Data Security Intensive Day 2017

Intensive Day – Wednesday, Oct. 4, 2017

Intensive Days are all-day events that feature primarily small discussion groups among seasoned professionals. Intensive Days differ from workshops in that workshops are shorter and more introductory in nature.

Intensive Days are for seasoned professionals, and the discussion will be focused and advanced. Intensive Days are for deep dives into topics.

The Data Security Intensive Day is a way to join your peers in a sophisticated series of discussions about cutting-edge issues involving data security. There will be unparalleled interactivity. Most of the day will be spent in seminar-style discussion groups.

This is a discussion for experienced professionals in either privacy or security. A technical background isn’t required. Lawyers, CPOs, CISOs, and others are welcome.

What is the Data Security Intensive Day?

The Data Security Intensive Day is a special all-day event that will occur on the pre-conference day of the Privacy+Security Forum on Wednesday, October 4, 2017. 

George Washington University Marvin Center
800 21st Street Northwest
Washington, DC 20052


James Aquilina
James Aquilina

Sr. Executive Managing Director
Stroz Friedberg

Tony Kim
Antony Kim

Orrick Herrington & Sutcliffe

Scott Weber
Scott Weber

Managing Director
Stroz Friedberg


Our chairs for the Data Security Intensive Day plan the event and determine the topics for discussion.

Data Security Intensive Day

Breaks and lunches will be with everyone present on the pre-conference day, so if you have colleagues attending workshops or Intensive Days on other topics, you will have time to network with them.


Conference Materials

7:30am – 9:00am   Breakfast
9:00am – 10:15am   Session 1

Introduction to security and risk management 

Moderated by James M. Aquilina

What are the challenges for businesses in managing corporate and third party data in today’s complex digital environment? How do companies stay abreast of how such data is created, stored, copied, or transmitted both inside and outside corporate environments? How are different kinds of businesses approaching these challenges?

With respect to portable data, what are the greatest security risks to businesses? What are some of the relevant practical lessons from the leading data security incidents of the last five years? How can companies best balance the business need to share sensitive, confidential, proprietary or protected information with third parties against the security risks of doing so?

10:15am – 10:45am   Break
10:45am – 12:00pm  Session 2

Managing risk with insiders and third parties

Moderated by Scott Weber

Insiders and third parties with necessary business access provide different kinds of risks to businesses. At the same time, all businesses are moving information, including trade secrets and other kinds of valuable intellectual property, to the cloud. While the cloud and data portability poses significant risk to data security, these dangers are, however, capable of management.

What are the dos and don’ts of business use of the cloud? What are the risks of BYOD? How can encryption help reduce risk? What technical and behavioral indicator tools are available to audit employee access to data and their data behavior? How can persistent analysis of employee communications identify employees that potentially pose business risks and threats to other employees and the organization?

12:00pm – 1:30pm Lunch
1:30pm – 2:45pm Session 3

Leading legal lessons relating to data security

Moderated by Tony Kim

Federal, state and regulatory legal requirements create a complex landscape of potential liability for corporations when data is exposed. Important defenses relate to whether and the extent to which corporations endeavored to protect data that by business necessity were accessible to a range of parties as well as portable.

What are the leading legal requirements that all businesses should follow in devising a security program around data? What are the elements of such a security program? What are the defensive measures that down the road can help the company navigate the litigation fallout of a significant security incident?

2:45pm – 3:15pm Break
3:15pm – 4:30pm Session 4

Table Top Data Security Exercise

Moderated by James M. Aquilina and Tony Kim

The last roundtable of the day will be an intensive interactive custom table top exercise focused on an applicable incident response scenario relating to the exposure of data. The exercise will engage and prepare participants to learn appropriate, efficient and practical responses to future crises.


The Data Security Intensive Day will be on Wednesday, October 4, 2017.  The Privacy+Security Forum will be on Thursday, October 5, 2017 and Friday, October 6, 2017.  The fee for participating in the Data Security Intensive Day is separate from the fee to participate in the Forum. You can register for the Data Security Intensive Day independently from the main Privacy+Security Forum. Registration and fees are here.

Intensive Day Admission 2017


Intensive Day (price for each)




Intensive Day (price for each – academic/NGO/gov’t)