As a first timer to the IAPP Summit, I have to say it was a great experience. I met with many privacy professionals and learned about some great ways others have dealt with their organizations privacy issues. The keynotes were exceptional and the different sessions I went to were extremely informative especially to someone new to the privacy field such as myself. Overall, it gave me a great idea of the direction the industry is moving, and it looks promising.
My first stop was the 5 Minute Mixer where I met with dozens of Privacy Professionals, including those preparing for their certifications, CEOs, CPOs, and attorneys. We exchanged cards, talked about our plans for the summit, our individual practices, and our areas of interests outside of privacy. Networking is one of the key focuses of an IAPP event, so we headed to another networking opportunity in the exhibition hall, which gave me a chance to look around at all of the booths from different vendors.
The opening keynotes the next day were fantastic. Jeffrey Toobin, the CNN analyst, gave a great look into the US Supreme Court and past justices, comparing which presidents appointed which justice and how each justice leaned. Then David Brin, the author of a large number of fiction stories about technology affected our daily lives, gave a speech which hit a lot of good points. Brin’s primary point was that if you do not try to change the system, in this case the NSA spying on personal information and calls, it will not change. He did also give the opinion that encryption is useless, but the next speaker, Scott Charney, Corporate Vice President of Trustworthy Computing at Microsoft, disagreed. Scott spoke about the way he works at Microsoft, and how changes to processes works for him through a diagram of who and what that change affects. Overall, all three were great, and highly entertaining and informative speakers.
Many of the sessions I went to were also great as well and was another chance to meet with other privacy professionals interested in similar topics. I attended sessions like “Privacy 101” and “The Data Breach Life Cycle,” but my personal favorite was “The Risk of Assessing Risk.” It gave a lot of great examples of how the presentation of a question can greatly change the outcome.
Many speakers discussed the recent retail data breaches that we have all heard about. A strong point the speaker made about the Target hack was that many customers see Target as the problem, losing their credit card info, where in reality, Target was the victim of being hacked. This was a different and interesting insight into this incident and a great way to say that you should look at things from another point of view.
Recent news has come out that Target may have ignored some red flags leading up to and during the breach, something we can all learn from. Businesses have a responsibility to protect the personal information they collect including monitoring logs and alerts.
Another networking opportunity, the party at the Newseum in Washington D.C. was great. I met up with several people I had spoken with over the course of the summit, and even had a good conversation with Trevor Hughes the CEO of the IAPP, many members of the IAPP staff, as well as privacy professionals around the world.
Finally, the next day we had the closing keynote discussing the current state of the pending EU privacy regulation. The panelists included Christopher Graham the UK Information Commissioner, Isabelle Falque-Pierrotin President of the CNIL, and Jacob Kohnstamm the Chairman of the Article 29 Party and President of the Dutch Data Protection Authority. It was great to hear their conflicting positions with an exchange of ideas and perspectives.
Overall, this was a great event and a fantastic first conference for me. Attending an IAPP event such as this is something that I would recommend for anyone new to the privacy field. I am looking forward to the Privacy Academy in San Jose this fall.