Protecting your Digital World: Data Security Essentials

Protecting your Digital World: Data Security Essentials

Event Information

Date(s):

Jan 15, 2025 - Jan 30, 2025

Time:

1:00 PM - 2:00 PM

Location:

Online

CAE Credits:

4

Member Price:

$148.00

NonMember Price:

$199.00

Description

The Protecting your Digital World: Data Security Essentials program focuses on bringing awareness to issues on cybersecurity for associations.

Join us to learn about bringing awareness of issues relating to Cyber Security, and consequences of any Incident, to the attention of senior executives (business leaders, board members and senior managers), review of the key regulatory issues from GDPR to US individual states/ proposed federal regulation, and who in an organization and in relationships between organizations, is responsible, and the need for Data Due Diligence when dealing with 3rd parties, whether in contract negotiations, M&A or investment, leading onto the necessity and advantages of developing a WISP: Written Information Security Program

The four sessions include:

January 15th, 2025 1-2pm EST
Session 1: Staying Calm in a Cyber Crisis

January 16th, 2025 1-2pm EST
Session 2: What next for Data Privacy?

January 29th, 2025 1-2pm EST
Session 3: The 3rd party supply chain risk

January 30th, 2025 1-2pm EST
Session 4: Cyber and Data Due Diligence in the 3rd party supply chain

Meet the Facilitator

Penny Heyes
The Trust Bridge

Penny is a co founder of The Trust Bridge and the Chief Commercial Officer. A highly experienced international sales, marketing and business development professional, she has worked in multiple product & service sectors globally.
As an experienced senior executive, she has been instrumental in growth of several start-ups and early stage companies, as well as multinational established businesses who wish to diversify into new areas or new initiatives. Penny has extensive general management skills: operations, business-to-business, business-to consumer sales, marketing, business development, affiliate & affinity partnerships.
More recently she has been advising clients in their Innovation in Business strategies, with focus on Data Protection and Cyber Security, examining how technology is changing business operations and how they engage with their customers, employees and suppliers.

 

Meet the Speakers

David Clarke, FCRS
The Trust Bridge

The Trust Bridge’s Chief Technology officer, David Clarke is known in the GDPR industry and has a GDPR LinkedIn Group with over 25,000 members. This LinkedIn group gives us unique access to many companies , consultants, thought leaders globally as well as leading edge GDPR compliance though leadership often tried and tested.
David is highly knowledgeable of global project delivery and operational leadership. He has operated across FTSE 100, SME and start-ups within Financial Services, FinTech, Telecoms, Technology and Utilities sectors developing strong coherent cyber security, GDPR data protection and privacy strategies.
David created a global infrastructure for the world’s largest private trading network, trading $3 trillion a day, and has managed multiple Global Security Operations Centers.
David has been recognized as one of the top 10 influencers by Thompson Reuter and is in the top 30 most influential thought-leaders and thinkers on social media, in risk management, compliance and regtech in the UK.

Jim Thompson, CAE, IOM
IMI Association Executives

Jim Thompson, CAE, IOM, is the Vice President Client Relations for IMI Association Executives and a highly skilled association management professional with over 23 years of experience. He joined IMI in 2021 and quickly established himself as a relationship builder and strategic thinker. Jim's expertise in business and financial management, combined with his attention to detail, makes him an indispensable asset. He holds a Bachelor of Arts in English and Political Science from the University of North Carolina at Greensboro and holds both CAE and IOM designations.

Katie Hyman
Womble Bond Dickinson (US) LLP

Katie Hyman is senior privacy counsel at Affirm, a US-based financial technology company that provides buy now pay later and other financial products to consumers and merchants. Before joining Affirm, she was a partner at Womble Bond Dickinson in Washington DC, assisting multinational clients in finding practical solutions to complex data privacy and compliance issues. She is dual-qualified as an English solicitor and NY and DC attorney, and she is a Certified Information Privacy Professional (CIPP/E and CIPP/US) and a Certified Information Privacy Manager.

author imageKiKi L'Italien
Association Chat

KiKi L'Italien, editor-in-chief of Association Chat, leads a comprehensive media platform essential to the association industry. Under her guidance, Association Chat includes a vibrant online community, an award-winning podcast, a newsletter, and a quarterly print and digital publication, Association Chat Magazine. KiKi also hosts Association Chat events, further expanding its influence in the field.
In addition to her role at Association Chat, KiKi serves as executive vice president of marketing and community engagement at Big Red M, a growth partner for associations. Her expertise in marketing and digital strategy has established her as a respected industry leader.
Cvent listed her as a top event professional to follow, Meetings Today Magazine named her a Meetings Trendsetter, and BizTech Magazine included her among the '30 Nonprofit IT Influencers to Follow.'
Her leadership extends to contributions to ASAE section councils, focusing on membership and component relations, and her role as a founding board member of SocialOffset. KiKi's achievements have been honored with the Hall of Fame award for Organizational Leadership from the Association for Women in Events and inclusion in BizBash's Top 1000 People in the U.S. Event Industry. She is also a recipient of the 2024 AWTC Technology Champion Award.

Tara N. Cho, CIPP/US, CIPP/E
Womble Bond Dickinson (US) LLP

 

Accessibility Features

This program provides professional live captioning by 3PLAYMEDIA. If you require ASL or additional accommodations, please let us know at Learning & Meetings to request specialized accommodation for this program.

  • Agenda

    • January 15th, 2025 1-2pm EST

      Session 1: Staying Calm in a Cyber Crisis

      In the current environment of daily data breaches and cyber attacks, The TrustBridge offers a live, interactive session, at which attendees will hear real life examples of what can go wrong, what has worked well, what remains uncertain when dealing with the inevitable data breach or security incident, and steps to take to mitigate risk.
      During these events, a panel of industry leaders, cyber experts and legal professionals will step through a cyber incident simulation, involving a membership company and a sponsor who conduct a joint marketing campaign. This is based on a “fake” organization which is under attack. We will examine the scenario, the response and give real-time perspectives from the viewpoint of forensic investigation and mitigation, legal, cyber insurance, and law enforcement considerations.
      These workshops, aimed at senior executives in the Association world, will help prepare them to understand the risks, so if the worse happens, they can learn what decisions will need to be made whilst under pressure, their consequences, how to determine priorities, how to recover and, perhaps more importantly, what not to do.
      But above all, how to mitigate risk and what to do to protect your organization against such attacks.
      No organization is immune, not for profit and for profit: according to recent statistics 66% of organizations say they had been affected by a cyberattack within the past year.
      The data held by all membership organizations, conference centres and hotels, sales companies and retail outlets is all valuable to someone; not least the organization that “owns” it. It is often personal information of individuals - so it should be protected at all cost.

      Join us for this session as we provide templates and a blueprint of what data to look at by product, how to address competitive analysis, and how to fill gaps in data that is lacking.

      January 16th, 2025 1-2pm EST

      Session 2: What next for Data Privacy?

      Trust is the driving force behind the major shift that is taking place in the world of private data that affects all organizations dealing with and interacting with residents, members, and specifically all aspects of online and digital activity.

      The data economy of the future demands a bridging of the trust gap that exists between the member and the organizations with which they interact, requiring greater transparency, responsibility and accountability from these organizations, who need to demonstrate that they are

      • Authentic
      • Trustworthy
      • Socially responsible

      There are 3 key drivers:

      • Regulatory
      • Technical
      • Commercial

      In the future we will see GDPR as the turning point in data privacy regulation.  As “data subjects” become more aware of data breaches and incidents, they becoming more aware of what data is available for possession and how it is used and the value it has.

      GDPR has set a high standard. It states that privacy is a human right.

      Data Protection is a key element of governance and as such, senior executives are responsible; it should not be delegated to an IT manager or a junior.

      Every person involved with the running of an organization, including volunteers, should be made aware of their responsibilities.

      10 key things to take into consideration

      1. Master Your Data Universe – what why where and who
      2. Risk Assessment Adventure
      3. Policies and Procedures
      4. Do not be Overconfident
      5. What is your Third-Party Supply Chain Shield
      6. What is your Data Sharing Strategy
      7. Cross-Border Compliance Navigator
      8. EU / UK Representation
      9. WISP Compliance Check
      10. Comprehensive Data Protection Training

      January 29th, 2025 1-2pm EST

      Session 3: The 3rd party supply chain risk – and introducing the WISP

      As we know, the online world is filled with cyber threats. Every week we hear reports of massive data breaches.  And research shows that over 60% of IT security breaches occur via a Third Party. Meanwhile, the number of third parties that companies are doing business with is increasing. And with it the sharing of an organizations’ sensitive and confidential data.

      Most organizations use 3rd parties somewhere.

      As organizations of all sizes become more dependent upon Third Party data processors to manage and process their most critical information, understanding the key policies, security practices, and other key controls their suppliers use to protect this information becomes critical to operational efficiency AND regulatory compliance

      If you experience a data breach, or the data you are collecting is used for reasons outside those for which you collected it  - you could start to lose consumer confidence and loyalty, as well as face costly penalties for violating data privacy regulations.

      It’s important to note that all suppliers pose a risk, because any data in the wrong hands could be exposed.

      Learnings:

      • Know your data flow
      • Check the suppliers / 3 parties with whom you are dealingrd
      • Check their security protocols are robust
      • Ensure you have data sharing agreements in place

      January 30th, 2025 1-2pm EST

      Session 4: Cyber and Data Due Diligence in the 3rd party supply chain

      We have heard so many stories recently from companies who have received questionnaires, running to many pages, from their clients and or prospective clients, asking about the Cyber Security and Data Protection safeguards that they have in place.

      This is a response to the fact that so many cyber attacks and data breaches originate in the 3 party supply chain.rd

      In May 2021, President Biden issued a cybersecurity executive order

      aimed at protecting federal government networks and modernizing the nation’s overall cybersecurity. This executive order had 7 main elements:

      1. Enhancing threat information sharing
      2. Modernizing the federal government’s cybersecurity
      3. Enhancing software supply-chain security
      4. Cyber Safety Review Board
      5. Standardizing federal playbooks
      6. Improving detection on federal networks
      7. Improving investigative and remediation capabilities

      Learnings

      The key considerations when dealing with all suppliers:

      • Accepting that your supplier has good security practices, good data hygiene and that no breaches have occurred, is not enough.
      • No organization can afford to take on trust that any supplier has full control of their data and that they are compliant with existing and emerging regulations.
      • Clients and customers should see proof of security practices and controls, policies and actual processes from all organizations with whom they are or intend to conduct business
      • All organizations should perform extensive technical due diligence to ensure their investment is wise
      • Target organizations should be prepared or risk a reduction in valuation or cancellation of investment.

      This is not an issue which is going away and cyber / data privacy and protection is now seen as critical to all organizations.

  • Policies