privacyassociation.org

The PRACTICAL PRIVACY Series June 16-17, 2008

Data BreachFinancial ServicesHuman Resources

June 16-17, 2008 New York

The PRACTICAL PRIVACY Series

3 single-day events,over 2 daysin 1 great locationThe Practical Privacy Series: Data Breach June 16, 2008Financial Services June 17, 2008Human Resources June 17, 2008The Graduate Center, CUNYThe Graduate Center, The City University of New York, 365 Fifth Avenue, New York, NY 10016-4309

Registration InformationRegister online: www.privacyassociation.orgSave $300 on your registration if you register for both days. IAPP Member Nonmember One event US$545 US$695 Two events US$690 US$990

Certified Information Privacy Professional (CIPP) Examination* *You must be an IAPP member to take the exam.Tuesday, June 17, 2008 5 p.m. to 8 p.m. EST. The exam will be held onsite at The Graduate Center, CUNY, following the conclu-sion of the program. CIPP Exam US $245 Exam Retake US $122 CIPP/G Exam US $100 Exam Retake US $50 CIPP/C Exam US $245 Exam Retake US $122

Membership FeesRegular Membership/Renewals US$250Government and Higher Education Employees and Nonprofits US$100Student US$50

Method of Payment Make payment by check, money order, Master-Card, Visa or American Express. A $20 fee will be charged for any returned checks. Credit card in-formation must be provided to secure your regis-tration if check/money order is not included with registration form. If payment is not received seven days prior to an event the credit card payment will be processed.

Refunds and CancellationsRegistration fees are not refundable but are trans-ferable to a person in the same company.Program subject to change. No refunds are given for no-shows or cancellations. Executed registra-tion form, online registration and email confirma-tion constitute binding agreement between two parties.

Tax Deductibility: Expenses of train-ing, including registration fee, travel, lodging and meals, incurred to maintain or improve skills in your profession may be tax deductible. Consult your tax advisor. Federal Tax ID 23-3048008.

MCLE (Mandatory Continuing Legal Education)*New York and Pennsylvania attorneys onlyAccreditation has been sought in New York and Pennsylvania. Information packets are available at the registration desk at the event. Specific instruc-tions must be followed during the series to qualify for MCLE credit. Please pick up your packet early

in your program to assure compliance. Attendees/speakers must sign attendance sheets for any pro-grams for which they wish to obtain credit. Law-yers seeking credit in Pennsylvania must pay fees of $1.50 per credit hour directly to the Pennsylvania CLE Board. For additional information on MCLE, please contact Jennifer Taubman at jtaubman@privacyassociation.org

CPE (Continuing Professional Education)Once you have become privacy certified by the IAPP, you must meet two minimum requirements over the term of your CIPP certification. in order to maintain your credentialed status: (1) You must keep your IAPP membership–at any level–in good standing each year; and, (2) You must fulfill at least 10 hours of continu-ing education per year (30 credits total after three years).

Any privacy- or security-related event or program is eligible for IAPP continuing education credit pending certain reviews and approvals. IAPP con-ferences such as the Privacy Summit and the Priva-cy Academy are automatically granted CPE credits upon receipt of a completed Continuing Privacy Education Credit Application Form and confirma-tion of attendance.

All attendees will be provided with a certificate of attendance.

LocationThe Graduate Center, The City University of New York, 365 Fifth Avenue, New York, NY 10016-4309

Getting ThereThe Graduate Center is located at Fifth Avenue and 34th Street across from the Empire State Building, and is convenient to all major transportation routes. Grand Central Terminal, Pennsylvania Station, the midtown PATH, and all major New York City sub-way and bus lines are within easy walking distance. The location is also close to Manhattan’s business and cultural activities. A quick stroll will take you to theaters, a multitude of restaurants, and hotels to fit every budget.

For more program details visit www.privacyassociation.org

Register Nowprivacyassociation.org

International Association of Privacy Professionals170 Cider Hill RoadYork, Maine 03909

NEW YORK

Detecting BreachesForensic SearchesFACTAID TheftWorkplace PrivacyHR Privacy Risk

*New York and Pennsylvania attorneys only.**New York and Pennsylvania

attorneys only.*

Sessions Sessions Sessions

9:00–10:0010:00–10:3010:30–11:30

11:30–12:30 12:30–1:301:30–2:302:30–3:003:00–4:00

Registration & Morning RefreshmentsKeynote AddressProtection: Steps to Take to Minimize the Likelihood of a Breach—Audits and Cyber Risk InsuranceDetecting Security Breaches—Building Auditing and Logging into Technology and Forensic SearchesLunchExecution: Your Response ProgramRefreshment BreakLitigation: Private Suits and Regulatory Investigations—Practical Tips

GOLD SPONSOR

Session 1: Protection: Steps to Minimize the Likelihood of a Breach—Audits and Cyber Risk InsuranceTim Tobin, Senior Associate, Proskauer Rose LLPAdam Sills, Underwriter, Darwin Professional Underwriters, IncThis session explores strategies for minimizing data breach potential, includ-ing a look at legal auditing tools and developing a comprehensive informa-tion security program. This session also examines cyber-insurance for covering breach-associated costs.

Session 2: Detecting Security Breaches—Building Auditing and Logging into Technology and Forensic SearchesEric Friedberg, President, Stroz Friedberg LLCAnna Slomovic, Chief Privacy Officer, Revolution HealthThis session looks at incorporating auditing and logging into technology to help detect unauthorized activity. It will examine the role of forensic inves-tigators in assessing whether a data breach occurred, the scope of the breach, and internal investigations involving suspected employee theft of data.

Session 3: Execution: Your Response ProgramJulie Fergerson, Vice President, Emerging Technolgy, DebixDoron Rotman, CIPP, Managing Director, KPMGHarry Valetk, CIPP, Corporate Privacy Director, MetLifeThis session looks into the logistics of operationalizing a response program and handling specific recurring incidents.

Session 4: Litigation: Private Suits and Regulatory Investigations—Practical TipsTanya Forsheit, Partner, Proskauer Rose LLPJoanna Geraghty, Assistant General Counsel, JetBlueThis session offers practical tips for defending data breach litigation and responding to regulatory investigations. It will also address the history of the need for damages in breach cases, and the future of litigation and investiga-tions.

Data BreachMonday, June 16

The PRACTICAL PRIVACY SeriesData Breach Conference AgendaPrevention, Detection, Execution, Litigation

Keynote Address: Six Years Since California’s SB 1386:The Framework Today and Where We Are Headed

Chair:Christopher WolfPartner, Proskauer Rose LLP

Nuala O’Connor Kelley, CIPP/GChief Privacy Leader, General Electric

9:30–10:30 10:30–11:3011:30–12:30

12:30–1:301:30–2:302:30–3:003:00–4:00

Registration & Morning RefreshmentsImplementing the FACTA Affiliate Marketing RulesImplementing a FACTA Red Flag ID Theft Prevention ProgramLunch Global, Federal and State Outlook for Legislation Refreshment Break Upcoming Regulations: SEC Proposal for Regulation S-P and More

Financial ServicesTuesday, June 17

Financial Services Conference AgendaDealing with the New Regulations

Chair:Agnes Bundy Scanlan, Esq., CIPP Counsel, Goodwin Procter LLP

Chair: Stephen Durkee, CIPPV.P. Consumer Privacy Implementation, Citgroup, Inc

Session 1: Implementing the FACTA Affiliate Marketing RulesThe new FACTA rules raise many questions. This session explores some of them, addressing issues related to providing notice, GLBA and FCRA opt-outs, new controls for marketing programs, and others.

Session 2: Implementing a FACTA Red Flag ID Theft Prevention ProgramIn this session, participants explore the nature of the FACTA Red Flag ID Theft Prevention Program. Participants will discuss minimum requirements, responsibilities for managing the program, and integrating the program with current policies. It will also highlight which product lines fall under the program.

Session 3: Global, Federal and State Outlook for LegislationThis session looks at legislative trends affecting financial services compa-nies, such as pending federal legislation, Social Security numbers in the states, encryption requirements, and emerging global trends.

Session 4: Upcoming Regulations: SEC Proposal for Regulating S-P and MoreIn this session, participants discuss recently-proposed SEC regulations and new provisions for brokers moving between firms.

8:15–9:15

9:15–10:15

10:15–11:15

11:15–11:30

11:30–12:30

12:30–1:30

1:30–2:30

2:30–3:00

3:00–4:00

Registration & Morning RefreshmentsSex Offenders, Terrorists and Video Résumés: How Far Can You Go to Get Information about Employees?It’s 10AM: Do You Know Where Your Employees Are and What They Are Doing? BreakHIPAA, FMLA, ADA, CMIA: How to Handle Employee Health Information and Drug and Alcohol Testing in Compliance with Confidentiality RequirementsLunch HR Privacy Risk Assessments: Lessons Learned, Leading Practices, Changing Risks and New OpportunitiesRefreshment BreakWhat to Do When an HR Security Breach Inevitably Occurs

Session 1: Sex Offenders, Terrorists and Video Résumés: How Far Can You Go to Get Information About Employees?Philip Gordon, Esq., Shareholder, Littler Mendelson, P.C.With ready access to sensitive personal information, employers are under in-creasing scrutiny to maintain a workforce beyond reproach. Social networking sites, blogs and other resources offer a wealth of information on candidates and employees. How deeply should employers tap these new sources? This presenta-tion will help frame the debate for your own organization. Session 2: It’s 10 AM: Do You Know Where Your Employees Are and What They Are Doing?Gary Clayton, CIPP, CEO, Privacy Compliance GroupNew technology offers employers ever more sophisticated tools to keep tabs on their employees, but to what extent does this monitoring expose them to liabil-ity? This session examines the evolving U.S. law on these issues and discusses the challenges for global employers confronting data protection regimes modeled on the EU Data Protection Directive.

Session 3: HIPAA, FMLA, ADA, CMIA: How to Handle Employee Health Information and Drug and Alcohol Testing in Compliance with Confidentiality RequirementsNancy Delogu, Esq., Shareholder, Littler Mendelson, P.C.Managing employees’ health is a critical business imperative. Employers confront a maze of laws and regulations governing the confidentiality of employee health information, and dire consequences for mishandling such information. This session addresses questions on collecting, using, storing, documenting and disclosing employee health information, among other concerns.

Session 4: HR Privacy Risk Assessments: Lessons Learned, Leading Practices, Changing Risks and New OpportunitiesLydia Payne-Johnson, CIPP, Financial Services Privacy Consultant, PricewaterhouseCoopers, LLPPeter Rabinowitz, Esq., Privacy, Governance & Risk Compliance Consultant PricewaterhouseCoopers, LLPSafeguarding HR information often plays second fiddle to seemingly more imperative privacy data, such as patient or customer information. Yet it can be among the most sensitive at an organization. This presentation highlights key lessons learned from HR privacy risk assessments across industries, and from helping organizations remediate weaknesses in their control environments.

Session 5: What to Do When an HR Security Breach Inevitably OccursRick Dakin, President and Founder, Coalfire SystemsBrian O’Connor, CIPP, Chief Security & Privacy Officer, Eastman Kodak CompanyAmy Yates, CIPP, Director, Deloitte & Touche LLP, Privacy and Data Protection, ERS - Security & Privacy ServicesA security breach involving human resources data is high-stakes for organiza-tions. This presentation focuses on the most common causes of HR security breaches and explains from the trenches how to respond in compliance with ap-plicable notice laws, and without a disgruntled workforce when the dust clears.

Human ResourcesTuesday, June 17

Human Resources Conference Agenda On the Cutting Edge of Workplace Privacy

Chair:Philip Gordon, Esq.Littler Mendelson, P.C

GOLD SPONSOR

Sessions Sessions Sessions

9:00–10:0010:00–10:3010:30–11:30

11:30–12:30 12:30–1:301:30–2:302:30–3:003:00–4:00

Registration & Morning RefreshmentsKeynote AddressProtection: Steps to Take to Minimize the Likelihood of a Breach—Audits and Cyber Risk InsuranceDetecting Security Breaches—Building Auditing and Logging into Technology and Forensic SearchesLunchExecution: Your Response ProgramRefreshment BreakLitigation: Private Suits and Regulatory Investigations—Practical Tips

GOLD SPONSOR

Session 1: Protection: Steps to Minimize the Likelihood of a Breach—Audits and Cyber Risk InsuranceTim Tobin, Senior Associate, Proskauer Rose LLPAdam Sills, Underwriter, Darwin Professional Underwriters, IncThis session explores strategies for minimizing data breach potential, includ-ing a look at legal auditing tools and developing a comprehensive informa-tion security program. This session also examines cyber-insurance for covering breach-associated costs.

Session 2: Detecting Security Breaches—Building Auditing and Logging into Technology and Forensic SearchesEric Friedberg, President, Stroz Friedberg LLCAnna Slomovic, Chief Privacy Officer, Revolution HealthThis session looks at incorporating auditing and logging into technology to help detect unauthorized activity. It will examine the role of forensic inves-tigators in assessing whether a data breach occurred, the scope of the breach, and internal investigations involving suspected employee theft of data.

Session 3: Execution: Your Response ProgramJulie Fergerson, Vice President, Emerging Technolgy, DebixDoron Rotman, CIPP, Managing Director, KPMGHarry Valetk, CIPP, Corporate Privacy Director, MetLifeThis session looks into the logistics of operationalizing a response program and handling specific recurring incidents.

Session 4: Litigation: Private Suits and Regulatory Investigations—Practical TipsTanya Forsheit, Partner, Proskauer Rose LLPJoanna Geraghty, Assistant General Counsel, JetBlueThis session offers practical tips for defending data breach litigation and responding to regulatory investigations. It will also address the history of the need for damages in breach cases, and the future of litigation and investiga-tions.

Data BreachMonday, June 16

The PRACTICAL PRIVACY SeriesData Breach Conference AgendaPrevention, Detection, Execution, Litigation

Keynote Address: Six Years Since California’s SB 1386:The Framework Today and Where We Are Headed

Chair:Christopher WolfPartner, Proskauer Rose LLP

Nuala O’Connor Kelley, CIPP/GChief Privacy Leader, General Electric

9:30–10:30 10:30–11:3011:30–12:30

12:30–1:301:30–2:302:30–3:003:00–4:00

Registration & Morning RefreshmentsImplementing the FACTA Affiliate Marketing RulesImplementing a FACTA Red Flag ID Theft Prevention ProgramLunch Global, Federal and State Outlook for Legislation Refreshment Break Upcoming Regulations: SEC Proposal for Regulation S-P and More

Financial ServicesTuesday, June 17

Financial Services Conference AgendaDealing with the New Regulations

Chair:Agnes Bundy Scanlan, Esq., CIPP Counsel, Goodwin Procter LLP

Chair: Stephen Durkee, CIPPV.P. Consumer Privacy Implementation, Citgroup, Inc

Session 1: Implementing the FACTA Affiliate Marketing RulesThe new FACTA rules raise many questions. This session explores some of them, addressing issues related to providing notice, GLBA and FCRA opt-outs, new controls for marketing programs, and others.

Session 2: Implementing a FACTA Red Flag ID Theft Prevention ProgramIn this session, participants explore the nature of the FACTA Red Flag ID Theft Prevention Program. Participants will discuss minimum requirements, responsibilities for managing the program, and integrating the program with current policies. It will also highlight which product lines fall under the program.

Session 3: Global, Federal and State Outlook for LegislationThis session looks at legislative trends affecting financial services compa-nies, such as pending federal legislation, Social Security numbers in the states, encryption requirements, and emerging global trends.

Session 4: Upcoming Regulations: SEC Proposal for Regulating S-P and MoreIn this session, participants discuss recently-proposed SEC regulations and new provisions for brokers moving between firms.

8:15–9:15

9:15–10:15

10:15–11:15

11:15–11:30

11:30–12:30

12:30–1:30

1:30–2:30

2:30–3:00

3:00–4:00

Registration & Morning RefreshmentsSex Offenders, Terrorists and Video Résumés: How Far Can You Go to Get Information about Employees?It’s 10AM: Do You Know Where Your Employees Are and What They Are Doing? BreakHIPAA, FMLA, ADA, CMIA: How to Handle Employee Health Information and Drug and Alcohol Testing in Compliance with Confidentiality RequirementsLunch HR Privacy Risk Assessments: Lessons Learned, Leading Practices, Changing Risks and New OpportunitiesRefreshment BreakWhat to Do When an HR Security Breach Inevitably Occurs

Session 1: Sex Offenders, Terrorists and Video Résumés: How Far Can You Go to Get Information About Employees?Philip Gordon, Esq., Shareholder, Littler Mendelson, P.C.With ready access to sensitive personal information, employers are under in-creasing scrutiny to maintain a workforce beyond reproach. Social networking sites, blogs and other resources offer a wealth of information on candidates and employees. How deeply should employers tap these new sources? This presenta-tion will help frame the debate for your own organization. Session 2: It’s 10 AM: Do You Know Where Your Employees Are and What They Are Doing?Gary Clayton, CIPP, CEO, Privacy Compliance GroupNew technology offers employers ever more sophisticated tools to keep tabs on their employees, but to what extent does this monitoring expose them to liabil-ity? This session examines the evolving U.S. law on these issues and discusses the challenges for global employers confronting data protection regimes modeled on the EU Data Protection Directive.

Session 3: HIPAA, FMLA, ADA, CMIA: How to Handle Employee Health Information and Drug and Alcohol Testing in Compliance with Confidentiality RequirementsNancy Delogu, Esq., Shareholder, Littler Mendelson, P.C.Managing employees’ health is a critical business imperative. Employers confront a maze of laws and regulations governing the confidentiality of employee health information, and dire consequences for mishandling such information. This session addresses questions on collecting, using, storing, documenting and disclosing employee health information, among other concerns.

Session 4: HR Privacy Risk Assessments: Lessons Learned, Leading Practices, Changing Risks and New OpportunitiesLydia Payne-Johnson, CIPP, Financial Services Privacy Consultant, PricewaterhouseCoopers, LLPPeter Rabinowitz, Esq., Privacy, Governance & Risk Compliance Consultant PricewaterhouseCoopers, LLPSafeguarding HR information often plays second fiddle to seemingly more imperative privacy data, such as patient or customer information. Yet it can be among the most sensitive at an organization. This presentation highlights key lessons learned from HR privacy risk assessments across industries, and from helping organizations remediate weaknesses in their control environments.

Session 5: What to Do When an HR Security Breach Inevitably OccursRick Dakin, President and Founder, Coalfire SystemsBrian O’Connor, CIPP, Chief Security & Privacy Officer, Eastman Kodak CompanyAmy Yates, CIPP, Director, Deloitte & Touche LLP, Privacy and Data Protection, ERS - Security & Privacy ServicesA security breach involving human resources data is high-stakes for organiza-tions. This presentation focuses on the most common causes of HR security breaches and explains from the trenches how to respond in compliance with ap-plicable notice laws, and without a disgruntled workforce when the dust clears.

Human ResourcesTuesday, June 17

Human Resources Conference Agenda On the Cutting Edge of Workplace Privacy

Chair:Philip Gordon, Esq.Littler Mendelson, P.C

GOLD SPONSOR

Sessions Sessions Sessions

9:00–10:0010:00–10:3010:30–11:30

11:30–12:30 12:30–1:301:30–2:302:30–3:003:00–4:00

Registration & Morning RefreshmentsKeynote AddressProtection: Steps to Take to Minimize the Likelihood of a Breach—Audits and Cyber Risk InsuranceDetecting Security Breaches—Building Auditing and Logging into Technology and Forensic SearchesLunchExecution: Your Response ProgramRefreshment BreakLitigation: Private Suits and Regulatory Investigations—Practical Tips

GOLD SPONSOR

Session 1: Protection: Steps to Minimize the Likelihood of a Breach—Audits and Cyber Risk InsuranceTim Tobin, Senior Associate, Proskauer Rose LLPAdam Sills, Underwriter, Darwin Professional Underwriters, IncThis session explores strategies for minimizing data breach potential, includ-ing a look at legal auditing tools and developing a comprehensive informa-tion security program. This session also examines cyber-insurance for covering breach-associated costs.

Session 2: Detecting Security Breaches—Building Auditing and Logging into Technology and Forensic SearchesEric Friedberg, President, Stroz Friedberg LLCAnna Slomovic, Chief Privacy Officer, Revolution HealthThis session looks at incorporating auditing and logging into technology to help detect unauthorized activity. It will examine the role of forensic inves-tigators in assessing whether a data breach occurred, the scope of the breach, and internal investigations involving suspected employee theft of data.

Session 3: Execution: Your Response ProgramJulie Fergerson, Vice President, Emerging Technolgy, DebixDoron Rotman, CIPP, Managing Director, KPMGHarry Valetk, CIPP, Corporate Privacy Director, MetLifeThis session looks into the logistics of operationalizing a response program and handling specific recurring incidents.

Session 4: Litigation: Private Suits and Regulatory Investigations—Practical TipsTanya Forsheit, Partner, Proskauer Rose LLPJoanna Geraghty, Assistant General Counsel, JetBlueThis session offers practical tips for defending data breach litigation and responding to regulatory investigations. It will also address the history of the need for damages in breach cases, and the future of litigation and investiga-tions.

Data BreachMonday, June 16

The PRACTICAL PRIVACY SeriesData Breach Conference AgendaPrevention, Detection, Execution, Litigation

Keynote Address: Six Years Since California’s SB 1386:The Framework Today and Where We Are Headed

Chair:Christopher WolfPartner, Proskauer Rose LLP

Nuala O’Connor Kelley, CIPP/GChief Privacy Leader, General Electric

9:30–10:30 10:30–11:3011:30–12:30

12:30–1:301:30–2:302:30–3:003:00–4:00

Registration & Morning RefreshmentsImplementing the FACTA Affiliate Marketing RulesImplementing a FACTA Red Flag ID Theft Prevention ProgramLunch Global, Federal and State Outlook for Legislation Refreshment Break Upcoming Regulations: SEC Proposal for Regulation S-P and More

Financial ServicesTuesday, June 17

Financial Services Conference AgendaDealing with the New Regulations

Chair:Agnes Bundy Scanlan, Esq., CIPP Counsel, Goodwin Procter LLP

Chair: Stephen Durkee, CIPPV.P. Consumer Privacy Implementation, Citgroup, Inc

Session 1: Implementing the FACTA Affiliate Marketing RulesThe new FACTA rules raise many questions. This session explores some of them, addressing issues related to providing notice, GLBA and FCRA opt-outs, new controls for marketing programs, and others.

Session 2: Implementing a FACTA Red Flag ID Theft Prevention ProgramIn this session, participants explore the nature of the FACTA Red Flag ID Theft Prevention Program. Participants will discuss minimum requirements, responsibilities for managing the program, and integrating the program with current policies. It will also highlight which product lines fall under the program.

Session 3: Global, Federal and State Outlook for LegislationThis session looks at legislative trends affecting financial services compa-nies, such as pending federal legislation, Social Security numbers in the states, encryption requirements, and emerging global trends.

Session 4: Upcoming Regulations: SEC Proposal for Regulating S-P and MoreIn this session, participants discuss recently-proposed SEC regulations and new provisions for brokers moving between firms.

8:15–9:15

9:15–10:15

10:15–11:15

11:15–11:30

11:30–12:30

12:30–1:30

1:30–2:30

2:30–3:00

3:00–4:00

Registration & Morning RefreshmentsSex Offenders, Terrorists and Video Résumés: How Far Can You Go to Get Information about Employees?It’s 10AM: Do You Know Where Your Employees Are and What They Are Doing? BreakHIPAA, FMLA, ADA, CMIA: How to Handle Employee Health Information and Drug and Alcohol Testing in Compliance with Confidentiality RequirementsLunch HR Privacy Risk Assessments: Lessons Learned, Leading Practices, Changing Risks and New OpportunitiesRefreshment BreakWhat to Do When an HR Security Breach Inevitably Occurs

Session 1: Sex Offenders, Terrorists and Video Résumés: How Far Can You Go to Get Information About Employees?Philip Gordon, Esq., Shareholder, Littler Mendelson, P.C.With ready access to sensitive personal information, employers are under in-creasing scrutiny to maintain a workforce beyond reproach. Social networking sites, blogs and other resources offer a wealth of information on candidates and employees. How deeply should employers tap these new sources? This presenta-tion will help frame the debate for your own organization. Session 2: It’s 10 AM: Do You Know Where Your Employees Are and What They Are Doing?Gary Clayton, CIPP, CEO, Privacy Compliance GroupNew technology offers employers ever more sophisticated tools to keep tabs on their employees, but to what extent does this monitoring expose them to liabil-ity? This session examines the evolving U.S. law on these issues and discusses the challenges for global employers confronting data protection regimes modeled on the EU Data Protection Directive.

Session 3: HIPAA, FMLA, ADA, CMIA: How to Handle Employee Health Information and Drug and Alcohol Testing in Compliance with Confidentiality RequirementsNancy Delogu, Esq., Shareholder, Littler Mendelson, P.C.Managing employees’ health is a critical business imperative. Employers confront a maze of laws and regulations governing the confidentiality of employee health information, and dire consequences for mishandling such information. This session addresses questions on collecting, using, storing, documenting and disclosing employee health information, among other concerns.

Session 4: HR Privacy Risk Assessments: Lessons Learned, Leading Practices, Changing Risks and New OpportunitiesLydia Payne-Johnson, CIPP, Financial Services Privacy Consultant, PricewaterhouseCoopers, LLPPeter Rabinowitz, Esq., Privacy, Governance & Risk Compliance Consultant PricewaterhouseCoopers, LLPSafeguarding HR information often plays second fiddle to seemingly more imperative privacy data, such as patient or customer information. Yet it can be among the most sensitive at an organization. This presentation highlights key lessons learned from HR privacy risk assessments across industries, and from helping organizations remediate weaknesses in their control environments.

Session 5: What to Do When an HR Security Breach Inevitably OccursRick Dakin, President and Founder, Coalfire SystemsBrian O’Connor, CIPP, Chief Security & Privacy Officer, Eastman Kodak CompanyAmy Yates, CIPP, Director, Deloitte & Touche LLP, Privacy and Data Protection, ERS - Security & Privacy ServicesA security breach involving human resources data is high-stakes for organiza-tions. This presentation focuses on the most common causes of HR security breaches and explains from the trenches how to respond in compliance with ap-plicable notice laws, and without a disgruntled workforce when the dust clears.

Human ResourcesTuesday, June 17

Human Resources Conference Agenda On the Cutting Edge of Workplace Privacy

Chair:Philip Gordon, Esq.Littler Mendelson, P.C

GOLD SPONSOR

privacyassociation.org

The PRACTICAL PRIVACY Series June 16-17, 2008

Data BreachFinancial ServicesHuman Resources

June 16-17, 2008 New York

The PRACTICAL PRIVACY Series

3 single-day events,over 2 daysin 1 great locationThe Practical Privacy Series: Data Breach June 16, 2008Financial Services June 17, 2008Human Resources June 17, 2008The Graduate Center, CUNYThe Graduate Center, The City University of New York, 365 Fifth Avenue, New York, NY 10016-4309

Registration InformationRegister online: www.privacyassociation.orgSave $300 on your registration if you register for both days. IAPP Member Nonmember One event US$545 US$695 Two events US$690 US$990

Certified Information Privacy Professional (CIPP) Examination* *You must be an IAPP member to take the exam.Tuesday, June 17, 2008 5 p.m. to 8 p.m. EST. The exam will be held onsite at The Graduate Center, CUNY, following the conclu-sion of the program. CIPP Exam US $245 Exam Retake US $122 CIPP/G Exam US $100 Exam Retake US $50 CIPP/C Exam US $245 Exam Retake US $122

Membership FeesRegular Membership/Renewals US$250Government and Higher Education Employees and Nonprofits US$100Student US$50

Method of Payment Make payment by check, money order, Master-Card, Visa or American Express. A $20 fee will be charged for any returned checks. Credit card in-formation must be provided to secure your regis-tration if check/money order is not included with registration form. If payment is not received seven days prior to an event the credit card payment will be processed.

Refunds and CancellationsRegistration fees are not refundable but are trans-ferable to a person in the same company.Program subject to change. No refunds are given for no-shows or cancellations. Executed registra-tion form, online registration and email confirma-tion constitute binding agreement between two parties.

Tax Deductibility: Expenses of train-ing, including registration fee, travel, lodging and meals, incurred to maintain or improve skills in your profession may be tax deductible. Consult your tax advisor. Federal Tax ID 23-3048008.

MCLE (Mandatory Continuing Legal Education)*New York and Pennsylvania attorneys onlyAccreditation has been sought in New York and Pennsylvania. Information packets are available at the registration desk at the event. Specific instruc-tions must be followed during the series to qualify for MCLE credit. Please pick up your packet early

in your program to assure compliance. Attendees/speakers must sign attendance sheets for any pro-grams for which they wish to obtain credit. Law-yers seeking credit in Pennsylvania must pay fees of $1.50 per credit hour directly to the Pennsylvania CLE Board. For additional information on MCLE, please contact Jennifer Taubman at jtaubman@privacyassociation.org

CPE (Continuing Professional Education)Once you have become privacy certified by the IAPP, you must meet two minimum requirements over the term of your CIPP certification. in order to maintain your credentialed status: (1) You must keep your IAPP membership–at any level–in good standing each year; and, (2) You must fulfill at least 10 hours of continu-ing education per year (30 credits total after three years).

Any privacy- or security-related event or program is eligible for IAPP continuing education credit pending certain reviews and approvals. IAPP con-ferences such as the Privacy Summit and the Priva-cy Academy are automatically granted CPE credits upon receipt of a completed Continuing Privacy Education Credit Application Form and confirma-tion of attendance.

All attendees will be provided with a certificate of attendance.

LocationThe Graduate Center, The City University of New York, 365 Fifth Avenue, New York, NY 10016-4309

Getting ThereThe Graduate Center is located at Fifth Avenue and 34th Street across from the Empire State Building, and is convenient to all major transportation routes. Grand Central Terminal, Pennsylvania Station, the midtown PATH, and all major New York City sub-way and bus lines are within easy walking distance. The location is also close to Manhattan’s business and cultural activities. A quick stroll will take you to theaters, a multitude of restaurants, and hotels to fit every budget.

For more program details visit www.privacyassociation.org

Register Nowprivacyassociation.org

International Association of Privacy Professionals170 Cider Hill RoadYork, Maine 03909

NEW YORK

Detecting BreachesForensic SearchesFACTAID TheftWorkplace PrivacyHR Privacy Risk

*New York and Pennsylvania attorneys only.**New York and Pennsylvania

attorneys only.*

privacyassociation.org

The PRACTICAL PRIVACY Series June 16-17, 2008

Data BreachFinancial ServicesHuman Resources

June 16-17, 2008 New York

The PRACTICAL PRIVACY Series

3 single-day events,over 2 daysin 1 great locationThe Practical Privacy Series: Data Breach June 16, 2008Financial Services June 17, 2008Human Resources June 17, 2008The Graduate Center, CUNYThe Graduate Center, The City University of New York, 365 Fifth Avenue, New York, NY 10016-4309

Registration InformationRegister online: www.privacyassociation.orgSave $300 on your registration if you register for both days. IAPP Member Nonmember One event US$545 US$695 Two events US$690 US$990

Certified Information Privacy Professional (CIPP) Examination* *You must be an IAPP member to take the exam.Tuesday, June 17, 2008 5 p.m. to 8 p.m. EST. The exam will be held onsite at The Graduate Center, CUNY, following the conclu-sion of the program. CIPP Exam US $245 Exam Retake US $122 CIPP/G Exam US $100 Exam Retake US $50 CIPP/C Exam US $245 Exam Retake US $122

Membership FeesRegular Membership/Renewals US$250Government and Higher Education Employees and Nonprofits US$100Student US$50

Method of Payment Make payment by check, money order, Master-Card, Visa or American Express. A $20 fee will be charged for any returned checks. Credit card in-formation must be provided to secure your regis-tration if check/money order is not included with registration form. If payment is not received seven days prior to an event the credit card payment will be processed.

Refunds and CancellationsRegistration fees are not refundable but are trans-ferable to a person in the same company.Program subject to change. No refunds are given for no-shows or cancellations. Executed registra-tion form, online registration and email confirma-tion constitute binding agreement between two parties.

Tax Deductibility: Expenses of train-ing, including registration fee, travel, lodging and meals, incurred to maintain or improve skills in your profession may be tax deductible. Consult your tax advisor. Federal Tax ID 23-3048008.

MCLE (Mandatory Continuing Legal Education)*New York and Pennsylvania attorneys onlyAccreditation has been sought in New York and Pennsylvania. Information packets are available at the registration desk at the event. Specific instruc-tions must be followed during the series to qualify for MCLE credit. Please pick up your packet early

in your program to assure compliance. Attendees/speakers must sign attendance sheets for any pro-grams for which they wish to obtain credit. Law-yers seeking credit in Pennsylvania must pay fees of $1.50 per credit hour directly to the Pennsylvania CLE Board. For additional information on MCLE, please contact Jennifer Taubman at jtaubman@privacyassociation.org

CPE (Continuing Professional Education)Once you have become privacy certified by the IAPP, you must meet two minimum requirements over the term of your CIPP certification. in order to maintain your credentialed status: (1) You must keep your IAPP membership–at any level–in good standing each year; and, (2) You must fulfill at least 10 hours of continu-ing education per year (30 credits total after three years).

Any privacy- or security-related event or program is eligible for IAPP continuing education credit pending certain reviews and approvals. IAPP con-ferences such as the Privacy Summit and the Priva-cy Academy are automatically granted CPE credits upon receipt of a completed Continuing Privacy Education Credit Application Form and confirma-tion of attendance.

All attendees will be provided with a certificate of attendance.

LocationThe Graduate Center, The City University of New York, 365 Fifth Avenue, New York, NY 10016-4309

Getting ThereThe Graduate Center is located at Fifth Avenue and 34th Street across from the Empire State Building, and is convenient to all major transportation routes. Grand Central Terminal, Pennsylvania Station, the midtown PATH, and all major New York City sub-way and bus lines are within easy walking distance. The location is also close to Manhattan’s business and cultural activities. A quick stroll will take you to theaters, a multitude of restaurants, and hotels to fit every budget.

For more program details visit www.privacyassociation.org

Register Nowprivacyassociation.org

International Association of Privacy Professionals170 Cider Hill RoadYork, Maine 03909

NEW YORK

Detecting BreachesForensic SearchesFACTAID TheftWorkplace PrivacyHR Privacy Risk

*New York and Pennsylvania attorneys only.**New York and Pennsylvania

attorneys only.*