Privacy Bar Section Forum

Monday, April 6
9:45 a.m. – 3 p.m.

Privacy lawyers are as busy as ever, with no end in sight to the growth of the field as new data protection and consumer privacy laws are adopted with increasing regularity around the world.

Brought to you by the IAPP’s Privacy Bar Section as part of Summit 2020 Active Learning Day sessions, the Privacy Bar Section Forum is an information-packed, full-day program presented by a distinguished and diverse panel of legal and data protection lawyers with deep experience in the field. As an opportunity for legal minds throughout the industry to come together and focus on the profession, the forum is a way to network, learn and look to the future.

Select the Conference Plus+ Pass (3-Day).

This April event follows the well-attended Privacy and Data Protection Law Forum at the IAPP Europe Data Protection Congress 2019 this past November in Brussels, Belgium, which focused on the future of the data protection lawyer of the GDPR era.

Schedule and Program

  • local_dining8 – 9:45 a.m.
    Check-In and Breakfast
  • expand_more9:45 – 10:45 a.m.
    Defining Reasonable Security for the Privacy Professional

    Kelly Harris, VP, Corporate Counsel, Cyber & Privacy, Prudential
    Sooji Seo, VP and CPO, Dell
    Andrew Serwin, CIPP/C, CIPP/E, CIPP/G, CIPP/US, CIPM, Co-chair Global Privacy Practice, DLA Piper

    Defining what “reasonable security” is has never been more important given the proliferation of data protection laws and large fines. The CCPA has made this question even more important in light of the private right of action and the reasonable security defense that exists. But the definition is sometimes hard to find, particularly for privacy professionals. This panel will examine how privacy professionals can help guide their companies on the journey to defining what reasonable security is.

    What you’ll take away:

    • Define what reasonable security means given the proliferation of data protection laws and large fines.
    • Understand how to help guide your organization on the journey to defining reasonable security.
  • expand_more10:45 a.m. – 12 p.m.
    Privacy Litigation Roundtable

    Moderator: Brian Ray, Professor of Law, Cleveland-Marshall College of Law
    Ian C. Ballon, CIPP/US, Co-Chair, Global Intellectual Property and Technology Practice, Greenberg Traurig
    David Cohen, Of Counsel, Orrick, Herrington & Sutcliffe
    Christopher Dore, Partner, Edelson PC
    Amy Keller, Partner, DiCello Levitt Gutzler

    Hear about emerging issues in privacy litigation from a roundtable panel that will cover the perspectives of both plaintiff’s counsel and defense counsel. Learn how to proactively minimize privacy litigation risks as panelists discuss the biggest issues and developments of the day, and gain insight into best practices as these seasoned litigators share stories of success, and of challenges.

    What you’ll take away:

    • Provide an overview on trends, developments, and important legal issues in privacy litigation.
    • Do a deep dive into a few particularly significant/impactful issues or areas to watch.
    • Provide practical takeaways to help lawyers proactively counsel their clients on how to minimize the likelihood of the risks you’ll be discussing.
  • local_dining12 – 1 p.m.
    Networking Lunch
  • expand_more12 – 1 p.m.
    Swimming in the Right Lane: How to Avoid the Unauthorized Practice of Law MCLE Ethics Credit Eligible!


    Moderator: Virginia Lee, CIPP/G, CIPP/US, CIPM, CIPT, FIP, Privacy and Cybersecurity Attorney, VLee Law
    Sebastian Kraska, Founder, Lawyer, IITR Data Privacy
    Angela Severice-Rohan, CIPP/US, Americas’ Leader for Data Privacy, EY
    Aravind Swaminathan, Partner, Global Co-Chair Cyber, Privacy & Data Innovation, Orrick, Herrington & Sutcliffe

    Privacy and data protection law involves advising clients on worldwide laws and regulations. Lawyers are not the only ones in the advising game — consultants (many of whom have law degrees) also play a major role. With outside data protection officers entering the mix as well, it’s not always easy to know who is acting as an attorney and who is not. As well, clients in the U.S. turn to their American lawyers for GDPR counsel, while clients in the EU may look to their local lawyer for CCPA compliance advice. Rule 5.5 of the model rules of professional conduct prohibits the unauthorized practice of law. How far can lawyers go without crossing into the wrong lane? When can lawyers associate with non-lawyers and still stay in compliance? What can consultants do to help clients without running afoul of ethics rules? This session hears from attorneys and consultants in the EU and U.S., and draws heavily on audience participation, to discuss and debate these important and timely issues facing the privacy bar.

    What you’ll take away:

    • Gain strong familiarity with Rule 5.5 of the Model Rules of Professional Conduct, including interpretive guidance.
    • Understand when it may be necessary to engage foreign counsel.
    • Develop an appreciation for the nuances of legal practice among EU lawyers who are developing innovative legal services.
    • Join in the debate about the proper role for consultants in advising on the GDPR, the CCPA and related privacy laws.
    • Gain strategies for associating with non-lawyers to develop the right outside team for compliance assistance.
  • expand_more2 – 3 p.m.
    Current and Future Enforcement Trends

    Eleanor Blume, Special Assistant Attorney General, California Department of Justice
    Travis LeBlanc, Partner, Cooley / PCLOB
    Maneesha Mithal, Associate Director, Division of Privacy and Identity Protection, Federal Trade Commission

    2020 is a special year for privacy regulation in the United States and around the world. With an unprecedented alignment of stakeholder interests advancing federal privacy legislation in Washington, privacy laws passed and proposed in multiple states from California to New York, privacy policymaking activity is reaching fever pitch. One of the most prominent digital economy regulators in the world, the Federal Trade Commission plays a central role in many policymaker proposals, vigorously enforcing existing laws and regulations designed to protect consumers around the world. The California Consumer Privacy Act, in effect January 1, 2020, empowers the California attorney general to enforce privacy rights and obligations through sanctions and rulemaking authority. The potentially large civil penalties and statutory damages for organizations not in compliance, and the size and population of the state of California, means that the CCPA will heavily influence data protection practices around the world. In this session, Travis LeBlanc interviews Maneesha Mithal of the FTC and Eleanor Blume of the California Attorney General’s Office to discuss the latest enforcement and policymaking efforts and the outlook for the months ahead.

    What you’ll take away:

    • Consider the latest enforcement actions and policymaking trends.
    • Engage with leaders at two of the most prominent regulators in the United States today.