- This event has passed.
IAF Virtual Policy Summit
April 13, 2021 @ 11:00 am - 1:00 pm
An event every day that begins at 11:00 am, repeating until April 15, 2021
IAF Policy Summit: Mapping a Pathway for Functional Accountability through the Data Protection Chaos
April 13 – 15, 2021
Register Once for All Three Days – Attend What You Can
Data protection 2021 requires privacy professionals to have focus in an environment where focus is near impossible. For example, today’s employee issue is privacy and contact tracing while tomorrow’s issue may be the privacy implications of required employees’ vaccine passports. The second issue may occur even if the first hasn’t been solved yet. While currently struggling to describe data collection and use policies, trust soon may require us to explain the logic behind analytics. Policy makers want to discuss individual control, while demanding data driven answers to complex questions that require universal participation. During three two-hour sessions the IAF community will first consider the resources needed by all stakeholders to make an accountability-based system work, then second will examine the hard operational choices leaders must make when new requirements overwhelm old ones, and finally third will debate whether glass breaking legislation is possible in an incremental world, and if not, whether innovation and fairness can function if glass isn’t broken. The summit is virtual on a digital first platform. Join us for one or more sessions. Make your voice heard.
IAF Summit – Day 1: The IAF model legislation and other IAF projects suggest that in order to step up to the next stage of accountability where organizations provide proof that their privacy programs are effective, they and regulators must have in place solid programs, effective oversight, and effective enforcement. Both organizations and regulators currently are ill equipped to meet this level of proof. For example, the IAPP European Data Protection digest reports that the Dutch authority has stated “that it is seriously understaffed to adequately perform its tasks. Only 0.04% of complaints and 0.3% of reported data breaches are investigated. There is a five-year waiting list for binding corporate rules, and it has only 0.2 FTE staff available to find unreported data breaches.” Likewise, organizational privacy offices are consumed with implementation of new laws, regulations, interpretations and court cases at a time when budgets for resources, training and operational priorities are marginalized. The complex programs for a digital age require different types of resources for trusted oversight. This session will explore the concept elements and the resources needed by all stakeholders in order for accountability to be trustworthy.
Session will take place April 13 at the times below. A link will be added to the invitation as we get closer to the event.
Brussels | 17:00 – 19:00 |
London | 16:00 – 18:00 |
New York | 11:00 – 13:00 |
Dallas | 10:00 – 12:00 |
Denver | 9:00 – 11:00 |
San Jose | 8:00 – 10:00 |
IAF Summit – Day 2: Star Trek, with its pocket communicators and medical sensors went on the air in in 1966 and takes place in the 22nd century. “Privacy and Freedom,” 1967, anticipated computerized data, but the I phone was supposed to be 150 years in the future. Should Information Policy Legislation be based on incremental changes to legislation based on Westin’s vision, or the technology capabilities that came 100 years early? Should digital law be as transformational as the technologies in place way ahead of science fiction, or is incremental all that is politically possible? The conventional wisdom often defines the pathway forward for legislation, particularly where individual versus commercial rights are in question. Privacy and data protection legislation is no different. The conventional wisdom would suggest the balance between individual rights is fixed, how to actuate those rights by people is primary, and technology is neutral. While legislation should not tip the technology scale, ever morphing technology has created the infrastructure for today’s data age. Since the first legislation was enacted in 1972 and the OECD Guidelines were adopted in 1980, the world has undergone a communications and technology big bang. Today observation is debated as surveillance capitalism, and AI, where many decisions are made without intervention in a manner not anticipated when the GDPR, an incremental law based on the 1995 Directive, was adopted in 2016. The IAF has said that legislation should be focused on 2030, not 2015. That would mean it would have to be transformational in many ways. This a material question for everyone in the IAF community. So, join us on April 14 and add your voice to the debate.
Session will take place April 14 at the time below. A link will be added to the invitation as we get closer to the event.
Brussels | 17:00 – 19:00 |
London | 16:00 – 18:00 |
New York | 11:00 – 13:00 |
Dallas | 10:00 – 12:00 |
Denver | 9:00 – 11:00 |
San Jose | 8:00 – 10:00 |
IAF Summit – Day 3: In the early 1990s, the entire U.S. business privacy community could fit in a small conference room in D.C., and a discussion of operational issues related to ongoing program implementation would not have occurred to anyone. Privacy laws impacting business in the United States were reserved for the FCRA and Video Privacy. The state of technology was fax machines and pagers, and data storage was on CD-ROMs. No one yet was worrying about the draft EU Directive that would be enacted mid-decade. Today, chief privacy officers (and similar privacy leadership) responsible for leading company-wide privacy and data governance accountability programs are challenged every day with assessing the risks related to implementing detailed technical, vastly complex and rapidly expanding privacy compliance requirements — in business operations and with technology not envisioned 20 to 30 years ago. Likely U.S. State laws in Virginia, Washington and others will be operationally different than California. Should privacy leaders worry about taking resources from Schrems II supplemental measures to comply with an updated law in Quebec? Accountability requires robust planning and implementation. Yet compliance fires negatively impact thoughtful planning. That is why the IAF created the accountability operations discussion group, which is working to develop a framework to help privacy leaders of all types and from all industries adapt and align the complex operational requirements with strategic IAF accountability concepts. This group will set the table for the IAF Summit’s third day.
Session will take place April 15 at the time below. A link will be added to the invitation as we get closer to the event.
Brussels | 17:00 – 19:00 |
London | 16:00 – 18:00 |
New York | 11:00 – 13:00 |
Little Rock | 10:00 – 12:00 |
Denver | 9:00 – 11:00 |
San Jose | 8:00 – 10:00 |
We look forward to you joining us!