Preconference Program: Wednesday, March 7
Preconference sessions are intensive training programs held the day before the full conference begins. These four-hour intimate programs typically range in size from 20-50 participants. Preconference Sessions: $545 each or choose two for an additional $150.

Wednesday Morning, 8 a.m. - 12 p.m.

Understanding Enterprise Data Flows and Classifications
Earl Porter, Director Information Security, Transamerica
Chris Lucado, Manager, KPMG
Orson Lucas, Senior Associate, KPMG
This workshop will guide the participants through the process of identifying sensitive enterprise information that is critical to the organization, as it's defined by applicable regulatory requirements and customer data breach notification laws. We will begin by explaining how to identify the sensitive data flows in an organization. * This session is 2 hours, start time 10 a.m.

**This session is best paired with Privacy Professional Bootcamp and Third Party Assessments - Criteria for Evaluations

AICPA/CICA Privacy Framework: Building and Auditing Privacy Programs
Ken Askelson, Senior IT Audit Manager, JC Penney
Sagi Leizerov, CIPP, Senior Manager – Privacy Assurance and Advisory Services, Ernst & Young LLP
Doron Rotman, CIPP, National Privacy Advisory Service Leader, KPMG LLP
Members of the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA) will provide a hands-on tutorial on developing and auditing a privacy program using the AICPA/CICA Generally Accepted Privacy Principles (also known as the Privacy Framework).

**This session is best paired with Third Party Assessments - Criteria for Evaluations

Wednesday Afternoon, 1 p.m. - 5 p.m.

Higher Education: A Privacy Workshop
Ross T. Janssen, Privacy and Security Officer, University of Minnesota
John T. Jensen, Security Coordinator, University of Minnesota
David Lindstrom, Chief Privacy Officer, Penn State University
Frank Maurer, Privacy Officer and Director – Privacy and Information Security Compliance, Weill Medical College – Cornell University
Jane Rosenthal, Privacy Officer, University of Kansas
Lauren Steinfeld, CIPP, Chief Privacy Officer, University of Pennsylvania
Join privacy professionals from colleges and universities to discuss critical and core components of a higher education privacy program. This Precon will focus on elements of an effective privacy structure in higher education, strategies for privacy training online and off, regulatory compliance programs, as well as specific privacy issues such as website privacy policies, security breach response, privacy assessments, and social networking.

Privacy Professional Bootcamp
Trevor Hughes, CIPP,
Kirk Nahra, CIPP, Partner, Wiley Rein & Fielding LLP
Peter Petrusky, Co-Leader – Privacy Practice, PricewaterhouseCoopers
Nils Zacharias, Senior Associate – Privacy Practice, PricewaterhouseCoopers
This workshop is designed to introduce privacy to those new to the field. Our experts will explain the fundamentals of privacy (fair information practices) and explore the myriad of legislative standards that face all privacy professionals. Additionally we will discuss the creation, management and monitoring of an effective privacy program.

**This session is best paired with Understanding Enterprise Data Flows and Classifications

Third Party Assessments - Criteria for Evaluations
Rena Mears, CIPP, Partner – Global Privacy Services Leader, Deloitte & Touche LLP
Don Sheehy, Senior Manager – Enterprise Risk, Deloitte & Touche LLP
Mark Steinhoff, Northeast Privacy Principal, Deloitte & Touche LLP (Moderator)
This workshop will address the demand for an operational framework that can be used when evaluating third party compliance, such as the AICPA's Generally Accepted Privacy Principles (GAPP). The purpose of this panel will be to discuss the role of GAPP as criteria for evaluation, as well as other industry-specific initiatives such as the BITS Financial Institution Shared Assessments Program (FISAP).

**This session is best paired with Understanding Enterprise Data Flows and Classifications and AICPA/CICA Privacy Framework: Building and Auditing Privacy Programs

State of Spyware Issues - Protecting Yourself and Your Organization
Rich Baldry, Head of Strategic Alliances, Sophos
Jerry Dixon, Deputy Director – US-CERT, Department of Homeland Security
Gerhard Eschelbeck, Chief Technology Officer, Webroot
David Fewer, Staff Counsel, CIPPIC
Andre Gold, Director – Information Security, Continental
Drew Maness, Chief Information Security Officer, Disney
Ross Schulman, Program Associate, Center for Democracy & Technology
Ari Schwartz, Associate Director, Center for Democracy & Technology
Jeff Williams, Director of Anti-Spyware Outreach, Microsoft
This training session will review the current state of spyware issues, potential privacy harms and then focus most of our time on what enterprises are doing to protect themselves. Speakers will include representatives from the federal government, CISOs and security experts.

A Global Perspective on Data Security Breaches and Enforcement
Mark Grantz, Special Agent, U.S. Secret Service
Billy Hawkes, Data Protection Commissioner, Ireland
William E. Kovacic, Commissioner, U.S. Federal Trade Commission
Christopher Kuner, Partner, Hunton & Williams LLP
Dr. José Luis Piñar Mañas, Data Protection Commissioner, Spain
Lisa J. Sotto, Partner, Hunton & Williams LLP
Data security breach laws are changing the way organizations manage information worldwide. Many data security breaches have a global effect -- a breach in the U.S. can affect European data. This panel will, also examine real-world data security breaches to provide a timely discussion and exploration of the following topics: overview of laws and current environment, Global perspective on data breach notification: cooperative global enforcement, managing various and competing constituencies and risks and lessons learned.

* All sessions will have a 20 minute break