20:55 PM

20:50
20:55

Day 2: Wednesday 1 December 2021

View The Agenda

Scroll left/right to view

GMT Stream 1 Stream 2
08:00

The Future of Data Protection and Privacy Law; Best Steps to Compliance with China’s Personal Information Protection Law (PIPL)
08:00 AM - 08:45 AM

Beijing’s new Act is already evolving, with orders for annual reviews now being ordered and definitions of what makes some data “important” and other data “core” (which can only leave the country with approval).

This panel will discuss how your businesses can comply with this ever-evolving law and what are the best steps/strategies to compliance.

Host

Speakers

         

Reviewing the regulatory landscape and the role of RegTech post COVID-19 (sponsored by LexisNexis)
08:00 AM - 08:45 AM

The regulatory function aims to be prepared—but the scale and scope of the COVID-19 pandemic is overwhelming existing regulatory assumptions. The pandemic shines a light on regulators’ need to revise existing regulatory expectations, particularly around emphasis and timing.

Current short-term fixes, such as postponing timelines and freeing up resources, should likely yield to more—not less—regulatory oversight, with heightened focus on commercial banking conduct, stress testing scope and operational resilience.

Speakers

08:15
08:30
08:45
09:00

Data and Security in Emerging Technologies: Securing Your IoT Ecosystem (sponsored by Onapsis)
09:00 AM - 09:45 AM

The uses of IoT technology continue to expand—but are privacy and security controls advancing at the same rate? IoT provides unprecedented ability to track and monitor infrastructure, assets, and even people. These opportunities come with equally significant responsibilities on the users and developers of IoT systems: to ensure that such technologies are deployed in a secure and privacy-protecting way.

Join our panel of experts as they discuss the most important steps in safeguarding the privacy and security of your IoT network.

Host

Speakers

Assessing the RegTech Impact: Discussion of how regtech has so far impacted on the development of anti-financial crime, and whether it has improved efficiency or effectiveness more
09:00 AM - 09:45 AM

As the impact of financial crime continues to grow, both on businesses and society in general, more and more organisations are recognising the importance of adopting RegTech within their risk mitigation strategies. This session takes a look at to what extent RegTech has improved efficiency and what tools are best utilised.

Host

  • Richard Hyde,, Professor of Law, Regulation and Governance, Deputy Head of School (Education and Student Experience) - School of Law, University of Nottingham

Speakers

  • Anjali S Menon, Compliance and AML specialist
  • Haibo Zhang, Managing Director, Crowe
  • Avere Hill, COO & Co-Founder Cynopsis, Chair MENA FinTech Association (MFTA) - RegTech working Group
09:15
09:30
09:45
10:00

Death of Third Party Cookies: Why and How Digital Advertising will Thrive without Them
10:00 AM - 10:45 AM

Having powered a multi-billion dollar industry for many years, third-party cookies are on the way out—which means a revolution in digital advertising is imminent. Some fear Google's planned alternative to third-party cookies—FLoC—will cut smaller AdTech providers out of the market. But as always, there are those who view this potential crisis as an opportunity.

Join our panel of AdTech and privacy experts as they discuss the new world of digital advertising, and how we can build an effective, privacy-preserving alternative to third-party cookies.

Host

Speakers

  • Noel Isama J.D., Senior Consultant, MBL Technologies
  • Bernd Fiten, Attorney in Technology, Data Protection, Intellectual Property & Media Law, time.lex

How to develop an effective regulatory change management framework (sponsored by LexisNexis)
10:00 AM - 10:45 AM

Managing the cost of compliance post Brexit

Analysing the latest SEPA Regulatory initiatives in Europe

Getting to grips with regulatory alignment in Asia and how technology can facilitate it

Speakers

10:15
10:30
10:45
11:00

The UK's Post-Brexit GDPR Reforms: What to Expect, How to Adapt
11:00 AM - 11:45 AM

After leaving the EU, the UK retained the GDPR in its domestic law and earned its EU adequacy. But more recently, the government has suggested that the UK will diverge dramatically on data protection and privacy. Along with appointing a new Information Commissioner, the UK plans to set up its own adequacy network to enable the liberal flow of personal data around the world. The government has also announced plans to eliminate cookie banners—plans that could have a significant impact on digital advertising. But are these plans realistic? How could they be implemented? Is the UK putting its existing EU data flow arrangements at risk?

Our panel will explore how should businesses that trade in—or with—the UK should adapt to the data protection "new normal".

Host

Speakers

Deploying AML RegTech to protect the system (sponsored by LexisNexis)
11:00 AM - 11:45 AM

CEOs are being warned to take AML seriously and new controls are the order of the day. Regulators have worked through many AML data challenges at TechSprints and now provided technology frameworks, company registries have updated their strategies. What are the data, AI/ML success stories and what RegTech/SupTech relief is on the horizon for thousands of firms?

Speakers

  • Monica Monaco, Financial Crime Compliance Consultant, FCC Consulting
  • Haibo Zhang, Managing Director, Crowe
  • Dr Devraj Basu, Senior Lecturer - Accounting and Finance, University of Strathclyde
11:15
11:30
11:45
12:00

UK Data Protection Index Panel
12:00 PM - 12:45 PM

The UK Data Protection Index is produced by Data Protection World Forum and The DPO Centre. Each quarter the Index provides a glimpse into the changing attitudes and sentiments of Data Protection Officers across the UK.

The panel of over 420 DPOs are quizzed every three months on a consistent set of questions, allowing us to closely track shifting views and opinions. New questions are also added each quarter, gathering further insight into DPOs’ views on the very latest issues being faced by UK Data Protection Officers.

Host

Speakers

Deep-Sea Phishing: Why is Phishing Gaining Sophistication and What Can Businesses Do?
12:00 PM - 12:45 PM

Nick Kael (CEO, Ericom) has coined the term Deep-Sea Phishing to discuss the varying forms of phishing in which hackers are becoming more sophisticated - phishing emails (the norm), spear-phishing emails (more highly targeted), whaling (like spear-phishing, but going after CEOs etc.); the latter two using more personal and professional data.

This panel will explore these terms, why phishing is becoming more sophisticated, and what businesses can do to mitigate and prevent phishing attacks from bottom to top.

Host

Speakers

  • Victoria van Roosmalen, CIPP/E, CIPP/US, CIPP/C, CIPM, CIPT, FIP, CDPSE, CISO & DPO, Coosto
  • Professor Mark Button, Director of the Centre for Counter Fraud Studies, School of Criminology and Criminal Justice, University of Portsmouth
  • Chris White, Head of Cyber, Cyber Resilience Centre for the South East
12:15
12:30
12:45
13:00

Trust and Transparency: Poor Transparency, The Biggest Cause of GDPR Fines? (sponsored by Keepabl)
13:00 PM - 13:45 PM

Data protection authorities have issued over 900 fines since the GDPR came into force, and issues with transparency are behind significant proportion of these penalties.

Transparency was a key consideration in over a hundred enforcement actions, from Google's early €50 million French fine to WhatsApp's €225 million penalty this September.

PrivSec Global will examine what controllers are getting wrong when it comes to transparency, and why data protection authorities seem so keen to penalise organisations who fail to comply with the GDPR's transparency rules.

Host

  • Luca Egitto, Avvocato specializzato in proprietà intellettuale e information technology at RP Legal & Tax

Speakers

  • Lee Woodard, Founder, Privacy Experience Agency
  • Zahra Shah, Co-Founder, Non-Executive Director & Investor, Seers

Why Your Company Needs a PrivSec Culture
13:00 PM - 13:45 PM

A great part of PrivSec's vision and journey is about that inexplicable link between Data Protection/Privacy and Data Security - how those two departments within an organisation should no longer bi siloed, but work together, communicate better. But, they speak very different languages, have different priorities and budget pots. This panel will explore that relationship, the future outside of the silos, whether PrivSec Departments, with combined vision and workload are the future.

Let PrivSec be your translator, and work on the nitty-gritty together.

Host

Speakers

13:15
13:30
13:45

4 Things to Consider as You Select a Vulnerability Management Provider
14:00 PM - 14:30 PM

More information to follow

Speakers

The Global Cyber-Pandemic; Cybersecurity and the Financial Services Industry: Trends, Implications and the Future (sponsored by HYCU)
13:45 PM - 14:30 PM

Financial services companies and systems have found themselves more inclined to cyber attacks than other companies, costing them millions. It’s why companies such as JP Morgan are said to spend near $600million per year to strengthen its cyber defences. But even they suffered a significant breach in the last decade.

This panel will discuss the hackers and their aims, trends in ransomware and phishing, the implications for the Financial Services industry, and what the future can and should look like?

Host

Speakers

14:00
14:15
14:30

Data Discovery: The Foundation for Privacy Automation (sponsored by OneTrust)
14:30 PM - 15:00 PM

As organizations seek to mature their Privacy programs, Data Discovery becomes a foundational component. Understanding exactly what data you have and where it’s stored and transferred is key but doing this manually often proves to be time consuming and inaccurate.

While many privacy programs began with the goal of simply complying with regulations, these programs have matured beyond a tick-the-box compliance initiative to a foundational part of an organization’s data governance strategy. Where workflow automation and accountability-focused tools may have worked for privacy programs of the past, intelligence and automation is the focus for privacy programs of the future.

Speakers

  • Raj Jethwa, DataDiscovery Solution Specialist, OneTrust
14:45
15:00

Privacy, Security and AI Systems; Why Your Company Should Hire a Chief AI Ethics Officer
15:00 PM - 15:45 PM

This role is increasing in popularity across larger Enterprise organisations as AI is adopted more readily alongside digital transformation projects.

This panel will discuss the opportunities for this role, how the new CAIEO could work closely with the Data Protection Officer and Chief Information Security Officer as they develop their position and ensure AI is utilised in a trustworthy fashion.

Host

Speakers

  • Varsha Sewlal, Executive: Legal, Policy, Research and Information Technology Analysis and Deputy Information Officer
  • Jose Belo, Head of Privacy, Valuer.ai
  • Selin Özbek Cittone, Dual qualified lawyer (Turkey and solicitor in England & Wales), CIPP/E, Managing Partner, Ozbek Attorney Partnership

Cyber resilience: business continuity and cyber incidents and how to address them (sponsored by HYCU)
15:00 PM - 15:45 PM

Business continuity has a defined role with cyber resilience strategies, and it has become intertwined with cyber security for threats requiring coordinated responses across organizations’ departments. This session takes deep dive into how to address these threats and prepare for the future.

Speakers

  • Zoë Rose, Regional and Supplier Information Security Lead and Ethical Hacker, Canon EMEA
  • Alan Trup, Business Continuity Consultant, ADT Business Continuity
  • Nicholas Ryder, Professor in Financial Crime, University of the West of England
  • Debjyoti (Deb) Mukherjee, Associate Risk Director, Royal Bank of Canada
15:15
15:30
15:45
16:00

Ransomware and Healthcare: Why One Needs to be Amputated from the Other
16:00 PM - 16:45 PM

A recent Ponemon Institute survey revealed that the healthcare industry and hospitals are “under siege” - 67% of Healthcare Delivery Organizations (HDOs) experienced one ransomware attack, and 33% experienced two or more.

This panel will talk about why healthcare is particularly vulnerable or sought after by hackers and what more the industry can do to both mitigate and prevent further attacks?

Host

Speakers

Lessons learnt from the Pandemic - How do we Enhance our Business Continuity Programmes in 2022? (sponsored by Ketch)
16:00 PM - 16:45 PM

Due to COVID-19 pandemic, business continuity has been of the topmost discussed agenda of all organisations. This session looks at what businesses can do to enhance their business continuity programmes post lockdown and what they can put in place to mitigate any future risk.

Speakers

  • Alan Trup, Business Continuity Consultant, ADT Business Continuity
16:15
16:30
16:45
17:00

Securing Your Supply Chain; Reducing the Risk of Supply Chain Threats: Cybersecurity Best Practices (sponsored by Onapsis)
17:00 PM - 17:45 PM

This panel will explore cybersecurity best practices from assessing current strategies and third party risk management, through to identification/encryption and zero trust frameworks.

It will go on to discuss tools to be utilised such as leveraging blockchain technology for transactions, AI for improved threat detection and cloud-based threat analysis for rapid risk assessment.

Host

  • John Grim, Head | Research, Development, Innovation, Verizon Threat Research Advisory Center

Speakers

Leading the Change: key attributes for success in continuity & resilience
17:00 PM - 17:45 PM

Building robust compliance, resilience and presilience culture in your organisation

What are the key attributes for success and how can they be achieved?

Speakers

17:15
17:30
17:45
18:00

The Chain of Trust in the Privacy Supply Chain (sponsored by Onapsis)
18:00 PM - 18:45 PM

Regulation, schmegulation. You want a driver for privacy and security compliance– there is nothing stronger than the word ‘revenue.’ Increasingly companies are pushing to their supply chains many expectations, arising out of the Schrems II decision, and out of concerns for liability and reputational damage. For businesses down the supply chain, there is no more profound argument than ‘we need to do this because revenue is at stake.”

This session will discuss how Canadian organizations are reacting to these challenges, and what it means to rise to the privacy challenge for the supply chain.

Host

  • Neil Beaton, Business Development Consultant, DRT Cyber

Speakers

Adapting and responding to risks with an effective business continuity plan (BCP) (sponsored by Onapsis)
18:00 PM - 18:45 PM

High availability: Provide for the capability and processes so that a business has access to applications regardless of local failures. These failures might be in the business processes, in the physical facilities or in the IT hardware or software.

Continuous operations: Safeguard the ability to keep things running during a disruption, as well as during planned outages such as scheduled backups or planned maintenance. Disaster recovery: Establish a way to recover a data centre at a different site if a disaster destroys the primary site or otherwise renders it inoperable.

Speakers

  • Dave Cooke, Independent Business Continuity Risk and Resilience Consultant
  • Julie Goddard, Business Continuity Consultant, Databarracks
18:15
18:30
18:45
19:00

Keynote: CPO of the Department of Homeland Security in the US, Lynn Dupree (sponsored by TrustArc)
19:00 PM - 19:45 PM

This fireside chat between Lynn and Joel Schwarz will focus on digital identities and how decentralized identifiers can help separate identifiers from authenticators.

The DHS Privacy Office has partnered with the Science and Technology Directorate’s Silicon Valley Innovation Program on the use of decentralized identifiers to reduce their reliance on Social Security Numbers (or any identifier).

The project has been really promising, and DHS see lots of use cases where decentralized identifiers can be used to protect privacy and limit risk.

This is a problem that all governments and private sector entities face, so PrivSec is incredibly excited to have Lynn onboard to discuss this topic.

Speakers

  • Joel Schwarz, JD, CIPP, CDPSE, Director & Data Protection and Privacy Capability Lead at MBL Technologies Inc., Adjunct Professor of Law, Albany Law School
  • Lynn Dupree, Chief Privacy Officer, Department of Homeland Security (DHS), United States of America

Why the Council of Europe’s Police Surveillance Treaty is a Pernicious Influence on Latam Legal Privacy Frameworks (sponsored by TrustArc)
19:00 PM - 19:45 PM

The Electronic Frontier Foundation (EFF) have, with partners, made a series of 20 recommendations to preserve the Second Additional Protocol to the Budapest Cybercrime Convention’s objective, as “the current Protocol's text threatens privacy rights in Latin America, a region with deeper challenges for fulfilling human rights safeguards and the rule of law compared to many European countries”.

With panelists from EFF, Latin America and experts in Police Surveillance, this panel will look at why the EFF has made these recommendations and what will happen if no changes are made to this protocol across the region?

Host

Speakers

19:15
19:30
19:45
20:00

Is Zero Trust Really The Next Big Step in Cybersecurity? (sponsored by HYCU)
20:00 PM - 20:45 PM

While discussing Zero Trust’s three guiding principles (secure/authenticated access to resources; adoption of a least-privilege model and enforce access control; and lastly, inspect/log activity through data security analytics), this panel will analyse whether Zero Trust really is an option every Enterprise organisation should consider for greater security and better auditing?

Host

Speakers

Closing Remarks
20:00 PM - 20:10 PM

20:15
20:30
20:45

Closing Remarks
20:45 PM - 20:55 PM

20:50
20:55