Midwest Legal Conference on Privacy & Data Security

301Data Processing Agreements – Simplification and Standardization Across JurisdictionsOrganizations across jurisdictions and industries need to develop practical solutions for data processing agreements (DPAs) that can be implemented throughout the data processing chain. For U.S. countries or states that do not require or reward an extension of the new EU Standard Contractual Clauses (SCCs), organizations can use concise and consolidated data processing terms that meet descriptive national or local legal requirements, ideally without unnecessary repetition or complexity. In this session, Lothar Determann: Because these issues require a multidisciplinary and evolving approach, Jennifer recognizes that legal advice can only solve part of a problem. To provide end-to-end guidance, it helps customers understand the additional services they need to meet best practices and solve their problems by bringing together their IT security, incident response, data protection, and other partners. 9:00 – 10:00 Incident Response Management – Managing Technical, Strategic and Legal Issues in a Rapidly Changing EnvironmentData breaches are becoming a daily occurrence (and lawyers are no exception!). This session is very practical and focuses on applying the principles in practice in common violation scenarios. With the views of the FBI, DOJ, an in-house privacy officer, and two attorneys advising clients on cybersecurity issues, this session will provide an overview of the structure and scope of breach reporting laws (typically at the state level), such as the evolution of breaches. including in particular the new ransomware variants, which challenge the norms, previously applied in the interpretation of these laws. and recent improvements in federal assistance, which can facilitate recoveries if immediate action is taken. Participants will gain an in-depth understanding of the process for assessing whether and when disclosure should be made to affected individuals and potentially state attorneys general, as well as the common pitfalls and challenges of trying to navigate the fog of a breach. – Jake Iverson, Paul H. Luehr, Timothy C.

Rank & Prasanta K. Wells – Robert E. Cattanach (Moderator) 402Goodbye, Privacy Shield 1.0 – Practical Compliance Tips after Schrems II and Other New Developments from EuropeParticipants will gain valuable insights into the latest EU developments on Schrems II, related guidance of the European Data Protection Board (EDPB), updated versions of the Standard Contractual Clauses and Brexit. The focus is not only on the basics of the legal situation, but also on practical risk assessments, market developments and important do`s and don`ts to react to these important developments. – Brian L. Hengesbaugh and Kellie Johnson 9:00 am – 10:00 am COVID Contact Tracing – Balancing Public Health and Individual RightsJoin an insightful panel moderated by Chief Privacy Officer – Elaine De Franco Olson – with panelists such as Dr. Laura Breeher, Mayo Clinic medical contract monitoring expert and chief of the clinic`s occupational medicine section; Julia Decker, Political Director of the American Civil Liberties Union of Minnesota; and Kenesa Ahmad, a lawyer and risk advisor recognized for her expertise in privacy, data protection and information security.– Kenesa Ahmad, Laura Breeher, MD, MS, MPH & Julia Decker – Elaine De Franco Olson (Moderator) 403How to respond to a ransomware incident – including whether to pay the ransomIf a customer is the victim of a ransomware attack, What are the immediate measures? This session provides a practical guide to your answer. How to: address related policy, legal, business and consumer issues; investigating the attack and perpetrator in coordination with technical experts and law enforcement agencies; Decide if the ransom will be paid given the different positions of insurers, the FBI and the Treasury Department.

And more.– Emily M. Holpert & Tedrick Housh The increasing frequency of data breaches and a rapidly growing regulatory framework are creating an operational reality where companies are under constant pressure to prove that they are building and maintaining a legally sound cybersecurity system. We have extensive experience in advising a wide range of clients on all related needs. 503Data to Dollars: Monetizing a company`s consumer data – for transactions, regulatory affairs and litigation As the business continues its digital transformation and AI and cloud technologies drive the adoption of digital technologies, the data generated creates an opportunity for businesses. This data, including health, finances and geolocation, can be very valuable. At the same time, consumers are becoming increasingly cautious about sharing data and regulators are tightening data protection requirements.