Hosted by Data Privacy Board Member Chick-fil-A
Agenda
Wednesday, September 17
9:30 AM
Registration & Breakfast
Arrive on-time to check in at security, get your name badge, and enjoy a light breakfast hosted by Chick-fil-A.
11:00 AM
Tour of Chick-fil-A Headquarters
The Chick-fil-A® Backstage Tour is a guided walking tour about the history, culture, and values of Founder S. Truett Cathy located at their corporate headquarters in Atlanta, Georgia. Throughout the tour, you’ll experience Chick-fil-A’s most valued company assets: their hospitable people and unique story. The Original Life and Legacy Tour is an immersive experience in which guests hear directly from three generations of Cathy Family in an introductory film and visit Truett’s Office, the History Museum, and Truett’s classic car collection.
12:00 PM
Shuttle Transfer
12:15 PM
Lunch Discussions
Grab a seat and get to know all of the great privacy leaders at the Summit.
1:00 PM
Welcome & Introduction
1:15 PM
Case Study
Telling your privacy team’s productivity story
Joseph McKinney, FedEx
Every day, the scope of work for privacy teams is expanding to handle issues like AI governance, general data governance, document retention, and others. And while the scope of work increases, resources remain static. Why? We are not telling the whole story of what we do, how we do it, and the value we bring to our organization. Joseph McKinney, Lead Counsel at FedEx, will share how they developed an intake process for all privacy related requests that not only created a ticketing system for handling their workload, but also provided key metrics tracking volume by business unit and time spent on execution. He’ll give us an inside look at how this system was developed and what its implications are for future process improvement for the privacy team at FedEx.
1:45 PM
Break
1:55 PM
Case Study
Understanding the deep and dark web and the impact on privacy events
Christian Hall & Tiffany McLee, Ally
Chief Privacy Officer Christian Hall and Senior Director of Privacy Compliance Tiffany McLee at Ally will share their work in relating the role of the deep and dark web to data privacy threats in their organization. This talk will include how stolen data is advertised and sold, the tactics used by threat actors to harvest compromised data, the implications for risk of harm to a customer, and how we should be reacting as leaders in the privacy space.
2:25 PM
Break
2:35 PM
Case Study
Creating efficiency around PIA/AI reviews
Rachel Nico, Intel
Assessment fatigue for your business lines is a common issue, but combining assessments won’t save you time in the long run if it’s not done right. Rachel Nico, Chief Privacy Officer at Intel, will discuss how they combined their PIA/AI review processes, and how they’ve iterated since to make the process even more streamlined. She’ll take you behind-the-scenes to share the pain points they encountered and how this model is impacting the way they’re approaching other processes at Intel.
3:05 PM
Networking Break
3:35 PM
Case Study
Privacy holding IT accountable: Creating an application “health check”
Pruthvi Gurram, American Airlines
Pruthvi Gurram, Privacy Engineering Manager at American Airlines, will share their privacy-developed IT accountability process for flagging applications that are involved in collecting and sharing data with downstream systems. While this process began as a measure to level set across the organization, it has significantly reduced risks related to data retention and tied into wider data mapping and PIA activities. Pruthvi will share behind-the-scenes insights on how they built and socialized this system as a “health check,” and how they leverage it across their privacy work.
4:05 PM
Break
4:15 PM
Case Study
Leveraging privacy-enhancing technology for advertising measurement
Chris Dunlap, Expedia Group
As the demand for targeted marketing competes with your priorities to safeguard customer data, how can you leverage new technology to supplement your privacy work? Chris Dunlap, Director of Privacy and Data Security at Expedia Group, will give us an inside look at how they deployed data “clean rooms” for their advertising teams. In this confidential discussion, he’ll cover their justifications for this initiative – including how they sold the benefits internally – and how they structured contracting and privacy reviews to enable scaling.
4:45 PM
Adjourn
5:00 PM
Data Privacy Board Members-Only Dinner
Following our afternoon of conversations and case studies, we’ll have a fantastic dinner just for our members. It’s a perfect opportunity to connect with your privacy peers before a big day of brainstorming, discussion, and collaboration. For our guest attendees, we’ll see you tomorrow!
Thursday, September 18
8:00 AM
Breakfast Discussions
The conversations over coffee and eggs at this event are often more lively than any other conference’s happy hour. You’ll want to be here bright and early (and on time).
8:30 AM
Welcome Back
8:35 AM
Break
8:45 AM
WorkshopSelling privacy internally: How best to socialize your program
What have been your most successful strategies to build partnerships and create advocates for privacy work in your enterprise? Natalie Williams, Director & Enterprise Privacy Leader at Chick-fil-A, will lead a confidential group discussion to share our biggest triumphs, what hasn’t worked as well, and how we’re getting creative in an increasingly crowded internal attention market. We’ll cover building key relationships, what cadences work and why, and brainstorm on how to reach our toughest colleagues. |
WorkshopFrom headlines to game plans: Responding to recent privacy enforcement
Recent California settlements with Honda, Todd Snyder, and Healthline have privacy teams buzzing. In this discussion facilitated by Jeff Handler, Senior Counsel at Cox Enterprises, we’ll trade insights on what these cases signal about regulators’ priorities and where privacy programs feel the most pressure. We’ll explore how teams have responded (or are preparing to respond) to these high-profile settlements, and turn lessons learned into actionable items that can help your organization stay ahead of evolving regulatory expectations. |
|---|
9:15 AM
Break
9:25 AM
WorkshopJustifying privacy investment: Turning “Why?” into “Wow!”
Privacy teams know the drill: budgets tighten, and suddenly you’re asked to prove your worth. But what if privacy wasn’t just a cost center, but it was your company’s secret weapon? Led by Drew Bjerken, VP of Global Privacy at Marriott Vacations Worldwide, we’ll ditch the doom-and-gloom compliance talk and dive into how privacy can drive real business value. Learn how to speak the C-suite’s language, build a killer case for new tools and talent, and turn trust into a competitive edge. You’ll leave with a fresh playbook that positions your privacy program as a powerhouse of innovation, not just a protector. |
WorkshopCritiquing your privacy technology stack: What’s working and what’s not
As the number of privacy vendors rapidly increases, how are you ensuring that your choices are improving your program while also providing enough ROI to justify their implementation? Shanna Crawford, Director of IT Privacy at Costco, will lead this conversation on how we’re evaluating technology options, including determining short- and long-term value, exploring where there is the greatest potential for automation, and examining forward leaning options and the impact on our work. |
|---|
9:55 AM
Networking Break
10:20 AM
WorkshopWiretapping lawsuits: Where are we now?
As website analytics and advertising tools are targeted in lawsuits brought under various wiretap laws, it can be difficult to know how best to respond. As these lawsuits evolve into more complicated and costly endeavors, what are you doing to safeguard your company? Gabe Levy, Lead Counsel for Privacy and Data Protection at Subway, will lead this confidential conversation as we compare our approaches, share our lessons learned, and discuss how current trends and decisions are affecting our future privacy planning. |
WorkshopNext GenAI: What’s in your privacy toolbox?
As privacy hesitancy to leverage LLMs faces off against limited resources and calls for increased productivity, how are you safely using GenAI-enabled tools for improving your privacy work? Pallab Chakraborty, Legal Director of Privacy & Ethics at AMD, will facilitate this conversation on how the newest versions of LLM tools are performing in relation to privacy tasks, and where we might leverage them for better outcomes. We’ll also compare the risks/rewards for key scenarios and brainstorm the best usages for a variety of tool options. |
|---|
10:50 AM
Break
11:00 AM
WorkshopBridging the gap: Data privacy meets data governance
As data privacy matures into a strategic function, its overlap with data governance becomes increasingly complex, and increasingly critical. In this workshop, we’ll examine the operational and philosophical boundaries between the two disciplines — exploring where privacy ends and governance begins. Greg Shields, Principal Director of Data Privacy at Envestnet, will facilitate this conversation tackling how the most common overlaps are operationalized (e.g., inventory, destruction), ways in which privacy requirements can inform governance structures, and how data governance can extend privacy’s reach across the data lifecycle.
|
WorkshopEmployee privacy: Building safeguards in a dynamic environment
When it comes to both protecting your employees and building a culture of privacy at your company, what are your best strategies for creating meaningful policies and programs? Kristy Pawlak, Director of Privacy at AT&T, will moderate this open conversation to examine how we’re addressing employee privacy across differing regional regulations, emerging risks around GenAI-enabled tools, and how best to reflect our norms and guidelines through company policies and awareness. |
|---|
11:30 AM
Shuttle Transfer
11:50 AM
Lunch Discussions
12:50 PM
Break
1:00 PM
Peer Advisory Roundtables Round 1
EXAMPLE TOPICS:
- Beyond Data Privacy Day: How to increase awareness year-round
- Addressing employee privacy concerns
- Vendor review: OneTrust
- PIAs: Evaluating your process
1:30 PM
Break
1:40 PM
Peer Advisory Roundtables Round 2
EXAMPLE TOPICS:
- Taking on AI accountability
- Data mapping: Building for long-term privacy success
- Assessing and managing data privacy risk in China
- WhatsApp, WeChat, etc: Weighing risk and opportunity
2:10 PM
Networking Break
2:30 PM
Peer Advisory Roundtables Round 3
EXAMPLE TOPICS:
- Data privacy and DEI initiatives: Balancing progress with compliance
- Loyalty programs: Balancing privacy compliance and growth
- Data minimization strategy for privacy compliance
- Records retention: Best practices for big companies
3:00 PM
Adjourn
Please note: This agenda is subject to change based on speaker availability and scheduling. As we continue organize this year’s schedule, you can take a look at 2024’s lineup here.
