PrivSec New NormalW


Headline Sponsor



Our agenda

Listen to panel discussions, debates, and fireside chats
with industry experts, thought leaders and academics
on a range of topics.

Agenda timings below shown in Brasilia Standard Time (BST)




Wednesday 26th January 2022
All times shown in Brasilia Standard Time (BST)

GDPR Compliant? The Extra Steps You’ll Need to Take to Comply with Brazil’s LGPD
09:00 AM - 09:45 AM (Brasilia Time) | 12:00 PM - 12:45 PM (UK Time)

The EU’s General Data Protection Regulation (GDPR) is often cited as the world’s toughest data protection law. Many organizations have worked hard to bring themselves into GDPR compliance.

Brazil’s Lei Geral de Proteção de Dados Pessoais (LGPD) is similar to the GDPR in many ways. Both laws provide rules and principles about the processing of personal data, stipulate the information that must be provided to data subjects, and impose new requirements for data breach reporting.

But the two laws are far from identical. PrivSec Latin America will explore how the GDPR and the LGPD intersect, how they differ, and what extra steps you must take to bring your GDPR-compliant organization in line with Brazilian law.


  • Adriano Lima, DPO Exin, CISO, CISM, IT Risk Pro, DPO – Executivo de Proteção de Dados, Pixeon Medical Systems
  • Marico Cots, Partner & Attorney-at-law at GetGlobal International
  • Patricia Punder, Governance, Compliance, Data Privacy and ESG International Expert, Punder Consulting Office, Punder Advogados
  • Alex Bermudez, Diretor, Ibéria e Itália at Onetrust
  • Thais Novaes, Corporate Lawyer & DPO, BDF Nivea

How to Fight Back Against Latin America’s Cybercrime Outbreak
10:00 AM - 10:45 AM (Brasilia Time) | 13:00 PM - 13:45 pm (UK Time)

While no region is spared by cybercriminals, Latin America has been hit particularly hard by phishing, ransomware, and other cybercrimes.

Recent research from Kaspersky suggests that Brazil is the phishing capital of the world. And a CheckPoint study places Argentina and Chile among the top five countries most frequently hit by ransomware attacks.

PrivSec Latin America will assess the state of cybercrime in Latin America—and ask what governments, tech experts, consumers, and businesses can do to reduce their exposure and fight back against the region’s cybercrime outbreak.



Privacy in the Boardroom: The Metrics, KPIs and Reporting You Need (sponsored by OneTrust)
11:00 AM - 11:30 AM (Brasilia Time) | 14:00 PM - 14:30 PM (UK Time)

Stakeholder support for a privacy program is key, especially as compliance programs grow and organizations focus their attention on an increasing number of regulations and frameworks from around the world. With so much information at play in a program, how do you know what to present in the boardroom?

This session will take a look at the key metrics and deliverables, dashboards, and reports that demonstrate the functionality and success of your organization’s privacy program.


Beto Santos, Diretor, América Latina, Onetrust


Biometric Identification: Is Latin America Sleepwalking Towards Widespread Biometric Surveillance?
12:00 PM - 12:45 PM (Brasilia Time) | 15:00 PM - 15:45 PM (UK Time)

With the rollout of digital identity schemes across Latin America, many of the region’s countries are adopting biometric identification schemes to authorize payments and access public services.

Police forces in countries such as Brazil and Uruguay are also implementing facial recognition systems to assist law enforcement efforts—allegedly without the knowledge or consent of populations.

Is Latin America becoming a region where submitting to biometric identification is unavoidable? PrivSec Latin America will examine the legal, ethical, and technical dimensions of this controversial method of identifying and surveilling individuals.



Habeas Data: The Developing Latin American Privacy, Data Protection, and Security Landscape
13:00 PM - 13:45 PM (Brasilia Time) | 16:00 PM - 16:45 PM (UK Time)

While Brazil’s LGPD arguably represents a “high water mark” for data protection law in Latin America, it is by no means the region’s only privacy and security-focused legislation.

For decades, the legal doctrine of habeas data has given rise to a vibrant and progressing legal landscape for information laws across Latin America. Respected data protection and security regimes exist or are in development in countries such as Peru, Mexico, Uruguay, and Argentina.

PrivSec Latin America will explore the regulatory landscape across the Latin American region—considering where the strongest data protection, privacy, and security laws exist; where such laws are in development; and which countries are lagging behind in terms of legal reforms.




How US Companies Should Approach Latin American Privacy Compliance
14:00 PM - 14:45 PM (Brasilia Time) | 17:00 PM - 17:45 PM (UK Time)

With US privacy law remaining patchy and comparitively liberal, US companies hoping to thrive in Latin America must develop their privacy compliance programs beyond what is required in the States.

The comprehensive data protection laws that are springing up across Latin America require a principles-led approach to compliance and careful attention to regional differences.

PrivSec LatAm will bring together experienced privacy professionals to explore how US companies should approach privacy compliance in Latin America.


  • Joel Schwarz, JD, CIPP, CDPSE, Director & Data Protection and Privacy Capability Lead at MBL Technologies Inc., Adjunct Professor of Law, Albany Law School


  • Lily Li, CIPP/US/E/M, GCFA, Founder/President of Metaverse Law Corporation, Metaverse Law Corporation
  • Isabel Davara, CIPP-E-US-CIPM-FIP, Propietario at DAVARA ABOGADOS

Automate your Privacy Program with Data Discovery (sponsored by OneTrust)
15:00 PM - 15:30 PM (Brasilia Time) | 18:00 PM - 18:30 PM (UK Time)

Privacy laws, such as the LGPD, have changed the way organizations must respond to data subject requests and consumer rights. These laws, spurred on by the recurrent rise in data breaches and an ever-increasing use of personal data by companies, have created many challenges for organizations responding to requests for privacy rights. As a result, organizations need an efficient way to find out what data they have about these individuals in their IT environment and retrieve it to fulfill those requests and comply.

In this session, we’ll take a look at:

The best ways for companies to find, manage, query, and action data

How organizations can plan for compliance with intelligent discovery tools, purpose built with regulatory guidance

Walk through every day use cases to help organizations use integrated data discovery technology to run scans, gain predictive insights, automate manual tasks, and streamline data processes



Privacy as a Fundamental Right in Brazil: What Are the Implications?
16:00 PM - 16:45 PM (Brasilia Time) | 19:00 PM - 19:45 PM (UK Time)

The Brazilian Senate has passed a proposal for an amendment to the Constitution which includes personal data protection to the list of citizen fundamental rights and guarantees.

What are the implications of the consistutional protection of privacy in Brazil? Will the amendment protect Brazilians' privacy against government intrusion—or will the change affect the private sector, too?

PrivSec LatAm will explore the impact of privacy as a fundamental right for all Brazilians.


  • Adriano Lima, DPO Exin, CISO, CISM, IT Risk Pro, DPO – Executivo de Proteção de Dados, Pixeon Medical Systems



Cross-Border Data Transfers in Latin America
17:00 PM - 17:45 PM (Brasilia Time) | 20:00 PM - 20:45 PM (UK Time)

Transferring personal information across borders is among the biggest compliance challenges for privacy professionals.

For example, the EU’s notoriously complex rules on international data transfers have led some to conclude that it’s better to simply keep data in the jurisdiction it was collected. And businesses operating across Latin America face significant data transfers challenges, too.

But the nature of the regional economy means some personal information will always need to flow across borders.

PrivSec Latin America will consider how businesses can meet the challenge of transferring personal information between Latin American countries—and outside of Latin America altogether—with a particular focus on Brazil’s LGPD.


  • Cristiana Maia, DPO Exin, CISO Exin, CEC, CIICC, ISMF, ISMP, PDPP, PDPF, PDPE, ISO27001IA, PCI/DSS, ITIL, Data Privacy and Cybersecurity Consultancy, Compliance, Data Privacy & Protection Lawyer



Closing Remarks
18:00 PM - 18:30 PM (Brasilia Time) | 21:00 PM - 21:30 PM (UK Time)