8:30 - 9:00 Registration & Coffee

9:00 - 9:15
Chairman's Introduction: Privacy & Data Protection overview
Alastair Gorrie, Partner, Orrick, Herrington & Sutcliffe

Panel One: Data export compliance including binding corporate rules and outsourcing
9.15 - 9.45
Global Data Transfers Practical Options for Companies
John Whelan, Partner, A&L Goodbody, Ireland
- Data protection compliance options available for U.S. companies operating in E.U.
- Methods to address data transfer restrictions to U.S.
- Individual consents or data protection agreements
- Pros and cons of the "U.S. Safe Harbor" Programme
- Global privacy policies
- Obligations/exposure when E.U. personal data hits U.S. company data bases
- U.S. privacy law, CAN-SPAM and HIPAA applications to E.U. data reaching U.S.

9.45 - 10.10
Data Security Law and Practice: Data Security Compliance for Companies doing Business in Europe and America.
Philip Nolan, Partner, Mason Hayes+Curran, Ireland
- Recent data security breaches arising in the U.S. and the E.U.
- Security breach notification laws in the US and Europe
- Lack of awareness in the E.U.?
- Making data security a business practice

10:10 – 10:40
SOX, Data Protection and Hotlines: Whistle while you work?
Robert Bond, Partner, Speechly Bircham LLP, UK
- SOX 301(4)
- French, German and other EU concerns
- CNIL Guidelines and Authorisation
- Article 29 Working Party review
- Can 301(4) and EU laws sit side by side?

10:45 - 11:00 Coffee

11:00 -11:25
Data Protection Law in Practice - How can companies achieve compliance?
Steven De Schrijver, Partner, Van Bael & Bellis, Belgium
- Reasons for carrying out a data protection audit
- Different stages of a data protection audit:
— Pre-audit
— Performance of the audit
— Post-audit (including a discussion of the actual compliance measures)

11:25 - 11:50
Data Protection and Outsourcing
Mark Watts, Partner, Bristows, UK
- What are the data protection legal issues?
- What are the respective positions and duties of the client and service provider?
- How to deal with offshore outsourcing and international transfers?
- How to address data protection in outsourcing deals?


11:50 - 12:15
Binding Corporate Rules: The UK Regulators perspective
Boris Wojtan, UK Information Commissioners Office
- The motivation for the BCR procedure
- The practical approach adopted by the ICO
- The work currently underway
- Cooperation procedure between EU DP Authorities

12:15 - 12:40
The Irish commissioner's view: compliance, enforcement and the future
Billy Hawkes, Data Protection Commissioner, Ireland

12:40 - 1:00
The Data Protection Interactive
- SOX, Data Protection and Hotlines
- Binding Corporate Rules
- Data Protection and Outsourcing
Panel Chairman: Alastair Gorrie
Panellists: John Whelan, Phil Nolan, Robert Bond, Steven De Schrijver, Mark Watts, Boris Wojtan, Billy Hawkes

13.00 - 14.00 Lunch

Panel Two: Using and Managing Personal Data
14:00 - 14:10
Co-chairman's Introduction: Direct Marketing and Managing Personal Data
Co-chair: Geraldine Lawlor, Head of Anti Money Laundering, Data Protection & Competition Law, AIB Capital Markets, Ireland

14.10 - 14:40
Mitigating the Privacy risk of Sales & Marketing
Tim Beadle, Director, Marketing Improvement, UK
- Why Sales & Marketing are the greatest risk areas
- How to make the business case for Privacy
- Best practice on the Web for privacy
- Best practice on databases and Salesforce Automation for privacy

14:40 - 15:05
Realizing business Value through Privacy Control Architecture
Paul Lavery, Partner, McCann FitzGerald, Ireland
- Issues: legal compliance does not equal compliance in practice
- Approach: only methodology available
- Outcomes: ROI, Iron clad compliance & transparency

15:05 - 15.30
Case Study: Data Protection within Practical Marketing
Tim Trent, Consultant, Marketing Improvement, UK

15:30 - 15:45
Panel Discussion: Using and Managing Personal Data
Panel Chairman: Geraldine Lawlor
Panellists: Tim Beadle, Paul Lavery, Tim Trent

15:45- 16.00 Coffee

Panel Three: Subject access requests, Employee Protection and litigation
16:00 - 16:35
Data Subject Access Requests: Analysis and Practical Guidance
Renzo Marchini, Dechert LLP, UK
- The Data Subject's Right of Access under the Directive
- Back to basics: definitions of "personal data" and "personal data filing systems"
- Is the narrow definition given in UK case law consistent with the Directive (analysis of Durant v Financial Services Authority)?
- Recent Article 29 Working Party guidance
- Official guidance from supervising authorities

16:35 - 17:00
Recent Developments with Employee information in Europe: subject access requests and litigation
Anne Coles, Senior Partner, AMC Law, UK
EMPLOYEE INFORMATION
- Employee records what you can collect, what you can retain and what you must delete
- Monitoring your workers - email, web access, CCTV and surveillance - -what you can and can't do
- Health records - occupational health schemes, drug and alcohol testing, genetic testing and beyond
LITIGATION
- Celebrity cases don't make good law
- Brief examination of recent case on privacy and data protection


17:00 - 17:25
Panel Discussion: Subject access requests and litigation
Panel Chairman: Alastair Gorrie
Panelists: Renzo Marchini, Anne Coles


17:25 Chairman's final remarks and close of conference


- End of Conference -

18:00 – 21:00 Cocktail Party