ITEM #:  1029332001   |   EVENT CODE:  286335


Thursday, February 13, 2020 - Friday, February 14, 2020

8:50 AM - 4:45 PM   |   Check-In:  8:15 AM

Minnesota CLE Conference Center

600 Nicollet Mall # 370

3rd Floor, City Center

Minneapolis, MN 55402

2020 Midwest Legal Conference on Privacy and Data Security

Expertly Distilled, Up-to-the-Minute Data Privacy & Security Education!

Why This Conference Is Right for You:
Perhaps you’re a data privacy and security law expert. Maybe you’re looking to become one. Or, it could be that your role requires you to know enough to spot and flag these legal issues and refer them out. Whichever category you fit, if you want to be a trusted legal advisor to your clients, it’s critical that you stay current in this fast-paced practice area. At the Midwest Legal Conference on Privacy & Data Security, you choose from an array of breakout session topics to create a meaningful, custom experience. Because of its flexibility, this Conference is a go-to resource for timely, topical education for experts and non-experts alike.

Key Conference Benefits:

  • Annual Updates Keep Your Legal Advice and Advocacy Current
    Attending the 2020 Conference is the best way to make sure you are up-to-date on new laws, cases, and practice developments in data privacy and security law. 
  • An Outstanding Conference Faculty Shares Its Expertise with You
    You’ll hear experts from private practice, in-house legal and privacy/security compliance roles, external consultants, and government – all there to share real-world advice and practice tips for tackling complex legal, technical and business issues. They'll provide insights on what to do – or not do – and why, when dealing with client matters that have data privacy and security implications.
  • Practical Takeaways Help You Get Better Results
    The emphasis of the Conference is always to provide you with practical advice, tips and best practices. Those takeaways make your work easier and help you get better results for clients!
  • The In-Person Format Keeps You Connected
    At the Conference, you’ll enjoy the energy, the learning, the amenities – and spending time with colleagues and friends. You’ll be part of a first-class legal education event – learning loads of new information, meeting new people, re-connecting with friends and colleagues, and having fun in the process.
  • And More!

Free Bonus Pre-Conference Webcast!
As a special bonus of registering for the Institute, registrants may view, for FREE, this foundational webcast focused on the California Consumer Privacy Act. It’s a can’t-miss overview/refresher on this important, headline-grabbing privacy law. A coupon code, along with instructions on how to register for free will be distributed prior to the webcast.

Wednesday, February 12, 2020  |  2:00 – 3:00 p.m. (CENTRAL TIME)
1.0 standard CLE credit applied for
California Consumer Privacy Act  101 – A Fast-Paced Overview of the CCPA’s Requirements and Enforcement Mechanisms
– Michael R. Cohen & Amanda M. McAllister

Here’s what some of last year’s attendees said about the program: 

  • Great speakers and content. Very timely and practical; it's great.
  • I like all of the real-life updates....The practical advice based on that is incredibly helpful.
  • Well-organized and balanced breakout offerings.
  • Very interesting and helpful. 
Thursday, February 13, 2020

8:15 – 8:50 a.m.

8:50 – 9:00 a.m.

9:00 – 10:00 a.m.
The 2020 Data Privacy and Cybersecurity Legal Update
This is your “can’t miss” annual update from a legal expert on the forefront of privacy and cybersecurity, attorney Jamie Nafziger. Jamie will update you on the significant privacy and data security developments – both domestic and international – over the past year and key changes in the pipeline. Topics will include: GDPR regulatory guidance, data subject requests, and enforcement actions; U.S. federal privacy legislation; Privacy Shield developments; Schrems 2.0 case; Nevada’s new consumer privacy law; privacy legislation in India; biometrics legislation and cases; $170M COPPA settlement with YouTube; Facebook FTC fine; EU Court of Justice cookie decision; ePrivacy Regulation update; data localization developments; large security incidents and more. (The California Consumer Privacy Act will be discussed in the 10:00 a.m. session that follows.)
– Jamie N. Nafziger

10:00 – 11:00 a.m.
The CCPA from the Litigator’s Perspective – Understanding the Class Action and Other Litigation Risks
Experienced class action litigators – one plaintiff-side, one defense – identify and discuss the class action and other litigation risks surrounding the headline-grabbing California Consumer Privacy Act. What are the compliance missteps litigators are anticipating? What are the potential liabilities?
– John Albanese & David F. McDowell

11:00 – 11:15 a.m.

11:15 a.m. – 12:15 p.m.

Data, Data, Data – With Data Everywhere, How Long Do You Need It and Why Should You Get Rid of It?
This session will cover the types of data, the regulations governing data retention obligations, as well as how you incent your clients and their officers and employees to “clean it out” – i.e., paper files, shared electronic files, backup media, portable electronic media and all the other storage areas for data. Presenters will cover data retention policies, implementing downstream obligations with contracted data recipients, legal obligations, and training considerations.
– Katheryn A. Andresen & Kaitlin F. Eisler

CCPA Clones Are on the Way
Repeated at session #302
California was the first state to pass a data breach notification statute which are now in place in all 50 states. California is once again the vanguard when it comes to passing laws creating enhanced data privacy rights for individuals. Copycat California Consumer Privacy Act (CCPA) legislation has been introduced in at least a dozen other states with state legislative efforts underway to pass new more stringent GDPR type data privacy laws. This session will consider other state legislative efforts in data privacy, how they compare to the CCPA and GDPR, and what practical steps a business can take to comply with such multiple local and global data privacy laws.
– Michael R. Cohen

Privacy/Security Litigation Update – What the Big Developments in 2019 Mean in 2020 and Beyond 
This session will focus on the state of the law in data breach, data privacy, and data security cases, including claims arising under federal consumer protection statutes and under state law. Presenters will specifically provide plaintiff and defense perspectives on recent developments in: data privacy and data security litigation; potential for data breach class actions; recent high-profile settlements; and more.
– Joe Hashmall & Jeffrey P. Justman

12:15 – 1:15 p.m.
LUNCH (Consider making plans to join a fellow attendee!)

1:15 – 2:15 p.m.

Implementing Privacy and Security Programs – Tools for Building New Programs and Refining Existing Ones
Even if companies didn’t have to worry about four-letter words (GDPR, CCPA), they still need privacy and security programs. Whether your client is big or small, Fortune 100 or startup, local or global, having privacy and security program operations in place is not optional. This session will provide attendees with tools to build new programs or refine or supplement existing ones — including sample policies and procedures, templates, and reference materials.
– Kerry Childe

10 Practical CCPA Compliance Tips for In-House Counsel
Get 10 can’t-miss, practical insights on CCPA compliance from an in-house counsel with past experience as an FTC Attorney in that agency’s Division of Privacy and Identity Protection. The insights range from implementation to training to audits and more – and you’ll leave the session with ideas to refine and improve your clients’ CCPA compliance effectiveness.
– Maggie Lassack

Dysregulating the Media: How the Digital Shift via Facebook, Amazon, Netflix, and Other Platforms Has Outpaced Regulatory Authority – and Creates Significant Privacy and Data Security Concerns
Netflix, Amazon, YouTube, and Apple have been joined by Disney+, Twitch, CBS All Access, Facebook and others to move all content out of the radio spectrum, ending a century of FCC regulation. As the FCC, FTC, FEC, and various regulators struggle, a new digital divide has emerged. The presentation will explore the economic, social and legal issues, including significant privacy, data security, advertising, and antitrust tensions.
– Jon M. Garon

2:15 – 2:30 p.m.

2:30 – 3:30 p.m.

Data Breach – Navigating the Technical, Strategic and Legal Issues
When companies lose laptops, or backup tapes, or suffer a computer intrusion on systems containing personal information regarding customers or users, they trigger notification duties under a patchwork of statutes. This session describes how companies should navigate the technical, strategic, and legal issues involved in complying with these statutes. In addition, the presentation will provide practice tips on what immediate steps to take when a data breach occurs.
– Brent Bidjou

CCPA Clones Are on the Way
Repeat of session #102
California was the first state to pass a data breach notification statute which are now in place in all 50 states. California is once again the vanguard when it comes to passing laws creating enhanced data privacy rights for individuals. Copycat California Consumer Privacy Act (CCPA) legislation has been introduced in at least a dozen other states with state legislative efforts underway to pass new more stringent GDPR type data privacy laws. This session will consider other state legislative efforts in data privacy, how they compare to the CCPA and GDPR, and what practical steps a business can take to comply with such multiple local and global data privacy laws.
– Michael R. Cohen

Government Access to Information: Balancing Individual Rights and the Common Good
Technological innovation has outpaced our privacy protections. As a result, our digital footprint can be tracked by the government and corporations in ways that were once unthinkable. This digital footprint is constantly growing, containing more and more data about the most intimate aspects of our lives, including communications, locations, search and purchase history, even physical health and our bodies – all readily available data. This session will explore the tensions that arise between privacy rights and the legitimate need for access to information or surveillance, and offer guidance on how to anticipate issues and advise clients when navigating the tricky waters of privacy and security. You’ll also learn about the ACLU’s work at the intersection of speech, privacy, and technology to ensure that civil liberties are protected in the digital age.
– John B. Gordon

3:30 – 3:45 p.m.

3:45 – 4:45 p.m.

How to Make the Most of Your Data: Practical Guidelines for Legally Using, Monetizing, and Sharing Personal Data
This session will give you tools to help navigate complex questions about what you can and can’t do with personal data after it has been collected. Discussion topics will include a practical approach to the legal boundaries of personal data use, as well as an overview of the many new laws affecting data monetization, sharing, and ownership.
– Nadeem W. Schwen

Ethical Considerations in a Multi-Jurisdictional Practice – Including Complications in the Digital Age
1.0 ethics credit applied for
Insights from a Senior Assistant Director of the Office of Lawyers Professional Responsibility on the Minnesota Rules of Professional Conduct that affect lawyers engaged in a multijurisdictional practice – with an eye to complications specific to the electronic age.
– Binh T. Tuong

Privacy in the IoT Age
This cutting-edge session will explore emerging trends, issues, and litigation related to the IoT – from medical devices to Smart Ag, consumer products to industrial sensors. This session will provide practical insights for evaluating and mitigating risks and counseling your clients through a changing legal and technological landscape.
– Richard M. Martinez

4:45 – 5:45 p.m.
Join your fellow attendees for snacks, camaraderie, and more great discussion following Day 1 of the Conference!

Friday, February 14, 2020

8:30 – 8:55 a.m.

8:55 – 9:00 a.m.

9:00 – 10:00 a.m.
Election Cybersecurity: A Look Back at 2018 and A Look Forward to 2020
Minnesota Secretary of State Simon takes a look back at the 2018 primary and general elections, as well as a look forward to the 2020 elections and new cybersecurity issues on the horizon.
– Steve Simon

10:00 – 11:00 a.m.
2020 FTC Privacy and Data Security Update 
A senior attorney from the Federal Trade Commission’s Midwest Regional Office will provide a high-level review of the agency’s current privacy and data security activity, including recent enforcement actions, business guidance on data security issues, and other priorities.
– Matthew H. Wernz

11:00 – 11:15 a.m.

11:15 a.m. – 12:15 p.m.

Cybersecurity Incident Mock Scenario and Simulation
This participatory, scenario-based simulation is designed to help attendees better respond to a cybersecurity incident. Through the exercise, participants will tease out the various issues that are important from legal, compliance, and communications perspectives, such as managing a forensics investigation, notifying authorities, and applying legal requirements. Come build your cybersecurity muscle memory.
– Elaine De Franco Olson & Drew Peterson

Understanding Privacy and Data Security Laws and Requirements in Agreements
You will learn about: Analyzing and responding to privacy and data security addenda and letter agreements from others; Recent developments involving agreements, including the California Consumer Privacy Act, the New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act, and European Union General Data Protection Regulation (GDPR); Interaction of privacy, data security and incident and breach notification provisions with other commercial agreement provisions; How to avoid potential pitfalls; and Resources and tools for managing privacy and data security laws and requirements in agreements.
– Melissa J. Krasnow

News from the Top – Cybersecurity, Privacy, and Corporate Leadership
Who does your head of privacy report to? Who manages your cybersecurity budget? How much money is enough? As risks and regulations rise, how does your organization manage data governance and board reports? This session will review legal requirements and trends related to how organizations structure their departments, build privacy and cybersecurity programs, and report risk. Additionally, we will discuss benchmarks for budget allocation related to data governance and best practices related to risk mitigation.
– Paul H. Luehr & Adam W. Smith

12:15 – 1:15 p.m.
LUNCH (Consider making plans to join a fellow attendee!)

1:15 – 2:15 p.m.

Making Best Practice Common Practice: The CIS Critical Security Controls
When it comes to tackling privacy and data security challenges, many organizations are overwhelmed by the “fog of more” – ever increasing regulations, guidance, warnings, advice, trainings, certification, etc. – to say nothing of the flood of attacks that enterprises face every day. This session will show how a broad community comes together to understand threats, translate them into security control frameworks, and sustain an ecosystem of volunteers, tools, vendors, working aids, and information to help us all improve our cybersecurity and find clarity through the fog. Finally, we’ll describe the implications for the emerging ecosystem of public policy, “best practices”, “reasonable security”, and risk decision-making activities that are reshaping the cyber world.
– Tony Sager

A Checklist Approach to Privacy and Data Security Issues in M&A
Unreported data breaches and other privacy and data security concerns have disrupted several major M&A deals in recent years. This session will walk through, point-by-point, the questions and process that an organization might undertake as part of due diligence in a transaction to ensure enough time and thoroughness are given to evaluating the target company’s privacy and data security standards and history.
– Kellie Johnson

Targeting the C-Suite: Business Email Compromises – Prevention, Identification, and Response
Business Email Compromises (BECs) remain a top cybersecurity threat for organizations. Come learn about the various forms BECs take and how they are increasingly targeting the C-suite. This session will focus on strategies for preventing and identifying BECs, as well as responding if and when your organization is the victim of a BEC. We will also discuss liability, risk of loss, and potential legal claims arising out of BECs.
– Sten-Erik Hoidal

2:15 – 2:30 p.m.

2:30 – 3:30 p.m.

Cyber Security – How Data Privacy, Security Policies, and Preventive Services Can Protect the Small Business
This session will provide practical insights for small businesses to understand and prioritize their risks, along with best practices to address them in the current privacy and cyber arenas. The risks are real and can have a significant business impact; this session will help you advise clients in allocating resources and finding accessible solutions that efficiently and effectively help businesses minimize these risks.
– Heidi J.K. Fessler & Michael Kennedy

Taking the Cloud Out of the Cloud: 15 FAQs and Their Answers
Common questions clients ask regarding cloud agreements and related issues: What are the legal considerations for moving to the cloud? What are the data security risks for cloud data? Are there specific contract terms to negotiate or avoid? How can you protect confidential information and/or trade secrets on the cloud? How does a client collect information from a cloud location for an investigation or discovery in litigation? What steps does my client need to take to migrate data to/from a cloud provider? And more
– Mathea K.E. Bulander & Jon Farnsworth  

Is This Covered?: The 10 Most Important Things to Understand About Your Cyber-Insurance Policy
Cyber insurance is new to many organizations. This session will explain some of the features of cyber insurance and describe some of its challenges.  We will explore the claim process and discuss what losses are typically covered and not covered.
– Mario Paez & Jonathan H. Stechmann 

3:30 – 3:45 p.m.

3:45 – 4:45 p.m.
Humans: “Hardening” Organizations’ Top Attack Vector
What’s the most vulnerable part of all security controls? People. With smart design, an organization can influence its user base to act as safeguards rather than attack vectors. This session will deliver examples of proactive investment in driving behaviors that make a difference – helping your client create or improve a program that actually reduces human risks. You’ll also hear how these experienced security-training professionals engage with the legal and compliance departments to deliver the best results.
– Chrysa Freeman & Tina Meeker

Thursday & Friday, February 13 & 14, 2020
Minnesota CLE Conference Center
600 Nicollet Mall, Suite 370
Seventh Street & Nicollet Mall, Third Floor City Center
Minneapolis, Minnesota

There are no replays.

$495 MSBA members / $495 paralegals / $545 standard rate

Other discounts that may apply:

Scholarships available!
Need-based scholarships are available for in-person and online seminars. For further information or to obtain a scholarship application, contact us at 800-759-8840 or customerservice@minncle.org.

Minnesota CLE is applying to the Minnesota State Board of CLE for 12.0 CLE credits, including 1.0 ethics credit for attendees of session #402. The maximum number of total credits attendees may claim for this conference is 12.0 credits. Minnesota CLE also is applying to the IAPP for CPE eligibility. 

Minnesota CLE is applying to the Minnesota State Board of CLE for 1.0 standard CLE credit for the pre-conference webcast.

Registrants will receive online access to the seminar materials through the Minnesota CLE website a few days prior to the Institute. Log in to your account and go to My Account > Seminar Registrations to view the materials. At the seminar, attendees will receive hard copy materials for the plenary sessions and breakout sessions attended.