Privacy Laws & Business
International Privacy Officers Network
Negotiating Successful Binding Corporate Rules Programs for International Transfers of Personal Data;
Hot Privacy Issues for HR Managers in the European Union
Wednesday March 8th, 2006
Washington DC
Host: DLA Piper Rudnick Gray Cary US LLP
Program
9.30am. Coffee and Registration
Chair: Stewart Dresner, Chief Executive, Privacy Laws & Business, London
10.00am. Welcome
Alisa Bergman, Attorney and Partner, DLA Piper Rudnick Gray Cary US LLP, Washington DC
10.05am. Introduction to Privacy Laws & Business and the International Privacy Officers Network, and its involvement in Binding Corporate Rules and HR issues in the EU
Stewart Dresner, Chief Executive, Privacy Laws & Business, London
10.15am. The options for transferring personal data from the European Economic Area to the USA and beyond when the Safe Harbor is insufficient
· EU model contracts
· ICC alternative model contracts
· Binding Corporate Rules
But…some differences between the EU Member States on Binding Corporate Rules
· Compatibility of a BCR and national law, in principle
· Legal status of a BCR scheme, in practice
· Need for separate approval in some countries
· Approval timetable
· In practice, the likelihood of a country refusing a BCR application
Alisa Bergman, Attorney and Partner, DLA Piper Rudnick Gray Cary US LLP, Washington DC and Rosa Barcelo, Attorney, DLA, Brussels, and until recently at the Data Protection Unit, The European Commission, Brussels
10.45am. EU Privacy Regulators' requirements for a successful Binding Corporate Rules strategy: the top 10 considerations
1. Which regulator should you apply to?
2. How much information do you need to provide?
3. How do you make the BCRs binding on your group?
4. How do you make the BCRs binding on your people?
5. How do you bind subcontractors?
6. How do you give effective rights to individuals?
7. How do you demonstrate compliance?
8. Do you need to submit to audits?
9. How many regulators should you apply to at once?
10. How long is this all going to take?
Christopher Millard, Partner, Linklaters, London
11.15am. Coffee
11.30am. Turning your existing privacy compliance activities into an effective Binding Corporate Rules strategy: Accenture's experience
· obtaining management buy-in
· adapting privacy policies and procedures
· providing informationto staff, contractors, clients / customers
· using inter-company agreements and third party contracts
· rolling out training
· adapting audit procedures
· managing relationships with regulators
Bojana Bellamy, Global Data Privacy Compliance Lead, Accenture, London
12.00 Sharing of plans and experience by other companies on progress with their BCR applications
· Choice of lead country
· Initial reaction
· Issues needing to be clarified
· Ease of dialogue and meeting of minds
· Timetable
The participants
12.15 General Electric’s Binding Corporate Rules Program: Work in progress
· Why BCRs?
· Collaboration with Data Protection Authorities and their staff
· Making the BCR "real" internally
· Enforcing compliance going forward
Nuala O'Connor Kelly, Chief Privacy Leader & Senior Counsel, General Electric, Washington DC
1pm. Networking buffet lunch
1.50pm. Other hot issues in European Union countries involving the interaction of privacy and labor laws
Introduction: The EU Art. 29 Data Protection Working Party’s February 1st Opinion on how the EU’s data protection rules apply to company’s whistle blowing programs
Stewart Dresner, Chief Executive, Privacy Laws & Business, London
1. Whistle blowing lines: Sarbanes-Oxley vs. European Data Protection Laws
France
2.05.pm. The CNIL’s rule making and its impact on McDonald’s
Leticia Limon, Counsel, Global Corporate Compliance and Privacy, McDonald's Corporation, Oak Brook, Illinois
2.35.pm. How Kodak has kept out of trouble …. so far
Brian O’Connor, Chief Privacy Officer, Eastman Kodak, Rochester, New York
3.05.pm. The BSN-Glasspack case
Stewart Dresner, Chief Executive, Privacy Laws & Business, London
3.10pm. United Kingdom
What whistle blowing problem? The Public Interest Disclosure Act 1998
3.15pm. Sharing of experience by the speakers and other participants
3.30pm. HowEuropean privacy laws regulate employee surveillancewith specific examples from threeEuropean countries
· Internet
· Closed circuit television
Cameron Craig, Solicitor and Partner, DLA Piper Rudnick Gray Cary UK LLP, Sheffield, United Kingdom
3.50pm. Sharing of experience by the speakers and other participants
4pm. How to deal with European works councils and better manage privacy conflicts
Anne Coles, Consultant, Privacy Laws & Business
European Works Councils (EWCs)
· What they are and how they arise
· What employers are required to do
· What information employers are required to disclose
Implementation in the UK
European Data Protection and Privacy Laws – potential conflicts with disclosure requirements of EWCs
Works Councils in Germany
· The Wal-Mart litigation
· Practical steps you can take to reduce conflicts between labour law and data protection
4.30pm. Sharing of experience by the speakers and other participants
4.45pm. Next steps for DLA and the International Privacy Officers Network
Alisa Bergman, Attorney and Partner, DLA Piper Rudnick Gray Cary US LLP, Washington DC
Stewart Dresner, Chief Executive, Privacy Laws & Business, London
5pm. Close
Stewart Dresner, Chief Executive,
Privacy Laws & Business,
March 6th 2006
E-mail: