ITEM #:  1034462101   |   EVENT CODE:  339495

You may use your Pass to register for the live webcast at no charge.

Tuesday, February 9, 2021 - Wednesday, February 10, 2021

8:50 AM - 5:00 PM   |   Check-In:  8:05 AM

In-Person Passholders – You may use your Pass to register for the live webcast at no charge.

2021 Midwest Legal Conference on Privacy & Data Security

New Developments, Practical Takeaways, Actionable Content – You’ll Find It All at the 2021 Conference!

There are so many novel and make-or-break data privacy and security developments to learn how to handle right now. And other persisting data privacy and security needs aren’t taking a break either. The comprehensive, practical content of the 2021 Midwest Legal Conference on Privacy & Data Security is the trusted, convenient way to get the critical, practical advice you need. It’s also a highly efficient and one-of-a-kind chance to compare your practices with what the team of Institute faculty members are advising their clients!

NEW – Due to the unique circumstances brought about by the pandemic, the 2021 Midwest Legal Conference on Privacy & Data Security will be a completely online event to guarantee you get the content you need on the dates you’ve reserved, while ensuring participant safety.


  • Practical Advice on Big New Developments like the newly amended California Consumer Privacy Act, Schrems II and other new developments from Europe, data processing provisions, whether to pay ransom in a ransomware incident, and many more.
  • Helpful Coverage of Important Topics Triggered by the Pandemic like re-assessing and implementing remote work policies and practices, handling employee data privacy issues for clients returning to physical workplaces, COVID contact tracing – balancing public health and individual rights, and more.
  • Core Foundational Session Options on Breach Response, Vendor Agreements, Implementing Privacy and Security Programs, and Data Retention and Disposal Policies
  • The 2021 Data Privacy and Cyber Security Legal Update – Opening Session Highly Valued by Attendees! Jamie Nafziger will be back to kick off the conference with the annual update. What do attendees say? “Very thorough overview; hit on relevant points. Great materials. Thank you!” “Sense of humor helps keep attention to important topics.” “How does she do it? Excellent!”
  • 12.25 Live Credit Hours (applied for)
  • NEW – QuickTake Interviews – Interspersed in the agenda are short, fun QuickTake Interviews hosted by lawyer and technologist Damien Riehl.
  • NEW – Ability to Watch Sessions for a Year Afterward – If you want to re-watch a session or see one that you missed, you can view the recordings of these live sessions for a year following the conference. (NOTE: This “Watch Again” feature is reserved for attendees. Any viewing of sessions outside the listed conference dates and times is not eligible for credit; it is for educational purposes only. The maximum number of credits that may be reported for the conference is 12.25.)
  • FREE BONUS FOR ATTENDEES – Pre-Conference Webcast for More Learning and More Credit! Get things rolling the afternoon before the conference begins with Paul Luehr’s popular presentation, IT for Lawyers – Bridging the Gulf Between Lawyers and IT/Security Professionals – updated for 2021 and delivered via a one-hour live webcast.
  • And So Much More!
Day 1 – Tuesday, February 9, 2021

8:05 – 8:50 a.m.

8:50 – 9:00 a.m.

9:00 – 10:00 a.m.
The 2021 Data Privacy and Cybersecurity Legal Update
This is your “can’t miss” annual update from a legal expert on the forefront of privacy and cybersecurity, attorney Jamie Nafziger. Jamie will update you on the significant privacy and data security developments – both domestic and international – over the past year and key changes in the pipeline. Topics will include: the newly-amended California consumer privacy law; proposed new privacy legislation in Canada and the EU; new Illinois biometrics class actions and new facial recognition laws; algorithmic transparency trends; the Schrems II data transfer decision from the EU and revised standard contractual clauses; Brexit implications; third-party cookie developments; the Telephone Consumer Protection Act case before the U.S. Supreme Court; China’s new draft privacy regulations; the latest privacy developments related to major social networks; large security incidents and more.
– Jamie N. Nafziger

10:00 – 10:15 a.m.
QuickTake with Paula Januszkiewicz
Paula Januszkiewicz is CEO and founder of CQURE Inc. and CQURE Academy; Enterprise Security MVP and a world-class cybersecurity expert; and popular speaker at conferences like Black Hat, RSA, and TechEd. In this QuickTake, Damien Riehl interviews Paula about her work – including penetration tests that assess security risk at organizations like your clients’.

10:15 – 10:30 a.m.

10:30 – 11:30 a.m.
Keeping Your Eye on the Prize – Translating “Reasonable Security” into Real Data Protection
The requirement to protect personal information with “reasonable security” now permeates the law in the U.S. and around the world. In this session, our experts will review the components of reasonable security as they appear in statutes, legal orders, industry standards, and market surveys. They will highlight security vulnerabilities that many companies ignore at their peril, and they will highlight the most practical and important steps that organizations can take to achieve “reasonable security” and real protection around their data.
– Sangjoon Han, Paul H. Luehr & Tony Sager

11:30 a.m. – 12:15 p.m.

ONLINE CHAT BREAK – Casual Conversations at the Conference!
Missing the fun face-to-face chats running into old friends and meeting new people at a conference? 
Here’s an easy way to energize yourself with those interactions over this lunch break. 

  • Attendees, faculty and planners will use the Remo platform for a casual online get-together over this break. 
  • As they login to join this networking space, you’ll see who’s there displayed in the participant list. 
  • You have the freedom to “walk” around the room and select tables to join, finding your friends and easily meeting other new people also participating in the conference.  

Many of you may have already used this Remo-powered platform at other online bar functions – it’s easy and you’ll leave energized from this face-to-face interaction!

12:15 – 1:15 p.m.

How to Implement Agile Privacy and Security Programs So They Can More Easily Accommodate Change

Whether your client is big or small, Fortune 100 or startup, local or global, having privacy and security program operations in place is not optional. This session will provide attendees with tools to build new programs or refine or supplement existing ones – and how to do so in a way that makes them agile, more readily handling changes in law, circumstances, and technology. With tips on how to implement changes when needed. Materials will include sample policies and procedures, templates, and reference materials.
– Kerry Childe & Patrick E. Midden

Cloud-Based and Software Licensing Agreements – Dispelling 7 Common Misconceptions

An experienced technology lawyer dispels common misconceptions they encounter when working with clients and other counsel in drafting, negotiating, and implementing cloud-based and software licensing agreements – with a focus on the data privacy and security elements. In this practical session, Katie Donald will identify those myths, reveal the truths, and discuss real-world situations where these important principles come into play.
– Katherine A. Donald

Unpacking the Newly Amended California Consumer Privacy Act – What’s Changed, What Hasn’t, and How to Comply

Lothar Determann, author of California Privacy Law – Practical Guide and Commentary (4th ed. 2020) and Determann’s Field Guide to Data Privacy Law (4th ed. 2020), gives you a practical look at California’s newly amended consumer privacy law, with a focus on: Its impact on digital advertising; The requirements for employers; and Litigation trends and risks.
– Lothar Determann

1:15 – 1:30 p.m.

1:30 – 2:30 p.m.

Breach Notifications – Figuring Out If, When, To Whom and How to Make Them

Cyber attacks are growing exponentially, and the consequences of reporting a “breach” have become increasingly severe with the availability of statutory damages under California’s Consumer Privacy Act (CCPA). A hodge-podge offering of cyber insurance, and more hands-on involvement of insurance companies including the selection of counsel, now demands that companies of all sizes have a more nuanced understanding of the law, technology, and interplay of various breach reporting obligations. Bob will provide an overview of these developments, and insider tips on how companies can best apply the complex calculus required to respond to security incidents.
– Robert E. Cattanach

Formalizing Your Supply Chain’s Compliance with Data Security and Privacy Obligations

A practical, well-structured and repeatable process for monitoring your supply chain’s compliance with data security and privacy obligations is a critical feature of a legally-reasonable cybersecurity and privacy regime.  Eran Kahana discusses implementing a formalized, disciplined approach for negotiating, drafting and monitoring supply chain compliance with data security and privacy contractual obligations. The approach leverages laws, best practices, standards, and guidelines.
– Eran Kahana

Navigating Privacy and Employment Risk in Managing COVID-19 Testing, Vaccinations, and Exposure Mitigation

For employers trying to determine how to deal with COVID-19, a clear course of action remains elusive and presents businesses with new and continuing challenges as they consider workplace safety requirements. This session will provide the most up-to-date information on the latest employment and privacy law and regulatory developments to consider when mitigating risk to your employees, customers, and others. Our employment and privacy law experts will discuss new developments related to these issues, including: what steps employers should take to implement a testing program; updates on guidelines related to COVID-19 vaccinations for the workforce, including notice, authorization, confidentiality and response; competing privacy and data security concerns, including the scope of medical and other information employers can collect, retain, store, and access from employees, customers and facility visitors alike; notice and consent obligations; and legal risks associated with data breaches.
– Mandana Massoumi & Brandon P. Reilly

2:30 – 2:45 p.m.

2:45 – 3:15 p.m.
Privacy Hall of Fame
One person can make a difference. This is especially true in the world of privacy law. Find out how individuals have made a difference in how we think about privacy or have caused laws or practices to change as a result of their actions.
– Michael R. Cohen 

3:15 – 3:30 p.m.
QuickTake with Kendra Mitchell
Kendra Mitchell is the Chief of Staff and Head of Belonging at Duo Security at Cisco, and prior to taking on those roles in March of 2019, Kendra held a leadership position on Duo’s legal team. In this QuickTake, Damien Riehl interviews Kendra about her work as counsel including through Duo’s hyper growth to eventual acquisition by Cisco; being part of a tech company firmly anchored in the Midwest; how she helps create a workplace of diversity, equity and inclusion; and the traits and habits she most appreciates in the inside and outside lawyers with whom she works.

3:30 – 3:45 p.m.

3:45 – 4:45 p.m.

Smart Phone Privacy and Data Security – How to Assess and Minimize Risk in the Current Reality

New information from Deloitte’s Cyber Intelligence Center confirms a recent spike in phishing attacks, Malspams, and ransomware – with threat actors routinely using COVID-19 as bait to mislead employees who are working remotely, away from the protections of corporate networks. So, what are the real data privacy and security risks when it comes to smart phones, and how, in our current reality where work-from-home reigns, do you take steps to protect your own and your clients’ and organizations’ private information? In this presentation, Chris and Michael will leave you with broad background and recommendations for best practices during the pandemic and beyond.
– Chris Brinkworth & Michael D. Reif

When Do Data Processing Agreements and CCPA and CPRA Agreements Apply and What Should Those Agreements Say?

This session will provide a brief overview of European Union General Data Protection Regulation (GDPR) data processing agreements and the new Standard Contractual Clauses; requirements for agreements under the California Consumer Privacy Act (CCPA) and the new California Privacy Rights Act (CPRA); and how to determine the type of agreement that applies in a given situation. You will learn: how to analyze and respond to these agreements from others and how to avoid potential pitfalls. Examples of language from such agreements will be provided and analyzed. 
– Melissa J. Krasnow

Privacy/Security Litigation Update – What the Big Developments in 2020 Mean in 2021 and Beyond

This session will focus on the state of the law in data breach, data privacy, and data security cases, including claims arising under federal consumer protection statutes and under state law. Presenters will specifically provide plaintiff and defense perspectives on recent developments in: data privacy and data security litigation; potential for data breach class actions; recent high-profile settlements; and more.
– Joe Hashmall & Michael Jaeger

Day 2 – Wednesday, February 10, 2021

8:05 – 8:50 a.m.

8:50 – 9:00 a.m.

9:00 – 10:00 a.m.
COVID Contact-Tracing – Balancing Public Health and Individual Rights
Join us for an insightful, panel discussion moderated by a Chief Privacy Officer – Elaine De Franco Olson – with panelists including Dr. Laura Breeher, a contract-tracing medical expert from Mayo Clinic who is also the Clinic’s Section Chief, Occupational Medicine; Julia Decker, the Policy Director for the American Civil Liberties Union of Minnesota; and Kenesa Ahmad, an attorney and risk advisor recognized for her expertise in privacy, data protection and information security.
– Kenesa Ahmad, Laura Breeher, MD, MS, MPH & Julia Decker
– Elaine De Franco Olson (moderator)

10:00 – 10:15 a.m.

10:15 – 11:15 a.m.
Managing and Protecting Employee Personal Data for Workplace Diversity, Equity & Inclusion
Companies understand that fostering a more diverse and inclusive workforce is a business imperative, particularly in view of current events. Employer diversity, equity & inclusion initiatives, both formal and informal, are important in working towards that goal. This session will discuss various scenarios where employee data might be collected, stored, shared, and used, and how to handle the increased number of internal and external requests for this sensitive information. We will also discuss guidelines and best practices for managing the privacy and security of sensitive employee data in view of new and existing laws and regulations.
– Nadeem W. Schwen & Liane M. Wong

11:15 – 11:30 a.m.
QuickTake with Jared Coseglia
Jared Coseglia, Founder and CEO of TRU Staffing Partners, has successfully placed over 3000 professionals in data privacy, e-discovery, and cybersecurity positions. He is also a contributing writer to CPO Magazine. In this QuickTake, Damien Riehl interviews Jared about the current state of the privacy job market, impacts of the COVID-19 pandemic on that market, and opportunities for privacy skill enhancement.

11:30 a.m. – 12:15 p.m.

12:15 – 1:15 p.m.

Practical Tips for Successful Data Retention and Disposal Policies and Practices

In this session, you’ll get an overview of the legal framework governing data retention while learning concrete steps for effectively implementing the policies, training, technology, and ongoing maintenance required to meet organizational needs and compliance requirements.
– Teresa M. Thompson

Goodbye, Privacy Shield 1.0 – Practical Compliance Tips in the Wake of Schrems II and Other New Developments from Europe

Participants will obtain valuable insights on the latest developments from the European Union on Schrems II, related European Data Protection Board (EDPB) guidance, updated versions of Standard Contractual Clauses, and Brexit. The focus will be on not only the fundamentals of the legal situation, but also practical risk assessments, market developments, and key do’s and don’ts for responding to these important developments. 
– Brian L. Hengesbaugh & Kellie Johnson

How to Respond to a Ransomware Incident – Including Whether to Pay the Ransom

When a client falls prey to a ransomware attack, what are the immediate steps to take? This session provides a practical guide to your response. How to: Address the strategic, legal, business and consumer relations issues involved; Investigate the attack and the attacker, in coordination with technical experts and law enforcement; Decide whether to pay the ransom, given the differing positions of insurers, the FBI and the Treasury Department; And more.
– Emily M. Holpert & Tedrick Housh

1:15 – 1:30 p.m.

1:30 – 2:30 p.m.

Maximize Convenience and Minimize Risk – Text Messages and TCPA Compliance

In the face of fast-moving changes in Telephone Consumer Protection Act (TCPA) caselaw and heightened consumer awareness, your clients still want to connect with customers and potential customers via text messaging. This session will: explore the inherent risks, focusing on the restrictions set by the TCPA and the current state of the law in place; explain how the TCPA is understood from the privacy law perspective; and offer best practices for both marketing and transactional text-message campaigns.
– Erin L. Hoffman & Rita A. O’Keeffe

Remote Work and the Impact of COVID-19 – Re-Assessing and Implementing Telecommuting Policies and Practices

This session identifies and analyzes the legal and employee relations considerations at play in setting and implementing policies for telecommuters – and how those considerations have changed or remained the same when re-evaluated based on employer experiences dealing with COVID-19. You’ll leave with real-world insight on: the pros and cons of company-provided vs. employee-provided equipment; drafting policies for remote workers to promote privacy and data security; and how to issue-spot employment law red flags like recognizing policies and practices that blur the lines between telecommuters who are independent contractors and those who are employees.
– Uzodima Frank Aba-Onu, Sarah J. Gorajski, Kiesha R. Mayes & Daniel R. Olson

Data to Dollars: Assigning a Monetary Value to an Entity’s Consumer Data – for Deals, Regulatory Matters, and Litigation

As business continues the digital transformation, and AI and cloud technologies drive adoption of digital technology, the data generated creates an opportunity for enterprises. That data, including health, financial, and geo-location, can be quite valuable. At the same time, consumers are becoming more careful about sharing data, and regulators are stepping up privacy requirements. Private litigants – incentivized by new causes of action and sensitivity around data privacy – are also changing the risk dynamics around data use. Similarly, new products and services, personalized advertising and marketing, are developing a huge market fueling deal activity. In that environment, the need to determine data valuations has become central and ever-more demanding. This session tackles a key question in this context – assigning a monetary value to consumer data.
– Richard M. Martinez

2:30 – 2:45 p.m.

2:45 – 3:45 p.m.

Is This Covered?: The 10 Most Important Things to Understand About Your Cyber-Insurance Policy

Cyber insurance is new to many organizations. This session will explain some of the features of cyber insurance and describe some of its challenges. We will explore the claim process and discuss what losses are typically covered and not covered.
– Mario Paez & Jonathan H. Stechmann

The Internet of Things – New Law, Risk Mitigation Strategies, and What You Can Learn from the Missteps of Others

Like any powerful new technology, the Internet of Things (IoT) brings both exciting new possibilities and unique risks. As the number and variety of connected devices continue to multiply, companies and legislators alike are scrambling to deal with ever-evolving security and privacy concerns. This session will explore strategies to manage these risks from a legal perspective, as well lessons learned from the missteps of others. We will also discuss recent trends in the regulation of the IoT, including the impact of new and existing legislation on processing of IoT geolocation data, biometric data, and more. Includes discussion of the brand-new, bipartisan Internet of Things Cybersecurity Improvement Act of 2020.
– Nadeem W. Schwen

3:45 – 4:00 p.m.

4:00 – 5:00 p.m.
The Nature of the Security Threat – Trends and Developments in 2021 – And Lessons Learned
The nature of the security threat is continually evolving. This panel of seasoned security experts – which includes an FBI special agent – will describe and debate the most substantial threats, engage in myth-busting, and answer questions from the field. The panel will also describe best practices, practices to avoid, and lessons learned.
– Shena Crowe & David O’Neil
– Steven E. Helland (moderator)


As a special bonus of registering for the Conference, registrants may view this webcast for free! A coupon code, along with instructions on how to register for free at www.minncle.org, will be distributed prior to the webcast. 

Monday, February 8, 2021
2:00 – 3:00 p.m. (Central time)
1.0 standard CLE credit applied for

IT for Lawyers – Bridging the Gulf Between Lawyers and IT/Security Professionals
Many attorneys find they cannot effectively address security, privacy, and data breach issues for their companies or clients because a language gulf exists between them and IT/security professionals. Here’s a chance to bridge that gap by getting helpful background on IT, networking, and security concepts that are important to transactional lawyers, compliance officers, and litigators. The session will be taught by a security expert who has led investigations into several of the top data breaches on record. You’ll learn about data encryption and hacker slang, common network configurations and lingo, as well as security certifications and terms that often appear in business contracts. The presentation materials will include diagrams and a glossary of terms for future reference.
– Paul H. Luehr

Tuesday & Wednesday, February 9 & 10, 2021
Attend online


There are no replays.

$445 MSBA members / $445 paralegals / $495 standard rate

Other discounts that may apply:

Scholarships available!
Need-based scholarships are available for in-person and online seminars. For further information or to obtain a scholarship application, contact us at 800-759-8840 or customerservice@minncle.org.

Minnesota CLE is applying to the Minnesota State Board of CLE for 12.25 CLE credits. The maximum number of total credits attendees may claim for this program is 12.25 credits. Minnesota CLE also is applying to the IAPP for CPE eligibility. 

Minnesota CLE is applying to the Minnesota State Board of CLE for 1.0 standard CLE credit for the pre-conference webcast.


You may use your Pass to register for the live webcast at no charge.