Privacy Law: Developments, Planning, and Litigation
Why Attend?
The world has changed greatly since privacy was simply a "right to be left alone." Information is now typically created, stored, and moved electronically, US-based companies have international customers, and multi-national firms have employees in different jurisdictions. As a result, attorneys for modern companies now face a growing list of vexing privacy issues:
• How should clients operate in an environment with conflicting rules?
• What are the risks of non-compliance?
• What steps should clients take to monitor properly their service providers?
• Can clients comply with litigation discovery orders without running afoul of
European privacy laws?
• What best practices apply to internal investigations and responses to
government requests for personal information, when the relevant information
may be located outside the US?
To address these cutting edge issues, ALI-ABA has convened a faculty of experts in the field to help you understand current challenges as well as potential future hurdles.
This course provides more than 12 hours of instruction for lawyers and other professionals who have some familiarity with privacy issues and who recognize that confusing, often conflicting, laws increasingly affect client business. Time is reserved throughout the program to address registrants’ questions.
Planning Chairs
(also on Faculty)
Fred H. Cate, Distinguished Professor and Director, Center for Applied Cybersecurity Research, Indiana University School of Law, Bloomington
Carol DiBattiste, General Counsel and Chief Privacy Officer, ChoicePoint, Alpharetta, Georgia
Chris Jay Hoofnagle, Senior Staff Attorney, Samuelson Law, Technology and Public Policy Clinic and Senior Fellow, Berkeley Center for Law and Technology, University of California, Berkeley, School of Law - Boalt Hall
Peter F. McLaughlin, Foley & Lardner LLP, Palo Alto, California
Vincent I. Polley, KnowConnect, Inc., Bloomfield Hills, Michigan
Andrew B. Serwin, Foley & Lardner LLP, San Diego
Faculty
Julie Brill, Director, Public Protection Division, Office of the Attorney General, Montpelier, Vermont
Stanley W. Crosley, Chief Privacy Officer and Associate General Counsel, Eli Lilly and Company, Indianapolis
H. Bryan Cunningham, Morgan & Cunningham LLC, Greenwood Village, Colorado
Margaret P. Eisenhauer, Founder, Privacy and Information Management Services-Margaret P. Eisenhauer PC, Atlanta
Benjamin S. Hayes, Data Privacy Compliance Lead, Americas, Accenture LLP, Reston, Virginia
Kristopher Keys, Manager, Employee Relations, Exelon Nuclear, Kennett Square, Pennsylvania
Peter Lefkowitz, Vice President - Legal, Oracle Corporation, Burlington, Massachusetts
Lawrence A. Ponemon, Ph.D., Founder and Chairman, Ponemon Institute, LLC, Traverse City, Michigan
Marc Rotenberg, Executive Director, Electronic Privacy Information Center, Washington, D.C.
Robert L. Rothman, Chief Privacy Officer, General Motors Corporation, Detroit
Lisa J. Sotto, Hunton & Williams LLP, New York
Peter P. Swire, C. William O'Neill Professor in Law and Judicial Administration, Ohio State University, Michael E. Moritz College of Law, Columbus
Helen Torelli, Chief Privacy Officer, Johnson & Johnson, New Brunswick, New Jersey (invited)
Joel Winston, Associate Director, Division of Privacy and Identity Protection, Federal Trade Commission, Washington, D.C.
Miriam Wugmeister, Morrison & Foerster LLP, New York
Program Schedule
THURSDAY, MARCH 13, 2008
7:30 a.m. Registration and Continental Breakfast
Webcast Segment A
DATA INCIDENTS AND LITIGATION
8:30 a.m. Introductory Remarks and Course Overview
8:45 a.m. Recent Developments and Hot Issues - Faculty Panel
9:30 a.m. Data Breaches and Crisis Management: Initial Responses -- Moderators: Ms. DiBattiste and Mr. Hoofnagle; Faculty: Mss. Brill and Sotto
• Potential theories of recovery by individuals and other affected parties
• Establishing breach notification and incident response policies
• Reviewing the nature and scope of the incident
• Determining whom and when to notify
• Drafting an appropriate notice, starting a call center/dedicated web site
• Interacting with consumers, customers, vendors, and investors
• Coordinating with law enforcement agencies and investigators
• Addressing inquiries from media, attorneys general, and regulators
• Deciding what remedial efforts, such as credit monitoring, should be offered
11:00 a.m. Networking Break
11:15 a.m. Data Breaches and Crisis Management: Long-Term Responses -- Moderators: Ms. DiBattiste and Mr. Hoofnagle; Faculty: Dr. Ponemon and Professor Swire
• Developing a risk assessment framework (internal controls)
• Establishing anti-breach measures (administrative, technical, and physical controls)
• Creating corporate accountability within an enterprise that values privacy and security
• Adopting technology enhancements to protect information
• Training and continuing education for employees
• Credentialing employees, customers, and vendors
• Auditing and ensuring compliance
• Developments in the payment card industry-data security standard
12:45 p.m. Luncheon (included in tuition)
Webcast Segment B
2:00 p.m. Investigations and Discovery -- Moderator: Professor Cate; Faculty: Mr. Crosley and Ms. Eisenhauer
• Managing internal investigations
• Conflicts between U.S and E.U.; E.U. discovery rules
• Ethical issues
3:45 p.m. Networking Break
4:00 p.m. Litigation -- Moderator: Mr. Serwin; Faculty: Messrs. Keys and Winston
• Sources of potential liability for companies: pretexting, employee monitoring, warrantless wiretapping, spamming, trade secret theft, and data security breaches
• Understanding the rapidly changing regulatory environment as a key to avoiding costly litigation
• Common theories of liability and defenses to privacy litigation
5:30 p.m. Adjournment for the Day; Networking Reception for Faculty and Registrants
FRIDAY, MARCH 14, 2008
8:00 a.m. Continental Breakfast
Webcast Segment C (entire day)
8:30 a.m. Responding to Government Requests for Information -- Moderator: Mr. Polley; Faculty: Messrs. Cunningham and Rotenberg
• How institutions manage their responses to government requests (and demands) for information about employees and customers
9:30 a.m. Networking Break
INTERNATIONAL ISSUES
9:45 a.m. Third Parties and Outsourcing -- Moderator: Ms. Wugmeister; Faculty: Mr. Lefkowitz and Ms. Torelli (invited)
• Outsourcing of services, ranging from payroll to IT and HR services to call centers in the same country or across the world
• Transfer of personal information regarding employees, patients, and customers
• The application of protective standards to information sent abroad
• Helping your clients assure the responsible treatment of data
• Who is responsible if data is lost or stolen?
• What financial, legal, and reputation risks face clients who fail to anticipate these issues properly?
11:45 a.m. Luncheon (included in tuition)
1:00 p.m. International Compliance -- Moderator: Mr. McLaughlin; Faculty: Messrs. Hayes and Rothman
• The challenge of making sense of conflicting laws
• How do managers with international employees or customers assure compliance with local laws on personal information?
• How do firms develop globally-applicable policies and procedures to manage personal information?
• How have firms implemented whistle-blower mechanisms?
• What cultural issues arise?
• What national registrations must be completed?
• What are the risks of non-compliance, and how might non-compliance affect a potential acquisition or divestiture?
3:00 p.m. Adjournment
Total 60-minute hours of instruction: 12.25, including one hour of ethics recognized as such by most, but not all, MCLE jurisdictions.
Suggested Prerequisite: Limited experience in legal practice in subject matter or completion of Basic CLE Course in subject matter
Educational Objective: Acquisition of knowledge and skills to develop proficiency as a practitioner; maintenance of professional competence as a practitioner; provision of information on recent legal developments
Level of Instruction: Advanced
