|
|
"I think the current format is excellent
and is the best Data Protection Journal around and I have been a
subscriber for many years. Keep up the good work"
Doreen Broom, Data Protection Officer,
Scottish Borders Council |
Our past Conference delegates
say it best:
|
"Excellent event!"
Melissa Gregory, Regional Privacy Adviser, BP
"Fantastic to meet professionals
with the same concerns and questions-having those
concerns and questions addressed by experts was
invaluable and will help shape advice to our clients"
Vanessa Croisier-Challess, Furley Page
"The quality and profile of the speakers was
excellent"
Paul Taylor, Information Policy Manager, The
Information Tribunal
"Many thanks for an excellent conference. It
was incredibly useful to hear from the experts on the 'hot topics'
which are of particular concern to most data protection officers,
including the very recent developments in law. The presentations
were all very informative and, refreshingly, covered topical
problematic data protection issues from a legal, practical and
global perspective"
Alison Fortescue, Financial Times
"The Conference is very well balanced with
regard to the multi-tiered requirements of data protection and
supporting legislation"
Graham Ewing, Data Protection Officer, NHS Lothian
"Quality speakers at the cutting edge of Data Protection, I
thoroughly enjoyed the 2 days and soaked-up experience and knowledge
during the workshops. It was also good to socialise with Data
Protection specialists from different backgrounds, meeting some
really nice people for networking purposes"
Mike Lytheer, Data Protection Officer, Zurich
Financial Services
“An enjoyable day with
effective presenters and very useful information”
Brady Morris, Information Officer, Eastbourne
Borough Council
“Excellent Conference!
My first, but I will be back next year”
Kevin Giles, Information Compliance Advisor,
Glasgow Housing Association
“Excellent”
Jeremy Ison, Data Protection Officer, Deutsche
Bank
"As usual, an excellent Conference – speakers,
programme and organisation"
Teresa Gudge, Data Protection Officer, Airbus UK
“Great location. Very well organised”
Carl Harrey, Risk Specialist, Capital One
“Very useful and informative day. Good
speakers”
Alan White, SOX & DP Manager, Pitney Bowes
“The Annual Data Protection
Conference is the data protection event for
practitioners. Delegates are given an opportunity to
hear from the real experts in valuable experience!”
Catherine Lamb, Solicitor, Dickinson
Dees
“The Conference is very well balanced with regard to the
multi-tiered requirements of data protection and supporting
legislation”
Graham Ewing, Data Protection Officer, NHS Lothian |
|
Data Protection
Workshops
On the second day of the
9th Annual Data
Protection Compliance Conference, Friday
15th October 2010, delegates have the opportunity to
choose two of six practical half-day Workshops covering important
aspects of data protection practice
 |
|
Each Workshop covers an in-depth analysis of a specific issue of
data protection compliance, and will give the delegates opportunities to ask
questions and discover how issues are dealt with at other
organisations. |
These
Workshops can be booked separately or in
conjunction with the Conference. Attendance
at the Workshops by Conference delegates is
optional but it is anticipated that most
Conference delegates will wish to attend one
or more of the Workshops.
Lunch will be provided at
the venue starting at 12.45pm.
Each Workshop is accredited by the Law Society
with 3 CPD Points.
 The
Workshops were really
useful 
Sally Jackson, Partnership Office Assistant, Allen &
Overy LLP
Morning Sessions ( 9.30am – 12.45pm )
A:
Responding to an ICO Enforcement
Action
Workshop led by
Hazel Grant -
Partner, Bristows
The UK data protection regulator has a range
of enforcement powers and strategies,
including the new power to fine. This
Workshop considers the various powers and
gives delegates practical guidance on how to
handle each type of enforcement activity:
- Informal action - correspondence and
meetings, and use of written CEO undertakings
- Formal action – the types and the use of various
enforcement notices
- Power to fine – responding effectively to the
notice of intention to fine
- Power to audit – understanding the powers
available and how to respond
The session also considers the ICO’s good practice
guidance on security breach notification and how this is
likely to interrelate with enforcement action.
|
Workshop Leader - Biography:
Hazel Grant
is a Partner at Bristows, specialising
in public procurements, complex information technology
projects and information law. She advises on data
protection compliance, government data sharing projects and
handling appeals to decision notices.
Hazel has worked with central government departments,
special health authorities, investment banks, web retailers
and global professional partnerships.
|
|
 |
B:
Identifying Personal Data
Workshop
led by
Quentin Archer -
Partner, Hogan Lovells
There is considerable divergence of opinion between
the UK and the rest of Europe on the meaning of
‘personal data’. Despite guidance issued by the
Article 29 Working Party and the Information
Commissioner, many practical difficulties remain. This
Workshop looks at the key principles which organisations
should bear in mind when identifying and disclosing
personal data, including:
- What constitutes ‘personal data’ in a normal
business context?
- The latest guidance on ‘personal data’
- The significance of the definition of ‘personal
data’ when responding to a request for information
from data subjects and third parties
- Controversial aspects of the definition,
including relevant filing systems and IP addresses
|
Workshop Leader - Biography:
Quentin Archer
is a Partner at Hogan
Lovells. He advises on IT aspects of corporate
acquisitions, system development contracts, outsourcing
projects and transactions involving software licensing,
hardware sales, facilities management, telecommunications,
and defence contracts.
He works extensively in the fields of privacy and data
protection. |
|
 |
C:
Managing International Data Flow
Solutions
Workshop led by
Vinod Bange - Partner and Robert
Bond - Partner, Speechly Bircham LLP
Managing trans-border data flows remains an important
issue. For both small and global businesses there
is no one size fits all solution. This Workshop
looks at the current and changing landscape relating to
all manner of international data transfers, including:
- Consent and other justifications for sending
data to third countries
- The difference between adequacy and
accountability
- Safe Harbor – the latest thinking as to its
efficacy for transfers to the US
- Set I and Set II Model Contractual Clauses – the
differences explained
- Binding Corporate Rules – useful alternative or
preserve of the few?
- Hybrid solutions and cloud computing
|
Workshop Leaders - Biographies:
Vinod Bange
is a Partner at Speechly Bircham LLP, where he specialises
in data protection and information law, particularly
advising financial institutions, retailers and global blue
chip clients.
Vin has experience in all aspects of
data protection compliance and risk management, including
audit and implementation projects, cross-border data flows,
outsourcing, security and children’s data issues.
|
|
 |
|
Robert Bond
is a Partner at Speechly Bircham LLP.
He has
specialised in data protection and information security
since 1983 and is listed as an expert in Chambers (2009) and
as a “Notable Practitioner” for Data Protection in Chambers
UK (2008).
Robert is chairman of the ICC (UK) E-Business, IT and
Telecoms Committee.
|
|
|
Afternoon Sessions
( 2.00pm – 5.15pm )
D:
Managing an ICO Audit
Stewart Room - Partner,
Field Fisher Waterhouse
The Information Commissioner’s Office is now able to
conduct unannounced audits of public sector bodies, to
check for data protection compliance. It is also
important for data protection teams in the private
sector to be able to adequately prepare for an audit,
because the audit power will soon be extended to cover
private sector controllers. This Workshop considers:
- The ICO’s legal powers to conduct an audit
- The ICO’s auditing style and preferences
- Understanding systems-based regulation
- What happens on the day
- Controller’s legal rights and privilege
- Potential outcomes
|
Workshop Leader - Biography:
Stewart Room
is a Partner in the Privacy and
Information Law Group at Field Fisher Waterhouse. He
is dually qualified as a barrister and a solicitor holding
full Higher Court Rights of Audience. Stewart is
ranked as a Leading Individual for data protection by
Chambers UK. He advises in the financial, technology &
communications, healthcare, media & entertainment,
not-for-profit, public sector, retail and transport sectors.
Stewart has contributed to various publications and has
written three books on information law, namely Data
Protection and Compliance in Context (2006), Email: Law,
Practice and Compliance (2008) and Butterworths Data
Security Law & Practice (2009). |
|
 |
E:
Data Breach: Incident Response
Planning
Workshop
led by
Ann Bevitt - Partner
and Karin Retzer - Of Counsel, Morrison &
Foerster
It’s not a question of “if” but more an issue of
“when” you will be faced with a data breach incident.
When this happens, organisations cannot afford to be
caught short without a properly planned response.
This practical Workshop will help your organisation be
prepared for a data breach by looking at:
- How to identify your response team
- How to formulate your response plan
- Incident reporting and analysis
- Best practice guidance on managing a data breach
in the UK and in other EU Member States
|
Workshop Leaders - Biographies:
Ann Bevitt is a Partner at
Morrison & Foerster and head of the EU Privacy Group.
Ann’s practice covers all aspects of privacy and
privacy-related matters, both contentious and
non-contentious.
She has extensive expertise advising clients on
international data protection and privacy issues, in
particular with reference to the movement of personal data
within and outside the EU, and employee privacy issues.
Karin Retzer is Of Counsel
in Morrison & Foerster’s Brussels office. Her practice focuses on the
legal aspects of electronic commerce and data protection, technology licensing,
and intellectual property law.
Karin provides strategic advice on worldwide privacy and
data security compliance projects, as well as international
transfers of personal data, data retention obligations,
direct marketing, and the use of email and Internet in the
workplace.
|
|
|
F:
Data Protection for the Financial Services
Sector
Workshop
led by
John Casanova - Partner
and William Long - Counsel, Sidley Austin
LLP
The financial services sector has its own unique set
of data protection issues. This Workshop focuses
on those important data protection issues for all
financial services providers including banks, insurance
companies and investment firms, including:
- Financial Services Authority - how to deal with
FSA requirements in relation to protecting customer
data and telephone recording requirements
- Bank secrecy - understanding the scope of bank
secrecy and customer confidentiality obligations
- Outsourcing - how to ensure compliance with FSA
requirements on outsourcing, use of service
providers to process data and cross-border data
transfers
- Regulatory investigations - reconciling
disclosure obligations to regulators and authorities
with data protection requirements
- Enforcement - dealing with breaches of FSA
requirements in relation to customer data and recent
enforcement actions by the FSA
|
Workshop Leaders - Biographies: |
|
|
|
William Long
is Counsel in the London office of
Sidley Austin LLP. He advises international clients on
a wide variety of data protection, privacy, information
security, e-commerce and other regulatory matters.
He has experience with EU and international data protection
and privacy projects particularly in the financial services
industry and advises on cross-border data transfers and
other data protection issues.
|
|
 |
John Casanova
has practised in London since 1999 and is Head of
London Financial Services Regulatory Group. He advises
clients on a wide variety of English, EU and US financial
services regulatory and transactional matters.
Mr
Casanova works regularly with banks, investment firms,
payment systems, investment managers and advisors and other
financial intermediaries in the UK, the US and Europe.
He is an editor of E-Finance and Payments Law and Policy. |
|
 |
He has been a contributor to the
Review of Banking and Financial Services, the
Journal of International Banking Law and the
American Bar Association’s Business Law Journal.
He is a contributing editor for Electronic Money and
Payment Systems to Butterworths Financial Regulation
Service. Mr Casanova is a member of the District
of Columbia and Maryland bars and an English-qualified
solicitor. |
|
