Privacy Regulation in the U.S: Bottom-up vs Top-down approaches

From IGF-USA Wiki
Jump to: navigation, search

Transcript Available Here:

How should the U.S. deal with the issue of regulating user privacy? Should we be focusing on government regulation or should we explore bottom-up solutions such as self-certification? In this panel, we’ll discuss the benefits and costs of both types of approaches with the hopes of igniting a discussion on how to move forward and protect user privacy, while also allowing businesses to grow.


Moderator

Shuli Hallak Portrait.jpg

Shuli Hallak

Executive Director of ISOC-NY

Shuli Hallak is the Executive Director of the Internet Society, NY Chapter, where she is in charge of programming and events. Her focus is on helping end users understand digital privacy and making sure that the Internet remains a beneficial resource for those who use it as well as those who build on top of it. As ED, Shuli has been working closely with leading technology companies on Digital Preservation and ensuring that the data we create today remains accessible to us in the future.
@ShuliHallak     -    LinkedIn

Panelists

Naomi Lefkovitz Portrait.png

Naomi Lefkovitz

Senior Privacy Policy Advisor, NIST

Naomi Lefkovitz is the Senior Privacy Policy Advisor in the Information Technology Lab at the National Institute of Standards and Technology, U.S. Department of Commerce. She leads the privacy engineering program, which focuses on integrating privacy risk management processes and technical solutions with other information technologies, including digital identity services, cybersecurity, IoT, smart cities, big data, mobile, and artificial intelligence.

FierceGovernmentIT named Ms. Lefkovitz on their 2013 “Fierce15” list of the most forward-thinking people working within government information technology, and she is a 2014 Federal 100 Awards winner.

Before joining NIST, she was the Director for Privacy and Civil Liberties in the Cybersecurity Directorate of the National Security Council in the Executive Office of the President. Her portfolio included the National Strategy for Trusted Identities in Cyberspace as well as addressing the privacy and civil liberties impact of the Obama Administration’s cybersecurity initiatives and programs.

Prior to her tenure in the Obama Administration, Ms. Lefkovitz was a senior attorney with the Division of Privacy and Identity Protection at the Federal Trade Commission. Her responsibilities focused primarily on policy matters, including legislation, rulemakings, and business and consumer education in the areas of identity theft, data security and privacy.

At the outset of her career, she was Assistant General Counsel at CDnow, Inc., an early online music retailer.

Ms. Lefkovitz holds a B.A. with honors in French Literature from Bryn Mawr College and a J.D. with honors from Temple University School of Law.

    -    LinkedIn

MichelleDeMooy.jpg

Michelle De Mooy

Director of the Privacy & Data Project, CDT

Michelle De Mooy is Director of the Privacy & Data Project at the Center for Democracy & Technology. She advocates for data privacy rights and protections in legislation and regulation, works closely with industry and other stakeholders to implement good data practices and controls, and research emerging technology that impacts personal privacy. She leads CDT’s health privacy work, chairing the Health Privacy Working Group and focusing on the intersection between individual privacy, health information and technology. Michelle’s current research is focused on ethics and algorithms in commercial health and the growing market for genetic data. She has testified before Congress and the Federal Trade Commission, provided commentary for publications like the New York Times, Vice, and the Guardian, and appeared on The Today Show, Voice of America, and Government Matters TV programs.

Before CDT, Michelle worked as a political campaign consultant for M+R Strategic Services, as a development and communications director at a capacity building organization aimed at nonprofits, and in the tech sector in product management and software engineering.
@michelledemooy     -    LinkedIn

Kara Sutton Portrait.jpg

Kara Sutton

U.S. Chamber of Commerce

Kara Sutton is senior manager of the U.S. Chamber of Commerce Center for Global Regulatory Cooperation, where she oversees the Chamber’s international high-tech and digital policy work, with an emphasis on global data privacy and data transfer policies and best practices. Kara works extensively with companies of all sizes and sectors on efforts to preserve cross-border data flows and fight forced localization. She leads private sector engagement in multiple international fora and works closely with governments worldwide on developing policies that support innovation.

Before to coming to the Chamber, she was policy director at the Trans-Atlantic Business Council where she developed the association’s transatlantic digital policy agenda. Prior that, she was a Congressional liaison working on trade and cybersecurity issues at the Bertelsmann Foundation North America.

Kara completed her undergraduate and master’s degree at the University of Kentucky. She conducted her post-graduate research and dissertation at the London School of Economics.
@KaraSutton_DC     -    LinkedIn

Caroline Greer Portrait.jpg

Caroline Greer

European Public Policy for Cloudflare

Caroline Greer leads European Public Policy for Cloudflare, a cybersecurity and web performance company. Based out of Cloudflare's London office, Caroline covers a wide range of policy and regulatory issues related to Cloudflare's mission of helping build a better internet, and is involved in the company's GDPR implementation work.

Prior to joining Cloudflare, Caroline worked for a number of domain name registries and was an active participant in the ICANN community. Caroline also spent 5 years working in Brussels as the Head of Public Policy for ETNO, and commenced her career working for the Irish Government and Irish telecoms regulator.

Caroline holds a LLB (Hons) in Law and Spanish from Queen's University of Belfast, an MBA from the University of Ulster and a Post Graduate Diploma in EC Competition Law from King's College London.
@CarolineGreer     -    LinkedIn

Craig Spiezle Portrait.jpg

Craig Spiezle

Founder & Chairman Emeritus, Online Trust Alliance

Craig Spiezle is the founder and managing partner of AgeLight LLC, a professional services firm focused on online and digital services. Craig is a recognized authority on trust and the convergence of privacy and security promoting ethical privacy practices, end-to-end security and the importance on moving from a compliance mindset to stewardship. Craig serves as Charmain emeritus of the Online Trust Alliance, an initiative of the Internet Society and a strategic advisor and industry analyst. Craig frequently briefs international policy makers driving awareness of best practices by both the public and private sectors and importance of internet governance. As the founder of the OTA, Craig championed security best practices to help protect consumers, innovation and the role of meaningful self-regulation. He created IoT Trustworthy Working Group an international coalition focused on security, privacy and sustainability. Prior to OTA, Craig spent over a decade at Microsoft focused on digital marketing, security and privacy enhancing technologies and standards driving the development of brand protection, anti-spam, anti-phishing and privacy enabling technologies. Craig is on the board of the Identity Theft Council, editorial board of SC Magazine and a member of InfraGard, the Internet Society International Association of Privacy Professionals (IAPP) and the Anti- Phishing Working Group (APWG). In addition, Craig is a past member of the City of Clyde Hill Utility Commission, served on two terms on the Federal Communications Commission advisory councils pertaining to online security and reliability of critical infrastructure, past board member of MAAWG and participant in multiple NTIA multi-stakeholder working groups including facial recognition, vulnerability disclosure, mobile privacy disclosures and IoT patching and upgradability. Current and past clients include Internet Society, Microsoft, Pfizer, the US Postal Service and other leading organizations.
@craigspi     -    LinkedIn