IN-PERSON PASSHOLDERS:
You may use your Pass to register for the live simulcast at no charge.
Monday, February 7, 2022 - Tuesday, February 8, 2022
8:50 AM - 5:00 PM | Check-In: 8:10 AM
LIVE ONLINE ONLY
In-Person Passholders – You may use your Pass to register for the live simulcast at no charge.
2022 Conference Highlights:
Impressive Faculty Roster with Diverse Practice Perspectives
The 2022 Midwest Legal Conference on Privacy & Data Security features an outstanding faculty committed to providing the best and most practical education for you. The conference faculty is drawn from in-house, private practice, consulting services, government, and academia. This faculty mix leverages diverse insights and perspectives to deliver top-quality education – spotting and analyzing the complex legal and business issues and offering real-world advice and practice tips for tackling those issues.
The Latest Updates and Their Practical Implications
The 2022 Conference tackles the significant privacy and data security developments – both domestic and international – over the past year and key imminent changes to keep your eye out for. Plenary and breakout update sessions include:
Unmatched Coverage of the Critical Issues You’re Dealing with Every Day
Get recommendations from experts in the field – how they are advising clients, and why – with sessions on:
All times are CST.
8:10 – 8:50 a.m.
JOIN ONLINE
8:50 – 9:00 a.m.
WELCOME & INTRODUCTION
9:00 – 10:00 a.m.
The 2022 Data Privacy and Cybersecurity Legal Update
This is your “can’t miss” annual update from a legal expert on the forefront of privacy and cybersecurity, attorney Jamie Nafziger. Jamie will update you on the significant privacy and data security developments – both domestic and international – over the past year and key changes that will hit your inbox soon. Topics will include: the new comprehensive privacy laws in Virginia and Colorado, the new Chinese Personal Information Protection Law (PIPL); the launch of California’s new Privacy Protection Agency; new Illinois biometrics class actions and new facial recognition laws; automated decision-making and data localization trends; the new standard contractual clauses from Europe; post-Brexit U.K. data reforms; third-party cookie, local storage, browser privacy controls, dark patterns, and other adtech developments; the outcome of the U.S. Supreme Court’s Telephone Consumer Protection Act case; the latest privacy developments related to major social media companies; the FTC’s largest FCRA settlement of all time; large security incidents and more.
– Jamie N. Nafziger
10:00 – 10:15 a.m.
BREAK
10:15 – 11:15 a.m.
Elimination of Bias: How Surveillance Disproportionately Harms Marginalized Communities
1.0 elimination of bias credit applied for
Privacy is often an afterthought, and sacrificed in the name of efficiency, security, or profit. However, privacy is both a critical individual right, particularly to marginalized groups disproportionately subjected to surveillance by private and governmental actors, and a fundamental component of a well-functioning democracy. This panel will discuss surveillance regimes’ disparate harms to those rendered most vulnerable based on their racial, sexual, immigration, religious, or socio-economic status, while also foregrounding conceptions of privacy that may help society better appreciate its role in enhancing equality and democracy. The panel will enhance – and sometimes may challenge – understandings of privacy and the implications for marginalized communities, helping attendees give the most complete, informed policy and practice advice to clients who collect, use, and share people’s data.
– Michele E. Gilman & Scott Skinner-Thompson
– Michael R. Cohen (moderator)
11:15 – 11:30 a.m.
BREAK
11:30 a.m. – 12:30 p.m.
BREAKOUT SESSION A
001
How to Create Effective Data Mapping and Data Retention Programs
Organizations struggle with keeping track of what information they have, where it is, how long they need to keep it, and when they can and should delete it. Organizations can address these challenges through the development of a modern, compliant, and easier-to-execute records retention schedule and data map. Join us as we discuss how to create, and keep up with, an effective data map and records retention schedule, so you can begin putting together your Information Governance program.
– Kerry Childe & Mark Diamond
002
The New California, Virginia and Colorado Laws – What’s Changed, What’s the Same and What To Do Now
Hands down California, Virginia and Colorado are the talk of the town when it comes to state-law changes in 2021 with significant impact on data privacy and security rights and obligations. But when it comes to applying the new laws coming into effect in 2023, what exactly has changed and what hasn’t? This practical session answers these questions via succinct distillation of what responsive changes clients may need to make in the following areas:
– Maggie Lassack & Lisa J. Sotto
003
Artificial Intelligence: A Review of the Privacy Law Challenges Brought by the Growing Use of AI – Plus Practical Guidance
There is a measurable correlation between artificial intelligence (AI) capabilities and the data on which it is employed. Essentially, the greater the power/capability of the AI application that is used, the more likely the latent data value on which it is used tends to increase. This is because AI has an augmentation capability that exposes the latent value and reduces entropy. Cumulatively, the effect on privacy can be generally corrosive. This session identifies some of the key privacy challenges that use of AI creates and offers practical guidance for meeting those challenges. Topics will include:
– Eran Kahana
12:30 – 1:30 p.m.
LUNCH BREAK
1:30 – 2:30 p.m.
BREAKOUT SESSION B
101
How to Systematize Risk Assessments as Part of a Robust Data Security Program
From financial institutions with customer information to businesses processing California consumers’ information, companies are under growing legal obligations to perform risk assessments to identify material threats to information they hold. This breakout session will explore how the changing legal landscape, including the FTC’s changes to the GLBA Safeguards Rule and the California Privacy Protection Agency’s forthcoming rulemaking, may influence contract terms and data security standards. In this context, we will assess practical approaches to risk assessments and threat modeling to support robust security programs for companies of all sizes.
– Michael Fuller & Laura Riposo VanDruff
102
North of the Border: Canadian Privacy Update
This breakout session addresses developments in Canadian federal and provincial privacy laws, with a focus on advising companies that conduct business in both the U.S. and Canada. The session will begin by covering the current federal and provincial Canadian privacy law regime and then will discuss such developments including: (i) Quebec Bill 64, (ii) Ontario private sector privacy legislation, and (iii) Canadian federal private sector privacy law reform. This breakout session will provide a U.S. privacy law comparative perspective, including how to navigate both U.S. and Canadian federal, state, and provincial privacy laws (for example, data breach notifications and privacy policies) and developments to watch for in the coming year.
– Melissa J. Krasnow & Wendy Mee
103
Navigating Privacy Risk in Managing COVID Testing, Vaccinations, and Exposure Mitigation
For employers trying to determine how to deal with COVID-19, a clear course of action remains elusive and presents businesses with new and continuing challenges as they consider workplace safety requirements. This session will provide the most up-to-date information on the latest employment and privacy law and regulatory developments to consider when mitigating risk to your employees, customers, and others. Our employment and privacy law experts will discuss new developments related to these issues, including: what steps employers should take to implement a testing program; updates on guidelines related to COVID-19 vaccinations for the workforce, including notice, authorization, confidentiality and response; competing privacy and data security concerns, including the scope of medical and other information employers can collect, retain, store, and access from employees, customers, and facility visitors alike; notice and consent obligations; and legal risks associated with data breaches.
– Karla Grossenbacher & Mandana Massoumi
2:30 – 2:45 p.m.
BREAK
2:45 – 3:45 p.m.
BREAKOUT SESSION C
201
Consumer and Data Subject Access Requests – Do Your Clients Have Adequate Compliance Plans in Place?
EU and U.S. privacy laws provide individuals with rights to access, correct, and delete their personal information collected by businesses and organizations. Though these types of rights have existed in particular sectors for some time, the California Consumer Privacy Act was the first U.S. law of general applicability. Now, laws in Virginia and Colorado are set to follow suit. This session will outline the types of rights arising under both EU and U.S. state privacy laws and the compliance obligations that follow. Panelists will also provide practical tips for implementing effective rights response programs.
– Ron De Jesus, Julian B. Flamant & Lena Ghamrawi
– Kenesa Ahmad (moderator)
202
Your Essential European Update – Including Practical Tips for Incorporating the New GDPR Standard Contractual Clauses
Learn more about significant new developments out of Europe, along with the key practical takeaways from each. The session will focus on a wide range of those developments including:
– Brian L. Hengesbaugh & Kellie Johnson
203
Your Ransomware Response Playbook
When a client falls prey to a ransomware attack, what are the immediate steps to take? This session will provide you with a “playbook” for helping your clients form an appropriate response. You will learn how to:
– Emily M. Holpert & Tedrick A. Housh
3:45 – 4:00 p.m.
BREAK
4:00 – 5:00 p.m.
Measuring Cybersecurity’s and Privacy’s Impact on ESG Assessments
Global social unrest and concern for climate change has led to unprecedented government, shareholder, investor, consumer, employee, and business-leader pressure on company ESG performance that demonstrates commitment to the social good. And for many of our clients, the cybersecurity and privacy component of their ESG index makes up an impactful share of their overall score, topping 10% in some cases. In this session, you’ll get practical insights into:
– Jay Cline & Melissa Hudson
8:10 – 8:50 a.m.
JOIN ONLINE
8:50 – 9:00 a.m.
WELCOME & INTRODUCTION
9:00 – 10:00 a.m.
Managing Incident Responses – Navigating the Technical, Strategic and Legal Issues in a Rapidly Changing Environment
Data breaches are becoming an everyday occurrence (and lawyers are not exempt!). Highly practical, this session is keyed to applying principles to practice in common breach scenarios. With perspectives from the FBI, DOJ, an in-house privacy officer and two attorneys who advise clients on cybersecurity issues, this session will include an overview of the structure and scope of breach notification laws (typically at the state level), how the evolution of breaches, including especially new variants of ransomware, challenge the norms previously applied to interpreting those laws, and recent enhancements of federal support that may facilitate clawbacks if immediate action is taken. Attendees will gain a high-level understanding of the process for evaluating whether and when disclosure to impacted individuals and potentially state Attorneys General must be made, and common pitfalls and challenges as one attempts to navigate the fog of a breach.
– Jake Iverson, Paul H. Luehr, Timothy C. Rank & Prasanta K. Wells
– Robert E. Cattanach (moderator)
10:00 – 10:15 a.m.
BREAK
10:15 – 11:15 a.m.
10 Red Flags of Vendor Data Privacy and Security Risk That a Client Ignores at Its Peril
– Richard M. Martinez & Dan Ongaro
11:15 – 11:30 a.m.
BREAK
11:30 a.m. – 12:30 p.m.
BREAKOUT SESSION D
301
Data-Processing Agreements – Simplifying and Standardizing Across Jurisdictions
Organizations across all jurisdictions and industries need to develop practical solutions for data-processing agreements (DPAs) that can be implemented through the data-processing chain. For countries or U.S. states that don’t require or reward an expansion of the new EU Standard Contractual Clauses (SCCs), companies can deploy concise, consolidated data-processing terms that address descriptive national or local statutory requirements, ideally without repetition and unnecessary complexities. In this session, Lothar Determann will:
– Lothar Determann
302
Navigating China’s New Data Privacy and Security Laws
– Elizabeth Cole, Jerry C. Ling & Rick Martinez
303
Cookies and Third-Party Tracking – Answers to the Most Common Questions
Third-party cookies are used by websites other than the one you are currently visiting to track users between websites and to display more relevant ads between websites. However, pressure from regulators and consumers has led many within the tech industry to declare that third-party cookies (and the targeted ads fueled by them) will soon come to an end. Further, new laws and regulations effective in 2023, create civil and/or criminal penalties for those that fail to notify web users of the presence of cookies. These regulations also require website operators to let users know what information is being collected and to whom this information is shared, along with a way to opt out at any time. This session will provide answers to the most common questions currently being asked by consumers, advertisers, and marketers as we move into a new world without third-party cookies and tracking.
– Peter Hegel & Dominique Shelton Leipzig
12:30 – 1:30 p.m.
LUNCH BREAK
1:30 – 2:30 p.m.
BREAKOUT SESSION E
401
How to Control Data Security and Privacy Risks in Remote or Hybrid Work
– Lisa B. Ellingson & Nadeem W. Schwen
402
Privacy and Data Security Litigation Update
A comprehensive survey of developments in privacy and data breach litigation that occurred in 2021, including major decisions, settlements, and enforcement actions; a discussion of the discoverability of data breach reports; and the latest updates out of California regarding CCPA litigation and what to expect from the CPRA when it goes into effect in 2023.
– Joe Hashmall & Michael Jaeger
2:30 – 2:45 p.m.
BREAK
2:45 – 3:45 p.m.
My Cyber-Insurance Premium Is Going Up How Much? Key Market Trends and Things to Understand About Your Cyber-Insurance Coverage
The cyber-insurance market continues to evolve rapidly. This session will explain how companies can best prepare for their cyber-insurance renewal and the growing importance of good information security and privacy controls. The session will cover some of the features of cyber insurance, describe some of its challenges, and provide recommendations on how companies can prepare for an incident.
– Mario Paez & Jonathan H. Stechmann
3:45 – 4:00 p.m.
BREAK
4:00 – 5:00 p.m.
Ethics: Protecting Client Confidences in Privacy/Security Audits and Data Breach Investigations and Responses
1.0 ethics credit applied for
– Ann Marie Mortimer
Thursday, February 3, 2022
12:00 – 1:00 p.m. (CST)
1.0 standard CLE credit applied for
Implementing a Privacy Program and Policies – The Foundational Principles and Steps
These days, privacy programs and policies are at the forefront of every organization. Whether your client is big or small, Fortune 100 or startup, local or global, having privacy and security program operations in place is not optional. This session will help you better understand key steps – establishing the initial groundwork and policies, creating ties with business and information security, establishing a process for reviewing and revising policies as needed, plus effective use of training, internal monitoring tools, privacy audits, and more.
– Heidi J.K. Fessler & Elaine De Franco Olson
LIVE SIMULCAST
Monday & Tuesday, February 7 & 8, 2022
Attend online
$445 MSBA members / $445 paralegals / $495 standard rate
Other discounts that may apply:
Scholarships available!
Need-based scholarships are available for in-person and online seminars. For further information or to obtain a scholarship application, contact us at 800-759-8840 or customerservice@minncle.org.
CREDITS – CONFERENCE
Minnesota CLE is applying to the Minnesota State Board of CLE for 12.0 CLE credits, including 1.0 ethics credit and 1.0 elimination of bias credit. The maximum number of total credits attendees may claim for this program is 12.0 credits. Minnesota CLE also is applying to the IAPP for CPE eligibility.
CREDITS – FREE PRE-CONFERENCE WEBCAST
Minnesota CLE is applying to the Minnesota State Board of CLE for 1.0 standard CLE credit. The maximum number of total credits attendees may claim for this webcast is 1.0 credit.