Records and media disposal is widely recognised as the most overlooked and misunderstood aspect of information and privacy protection. As headlines have shown over the years, it is also an area where every employee has the potential to put an organisation at risk for expensive and embarassing data security breaches. Attendees of this one-day seminar will leave with both an understanding of the ins and outs of information disposition as well as tools to better protect and serve the organisations they serve.
09:00-09:40
Role of the Privacy Commissioner & Importance of the Data Controller/ Data Processor Relationship
Opening remarks will focus on the vital role of information protection’s most commonly overlooked and misunderstood pillar: Final Disposition
Presenter: Samantha Gavel, NSW Privacy Commissioner
09:45-10:30
Vendor Selection: Managing the New Liabilities of Contracting Data Processors
Because third-party service providers are inevitably be engaged to protect regulated personal information, every data protection regulation in the world holds organisations responsible for due diligence when contracting them. This session reveals strategies—including contractual language, insurance management, and certifications—by which information and data protection professionals can mitigate the risks associated with intrusting regulated personal information to third party service providers.
Presenter: Robert Johnson, CSDS, i-SIGMA
11:00-11:45
The Realities of Electronic Media Disposal
Whether it’s a large server arrays, a desktop or laptop, or a handheld device, all electronic media will eventually become obsolete…and, therefore, a potential data protection liability. More often than not, they bear massive amounts of regulated information that must be destroyed. This session provides the background and insight that information data protection professionals need to make secure, compliant, and defendable IT Asset disposal decisions.
Moderated by: Ethan Lancaster, Renew IT
Panelists: Kurt Gruber, WV Technologies; Paul Prokic, G1 Asset Management; Dave Rogers, Shred-X
13:15-14:00
The Emerging Reality of Data Subject Rights and Its Impact on Information Management and Data Security
Questions that once qualified as idle speculation no longer are. What happens when regulators get serious about fines and sanctions? What does data security and information management look like in a world where individuals (data subjects) have full control of their personal information? What happens when a former customer or employee has the right to review (or delete) their information? In this session, attendees will learn what it means when Data Subject Rights become the driving force in global privacy and data security regulations…and more importantly, learn how to avoid being blind-sided by it.
Presenter: Robert Johnson, CSDS, i-SIGMA
14:00-14:45
Critical Elements of Any Information & Media Disposition Policy
Every data protection regulation requires organisations to have written data security policies and procedures to train employees, establish internal accountability, and for selecting data security contractors. And yet, development of such written procedures remains one of the most overlooked compliance factors. Attendees will leave this session with an understanding of what defendable, practical information disposition policies and procedures require, and templates from which to develop them.
Moderated by: Brock Miller, CSDS, Shred Northwest
Panelists Include: Michael Dunstone, Grace Records; Rob Keyes, The Mobile Shredding Company; Renèe Pryor, Shred-X
15:00-15:45
The Invisible Threat: Minimizing the Unseen Liability of Unnecessarily Stored Records and Electronic Equipment
Most organisations store paper records years beyond their retention requirements. Many organisations also accumulate electronic equipment for no other reason than they unsure what to do with it. The problem is that the regulatory expectations have changed. The personal information undeniably contained theses records and devises is now a major liability, not only due to the risk of unauthorised access, but simply because having them is a potential violation of regulations limiting the unnecessary retention of personal information. In this session, attendees will learn why it is no longer safe to have unnecessarily stored media while also learning strategies to meet this challenge.
Presenter: Robert Johnson, CSDS, i-SIGMA
In addition to learning how to better protect their organizations, attendees will receive a Certificate of Completion as evidence of their training.
This event is worth 6 CEU for CSDS who attend.
Attend