IT and the Law: Dealing with Privacy and Compliance

IT and the Law. CIO Solutions Gallery, Fisher College of Business, the Ohio State University.

On September 28, 2006, a full day of discussing the intersection of information technology and the law will be held at the Fisher College of Business at the Ohio State University as part of its recurring CIO Solutions Gallery program. Interhack is proud to continue its sponsorship of the program.

Registration is available online at

7:15am - 8:00am Continental Breakfast
8:00am - 8:10am Welcome and Session Introduction
  • Dr. Anil Makhija
    Chair, Finance and Associate Dean for Executive Education
    The Ohio State University Fisher College of Business
8:10am - 8:20am Keynote Introduction
  • Mr. Thornton A. May
    Nation's Leading IT Futurist
8:20am - 9:00am Keynote Speaker
  • Dr. Larry Ponemon
    Chairman & Founder, Ponemon Institute
    Board Member, The Privacy Council, Inc.

What's really driving today's privacy efforts? Is it disclosure laws, public opinion, opportunities for business process improvement, all of the above? Here, a broad view of the leading issues that are behind today's privacy and compliance momentum will be discussed.

9:00am - 10:15am

Understanding The Law

It begins by knowing the rules. What are the facts and hidden nuances concerning specific regulatory vehicles like SOX, HIPAA, and others? What must you be careful to understand, and what must you be careful to avoid? A panel of experts sheds light on these important issues

  • Dr. Richard Dietrich (Department Chair, The Ohio State University Fisher College of Business)
  • Mr. Tom Skoog (Partner, KPMG)
10:15am – 10:30am


10:30am – 11:15am

Evaluating The Risks, a Panel Moderated by Mr. Thornton May
Knowing then leads to assessing, as well as convincing. How do you assess your level of risk in your organizations, and how do you then plan and prioritize the attack? In addition to mitigating risk from the outside, how do you keep an eye on your employees……the enemy within? How do you also muster internal executive and cultural support for what may be a resulting massive (and costly) change? Top tier CIOs share their perspectives.

  • Ms. Kathleen Ojala (Privacy Officer, Ohio State University Health System)
  • Mr. John Rombough (Control Division, Canadian Imperial Bank of Commerce)
  • Mr. David Bauer (Former CSO/CPO, Merrill-Lynch)
  • Mr. Matthew T. Furton (Partner, Lord Bissell & Brook, LLP)
11:15am – Noon

Mining Value From The Auditor Relationship, as Moderated by
Ms. Anne McCrory ** (Editor-In-Chief, CIO Decisions )
One of your best allies in helping to plan and execute game changing strategies related to privacy, compliance and regulation is your internal audits team. Yet, their abilities and contributions are often overlooked. Here, several top industry professionals turn state’s evidence on how senior IT and other corporate leaders be successful in this valuable relationship-building experience.

  • Dr. Richard Dietrich
  • Mr. Bruce Moulton (VP of Info Security Business Strategy, Symantec)
    (Former CISO, Fidelity Investments)
  • Mr. Kirk M. Herath (Chief Privacy Officer, Nationwide Enterprise)
  • Ms. Sandra R. Hughes (Global Privacy Executive, Procter & Gamble Company)
Noon – 1:15pm

Lunch Break, including Keynote Speaker #2 (12:30pm – 1:15pm)

  • Mr. David Bauer ( CTO, Asurion Corporation; Former Chief Security Officer and Privacy Officer
    Merrill-Lynch Company, Inc. )
1:30pm – 2:15pm

CTO/CISO Roundtable Panel, as Moderated by
Ms. Anne McCrory (Editor-In-Chief, CIO Decisions )
So, how are you responding the call (and possibly the mandate) for immediate action? On which issues are you spending most of your time; e.g., two-factor authentication, wireless security, spyware, others? How are you preparing for the new requirements for electronic discovery? Listen as senior technology and security officers describe how they are moving forward.

  • Mr. Dan Vermeire (CTO, Huntington National Bank)
  • Ms. Kathy Starkoff (CTO, Limited Brands)
  • Mr. Mark Bregman (CTO, Symantec)
2:15pm – 2:30pm Break
2:30pm – 3:00pm

What Yet Lies Ahead?
What’s on the horizon regarding leading regulatory issues involving information security and privacy, as well as expected legislative reaction to those issues? While it might appear to some that a seemingly endless amount of money and time will be necessary in responding these mandates, how do you really determine, “How Much Is Really Enough?” What is the mood in our legislatures in that regard?

  • Mr. Kenneth P. Mortensen, Esq. ( Acting Chief of Staff, Privacy Office, U.S. Department of Homeland Security)
3:00pm – 3:30pm

Untangling a Twisted Pair: CIOs and Lawyers – The New Alliance

  • Mr. Thornton A. May

Most CIOs admit that the legal stuff is the third rail of IT leadership. While this wasn’t always the case, new and more complex issues have entered the picture,…any one of which has the potential of being career-destroying. What is the current state of the collision between the legal and IT worlds?

3:30pm – 4:00pm

Session Summary and Wrap-Up

  • Mr. Thornton May
4:00pm – 5:00pm

Adjournment and “ Decompression Session

About Interhack

Interhack is a pioneering professional services firm, active in security and privacy research, with a forensic computing practice that has been involved in cutting-edge litigation on electronic privacy matters.