On the morning of January 28, 2016, nearly 100 people walked into a large conference room located in the Los Angeles offices of Morrison & Foerster. It was a mixed group of attendees: regulatory managers and attorneys chatted amiably with IT engineers about best practices in protecting customer data. Seasoned professionals like Andrew Serwin, CIPP/C, CIPP/G, CIPP/E, CIPP/US, CIPM, of Morrison & Foerster shared morning coffee with one of IAPP’s newest members, Patrick Soon, counsel for the game company Square Enix.
This group gathered to celebrate National Data Privacy Day at an all-day conference (see the full program and faculty list here) co-hosted by the IAPP’s Los Angeles KnowledgeNet chapter, the National Cyber Security Alliance, Morrison & Foerster and Loyola Law School.
The day started with the basics. A panel of cybersecurity engineers, investigators and one attorney walked the audience through “the Anatomy of a Hack.” By giving a plain-English explanation of the steps of a hack from surveillance to data theft, the panel’s goal was to give the audience the knowledge to better prepare their defenses at each step.
The second panel then took the baton, explaining what to do after discovering your company has experienced a data incident. Titled, “Your Tabletop Exercise: Applying the Steps of an Incident Response Plan,” the second panel – which consisted of a Loyola Law School professor, attorney and forensic investigator – ran through scenarios ranging from hacker ransom demands to data theft; the audience and panel then discussed options and best practices for dealing with those scenarios.
“We want to give practical knowledge,” noted Professor Aaron Ghiradelli, the panel moderator, as he started the exercise.
After lunch, attendees started on the third panel, “The Cybersecurity Regulatory Landscape.” Consisting of attorneys, managers and engineers, this panel discussed various issues surrounding regulatory and industry-imposed best practices. New IAPP members learned that many companies may save time and money by engaging third party vendors who are certified ISO-compliant. Such certification suggests that the vendor has achieved a certain level of maturity in their security programs.
The fourth presentation, “Big Data, What’s the Big Deal?,” was unusual in that it had a single presenter: Cindy Compert, Chief Technology Officer for Data Privacy at IBM Security (read her predictions for 2016 here). However, keeping with the theme of the conference, Compert’s panel contained a mix of business, technical and legal issues. In particular, Compert noted, the “IAPP has grown increasingly diverse, and reaches into … many disciplines.” Compert also delivered the most popular line of the presentation: When confronted with a new business proposition that impacts privacy, a privacy professional’s job isn’t to simply say “no” to that proposition. Instead, an effective privacy professional must “know” how to provide different options.
Finally, “The Privacy Team is Your New Competitive Differentiator” focused on the business benefits of having an effective data privacy team. Serwin started the discussion by noting that consumer purchasing decisions are impacted by privacy concerns (read MoFo’s report on consumer outlooks here). Thus, companies known to have strong security programs are more likely to garner consumer trust. Paul Plofchan, VP and CPO at ADT, agreed. He noted that the presence of a strong privacy team could increase a company’s business competitiveness; he also noted that IAPP membership is one of the factors that may be used to develop a strong privacy team. The panel affirmed a truism expressed by the National Cyber Security Alliance: “Privacy is good for business.”
Then, in my role as Co-Chairperson of the Los Angeles Knowledge Net, I closed the academic portion of the program and invited the attendees to start on the second – and equally important – part of the program: to clink wine glasses and start networking. A different type of fun and learning ensued.
The Los Angeles chapter of the IAPP thanks Morrison & Foerster LLP, the National Cyber Security Alliance and Loyola Law School for co-planning and hosting this event. Your participation made this a success.