Thursday, January 24

8:30 a.m. - 9:00 a.m.

Registration, Breakfast & Networking

9:00 a.m. - 9:10 a.m.

Welcome Remarks


Jennifer Carl, Director, Software & Services Division Programs, SIIA

9:10 a.m. - 10:30 a.m.

What's New and What's to Come? GDPR, California Consumer Privacy Act, Future Laws and Regulations

The regulatory landscape is evolving. Over 126 countries around the world now have national data protection frameworks. As of May 2018, GDPR now governs all members of the EU, and the UK will continue with it even after Brexit.  Brazil followed suit with a very similar law in August 2018.  The brand new California Consumer Privacy Act (CCPA), recently enacted, will take effect January 1, 2020.  And there is now real talk of a new, broad-based U.S. federal law.  In this session we will provide overviews of these new laws, how U.S. states and countries are addressing data governance in light of innovations in technology, and what the future may hold.


Janine Anthony Bowen, Partner, BakerHostetler

John P. Hutchins, Partner, BakerHostetler

10:30 a.m. - 10:50 a.m.

SIIA's General Counsel

10:50 a.m. - 11:10 a.m.

Networking Break

11:10 a.m. - 11:40 a.m.

Privacy Compliance - Running and Measuring a Privacy Program

How important is it to have a privacy program? What are the key considerations in developing a privacy compliance program? In this session we will discuss how to run an effective privacy program and provide evidence of data privacy compliance, data-driven decision making and the overall impact of the privacy program.


Chris Arrendale, CEO, Inbox Pros

11:40 a.m. - 12:10 p.m.

What, me worried? Compliance in the age of Kubernetes

While the Container/Kubernetes revolution is starting to deliver on its promise of making application development and delivery more agile and responsive, it does so by changing some of the traditional characteristics and behaviours of the development and delivery model.  Control and compliance regimes have assumed that these would continue to be constant going forward.  That set of assumptions is no longer entirely correct.  We'll discuss what's changed, how those changes weaken your compliance and control environment, and what you can do to not only adjust to the new reality but actually have your security team go from "Dr. No" to a key enabler of the new agile model.


Christopher Liljenstolpe, Co founder and CTO, Solutions,

12:10 p.m. - 1:15 p.m.

Networking Lunch

1:15 p.m. - 1:45 p.m.

Information Security and Hacking: Everything You Wanted to Know but Were Afraid to Ask

Security experts and hackers will explain the things that people outside their world don’t often know.


Vince Lau, Director of Product Marketing,

Matt Smith, Chief Architect, Northeast Commercial, Red Hat, Inc.

1:45 p.m. - 2:15 p.m.

Managing Risk for IoT, AI, Maching Learning, Blockchain

This session will explore IoT,artificial intelligence (AI), machine learning and blockchain.  IoT AI, machine learning and blockchain create new privacy and security issues, and they often don’t fit well with existing regulations.  We will explore how these technologies are being developed and used and the legal and ethical issues they raise.


Jason Bray, CTO, SpendHQ

Sue Graham Johnston, President, 128 Technology

2:15 p.m. - 2:45 p.m.

Next Practice Risk Strategy- Where to From Here?

Scott Hamilton, CEO of the ENP Institute, will summarize the days presentations and offer a new approach to developing an integrated and adaptive strategy for security and risk executives for 2019 and beyond. Given the volatile nature of the data security environment and velocity of emerging threats, Hamilton will cover the 5 critical elements you must consider in your selection and implementation of both defensive and offensive technology to reach "strategic safety".


Scott Hamilton, President & CEO, Executive Next Practices Institute (ENP)

2:45 p.m. - 3:00 p.m.

Closing Remarks

3:00 p.m. - 4:00 p.m.

Happy Hour