Agenda

PrivSec Global brings together leading experts from around the globe, for a 2-day livestream experience that ensures attendees have access to the latest information, guidance and advice on data protection, privacy and security.

PrivSec Global returns on 22-23 September, and will once again deliver a carefully curated agenda that taps into the expertise of subject matter experts, industry leaders, visionaries and academics.

Session times shown below in British Summer Time (BST). All sessions will be recorded and available on-demand.

Agenda Themes at PrivSec Global:

Relationship between Innovation and Equity

Innovation can drive equity in privacy and security, but it can also contribute to inequality. So much of our technology is driven by users - we make things without knowing what they'll be used for, then let people play with them and define that for us. This has a massive impact on security, both because it means that people will effectively hack the software we make just by imagining a new use for it, and because it speeds up the technology development lifecycle.


Topics covered will include:

  • Pandemic-resulting WFH Revolution challenges
  • Facial Recognition in the 21st Century
  • Geofencing

Global Data Protection and Privacy Law Developments

The “patchwork” of privacy legislation across the U.S. continues to—slowly—stitch itself together; but it’s not just the U.S. where privacy law is advancing—there are important ongoing developments in many regions throughout 2021, including Canada, South Africa, and China.
Topics covered will include:

  • USA and a Federal Data Privacy Law
  • South Africa and POPIA enforcement
  • China’s Personal Information Protection Law (PIPL)

Emerging Challenges in Cybersecurity

The Solarwinds hack was among the most significant cyber incidents of all time—and the full impact remains unknown; are governments taking cybercrime threats sufficiently seriously, and what’s at stake when extortionists and state actors can shut down critical infrastructure and spy on government agencies?
Topics covered will include:

  • Emerging consequences of the Solarwinds attack
  • Biden’s executive order and third-party risk management
  • Threat detection and data breach notification thresholds

Digital Advertising

In recent years, online advertising has grown into a multi-billion dollar industry affecting every internet user. The targeted advertising market is worth billions—but it relies on collecting the personal data of millions of people, often without their consent; will consumer privacy benefit from the shift from targeting based on “first-party” data, and how can companies whose revenues depend on third-party data survive?
Topics covered will include:

  • Browser-level cookie opt-outs and “cookie paywalls” under the ePrivacy Regulation
  • Death of third-party cookies and digital advertising
  • Ensure compliance when collecting first-party data

AI Regulation

The proposed AI Regulation is a vast and ambitious law that attempts to both facilitate the use of AI across Europe and protect Europeans from its more harmful effects.  Perhaps unsurprisingly, the proposal has been criticised both by those who argue it will stifle innovation—and by those who say it does not go far enough. Topics covered will include:

  • EU AI regulation and business
  • Stifling innovation or not going far enough?
  • Privacy risks in biometric identification

International Data Flows

Businesses seeking to transfer personal data out of the EU continue to face a lot of uncertainty.  But is there any feasible solution available for an individual company—or is waiting in hope for a binding international privacy framework the only way forward?
Topics covered will include:

  • Key cases and decisions since Schrems II
  • “Onward transfers” from adequate countries
  • Recently published SCCs

Environmental, Social and Corporate Governance (ESG)

Data and technology play an increasingly critical role in government, society, and the environment. According to AlphaSense, “More than 1 in 4 dollars (or) of global AUM (Assets Under Management) is now managed under an ESG investment strategy.  This focus on ESG includes corporations being held accountable for how they handle sensitive consumer data, specifically around their Data Privacy and Protection policies.”
Topics covered will include:

  • Company’s sustainable data use
  • Integrating privacy goals into business activities
  • ESG policy and Third Party Risk Management

Ethics and Consent

From behavioural advertising to AI decision-making—privacy professionals grapple with some of the most important ethical questions of our age. Topics covered will include:

  • Marketing and ethical use of data
  • Ethical AI
  • Consent and GDPR

Stream 1

8:00 am

Europe’s Gamble on AI Regulations and what this means for Business

The proposed AI Regulation is a vast and ambitious law that attempts to both facilitate the use of AI across Europe and protect Europeans from its more harmful effects.  This panel will explore what these new regulations will mean for business, and what effects Europe's gamble to regulate will have.

Speakers include:

Host: Robert Bateman, Analyst and Research Director, GRC World Forums

Cristiana Deca, Data protection specialist & founder, Decalex Digital

Sandy Tsakiridi, Group Senior Legal Counsel, HSBC

Find out more ->

9:00 am

Ethics and Consent: Marketing and an Ethical Use of Data

CMOs need to think seriously about how and why they use data.  But, while they harness the power of data, they must do so ethically - taking care of human values at the same time. This panel will explore how companies are embracing new technologies to utilise data as part of their strategy, whilst ensuring consumers trust their brand.

Speakers Include:

Host: Vickie Guilloit, Partner, Privacy Culture

Jennifer Riggins, Tech Marketing Consultant, Tech Storyteller, SEO Copywriter & eBranding Ninja, Freelance Marketing and Creative Services

Steve Bond, Information Rights Manager, The Open University

Akira Matsuda, Partner, Head of TMT/Data Protection Practice, Iwata Godo Law office

Gabriel Avigdor, Co-founder, Partner, Datalex, Swiss qualified lawyer CIPP/E certified (GDPR)

Find out more ->

10:00 am

Global Data Protection and Privacy Law Developments: UAE: How Data Protection Measures are Evolving and What the Future Holds (Sponsored by Exterro)

The UAE does not have a full federal data protection and privacy law, nor does it have a regulatory authority. But, matters are evolving and this panel will explore what the future might herald for regulations in the United Arab Emirates.

Speakers Include:

Host: Antonis Patrikios, Partner, Dentons

Lori Baker, VP, Legal & Director of Data Protection, DIFC

Ben Gibson, Legal Director, CMS

Nick Roudev, Managing Associate, Simmons & Simmons

Find out more ->

11:00 am

Privacy Culture Panel: Embedding a Culture of Privacy (Sponsored by Privacy Culture)

The world’s first academia and industry-led research that has been conducted to map employee privacy culture attitudes and behaviours across the spectrum of privacy domains and controls. An authoritative 24-page, 2021 Report highlights some of the key challenges facing DPOs/CPOs when it comes to embedding a culture of privacy across their organisation, some of these unique insights include:
- Nearly a third of employees are not confident that Data is deleted or anonymised once it has been used for its original purpose.
- One fifth of employees do not believe their organisation is open and transparent about how it uses the personal data of its stakeholders.
- 1 in 4 employees do not know the difference between Personal Data and Sensitive Personal Data.


For those of you familiar with our Global Privacy Maturity Framework, our survey tool, Culture Horizon, utilises the same 12 domains–or global privacy principles (i.e. NIST, CCPA, GDPR, OECD) – to measure the cultures of privacy. With over 3,000 anonymous participants from over 52 countries and across the whole gamut of sectors, roles, and functions, this truly is the first and the most thorough snapshot of privacy culture to date.


Today, we have invited the survey respondents to answer some questions about the survey results and obtain their unique and unparalleled experience on the topic of embedding a culture of privacy.

Speakers Include:

Host: Steve Wright, Partner, Privacy Culture

Vickie Guilloit, Partner, Privacy Culture

Emma Martins, Data Protection Commissioner, Bailiwick of Guernsey

Vivienne Artz OBE, Chief Privacy Officer, LSEG

Antonis Patrikios, Partner, Dentons

Find out more ->

12:00 pm

Relationship between Innovation and Equity: Facial Recognition

Facial recognition divides opinion as much as any other innovative technology. But, however disruptive, facial recognition technologies power a wave of innovative tools and business applications. This panel will explore the pluses and the minuses, and what the future holds for this technology and its relationship with human beings.

Speakers Include:

Host: Robert Bateman, Analyst and Research Director, GRC World Forums

Debbie Reynolds, "The Data Diva", Debbie Reynolds Consulting, LLC

Melinda L. McLellan, Partner, BakerHosteler

Find out more ->

1:00 pm

Ethics and Consent: Mirror, Mirror, Consent Is the Fairest Lawful Basis of Them All (Sponsored by Egress)

Some say it is ‘meaningless’, when it is ‘meaning-full’. Some say it is ‘just one of the lawful bases’ and that it is
difficult to do, when, in fact, it is easy to do. Some say that it is ‘worthless’, and that, in particular, it cannot be used when people are faced with an imbalance of power, when in fact Consent is a power-provider, empowering customers, patients, employees, and, also, organisations... and it is the most likely lawful basis to gain you customer, patient and employee Trust, and therefore loyalty, and, therefore, increased business and opportunities.

Attend this session and find out why Consent, in complexion, simplicity and empowerment, really is the Fairest Lawful Basis of Them All.

Speakers Include:

Host: Thomas Besore, Attorney/Owner, Thomas G Besore, Attorney at Law

Judith Ratcliffe, Manager EY Cyber Security – Privacy and Trusted Technology, EY

Ashley Goren-Gibson, Goren-Gibson Consulting

Find out more ->

2:00 pm

A Fireside Chat with Ioannis Kouvakas, Legal Officer, Privacy International

Ioannis oversees PI's legal coordination and leads our work against system exploitation, government hacking and corporate social media intelligence. He is also responsible for some of our litigation and interventions before UK courts and the European Court of Human Rights, as well as the European Commission and data protection and competition authorities. This fireside chat will discuss PI's work to curb Clearview AI's facial recognition policies, as well as other works.

Host: Robert Bateman, Analyst and Research Director, GRC World Forums


Find out more ->

3:00 pm

International Data Flows: Key Cases and Decisions since Schrems II and what have we learnt? (Sponsored by OneTrust)

In its July 2020 Schrems II judgment, the Court of Justice of the European Union (CJEU) declared the European Commission’s Privacy Shield Decision invalid on account of invasive US surveillance programs, thereby making transfers of personal data on the basis of the Privacy Shield Decision illegal. This panel will explore the key cases and decisions since the ruling, what have we learnt, and forecast a future under the new SCCs.

Speakers Include:

Host: Shannon T. Mercer, Senior Associate, WilmerHale

Sam Smith, Head of Data Compliance & Data Protection Officer, Merlin Entertainments

Marta Dunphy-Moriel, Founder, Dunphy-Moriel Legal Services LTD

Alexis Kateifides, FIP, CIPP/E, CIPM, Lead Privacy Counsel, OneTrust

Find out more ->

4:00 pm

Speaking Different Languages: What Data Protection & Privacy and Security departments have to learn about each other (Sponsored by Wired Relations)

Whether it be the coalescing of both security and privacy in the CISO office, or questions about where a Privacy Office fits and whether it incorporates Risk, Legal, Compliance and Engineering, there are so many things that Data Protection/Privacy and Security offices can learn from each other as they look to come out of their silos and work together more closely to support their organisations. This panel will bring together key thought leaders to explore how these two departments can communicate on their internal and external quandaries and best work as one.

Speakers Include:

Host: Jake Bernstein, CISSP, Partner, K&L Gates LLP, Cybersecurity and Privacy

Sally Barnard, Project Manager, Goldman Sachs

Daniel Ayala, Managing Partner, Secrati

Find out more ->

5:00 pm

Covid-19 Vaccine Take Up, Tracking and Passes: What Does the New Normal Truly Look like?

The implementation of the Covid-19 global vaccine campaign was never going to be simple and straight-forward.  What of those who cannot have the vaccine or refuse?  How is this to be tracked or categorised? What do vaccine passes truly mean to the new normal our world is striving to obtain. Are passes an invasion of your Data Protection and Privacy? Are they a cybersecurity concern? Do they inhibit freedom in its real sense? This panel will explore one of the most important topics being debated today - how do we get more people vaccinated?; how do we track and trace more effectively in the future to live with this virus, and how do we have more freedom with passes or passports in the future?

Speakers Include:

Host: Albert Fox Cahn, Esq., Executive Director, S.T.O.P. Surveillance Technology Oversight Project

Orsolya Reich PhD, Senior Advocacy Officer, Civil Liberties union for Europe

Max Hadler, COVID-19 Senior Policy Expert, Physicians for Human Rights

Sheila Sokolowski, Chair, Health and Biotech Privacy Group, Hintze Law LLC

Find out more ->

6:00 pm

Ransomware Hacks: Are You and Your Vendors Vulnerable? (Sponsored by OneTrust)

In recent months, supply chain attacks have made headlines and wreaked havoc across businesses. These attacks, which often use ransomware, can impact thousands of organizations by targeting a single company. In a recent case, an IT Management Software company suffered a ransomware attack which impacted as many as 1,500 small businesses that rely on the company’s software. In another case, thousands of oil-reliant companies were disrupted as a ransomware attack shut down the fuel supply for a major US pipeline. So, what does this mean for your security program? What are the implications on the security industry as a whole? And more specifically, how does the rise of ransomware impact your vendor risk management strategy?

Join our session as we breakdown the impact a ransomware hack can have, explore its impact on modern cybersecurity, and outline how businesses can protect themselves and their vendors from falling victim to large-scale attacks in the future.

Speakers Include:

Jaymin Desai, CIPP/E, CIPM, Third-Party Risk Offering Manager, OneTrust

Find out more ->

7:00 pm

Relationship between Innovation and Equity: Remote Work and the Digital Revolution (Sponsored by Wired Relations)

The global pandemic changed everything, from our health and well-being to ways in which we communicate. It led to millions remote working amid huge swathes of digital transformation projects that needed to be accelerated to support this radical change in business environment. This panel will explore some of the innovations around working from home and the digital revolution to see if this has increased equity, and gauge the future as we hope for a period of normality in 2022 and beyond.

Speakers Include:

Host: Nirvana Farhadi, Business Development Advisory Board Member, FS RegTech, Grant Thornton UK LLP

Tanya Richardson, Senior Counsel, Privacy & Cybersecurity, Uber

Rebecca Zucker, Founding Partner at Next Step Partners

Monica Stancu, Diversity, Inclusion and Wellbeing Manager, Lloyd’s

Find out more ->

8:00 pm

Artificial Intelligence/Machine Learning: How Can AI lead to a New Revolution in Cybersecurity (Sponsored by Egress)

Artificial Intelligence and Machine Learning have radically affected the ways in which we work; within cybersecurity this is fascinating, as it will affect the ways in which cybercriminals operate as much as how security teams can evolve. This panel will explore how such areas as ransomware and phishing will become more sophisticated, but also how security teams can utilise AI and ML to stay one step ahead.

Speakers Included:

Host: Tina Gravel, Senior Vice President Global Channels and Alliances, Appgate

Marcos Sêmola, Partner, EY

Justin S. Daniels, Esq., Shareholder, Baker Donelson Bearman Caldwell & Berkowitz, P.C.

Pat McCarthy, AI Security and Privacy Protection Advisor, Huawei Cyber Security Transparency Centre

Sudeep Venkatesh, Chief Customer Officer, Egress

Find out more ->

Stream 2

8:00 am

Digital Advertising: Death of Third Party Cookies and the Future of Digital Advertising

With the death of third-party cookies at our doorstep, what does this mean for the future of Digital Advertising? This panel will discuss the forthcoming changes, and whether this will bring about more creativity for advertisers and marketeers, or lead to greater challenges?

Speakers Included:

Host: Chad Wollen, Founder, Privacy Experience Agency

Samuel Plantie, Privacy and Compliance Counsel, Outbrain

Claudia Prettner, Legal/Policy Adviser on Technology, Data Protection and Human Rights, Big Data, Artificial Intelligence & Human Rights - Amnesty Tech

Find out more ->

9:00 am

Navigating Complex Employee DSARs (Sponsored by Exterro)

Responding effectively to data subject access requests (DSARs) can be challenging. Complex requests, especially from current or former employees, often require handling a wide range of data (often sensitive) across the enterprise.

Whether it’s wading through the review process of thousands of emails, baring the cost of external counsel, or working with IT to ensure you have all the personal data you need from various (tricky to collect / legacy / remote) data sources, employee DSARs can soon become an extremely challenging exercise to fulfil.

Join our expert panel to discuss key considerations when responding to employee DSARs and how technology can help fulfil complex requests.

Speakers Include:

Host: Steve Wright, Partner, Privacy Culture

Noemi Alonso Calvo, Senior Director, Privacy Counsel, bluebirdBio, GmbH

Bradley Tosso, Assistant Information Commissioner, Gibraltar Regulatory Authority

Filipe Lousa, ECPC-B, Director of Privacy and Compliance, Globalization Partners                       

Find out more ->

10:00 am

Emerging Challenges in Cybersecurity: Lessons Learned and Actionable Steps to Protect Your Organization (Sponsored by Egress)

SolarWinds had many high-profile clients, deeply affected by the hack; this has been followed by other hacks in 2021 such as the Colonial Pipeline, Microsoft Exchange server, Facebook, Air India and more. This panel will discuss the most important lessons that have been learned and what the vital steps are that organizations can take to protect themselves.

Speakers Include:

Host: Patrick D. McNally, Esq., Litigator, Former Senior Government Advisor and National Technology and Data Manager for Voter Protection, Beckage

Adi Chordia, Group IT Compliance leader (Group IT Validation and Compliance Manager), AmerisourceBergen (Alliance Healthcare)

Laura Juanes, Chief Privacy and Compliance Officer, Constella Intelligence

Find out more ->

11:00 am

Global Data Protection and Privacy Law Developments: What Lessons Have Enterprise Organisations Learned from the First Three Years of The GDPR (Sponsored by OneTrust)

GDPR fines have been increasing over the last 18 months, and it is proving to be a complex environment for the regulators and the regulated. But GDPR has not led to seismic changes (the possibility of entirely new operating models, for example), but has had a major effect on the ways organizations collect and use data. This panel will discuss the last few years and look ahead to gauge what we have learned and how things will and should change.

Speakers Include:

Andreea Lisievici, Head of Data Protection Compliance, Volvo Car Corporation

Claude-Etienne Armingaud, CIPP/E, Partner & Practice Group Coordinator - Technology, Sourcing and Privacy, K&L Gates

Beatriz Ruiz-Beato, EMEA Data Protection Officer, NEC Europe Ltd

Ian Evans, Managing Director, EMEA, OneTrust

Find out more ->

12:00 pm

DSARs Do Your Customers Trust You With Their Data? (Sponsored by PKWARE)

Gartner predicts that 65% of the world's population will have its personal data covered by modern privacy regulations by 2023 (up significantly from 10% in 2020). As part of this evolution, data subject access requests (DSARs) are quickly moving up the privacy management agenda. This panel will discuss their importance, the operational burden, the timeframes and solutions.

Speakers Include:

Host: Vickie Guilloit, Partner, Privacy Culture

Fay Godfree, Legal Counsel & Senior Data Protection Manager, Nuffield Health

David Cauchi, Group Head of Privacy, LeoVegas Group

Ali Kazmi, Senior Solutions Engineer, PKWARE

Find out more ->

1:00 pm

Practical Ways to Operationalize Schrems II & International Data Transfers (Sponsored by OneTrust)

The past 18 months have seen an increased focus on the regulation of international data transfers with the CJEU’s Schrems II decision driving updates from both the EDPB and European Commission. These updates have left many organizations wondering what they need to do to comply, how to operationally execute, and when they need to start abiding by the new guidance and contractual clauses. Join this session to learn how best practices and technology can help your organization abide by these updates and, most importantly, scale your data transfer analysis across large volumes of transfers and third-parties.

Speakers Include:

Chris Paterson, CIPP/E, CIPM, Privacy Solutions Engineer, OneTrust

Find out more ->

1:30 pm

Exposed: Keeping Your Organization’s Sensitive Data Safe from Careless End Users (Sponsored by PKWARE)

While data security is at the forefront for many IT and security teams, for most employees, security is an afterthought. They just want to be able to access the data they need when and where they need it so they can do their jobs. And if security practices feel too cumbersome or complicated, they’ll find workarounds—or worse, skip security altogether. This creates dangerous vulnerabilities, especially in today’s hybrid office/remote environment. Organizations must find the critical balance between data security and usability so end users don’t bypass important practices wherever they are in order to get work done.

During this session, Arif Khan from PKWARE discusses the challenges of data security versus usability and how organizations can find the right balance. Attendees will walk away with tips on how to:

•        Capitalize on employee willingness to participate in security for more informed decision-making in data security practices

•        Put controlled security power in the hands of employees through a mix of automation and manual classification practices

•        Regularly and accurately detect and protect information on endpoint devices such as laptops and mobile

Speakers Include:

Arif Khan, VP, Solution Engineer, PKWARE

Find out more ->

2:00 pm

Data Retention: To Protect Data, Don’t Do Everything in the Cloud (Sponsored by Exterro)

As data increases for the majority of companies, there are a great deal more challenges. Question marks remain around cloud storage and data retention. This panel will discuss cloud strategy to determine whether this should be the majority part when it comes to retention and protection or whether there should be other actions taken?

Speakers Include:

Host: Steve Wright, Partner, Privacy Culture

Alexis Perdereaux-Weekes, CISA, CISM, CRISC, Msc, Associate Research Fellow, Americas Institute for Cybersecurity Leadership

Randolph A. Kahn, Esq., Founder and President, Kahn Consulting, Inc.

Find out more ->

3:00 pm

Global Data Protection and Privacy Law Developments: A Global Overview of the Data Protection and Privacy Law Sector (Sponsored by Wired Relations)

This panel will bring together experts on global data protection and privacy law developments to discuss the international outlook, exploring what changes are to be expected, which countries will be next to bring through laws and which won't.

The session will also look at global views on compliance, and how enterprises can facilitate data, differing geographical regulations, and privacy program management from a global perspective!  A truly global panel on a global topic!

Speakers Include:

Host: Jacob Høedt Larsen, Partner, Wired Relations

Petruta Privan, Independent Data Protection Consultant, Purpose and Means

Amie Stepanovich, Executive Director, Silicon Flatirons Center for Law, Technology, and Entrepreneurship at Colorado Law

Find out more ->

4:00 pm

Insider/Internal Threats: Why Boards Should Never Take This for Granted (Sponsored by Wired Relations)

From employees accidentally clicking on malicious links, to sabotage, theft of data and unauthorised access, companies have plenty of potential insider cybersecurity threats to consider. This panel will look at some of the most common internal threats, why this should never be taken for granted, and what is needed to ensure your practices are safe and effective.

Speakers Include:

Jacob Høedt Larsen, Head of Communications, Wired Relations

Yanya Viskovich, Chair, Cybersecurity Risk & Governance Working Group at Swiss Cyber Forum

Ira Goel


Find out more ->

5:00 pm

International Data Flows: The Future Under the New SCCs

In June, the European Commission finalised the modern SCCs in a bid to restore normal EU-US data transfer agreements. This panel will discuss the first few months since the adoption and what the initial viewpoints are.

Speakers Include:

Host: Steve Wright, Partner, Privacy Culture

Dr. Nathalie Moreno, Partner, Addleshaw Goddard

Antonis Patrikios, Partner, Privacy & Cybersecurity, Dentons  

Emma Erskine-Fox, Associate, TLT LLP

Find out more ->

6:00 pm

Global Data Protection and Privacy Law Developments USA: Will Next Year see a Federal Privacy Law Under the Biden Administration? (Sponsored by PKWARE)

Many more states within the US are leading the legislative charge to follow California, Colorado and Virginia to pass Privacy Acts into law. From New York and Massachusetts to North Carolina and Ohio, moves are afoot. This panel will discuss these moves but also explore whether 2022 could be the year when we finally see a Federal Privacy Law in the USA under the Biden administration.

Speakers Include:

Host: Alexander McD White, Privacy Commissioner, Bermuda

Julia Durbin, Assistant General Counsel, Dun and Bradstreet

Kirk J. Nahra, Partner, Co-Chair Global Cybersecurity and Privacy Practice, WilmerHale

Jake Bernstein, CISSP, Partner, K&L Gates LLP, Cybersecurity and Privacy

Find out more ->

7:00 pm

Conquering a CPRA Data Retention Strategy in 60 Days (Sponsored by Exterro)

The California Privacy Rights Act (CPRA)  comes into effect on January 1, 2023. Among its new requirements is a new data retention provision. Personal and sensitive information must be disposed of when its purpose has been fulfilled, and the organization must disclose the retention policy at the time of collection.  And the data retention policies apply to data collected on or after January 1, 2022.  Under CPRA, companies can no longer simply hold on to individuals’ personal data forever, they must have robust data retention and disposal practices.

Every organization has data retention policies, but very few actually operationalize them. CPRA shines a light on these practices, and holds organizations accountable for them. The regulation also establishes a new enforcement agency, which indicates increasingly vigorous enforcement as CPRA goes into effect. Data breach risks are also heightened, as litigators can easily show negligence when data has been kept beyond its retention period.

Speakers Include:

Host: Rebecca Perry, Director of Strategic Partnerships - Exterro

Chris Costello, Senior E-Discovery Attorney, Winston and Strawn LLC

Eric Shinabarger, Associate Attorney, Winston and Strawn LLC

Find out more ->

8:00 pm

Ransomware is not out of control, it is everything from cryptocurrencies to users

This panel will explore a controversial topic: what is more out of control at the moment, ransomware attacks or our susceptibility due to outside forces such as cryptocurrencies and the very users/staff of our companies?

Speakers Included:

Host: Annick O'Brien, CCO, CybSafe

Dominic Vogel, Founder & Chief Strategist, CyberSC

Joel Schwarz, Director, MBL Technologies and Adjunct Law Professor; Ex-Federal Cyber Prosecutor

Chris Painter, Ex-US Prosecutor/ex-White House, Cybersecurity Expert

Dr. Richard Forno, Principal Lecturer, CSEEDirector, Graduate Cybersecurity ProgramAssistant Director, UMBC Center for Cybersecurity

Find out more ->

Stream 1

8:00 am

Covid-19 Vaccines, Data Protection and the Great HR Debate

The roll out of the Covid-19 vaccine has employers thinking - will they obtain, and how might they manage data on employee's covid-19 vaccination status?  And if they are collecting this, how will this affect the company's thinking on a return to the office strategy?  This panel will discuss what could be seen as an HR minefield, the Data Protection & Privacy challenges, what would nbeed to be done from a security perspective to ensure this data was safe, as everyone seeks to return to some level of post-virus new normality.

Speakers Include:

Host: Marta Dunphy-Moriel, Founder, Dunphy-Moriel Legal Services LTD

Panellists: Dr. Volker Wodianka, LL.M. (IT&T), CEO, Wodianka privacy legal GmbH

Scott Gallant, CIPE/M, Owner/Principal, Keyed Systems

Lisa Bryson, Partner, Employment & Immigration, Eversheds Sutherland

Natalie James, Partner, Deloitte Australia – Risk Advisory | Workplace Integrity

9:00 am

The Role of Privacy in ESG (Sponsored by OneTrust)

With more focus on ethical data use, more companies are assessing their approach to environment, social and governance (ESG) criteria. Investors are looking beyond financial indicators to assess long-term value. Employees, consumers, and clients are also important stakeholders are demanding accountability when it comes to handling sensitive data and protecting information. In this session, we’ll explore how privacy fits into an ESG strategy to ensure sustainable data use, privacy as part of business practices, and what impact this has on third-party risk management.

Speakers Include:

Marleen Oberheide, CIPP/E, ESG Solutions Engineer, OneTrust

9:30 am

Spotting the signs of insider risk – and stopping a security incident before it happens (Sponsored by Egress)

When it comes to cybersecurity and the risks that go alongside it, we know that people aren’t perfect – they get hacked, they make mistakes, and they also break the rules. And as employees continue to enjoy the flexibility of remote work, these human-activated risks to email security are surging as at-home employees continue to blur the lines between work and home life.

Legacy technologies cannot keep pace, relying on static policies that frustrate and, ultimately, fail to solve the problem, leaving organisations vulnerable to both inbound and outbound data breaches and attacks.

In this session, Fahim will talk through how you can quickly spot the signs of insider risk and showcase how organisations are now applying latest disruptive technologies to the human layer in order to stop potentially costly security incidents before they can even happen.

Speakers Include:

Fahim Afghan, Senior Product Marketing Manager, Egress Software Technologies

10:00 am

Data Breaches: The Brand Battle for CMOs After Your Data is Breached (Sponsored by Wired Relations)

Fresh cyber attacks and data breaches across Volkswagen, Audi, McDonalds and Electronic Arts highlight the growing cybersecurity and data threat. So what can marketing leaders do about preventing and reacting to these crises?  This panel will discuss the evolution from breach to the steps that need to be taken to best protect their brand.

Speakers Included:

Host: Stewart Room, Partner, Global Head of Data Protection & Cyber Security, DWF Law LLP

Jacob Høedt Larsen, Partner, Wired Relations

Emma Martins, Data Protection Commissioner, Bailiwick of Guernsey

11:00 am

Global Data Protection and Privacy Law Developments: POPIA; The First Three Months (Sponsored by Exterro)

South Africa’s Protection of Personal Information Act (POPIA) came into enforcement from 1st July 2021.  This panel will discuss the first few months of enforcement from both a regulator and private sector persective - assessing any triggers, exploring the history of what regulators look for, and what the implications are for South Africa.  Leading experts will forecast whether the regulators will be strict or reasonable now the law has come into enforcement, and debate the challenges ahead.

Speakers Included:

Host: Robert Bateman, Analyst and Research Director, GRC World Forums

Sizwe Snail Ka Mtuze (Professor), Part-Time Member, Information Regulator South Africa

Collen Weapond (Advocate), Full-Time Member, Information Regulator South Africa

12:00 pm

Artificial Intelligence/Machine Learning: Regulate the Usage, Not the Technology

Many arguments that surround the regulation of AI discuss how this will stifle technology and innovation.  What is the regulations centred more around the usage of AI than of the technological advancement?  This panel will explore this question and discuss whether there is a possible balance or that it will be the technology that needs to be regulated more?

Speakers Include:

Host: Noel Isama J.D., Senior Consultant, MBL Technologies

Tina Verma, Head of Corporate Risk, Audit & Governance, Canon

Rubén Cano Pérez, Intellectual Property - Information Technology & Communications Associate, Baker McKenzie

12:45 pm

UK Data Protection Index Panel (Sponsored by The DPO Centre)

The UK Data Protection Index is produced by Data Protection World Forum and The DPO Centre. Each quarter the Index provides a glimpse into the changing attitudes and sentiments of Data Protection Officers across the UK. The panel of over 420 DPOs are quizzed every three months on a consistent set of questions, allowing us to closely track shifting views and opinions. New questions are also added each quarter, gathering further insight into DPOs’ views on the very latest issues being faced by UK Data Protection Officers.

Speakers Included:

Host: Rob Masson, CEO, The DPO Centre

Chris Elwell Sutton, Director, Senior Privacy Counsel and DPO (Europe and APAC),CIBC

Annick O'Brien, CCO, CybSafe

Ben Seretny, DPO, The DPO Centre

Debbie Evans, Group Data Protection Officer, Rentokil Initial

1:30 pm

How easy is it to phish your business? (Sponsored by Egress)

As cybersecurity and cyberthreats become more prevalent in our personal and working lives, businesses have invested in solutions like antivirus software and endpoint protection to try and secure their employees, data and intellectual property. While these measures have been effective to some extent, we still hear about ransomware and malware attacks in the news almost every day. Do you know how secure your organization is and if you’re vulnerable to this type of attack?


Join Jack Chapman, VP of Threat Intelligence at Egress Software, as he explores how a hacker would scope out your organization as a potential target. See how a hacker thinks as we walk through each step of the kill chain.

In this session you’ll learn:

        •        How a hacker researches and decides upon target organizations and individuals

        •        The various weapons they can use to exfiltrate data and intellectual property from an organization

        •        The impacts of a successful breach on your organization

        •        What solutions exist to keep your organization secure and mitigate the risk of a phishing attack

Speakers Include:

Jack Chapman, VP of Threat Intelligence, Egress

2:00 pm

International Data Flows: EU and UK data flows: The Future of the Post-Brexit Agreement (Sponsored by OneTrust)

As detailed by The Law Society in the UK, "The outward flow of data from the UK to the EU/EEA remains unaffected since the UK government has determined that it considers all EU 27 and EEA member states to be adequate for the purposes of data protection."  This panel will discuss the future, the next steps under these adequacy decisions, and what the future holds for EU and UK data flows.

Speakers Included:

Host: Annick O'Brien, CCO, CybSafe

Laurence Lawson, Privacy Specialist, Ericsson

Jose Belo, Head of Data Privacy, Valuer.ai

Nicola Newitt, Senior Legal Advisor (Privacy), BUPA

Linda Thielová, CIPP/E, CIPP/US, CIPM, Head of Privacy CoE, DPO, OneTrust

3:00 pm

Digital Advertising: “Walled garden” approaches and implications on competition law (Sponsored by Egress)

With Google’s announcement that it will phase out third-party cookies by 2022, it’s clear that those walls, which keep so much of the data inside, are about to get even higher.  This panel will discuss the "walled garden" approaches, and whether under a cookie-less world, this will have implications on compettion law.

Speakers Include:

Host: Vickie Guilloit, Partner, Privacy Culture

Odia Kagan, Partner, Chair of GDPR Compliance and International Privacy, Fox Rothschild LLP

Joshua Koran, EVP, Data and Policy, Criteo

Tim Cowen, Chair of the Antitrust Practice, Preiskel & Co

Jodi R. Daniels, CEO and Privacy Consultant, Red Clover Associates

4:00 pm

Social Media Data Breaches: Serious or Just a "Scrape"? (Sponsored by PKWARE)

In August, Facebook suspended the accounts of NYU researchers who were investigating political ads on the social media platform.  Facebook stated that the researchers were “gathered data by creating a browser extension that was programmed to evade our detection systems and scrape data such as usernames, ads, links to user profiles”.  But the discussions and arguments around scraping does not end there, as there are endless questions on its legality, and the fact that big companies use this BUT don't want it used against them.  This panel will explore recent social media data breaches vs the legality of scraping - is this serious or not?

Speakers Include:

Host: Joel Schwarz, Director, MBL Technologies and Adjunct Law Professor; Ex-Federal Cyber Prosecutor

Victoria van Roosmalen, CIPP/E, CIPP/US, CIPP/C, CIPM, CIPT, FIP, CDPSE, CISO & DPO, Coosto

Rachel Glasser, Chief Privacy Officer, Magnite

Michael Phillips, Chief Claims Officer, Resilience Insurance

5:00 pm

Global Data Protection and Privacy Law Developments, Canada; Reforms, regional developments, and new regulations: How Canada is developing their Data Protection Laws

A huge number of firms in Canada are preparing themselves for changes to the Data Protection and Privacy Laws in Canada, but are these reforms going to happen?  This panel will look at where things stand now and explore what the future may hold?

Speakers Include:

Host: Constantine Karbaliotis, J.D., CIPP C/US/E, CIPT, CIPM, FIP, CDPSE, Counsel, nNovation LLP

Eda Uludere, Data Governance Advisor, FASKEN

Ashley Goren-Gibson, Goren-Gibson Consulting

Derek Lackey, CIPM, Managing Director, Newport Thomson

Sylvia Kingsmill, BA, LLB, Partner, Risk Consulting, National Privacy, Regulatory & Information Management (PRIM) Lead, KPMG Canada

6:00 pm

AI Regulation: Stifling Innovation or Not Going Far Enough? (Sponsored by PKWARE)

There are a number of ongoing discussions surrounding whether AI can be trustwortthy or that now is the time to harmonise AI principles, but what does regulation mean for Artificial Intelligence and Machine Learning?  This panel will explore whether AI regulations will stifle innovation and what this means for the Data Protection & Privacy, Data Security and Governance sectors, OR whether this regulation will not go far enough?

Speakers Include:

Host: Punit Bhatia, CEO, Privacy Expert and Entrepreneur

Joshua Meltzer, Senior Fellow, The Brookings Institution

Milly Doolan, Managing Director, EuroNavigator

Manisha Aurora, Sr. Legal Advisor, Privacy, Security, Technology Transactions, CIPP-US, CIPP~E, Verizon

7:00 pm

Apple's New Child Safety Features: Privacy Benefits or an Authoritarian Governments Dream Come True?

Apple will have heard multiple objections over a new technology that will search for matches of known CSAM before the image is stored onto iCloud Photos.  But there are concerns that the tech could be increased and used by authoritarian governments to snoop and monitor its own people.This panel will explore the features, analyse the tech, and discuss the possible benefits vs. the obvious potential challenges and usages.

Speakers Include:

Host: Albert Fox Cahn, Esq., Executive Director, S.T.O.P. Surveillance Technology Oversight Project

Jillian C. York, Director for International Freedom of Expression, EFF

Magdalena Avanesian, The Tech Lawyer

8:00 pm

Why Most CCPA Cases Will Fail: Five Hurdles Plaintiffs Must Clear (Sponsored by Exterro)

The California Consumer Privacy Act (CCPA) is a landmark U.S. privacy law with many laudable features. But the law’s private right of action is not among its strongest provisions. The CCPA’s private right of action only grants consumers who have suffered very specific data breaches a limited right to sue. However, this has not stopped law firms trying to force through legal challenges against businesses that have violated irrelevant parts of the CCPA.This panel will explore the debate around why these cases will fail and the hurdles that plaintifss must clear.

Speakers Include:

Host: Robert Bateman, Analyst and Research Director, GRC World Forums

Jake Bernstein, CISSP, Partner, K&L Gates LLP, Cybersecurity and Privacy

Lily Li, CIPP/US/E/M, GCFA, Founder/President of Metaverse Law Corporation

Stream 2

8:00 am

Global Data Protection and Privacy Law Developments: How Ready is China and the World for their new Data Security Law?

China's Data Security Law contains provisions that cover the usage, collection, and protection of data in the PRC. Violations will trigger penalty fines and even suspension of business and revocation of license or permits. This panel will explore this new law, an increasing likelihood of a Privacy Law, and what the future holds for China.

Speakers Include:

Host: Yasmin Hinds, Global Privacy Lead & Legal Counsel, Pontoon Solutions

Wenxun (Wendy) Pang, Data Security and Privacy Protection Expert

Rogier Creemers, Assistant Professor in the Law and Governance of China at Leiden University

Virat Patel, Managing Director, Pioneer Consulting Asia-Pacific

Find out more ->

9:00 am

Operationalising Data Retention to Reduce Data Risks (Sponsored by Exterro)

It is estimated that up to 70% of an organisation’s unstructured data is redundant, obsolete and trivial, which creates enormous risk to potential cyber threats, as well as exposure to regulations such as the GDPR for non-compliance in handling and deleting data accordingly. Data you do not have cannot be breached, it isn't discoverable in litigation or investigations, and it doesn't require any efforts to store, secure, or manage effectively.

Join our expert panel for an enlightening discussion, plus essential tips and techniques to keep your house in order. We’ll cover a recap on the Data Retention requirements in the GDPR, strategies for operationalising data retention and minimisation, and practical hints and tips from our expert panel.

Speakers Include:

Host: Jennifer Riggins, Tech Marketing Consultant, Tech Storyteller, SEO Copywriter, eBranding Ninja, Freelance Marketing and Creative Services

Noemí Alonso Calvo, Senior Director, Privacy Counsel, bluebirdBio, GmbH

Glen Hymers, Head of Data Privacy and Compliance, Data Privacy and Compliance Team, CDIO Directorate, Cabinet Office

Dominic Johnstone, Information Governance Consultant, Aston Chartwell Associates

Find out more ->

10:00 am

Sponsor Led Session

More information coming soon.

Find out more ->

10:30 am

Why Your Cloud Migration Needs De-Identification (Sponsored by PKWARE)

Cloud data storage provides organizations with affordable, easily managed options for keeping and maintaining expanding data stores as their business grows, increasing not only productivity but also resiliency, service continuity, and business agility. Data from various structured and unstructured on-premises repositories are migrated to cloud storage platforms daily. These migrations can help businesses leverage leading IaaS, disaster relief, and remote workstations.  But such large-scale movement can incur risk of exposure for sensitive data.

During this session, cloud data expert Akshay Kumar discusses how organizations can migrate data to the cloud safely. Attendees will learn more about:

•        Quickly and accurately identifying sensitive PII both on-premises and in the cloud

•        Using de-identification to anonymize PII wherever it is stored and found

•        Audit reporting on all performed actions from extraction to storage

Speakers Include:

Akshay Kumar, Product Manager, Partners, PKWARE

Find out more ->

11:00 am

Phishing The Growing Threat to your Business (Sponsored by Egress)

The remote working revolution has led to an increased threat from phishing.  It is thought that around three-quarters of all companies have suffered some sort of phishing campaign in the past year.  This panel will discuss the threat and the solutions that are out there to stay ahead of these malicious email attacks.

Speakers Include:

Host: Vickie Guilloit, Partner, Privacy Culture

Ranjeeth Bellary, Associate Partner, EY India

Sponsor Speaker: Jack Chapman, VP of Threat Intelligence, Egress

Find out more ->

12:00 pm

Ethics and Consent: How Ethical AI Can Change The World

There is a fork in the road ahead - missue of AI and data can continue, or change can be demanded and a more ethical approach to AI and ML can be our future.  Discussions around ethics simply have not kept up with the technology - this panel willl discuss the viability of more ethics in AI and what the future holds in a more principled environment.

Speakers Include:

Host: Jennifer Riggins, Tech Marketing Consultant, Tech Storyteller, SEO Copywriter, eBranding Ninja, Freelance Marketing and Creative Services

Caro Robson, Data Protection Expert, Ethical Technology & Data Governance Advocate

Sundaraparipurnan Narayanan, Researcher & Consultant – Tech Ethics, AI Tech Ethics

Find out more ->

1:00 pm

Information Commissioners Office: Design Guidance for The Children's Code

This fireside chat between Robert Bateman and the ICO explores the work they're doing on UX design guidelines and good practice for ISS, looking for ideas on how to conform with the Age Appropriate Design Code. The design work should be complete by the end of August, so this exploration is well-timed at PrivSec Global in September.

Speakers Include:

Michael Murray, Head of Department: Regulatory Strategy Service Directorate, Information Commissioners Office

Georgina Bourke, Principal Technology Advisor - UX design, ICO

Rebecca Walsh, Design Director, BIg Motive

Robert Bateman, Analyst and Research Director, GRC World Forums

Find out more ->

2:00 pm

Trust: How to Use Data While Maintaining Consumer Trust (Sponsored by PKWARE)

Companies are more and more reliant upon technology and data, but this comes at a time where consumers believe their information is less secure than ever before.  This panel will explore this issue, and what companies can do to be more transparent, build and maintain trust but still utilise data to the maximum degree possible?

Speakers Include:

Bruna Assêncio, Team Lead Legal and Compliance na Emma - The Sleep Company

Abhishek Ghosh, CEO, Praeferre

Noga Rosenthal, Chief Privacy Officer and General Counsel, Ampersand

Ali Kazmi, Senior Solutions Engineer, PKWARE

Find out more ->

3:00 pm

ESG: Make it measurable: integrating Data Protection & Privacy goals into business activities (Sponsored by Process Unity)

Companies increased focuses on ESG (it is thought more than 1 in 4 US dollars of global AUM (assets under management) is now managed under an ESG investment strategy) means they are now held more accountable for how they handle sensitive customer data, specifically around their Data Protection & Privacy policies.  This panel will discuss this integration, how the results can be markedly positive both internally and externally, and how this advances your company's business activities and ROI.

Speakers Include:

Stewart Room, Partner, Global Head of Data Protection & Cyber Security, DWF Law LLP

Lisa Beth Lentini Walker, CEO and Founder, Lumen

Shoshana Rosenberg, Founder, Safeporter

Barry Cook, Group Data Protection Officer, VFS Global

Find out more ->

4:00 pm

Global Data Protection and Privacy Law Developments, LGPD; Has Brazil’s Data Protection Law Done Enough to Date - What Does the Future Hold?

Lei Geral de Proteção de Dados (LGPD) is Brazil’s federal data privacy law that went into effect on September 18, 2020, with enforcement starting on August 1, 2021. With Brazil being a key market in Latin America for big US tech companies, it is thought that the LGPD has been a positive move forward for Brazil’s legal privacy framework. This panel will discuss this question around the positives, exploring whether LGPD has done enough to date and what the future holds?

Speakers Include:

Host - Marcelo Crespo, Partner & Founder, Peck Advogados, Privacy Rocket

Marcos Semola, Partner, EY

Igor Gutierrez, Information Security Officer & Data Protection Officer, GROB

Adriano Lima, Data Protection Officer, Pixeon

Find out more ->

5:00 pm

Harry and Meghan vs Prince Andrew: What the Royal Family get Right and Get Wrong when if comes to Privacy

Harry and Meghan have moved to LA for more Privacy?  But isn't Harry now writing his Memoirs - what is private about that?  With, Prince Andrew, what more could now happen with the Virginia Giuffre case?  But, what of the Royal Family's differing strategies when it comes to the Privacy of its members - what have they got right, and what have they got wrong?  This panel will explore these questions and determine whether real privacy is possible if you're a member or past-member of the UK royal family?

Host: Andrew Menniss, Head of Content, PrivSec Global

Dr Andrew Lownie, Biographer and literary agent, Andrew Lownie Literary Agency Ltd

Find out more ->

6:00 pm

Emerging Challenges in Cybersecurity: Implications of Biden’s executive order on supply chains and Third Party Risk Management (Sponsored by Process Unity)

As detailed by PWC, "The supply chain order, like most of the policies proposed by the new Biden administration so far, takes a whole-of-government approach—emphasizing climate change, diversity, American jobs and cybersecurity. The pandemic already laid bare many of the vulnerabilities in the supply chains of key areas like pharmaceuticals, semiconductors and the food supply. Companies should be (if they are not already) looking at this confluence of policy areas when considering solutions for their supply chain that will shore up these vulnerabilities brought about by pandemics, climate change and geopolitical pressures."  This panel will explore these questions around cybersecurity and the implications of this executive order.

Speakers Include:

Host: Nandita Rao, Privacy, DoorDash

Dominic Vogel, Founder & Chief Strategist, CyberSC

Jake Bernstein, CISSP, Partner, K&L Gates LLP, Cybersecurity and Privacy

Todd Boehler, Senior Vice President of Strategy, Process Unity

Find out more ->

7:00 pm

Setting a Solid Foundation for a Practical and Effective Data Breach Response (Sponsored by Exterro)

Today's cybersecurity landscape is increasingly complex. Data breach frequency is accelerating, and ransomware poses an ever-growing threat. An effective response to these incidents is critical to mitigating breach impact. Organizations that have implemented a systematic and orchestrated approach to their response across the entire organization will limit both the technical and reputation damage an incident can cause and improve your defensibility in subsequent litigation.

Ensuring consistency and efficiency across multiple stakeholders and seamless handoffs between departments, a well-designed and executed plan, reliable and secure communication, fully trackable and auditable activities are the pillars of a solid foundation of a practical Data Breach response. How can organizations leverage technology to build a sustainable and accountable approach to demonstrate compliance and improve defensibility?

Speakers Include:

Host: Rebecca Perry, Director of Strategic Partnerships - Exterro

Amalia Barthel, Privacy Consultant & Advisor - University of Toronto

Claudiu Popa, Security, Privacy & Cyberfraud Risk Advisor - Informatica

Jason M. Schwent, Senior Counsel - Clark Hill

Find out more ->