2022 MIDWEST LEGAL CONFERENCE ON DATA PRIVACY & CYBERSECURITY
Institute
ITEM #:  1038572201   |   EVENT CODE:  438532
MEMBER PRICE
$445.00
STANDARD PRICE
$495.00
MSBA MEMBER, NEW LAWYER, AND OTHER DISCOUNTS, IF APPLICABLE, WILL BE APPLIED DURING CHECKOUT.

IN-PERSON PASSHOLDERS:
You may use your Pass to register for the live simulcast at no charge.

Monday, February 7, 2022 - Tuesday, February 8, 2022

8:50 AM - 5:00 PM   |   Check-In:  8:10 AM

LIVE ONLINE ONLY
In-Person Passholders – You may use your Pass to register for the live simulcast at no charge.

2022 Midwest Legal Conference on Privacy & Data Security

New Developments, Practical Takeaways, Actionable Content – You’ll Find It at the 2022 Conference!

2022 Conference Highlights:

  • Extensive Coverage of New Developments
  • 21 Sessions – from Cutting-Edge to Foundational
  • 39+ Skilled Faculty with Diverse Practice Perspectives
  • Focus on “How To’s”
  • New Ransomware Response Playbook Legal QuickSheet™
  • Bonus Pre-Conference Webcast
  • On-Point Ethics and Elimination-of-Bias Sessions
  • 12.0 Live Credits (applied for)
  • 1 Year “Watch Again” Access to All Sessions 
  • And More!


Impressive Faculty Roster with Diverse Practice Perspectives 
The 2022 Midwest Legal Conference on Privacy & Data Security features an outstanding faculty committed to providing the best and most practical education for you. The conference faculty is drawn from in-house, private practice, consulting services, government, and academia. This faculty mix leverages diverse insights and perspectives to deliver top-quality education – spotting and analyzing the complex legal and business issues and offering real-world advice and practice tips for tackling those issues.


The Latest Updates and Their Practical Implications
The 2022 Conference tackles the significant privacy and data security developments – both domestic and international – over the past year and key imminent changes to keep your eye out for. Plenary and breakout update sessions include:

  • The Highly Rated, Fast-Paced Annual Year in Review
  • The New California, Virginia and Colorado Laws – What’s Changed, What’s the Same and What To Do Now
  • Your Essential European Update – Including Practical Tips for Incorporating the New GDPR Standard Contractual Clauses
  • Navigating China’s New Data Privacy and Security Laws
  • Privacy and Data Security Litigation Update
  • Canadian Privacy Update
  • PLUS – Up-to-the-minute application of new developments in all the Conference sessions!


Unmatched Coverage of the Critical Issues You’re Dealing with Every Day
Get recommendations from experts in the field – how they are advising clients, and why – with sessions on:

  • Your Ransomware Response Playbook
  • Data-Processing Agreements – Simplifying and Standardizing Across Jurisdictions
  • How to Create Effective Data Mapping and Data Retention Programs
  • How to Systematize Risk Assessments as Part of a Robust Data Security Program
  • Cookies and Third-Party Tracking – Answers to the Most Common Questions
  • Consumer and Data Subject Access Requests – Do Your Clients Have Adequate Compliance Plans in Place?
  • Managing Incident Responses
  • 10 Red Flags of Vendor Data Privacy and Security Risk That a Client Ignores at Its Peril
  • Artificial Intelligence – Its Privacy Law Challenges, Plus Practical Guidance
  • Measuring Cybersecurity’s and Privacy’s Impact on ESG Assessments
  • Cyber-Insurance Coverage – Key Market Trends
  • Navigating Privacy Risk in Managing COVID Testing, Vaccinations, and Exposure Mitigation
  • How to Control Data Security and Privacy Risks in Remote Work

All times are CST.


Day 1 – Monday, February 7


8:10 – 8:50 a.m.
JOIN ONLINE


8:50 – 9:00 a.m.
WELCOME & INTRODUCTION


9:00 – 10:00 a.m.
The 2022 Data Privacy and Cybersecurity Legal Update
This is your “can’t miss” annual update from a legal expert on the forefront of privacy and cybersecurity, attorney Jamie Nafziger. Jamie will update you on the significant privacy and data security developments – both domestic and international – over the past year and key changes that will hit your inbox soon. Topics will include: the new comprehensive privacy laws in Virginia and Colorado, the new Chinese Personal Information Protection Law (PIPL); the launch of California’s new Privacy Protection Agency; new Illinois biometrics class actions and new facial recognition laws; automated decision-making and data localization trends; the new standard contractual clauses from Europe; post-Brexit U.K. data reforms; third-party cookie, local storage, browser privacy controls, dark patterns, and other adtech developments; the outcome of the U.S. Supreme Court’s Telephone Consumer Protection Act case; the latest privacy developments related to major social media companies; the FTC’s largest FCRA settlement of all time; large security incidents and more.
– Jamie N. Nafziger


10:00 – 10:15 a.m.
BREAK


10:15 – 11:15 a.m.
Elimination of Bias: How Surveillance Disproportionately Harms Marginalized Communities
1.0 elimination of bias credit applied for
Privacy is often an afterthought, and sacrificed in the name of efficiency, security, or profit. However, privacy is both a critical individual right, particularly to marginalized groups disproportionately subjected to surveillance by private and governmental actors, and a fundamental component of a well-functioning democracy. This panel will discuss surveillance regimes’ disparate harms to those rendered most vulnerable based on their racial, sexual, immigration, religious, or socio-economic status, while also foregrounding conceptions of privacy that may help society better appreciate its role in enhancing equality and democracy. The panel will enhance – and sometimes may challenge – understandings of privacy and the implications for marginalized communities, helping attendees give the most complete, informed policy and practice advice to clients who collect, use, and share people’s data.
– Michele E. Gilman & Scott Skinner-Thompson
– Michael R. Cohen (moderator)


11:15 – 11:30 a.m.
BREAK


11:30 a.m. – 12:30 p.m.
BREAKOUT SESSION A

001
How to Create Effective Data Mapping and Data Retention Programs

Organizations struggle with keeping track of what information they have, where it is, how long they need to keep it, and when they can and should delete it. Organizations can address these challenges through the development of a modern, compliant, and easier-to-execute records retention schedule and data map. Join us as we discuss how to create, and keep up with, an effective data map and records retention schedule, so you can begin putting together your Information Governance program.
– Kerry Childe & Mark Diamond

002
The New California, Virginia and Colorado Laws – What’s Changed, What’s the Same and What To Do Now

Hands down California, Virginia and Colorado are the talk of the town when it comes to state-law changes in 2021 with significant impact on data privacy and security rights and obligations. But when it comes to applying the new laws coming into effect in 2023, what exactly has changed and what hasn’t? This practical session answers these questions via succinct distillation of what responsive changes clients may need to make in the following areas:

  • Privacy notices
  • Individual rights’ requests 
  • Internal risk assessments
  • Sensitive data issues
  • Contracts with service providers and others
  • Privacy training

– Maggie Lassack & Lisa J. Sotto

003
Artificial Intelligence: A Review of the Privacy Law Challenges Brought by the Growing Use of AI – Plus Practical Guidance

There is a measurable correlation between artificial intelligence (AI) capabilities and the data on which it is employed. Essentially, the greater the power/capability of the AI application that is used, the more likely the latent data value on which it is used tends to increase. This is because AI has an augmentation capability that exposes the latent value and reduces entropy. Cumulatively, the effect on privacy can be generally corrosive. This session identifies some of the key privacy challenges that use of AI creates and offers practical guidance for meeting those challenges. Topics will include:

  • Notice and consent for data collection, use, and processing;
  • Use of explainable AI (XAI) to mitigate harm; and
  • Contracting best practices.

– Eran Kahana


12:30 – 1:30 p.m.
LUNCH BREAK


1:30 – 2:30 p.m.
BREAKOUT SESSION B

101
How to Systematize Risk Assessments as Part of a Robust Data Security Program

From financial institutions with customer information to businesses processing California consumers’ information, companies are under growing legal obligations to perform risk assessments to identify material threats to information they hold. This breakout session will explore how the changing legal landscape, including the FTC’s changes to the GLBA Safeguards Rule and the California Privacy Protection Agency’s forthcoming rulemaking, may influence contract terms and data security standards. In this context, we will assess practical approaches to risk assessments and threat modeling to support robust security programs for companies of all sizes.
– Michael Fuller & Laura Riposo VanDruff

102
North of the Border: Canadian Privacy Update

This breakout session addresses developments in Canadian federal and provincial privacy laws, with a focus on advising companies that conduct business in both the U.S. and Canada. The session will begin by covering the current federal and provincial Canadian privacy law regime and then will discuss such developments including: (i) Quebec Bill 64, (ii) Ontario private sector privacy legislation, and (iii) Canadian federal private sector privacy law reform. This breakout session will provide a U.S. privacy law comparative perspective, including how to navigate both U.S. and Canadian federal, state, and provincial privacy laws (for example, data breach notifications and privacy policies) and developments to watch for in the coming year.
– Melissa J. Krasnow & Wendy Mee

103
Navigating Privacy Risk in Managing COVID Testing, Vaccinations, and Exposure Mitigation

For employers trying to determine how to deal with COVID-19, a clear course of action remains elusive and presents businesses with new and continuing challenges as they consider workplace safety requirements. This session will provide the most up-to-date information on the latest employment and privacy law and regulatory developments to consider when mitigating risk to your employees, customers, and others. Our employment and privacy law experts will discuss new developments related to these issues, including: what steps employers should take to implement a testing program; updates on guidelines related to COVID-19 vaccinations for the workforce, including notice, authorization, confidentiality and response; competing privacy and data security concerns, including the scope of medical and other information employers can collect, retain, store, and access from employees, customers, and facility visitors alike; notice and consent obligations; and legal risks associated with data breaches.
– Karla Grossenbacher & Mandana Massoumi


2:30 – 2:45 p.m.
BREAK


2:45 – 3:45 p.m.
BREAKOUT SESSION C

201
Consumer and Data Subject Access Requests – Do Your Clients Have Adequate Compliance Plans in Place?

EU and U.S. privacy laws provide individuals with rights to access, correct, and delete their personal information collected by businesses and organizations. Though these types of rights have existed in particular sectors for some time, the California Consumer Privacy Act was the first U.S. law of general applicability. Now, laws in Virginia and Colorado are set to follow suit. This session will outline the types of rights arising under both EU and U.S. state privacy laws and the compliance obligations that follow. Panelists will also provide practical tips for implementing effective rights response programs.
– Ron De Jesus, Julian B. Flamant & Lena Ghamrawi
– Kenesa Ahmad (moderator)

202
Your Essential European Update – Including Practical Tips for Incorporating the New GDPR Standard Contractual Clauses

Learn more about significant new developments out of Europe, along with the key practical takeaways from each. The session will focus on a wide range of those developments including:

  • Lessons to be learned from newly opened data transfer investigations by European authorities;
  • New guidance from the European Data Protection Board (EDPB);
  • Regulating AI;
  • Practical tips for incorporating the new EU Standard Contractual Clauses (SCCs); and
  • The UK’s approach to cross border data transfers.

– Brian L. Hengesbaugh & Kellie Johnson

203
Your Ransomware Response Playbook

When a client falls prey to a ransomware attack, what are the immediate steps to take? This session will provide you with a “playbook” for helping your clients form an appropriate response. You will learn how to:

  • Address the strategic, legal, business, and consumer relations issues involved;
  • Investigate the attack and the attacker, in coordination with technical experts and law enforcement;
  • Decide whether to pay the ransom, given the differing positions of insurers, the FBI, and the Treasury Department;
  • And more.

– Emily M. Holpert & Tedrick A. Housh


3:45 – 4:00 p.m.
BREAK


4:00 – 5:00 p.m.
Measuring Cybersecurity’s and Privacy’s Impact on ESG Assessments
Global social unrest and concern for climate change has led to unprecedented government, shareholder, investor, consumer, employee, and business-leader pressure on company ESG performance that demonstrates commitment to the social good. And for many of our clients, the cybersecurity and privacy component of their ESG index makes up an impactful share of their overall score, topping 10% in some cases. In this session, you’ll get practical insights into:

  • The business case for linking privacy to ESG;
  • How ESG rating agencies evaluate and score privacy and cybersecurity programs; and
  • Specific ways to maximize privacy and cybersecurity’s contributions to ESG.

– Jay Cline & Melissa Hudson


Day 2 – Tuesday, February 8


8:10 – 8:50 a.m.
JOIN ONLINE


8:50 – 9:00 a.m.
WELCOME & INTRODUCTION


9:00 – 10:00 a.m.
Managing Incident Responses – Navigating the Technical, Strategic and Legal Issues in a Rapidly Changing Environment
Data breaches are becoming an everyday occurrence (and lawyers are not exempt!). Highly practical, this session is keyed to applying principles to practice in common breach scenarios. With perspectives from the FBI, DOJ, an in-house privacy officer and two attorneys who advise clients on cybersecurity issues, this session will include an overview of the structure and scope of breach notification laws (typically at the state level), how the evolution of breaches, including especially new variants of ransomware, challenge the norms previously applied to interpreting those laws, and recent enhancements of federal support that may facilitate clawbacks if immediate action is taken.  Attendees will gain a high-level understanding of the process for evaluating whether and when disclosure to impacted individuals and potentially state Attorneys General must be made, and common pitfalls and challenges as one attempts to navigate the fog of a breach.
– Jake Iverson, Paul H. Luehr, Timothy C. Rank & Prasanta K. Wells
– Robert E. Cattanach (moderator)


10:00 – 10:15 a.m.
BREAK


10:15 – 11:15 a.m.
10 Red Flags of Vendor Data Privacy and Security Risk That a Client Ignores at Its Peril
– Richard M. Martinez & Dan Ongaro


11:15 – 11:30 a.m.
BREAK


11:30 a.m. – 12:30 p.m.
BREAKOUT SESSION D

301
Data-Processing Agreements – Simplifying and Standardizing Across Jurisdictions

Organizations across all jurisdictions and industries need to develop practical solutions for data-processing agreements (DPAs) that can be implemented through the data-processing chain. For countries or U.S. states that don’t require or reward an expansion of the new EU Standard Contractual Clauses (SCCs), companies can deploy concise, consolidated data-processing terms that address descriptive national or local statutory requirements, ideally without repetition and unnecessary complexities. In this session, Lothar Determann will: 

  • Provide concrete guidance for determining when using the new SCCs aren’t required and aren’t the best choice for some, or all, of an organization’s data-processing agreements;
  • Identify and analyze samples of concise, consolidated data-processing terms for DPAs that aren’t using the SCC framework; and 
  • Share fundamental principles an organization can follow to take a compliance-focused, pragmatic approach to DPA simplification and standardization.

– Lothar Determann

302
Navigating China’s New Data Privacy and Security Laws
– Elizabeth Cole, Jerry C. Ling & Rick Martinez

303
Cookies and Third-Party Tracking – Answers to the Most Common Questions

Third-party cookies are used by websites other than the one you are currently visiting to track users between websites and to display more relevant ads between websites.  However, pressure from regulators and consumers has led many within the tech industry to declare that third-party cookies (and the targeted ads fueled by them) will soon come to an end. Further, new laws and regulations effective in 2023, create civil and/or criminal penalties for those that fail to notify web users of the presence of cookies. These regulations also require website operators to let users know what information is being collected and to whom this information is shared, along with a way to opt out at any time. This session will provide answers to the most common questions currently being asked by consumers, advertisers, and marketers as we move into a new world without third-party cookies and tracking. 
– Peter Hegel & Dominique Shelton Leipzig


12:30 – 1:30 p.m.
LUNCH BREAK


1:30 – 2:30 p.m.
BREAKOUT SESSION E

401
How to Control Data Security and Privacy Risks in Remote or Hybrid Work

  • Concrete guidance and best practices for data security during remote work;
  • Training employees and monitoring compliance with data security protocols;
  • Pros and cons of company-provided vs. employee-provided equipment;
  • Drafting remote work policies to promote privacy and data security, including updates to Bring Your Own Device policies;
  • Managing the risks of virtual voice assistants; and
  • Addressing considerations for protecting intellectual property.

– Lisa B. Ellingson & Nadeem W. Schwen 

402
Privacy and Data Security Litigation Update

A comprehensive survey of developments in privacy and data breach litigation that occurred in 2021, including major decisions, settlements, and enforcement actions; a discussion of the discoverability of data breach reports; and the latest updates out of California regarding CCPA litigation and what to expect from the CPRA when it goes into effect in 2023.
– Joe Hashmall & Michael Jaeger


2:30 – 2:45 p.m.
BREAK


2:45 – 3:45 p.m.
My Cyber-Insurance Premium Is Going Up How Much? Key Market Trends and Things to Understand About Your Cyber-Insurance Coverage
The cyber-insurance market continues to evolve rapidly. This session will explain how companies can best prepare for their cyber-insurance renewal and the growing importance of good information security and privacy controls. The session will cover some of the features of cyber insurance, describe some of its challenges, and provide recommendations on how companies can prepare for an incident.
– Mario Paez & Jonathan H. Stechmann


3:45 – 4:00 p.m.
BREAK


4:00 – 5:00 p.m.
Ethics: Protecting Client Confidences in Privacy/Security Audits and Data Breach Investigations and Responses
1.0 ethics credit applied for
– Ann Marie Mortimer




FREE BONUS PRE-CONFERENCE WEBCAST
As a special bonus of registering for the Conference, registrants may view this webcast for free! A coupon code, along with instructions on how to register for free at www.minncle.org, will be distributed prior to the webcast.

Thursday, February 3, 2022
12:00 – 1:00 p.m. (CST)
1.0 standard CLE credit applied for

Implementing a Privacy Program and Policies – The Foundational Principles and Steps
These days, privacy programs and policies are at the forefront of every organization. Whether your client is big or small, Fortune 100 or startup, local or global, having privacy and security program operations in place is not optional. This session will help you better understand key steps – establishing the initial groundwork and policies, creating ties with business and information security, establishing a process for reviewing and revising policies as needed, plus effective use of training, internal monitoring tools, privacy audits, and more.
– Heidi J.K. Fessler & Elaine De Franco Olson

LIVE SIMULCAST
Monday & Tuesday, February 7 & 8, 2022
Attend online

$445 MSBA members / $445 paralegals / $495 standard rate

Other discounts that may apply:

Scholarships available!
Need-based scholarships are available for in-person and online seminars. For further information or to obtain a scholarship application, contact us at 800-759-8840 or customerservice@minncle.org.

CREDITS – CONFERENCE
Minnesota CLE is applying to the Minnesota State Board of CLE for 12.0 CLE credits, including 1.0 ethics credit and 1.0 elimination of bias credit. The maximum number of total credits attendees may claim for this program is 12.0 credits. Minnesota CLE also is applying to the IAPP for CPE eligibility.

CREDITS – FREE PRE-CONFERENCE WEBCAST
Minnesota CLE is applying to the Minnesota State Board of CLE for 1.0 standard CLE credit. The maximum number of total credits attendees may claim for this webcast is 1.0 credit.

SPONSORED BY:
MEMBER PRICE
$445.00
STANDARD PRICE
$495.00
MSBA MEMBER, NEW LAWYER, AND OTHER DISCOUNTS, IF APPLICABLE, WILL BE APPLIED DURING CHECKOUT.

IN-PERSON PASSHOLDERS:
You may use your Pass to register for the live simulcast at no charge.

ADDITIONAL RECOMMENDATIONS FOR YOU (10 items):