Life Science Data Privacy Governance and GDPR Alignment Conference

July 26-27, 2018 | Philadelphia, PA

Sheraton Philadelphia Downtown Hotel

Download AgendaRegister Now

DAY ONE | THURSDAY, JULY 26

8:00 REGISTRATION AND WELCOME COFFEE

8:50 CHAIRPERSON’S OPENING REMARKS

9:00 KEYNOTE PRIVACY OFFICER PANEL: LIFE SCIENCE DATA PRIVACY IN 2018 AND BEYOND
Within the life science industry, the role of data privacy officers has increased in importance, driven by concerns surrounding potential data breaches impacting corporate reputations, as well as the race to comply with GDPR requirements ahead of the 2018 deadline. This focus on data privacy as a business practice integral to the success of corporations has elevated the role of data privacy officers, increasing the strategic importance of the position as officers look to align operational procedures with evolving technology and at times, lagging regulatory guidance. Exploring the future of data privacy in the data driven life science industry will provide insights into the convergence of policy and technology, enabling executives to proactively plan for future requirements.

  • Strategic evolution of the life science data privacy position
  • Opportunities for data privacy to add corporate value
  • Approaches to handling under regulated privacy concerns
  • Considerations in global privacy harmonization efforts

MODERATOR:
Stephanie Carter, PhD, US DEPARTMENT OF JUSTICE

PANELISTS:
Jennifer Mitchell, ABBOTT

Cindy Ping, SHIRE

Patricia Hilbrands, ARTHREX

Priya Mannan, NOVARTIS INSTITUTES FOR BIOMEDICAL RESEARCH

 

10:00 GDPR DATA RETENTION GUIDANCE FOR PHARMACEUTICAL & DEVICE CORPORATIONS
Within the GDPR framework, corporations are required to develop data storage, retention and erasure procedures in order to safeguard the privacy of data subjects. This presents a considerable challenge for life science corporations which must also retain data surrounding clinical research studies in order to maintain regulatory alignment with the EMA. This conflict has many life science executives unsure of the best path forward in implementing data retention and erasure policies, which is compounded by uncertainty related to the depth of anonymization required, with many DPAs indicating that traditional clinical study redaction techniques are inadequate.

  • Retention considerations applicable to:
    • General business data
    • Employee information
    • Patient & Clinical data
  • Establishing appropriate retention periods
  • Defining anonymization in a life science context
  • Informing data subjects on retention periods

Jennifer Everett, Associate, JONES DAY

Ann Bogenrief, Compliance Manager, CARDINAL HEALTH, INC.

 

10:45 COFFEE & NETWORKING BREAK

 

11:15 WORKSHOP: VALIDATING COMPLIANCE THROUGH MOCK GDPR GAP ANALYSIS IN THE LIFE SCIENCE INDUSTRY
As part of a highly regulated and dynamic industry, corporations in the pharmaceutical and medical device industries are very familiar with the interpretation and implementation of new regulatory requirements, whether related to FDA concerns surrounding patient safety and product efficacy, appropriate promotional claims governed by the FDA and FTC, or regulations surrounding compliance and fiduciary governance. While all corporations have prepared to some extent for GDPR compliance, interpretations of the regulation, risk tolerance of the corporation as well as the message from executive leadership has resulted in varied levels of alignment and preparedness. To gain insight into the differing interpretations of GDPR implementation, providing time for discussion and reflection on existing plans, small groups of participants will work through various sections of compliance concern, auditing plans for potential gaps in alignment.

Michelle DeBarge, Partner, WIGGIN & DANA

Albert Stopniewicz, Global Data Privacy Officer and Corporate Ethics Manager, VAREX IMAGING CORPORATION

 

12:15 LUNCHEON FOR PARTICIPANTS

 

1:15 MULTI PART MODULE: DATA PROTECTION AUTHORITY ENFORCEMENT ACTION
As life science organizations now turn their attention to ongoing compliance with a large concern focused on enforcement action by Data Protection Authorities (DPAs) to ensure internal privacy programs and procedures are prepared for GDPR audits, data privacy executives find difficulty operating in an uncharted enforcement landscape. Recognizing core areas of concern for DPAs, risk associated with penalties of noncompliance, and the nature of audits will give data privacy executives a thorough understanding of the best ways to assist DPAs during audits to create a smooth review process. A forecast of anticipated regulatory efforts will provide delegates with a greater awareness of probable DPA enforcement action and core areas of concern.

  • Anticipated impression of GDPR enforcement
  • Recent DPA comments on core areas of focus
  • Practices to assist DPAs for uncomplicated audits

MODULE ONE: ANALYSIS OF FORECAST FOR DATA PROTECTION AUTHORITY ENFORCEMENT ACTION

James Koenig, FENWICK & WEST

MODULE TWO: BREAKOUT DISCUSSIONS SCENARIO PLANNING

Igor Chechelnitsky, MEDTRONIC

 

2:15 FTC GUIDANCE & ENFORCEMENT OF LIFE SCIENCE DATA PRIVACY & SECURITY
Medical device and pharmaceutical firms look to the FTC for guidance on best practices for compliance when creating and maintaining internal privacy and security programs as the Commission provides the broadest enforcement and guidance reach on privacy and security issues for the life sciences industry, as well as playing a critical role in the enforcement of international data transfer issues. As the FTC continues to provide enforcement through investigating breaches, it is clear that companies must stay informed on the Commission’s key actions and initiatives, to ensure privacy executives are following correct procedures and continuing compliance. This session will identify the key elements of guidance from the Commission, including enforcement, breach-related issues and “thought leadership” initiatives, such as the Mobile Health App Interactive Tool, that will help life sciences companies establish best practices for continued compliance in an evolving technological environment.

Kirk Nahra, Partner, WILEY REIN

 

3:00 COFFEE & NETWORKING BREAK

 

3:30 KEYNOTE: EMBEDDING PRIVACY INTO THE CULTURE OF LIFE SCIENCE CORPORATIONS
Many executives in pharmaceuticals and device industries have seen a shift in scope of responsibilities from hardware focused privacy to the technological side of data protection, while others have seen this shift in the collective attitude towards the historically silo environment of data privacy. More privacy executives are starting to see an expansion in contributing efforts coming from executives across the employee base in a unified effort. In order to sustain GDPR regulatory compliance, privacy leaders must work towards the creation and fostering of a privacy embedded culture where the accountability for sustainability of data is shared equally amongst the organization to ensure perpetual momentum.

  • Utilization of GDPR as a baseline for privacy programs
  • Benefits of identifying privacy champions across channels
  • Internal privacy education approaches to consider

Dr. Mansur Hasib, CISSP, PMP, CPHIMS, Program Chair, Cybersecurity Technology, THE GRADUATE SCHOOL, UNIVERSITY OF MARYLAND UNIVERSITY COLLEGE

 

4:15 DISCUSSION GROUPS: INTEGRATING DATA ETHICS INTO THE FUTURE OF DATA PRIVACY IN LIFE SCIENCE CORPORATIONS
As a data driven industry, life science corporations have been leaders in the collection, analysis and utilization of data in the development of new therapies and technologies, improving the lives of populations around the world through careful analysis of data collected from clinical research studies, patient registries and patient reported outcomes supporting real-world studies. In an industry so dependent on data, considering the future of data privacy is of essential importance, and data privacy leadership are focused on integrating ethics into data governance to elevate levels of data stewardship and privacy throughout the organizational structure. Striking a balance where data can be used effectively to create value for new and existing products while maintaining the privacy of individuals is a key component to ensuring long-term success of data privacy initiatives.

  • Small group collaboration on privacy scenarios
  • Development of response & structure (execution) for each situation
  • Report back to entire audience to gain industry consensus

Dr. Mansur Hasib, CISSP, PMP, CPHIMS, Program Chair, Cybersecurity Technology, THE GRADUATE SCHOOL, UNIVERSITY OF MARYLAND UNIVERSITY COLLEGE

Michael Deer, Head of Data Privacy, ALCON, A NOVARTIS DIVISION

 

5:00 DAY ONE CONFERENCE CONCLUSION