Data Breach, Data Protection, Data Retention : LSEC DLP Revisited

09-Feb-2010

Data Protection in 2010 : changing evolutions and local impact

In 2009, the discussion on data breaches and loss of data was clearly overshadowed by the economic turmoil and the financial crisis. According to the recent studies by Verizon Business indicated that there were more than 285 million records breached in 2008. In 2009, the expectation is that there will be many more for a number of reasons : more data breaches were reported (both willingly and required by law or regulations; more regulatory bodies require companies to notify data breach and more people had a reason to take along data from their employers (because of the number of failing companies and people being laid down).


Also in 2009 Data Protection remained a key driver for companies to manage Governance, Risk and Compliance. Not only the fact that data increasingly have to be protected by law and regulations, there is also the fact that companies have to be able to present proof of this protection. Audit and ICT Control are playing an increasingly important role in organizations processing large volumes of critical data. At the same time, there is an increasing requirement and interest in protecting people’s privacy. With an increasing number of services being executed in the cloud, and personal data being transmitted cross-border, local Data Protection Agencies (DPA) are considering new challenges for companies from abroad. Data Protection has become a strategic challenge for many companies.


Finally, there is also the need for Data Retention. The new EC Telecommunication Directive impacts Telecom and Internet operators in the first place. But clearly, othe companies also challenge with the vast amount of ever-growing data and information, and to ensure that this data is being kept and its integrity remains protected.


With this event, LSEC aimed to inform companies and government administration on the current challenges of Data Protection and its evolution in 2009. A public discussion on the needs for Data Breach notification and Data Retention will re-open the debate on the potential impact of Privacy, Data Protection and Data Retention regulations in the EU, between countries and on a local basis. At the same time, by presenting some experiences, cases and expertise, we wanted to share some experiences adn present some possible solutions to some of the present and future challenges.

With the kind support of

With a number of international experts

Keynote by Stewart Room, author of “Data Security Law and Practice”. Barrister and Solicitor Stewart Room, is a partner in Field Fisher Waterhouse’s Privacy and Information Law Group and the Financial Times’ Legal Innovator of the Year 2008, With his book, Stewart brings together the key laws and resources that should be known by all professionals working in the area of data security.

Final Program

Download the Final Program Guide.

9.00 : Welcome Coffee & Registation

9.40 : Introduction & Opening Notes by Ulrich Seldeslachts, CEO LSEC

9.50 : the impact of Data Breach Notification on Belgian companies, by Prof. Dr. Yves Poullet, CRIT, Université de Namur et Liège

About : Yves POULLET, Ph.D. in Law and graduated in Philosophy, is professor at the Faculty of Law at the University of Namur (FUNDP) and Liège (Ulg), Belgium. Yves Poullet heads the CRID, since its creation in 1979. He conducts various researches in the field of new technologies with a special emphasis on privacy issues and individual and public freedom in the Information Society. He is one of the legal experts at the UNESCO and the Council of Europe. He is also member of the Belgian Commission on Data Protection (Commission belge de protection de la vie privée). He has been in charge of the sector of telecommunications and of the Working Group on Telecommunications and Media (International Conference of Data Protection Commissioners). In addition, he is member of Legal Advisory Board of European Commission and the president of the Task Force “Electronic Democracy and Access to public records”. He also chaired the Belgian Computer Association ABDI (Association Belge de Droit de l’Informatique). Yves Poullet is an active member of the Editorial Board of various famous law reviews. He is a founder of the European Telecommunication Forum, ECLIP and FIRILITE.

Download the excerpts of the European Directives as presented by Dr. Poullet.

10.35 : Keynote Address : Data Protection and Breach Notification experiences, by Stewart Room, Field, Fisher Waterhouse

11.20 : Coffee Break

11.40 : Perspectives on Data Protection and Breach Notification from the European Commission by Philippe Renaudiere, European Commission Data Protection Officer

About : Philippe Renaudière is Data Protection Officer at the European Commission since May 2006. He is responsible for the good implementation of the data protection regulation by the European Commission. He is administratively attached to the Commission’s Secretariat General, but enjoys a complete independence in the exercise of his mission. His previous assignment with the Commission was head of the Data Protection Unit in DG Freedom, Security and Justice, a position which he occupied from 2001 to 2006. In this capacity, he was responsible, inter alia, of the first implementation report of Directive 95/46 and of the action programme attached to it, and he lead the secretariat of the Art 29 Working Party.  During the last 5 years, he represented the Commission in numerous European and International Data Protection Conferences, Seminars and Workshops.
Philippe is a Belgian lawyer and has been with the Commission since 1987. He worked successively in the areas of Environment, Transport, Competition –he was a member of the Cabinet of Karel Van Miert, and Internal Market, where he was the Head of the unit in charge of the External Dimension of the Internal Market. Prior to joining the Commission, Philippe Renaudière was in-house counsel with Tractebel in Brussels. He gained his undergraduate law degree from the Université Libre de Bruxelles in 1976, a master’s degree in economic law in 1978 and a special diploma in industrial legislation in 1984. He also gained a MA in International Relations (CERIS/Université de Paris XI) in 2004.

12.30 : Discussion Panel : the need for a clear Data Breach Notification Law for Belgium, with the Belgian Data Protection Agency represented by Dieter Verhaeghe

About : Mr. Verhaeghe assisted the Belgian Data Protection Authority as legal advisor between 1997 and 2000. Between 2000 and 2004 he gained experience as company lawyer in the field of B2B financial services and telecom services. He joined the DPA again in 2004. He is specialized in Belgian and European Data Protection law, mainly applied in the field of compliance (data protection and money laundering/antiterrorism obligations), blacklisting and profling, direct marketing, e-billing/document platforms, various e-gov projects with Ministry of mobility and transport, emerging smart grid, re-use of public data for commercial purposes, international transfers,…

13.00 : Lunch Break

13.45 : Strategies for Mitigating Insider Risk, by johan Vanhove, Country Manager RSA

14.30 : Don’t Be the Next Big Data Loss Media Story, by Nick Spekkels, McAfee

With numerous news stories detailing public breaches that have led to sensitive user data getting released—on websites, stolen as part of a laptop theft, or even released accidentally over an email or instant messaging (IM) communications—organizations are increasingly under pressure to protect privacy data.
Are you losing data without even knowing it? Your customer information, intellectual property, financial data, and personnel files may be leaving your corporate borders
right now. And the perpetrators are not only hackers—they are also your own employees.

15.15 : DLP: Old wine in new barrels, or opening Pandora’s box?, by Stefaan Hinderyckx, Dimension Data

Recently published incidents of data leakage have highlighted the dire consequences of these incidents, such as public embarrassment and disclosure cost, direct financial loss, penalties due to breach of compliance requirements, breach of customer and partner trust, and many more. As a result, organisations may get caught up in the hype around DLP and treat it as an entirely ‘new’ threat or only focus on one sub-set of the risk. It is important to remember that DLP needs to form part of the overall security roadmap and must be addressed across the IT ecosystem. An organisation’s security infrastructure must protect its data, regardless of how it is used, where it is located, what devices use it, and how users access it. More importantly, non-technology issues need to be taken into account when addressing DLP. Organisations cannot depend on end-users to become security experts. Provide user-friendly solutions that support knowledge workers, rather than have an impact on their productivity.

Threats are continuously evolving which means that there are no guarantees in the IT security world. Only when organisations follow an all-encompassing approach (people, process and technology) can they rest assured that their information is being protected appropriately.

About :
A graduate of the Katholieke Universiteit Leuven, Stefaan has Masters degrees in Business Administration and Computer Science, and more than 15 years experience in IT security, specialised around managed security services, professional services and high-end security infrastructure solutions. Stefaan has held numerous senior, pan-European positions with organisations including Verizon, Symantec and Getronics. As Dimension Data’s Security Director, Europe one of Stefaan’s key focus areas is to translate security technology, people and process into tangible business value. This outcomes-focused approach puts his services in high demand among our strategic global clients, who look to unite the generic benefits of the technology with practical applications that adapt seamlessly for their individual operations and deliver a sophisticated security armoury.

16.00 : Coffee Break

16.30 : the Impact of Data Protection on your business by James Lyne, Utimaco-Sophos

17.20 : KPMG’s Insights into lost and stolen information in 2009, by Dirk De Maeyer, KPMG Advisory

Incidents and people affected by Data Breach are clearly on the rise since 2005. Causes of data loss are quite diverse, but a major increase in 2009 has been detected on malicious insider incidents.Clearly, hackers are more than ever active in trying to obtain sensitive data. Learn also about those sectors experiencing most data loss incidents. Better understand your liabilities and how to cope with these threats.

18.10 : Closing Notes and Networking Reception

Panel discussioin with some of the following topics will be addressed :
1. What is the best way to avoid privacy violations (and being in the news)?
2. How do you balance between access and security?
3. How can you achieve compliance at reasonable cost?
4. How do you keep the good guys in — and the bad guys out?
5. Where has all the data gone — How do you control copies?
6. How dan you best meet legal requirements for data protection?
7. When should data be encrypted — and when not?
8. How can you best achieve a reasonable level of data protection?
9. Data is everywhere — so how do you protect it?
10. Can you stop data from heading out the door?

Understand the actual causes of data protection program failures, using case studies from both public agencies and private companies.
Explore the deficiencies in current program approaches that lead to these failures, including technology limitations, incorrect prioritizing, and process gaps.
Design a forward thinking approach to avoid future data protection failures and ensure the protection of consumer and citizen data and critical infrastructure.
Developing a Data Protection Plan for Your Organization

Data protection has become a major issue in an era in which data is the lifeblood of every organization. Data protection is essential to prevent loss of customer trust, and avoid leaks, breaches, and violations of regulations while still keeping data highly available. Smart organizations are beginning to take comprehensive measures to secure sensitive data and use them as a differentiator to gain and retain customers. The problem of data protection spans the lifecycle of data � from the time it is created until it is backed up, archived, or discarded. Part of this seminar will focus on basic approaches to developing a comprehensive data protection plan, including the making of a business case, business continuity and disaster recovery, networking aspects, and IT management. Breakout sessions will allow participants a chance to ask questions and develop major conclusions, best practices, and issues to be resolved.

Practical Details

LSEC Data Breach, Data Protection, Data Retention : LSEC DLP 2

Leuven, Auditorium Kasteel van Arenberg, Kasteelpark Arenberg - 3001 Heverlee
Tuesday, February 9th, 2010 - from 9h - 18h seminar with exhibition and panel discussions.

Attendance Fee :
- This seminar is part of LSEC’s awareness program and free to attend for anyone bringing along a colleague or a friend. Send us the email you’ve forwarded to your colleague or friend, and you and him (her) will be able to attend for free
- Alternatively you can support our activities by paying a small fee to support our catering and facilities of 150 € (excl VAT)
- We do have a cancellation policy that requires you to pay a fee of 150 € (excl VAT) if you have not cancelled at least 24 hours prior to the event.