Register Online Now!

Privacy Challenges in Government Workshop IV

November 27, 2007 – Willard InterContinental Hotel

Workshop Description

Please join us for the next workshop in the continuing series providing federal managers an opportunity to engage in informative dialogue with subject-matter specialists from the federal CIO, CISO, privacy and IG communities, and from the private sector.

Since our last workshop Privacy III, many lessons have been learned and additional guidance developed for agencies. Agencies have made significant progess in setting up and staffing new privacy offices that are making advances in defining processes and controls while facing ever-increasing workload demands. The new workshop includes new material on eDiscovery and records management issues relevant to privacy office responsibilities. Several speakers from the previous training workshop are returning to share information they have uncovered in their ongoing efforts to comply with the requirements and to talk about the elements of their corrective action plans, the use of controls, changes in the threats and emerging proactive approaches to managing the risks

Why You Should Attend

  • Learn about new issues that have emerged relating to protecting sensitive information since March
  • Understand issues relating to management of Privacy Act, Egov Act, E-Discovery and related legislative requirements
  • Obtain the latest best practices for identifying, assessing and managing privacy risks
  • Engage instructors in off the record interactive discussion of your issues and possible options for remediation

What You Will Learn

  • Issues that have emerged in the assessments
  • Practical recommendations and lessons learned from ongoing compliance efforts
  • What agencies have been doing to identify vulnerable areas and areas of weak control
  • Approaches to managing risks identified in the assessments and improving records management

Who Should Attend

  • CIOs and staff
  • Security Officers and staff
  • Privacy Officers and staff
  • Program Managers and staff who are responsible or use data under the Privacy Act
  • Managers who telework or have staff who currently or may telework
  • IGs and Staff
  • Executives, Managers, Administrative Officers or those who may be responding to privacy or security breaches within their organization who want to know current policy, lessons learned and best practices.
  • HR professionals responsible for hiring privacy professionals
  • Office of General Counsel

Workshop Format

  • This is a one-day session with panels and presentations led by leading specialists and practitioners
  • There will be opportunities for participants to engage in dialog and discussion and to share best practices

Agenda

7:30 AM

Registration and Continental Breakfast

8:30

Welcome & Overview of the Day
Art Chantker, President, Potomac Forum

8:45

Overview of Emerging Issues - Newest Guidance and Why it is Important:

What You Should Know

The Honorable Mark Forman
Partner, KPMG and former Administrator, Office of E-Government and Technology, OMB

9:15 Privacy Legislation in Congress: Trends, Impacts, and What Will Happen and Why
- What Agencies Need to Know to be Prepared
Eric Federing, Executive Director, Business Public Policy and Government Affairs
KPMG 
10:15

Refreshment Break

10:30

NIST Update:  Guidance on Standard Configuration and Implication for Agency Privacy Challenges
Steven Quinn, Program Manager Federal Standard Desktop Configuration
NIST

11:15

An Agency Perspective: Insights and Lessons learned from Implementing OMB Memo  M-07-16
Patrick Howard,  Chief Information System Security Officer
Department of Housing and Urgan Development

12:00 PM

Luncheon and Table Discussions

1:15

Engaging Agency Senior Leadership in Solving Privacy Issues
Hugo Teufel III
Chief Privacy Officer
Department of Homeland Security

2:15

GAO Insights on Agency Compliance with Privacy Requirements
Linda Koontz, Director, Information Technology Directoriate
U.S. Government Accountability Office (GAO)

3:00

Refreshment Break

3:15

IG Insights:  An update on 522 requirements and overview of FISMA findings this year
- Todd Zinser, Deputy Inspector General and
- Rebecca C. Leng, Assistant Inspector General
     Department of Transportation

4:00

Government Panel:
The Security Breach:  What do you do?  Lessons Learned and Best Practices
-Sally L. Wallace, CISSP
Assistant Deputy Assistant Secretary for Privacy and Records Management
Department of Veterans Affairs
and
-Marc Groman, Chief Privacy Officer
Federal Trade Commission
and
-Kenneth P. Mortensen,  Office of the Deputy Attorney General
Acting Chief Privacy and Civil Liberties Officer
U.S. Department of Justice and
Co-Chair Federal CIO Council Privacy Committee

5:00

Wrap-up and Discussion
The Honorable Mark Forman
Partner, KPMG and former Administrator, Office of E-Government and Technology, OMB

5:15

Workshop Adjourns
Opportunity to discuss specific Agency Privacy and Data Management Challenges with the Instructors

Agenda Subject to Change

Registration Information

Registration is Open and Walk-in, On-Site  Registrations Are Permitted. 
On-line and FAX Registration will be available Until 3:00 pm on Monday, Nov 26.
After 3:00 pm, please register On-Site at the Willard Hotel. 

If possible, please phone 703 683-1613 to notify us you are attending (3:00 to 5:00 pm)

Government Only Registration: $845

Register Online Now!  

To Permit Candid Discussion about Government Privacy Challenges and Solutions, this Workshop is Limited To Government Employees Only

This event is open to government employees only! We are sorry, but industry and government contractors are not invited to attend this training workshop.

For additional information, call 703-683-1613.

Cancellation Policy

Confirmed registrations who cancel within 3 business days of the program will be subject to a $250 cancellation fee. Registrations cancelled after the program starts are subject to the full registration fee. Substitutions can be made at any time. In the event a particular training workshop is cancelled, the liability of Potomac Forum, Ltd is limited to refund of any prepaid registration fee.

Meeting Location

Willard InterContinental Hotel
1401 Pennsylvania Avenue N.W.
Washington D.C. 20004
202-628-9100


Speakers:

Honorable Mark A. Forman

Partner, Advisory Services
Mr. Forman leads two major business elements: Advisory Services work for Civilian agencies of the Federal Government; and the Information Risk Management Service offering across all federal agencies.  KPMG’s Advisory Services practice brings senior experts and global leading practices knowledge to help clients improve performance and manage risk by identifying and evaluating issues, and providing informed, effective responses. 

Prior to joining KPMG, Mr. Forman was a co-founder and Executive Vice President at Cassatt Corporation of San Jose, California.  Cassatt provides enterprise software and services to help clients automate information technology operations and provide on-demand computing.

From June 2001 through August 2003, Mr. Forman was appointed by President George W. Bush to be the Administrator E-Government and Information Technology.  From his position at the White House, Mr. Forman managed over $58 billion of federal IT investments, led the President’s effort to create a more productive, citizen-centric government, and was responsible for the development and implementation of IT policies, including security and privacy. He established and drove the federal government’s IT investment decision-making process and Federal Enterprise Architecture, ensuring alignment of IT spending with the country’s most pressing needs.   

His definition and deployment of a rigorous cybersecurity improvement process raised IT security from less than 20% to about 80% in two years.  Mr. Forman also successfully led several thousand IT workers in 30 cross-agency teams to implement E-Government and e-Business initiatives, such as:

·          Simplifying the Firstgov.gov portal using a "three-clicks to service" model that led to Yahoo's recognizing Firstgov.gov as one of the 50 most incredibly useful websites and a top-five rating from Nielson.  Usage grew from about 400,000 to more than five million citizens per month.
·          Creation of the first IRS free filing website, using a unique private-public partnership that enabled more than 60% of citizens to file electronically at no charge; used by 2.7 million people in 2003. 
·          Regulations.gov, the world's first government sponsored e-democracy initiative that allows citizens to go to a single website easily find, read and comment on proposed regulations; this saved nearly eight million dollars over the current fragmented approach. 
·          Consolidation of Federal payroll processing centers, saving over $1 billion;
·          Restructuring federal professional development through the Golearn.gov website, which has trained over 100,000 thousand federal employees at pennies per course
·          Creation of six Line of Business consolidation initiatives, including Financial Management and Case Management.Mr. Forman also has held corporate management positions. As a vice president for E-business at Unisys Global industries (11/2000-6/2001), he was responsible for revamping the global public–sector offerings.

As a global principal at IBM Global Services, he helped government clients to leverage e-business to achieve order-of-magnitude performance gains (3/1997-11/2000).  From 1990 until 1997, he was a senior professional staff member for the U.S. Senate Government Affairs Committee where he played a pivotal role in drafting and enacting major management reform laws. These included the Federal Acquisition Streamlining Act, the Information Technology Management Reform Act, and the Paperwork Reduction Act.  

From 1983 to 1990, he was employed by the U.S. General Accounting Office for audits and studies of the Department of Defense, and by The Analytic Sciences Corporation, Inc. and Defense Group, Inc. as manager of Applied Operations Research consulting services.  He earned a bachelor’s degree in economics at the Ohio State University and a masters degree from the Harris Graduate School of Public Policy Studies at the University of Chicago. He is a Principal and CIO SAGE at the Council for Excellence in Government, senior fellow of the John C. Stennis Institute for Public Service, and Fellow of the National Academy of Public Administration.  Mr. Forman has given well over 100 speeches on government reform and management, as well as testifying before the U.S. Congress and State of California Legislature.  

Rebecca Leng
Assistant Inspector General for Financial and Information Technology Audits
U.S. Department of Transportation.
Ms. Rebecca Leng is the Assistant Inspector General for Financial and Information Technology Audits at the U.S. Department of Transportation.  In her current position, she is responsible for overseeing financial audits of the Department’s $50 billion of annual spending, and information security audits of critical infrastructure systems like the Air Traffic Control System.   

In 2003, Ms. Leng was appointed to the Information Security and Privacy Advisory Board, which was established by the Computer Security Act of 1987 and the Federal Information Security Management Act of 2002.  The Board is responsible for advising the National Institute of Standards and Technology (NIST) and the Office of Management and Budget (OMB) on information security and privacy issues concerning the Federal Government. 

Ms. Leng joined the U.S. Department of Transportation in 1991.  Prior to that, she worked for private companies and an accounting firm. 

She received her master’s degree from the Ohio State University and her baccalaureate’s degree from the National Taiwan University.  She is a Certified Public Accountant (CPA) and a Certified Information Systems Auditor (CISA).    

Sally L. Wallace, CISSP
Associate Deputy Assistant Secretary for Privacy/Records Management
Department of Veterans Affairs
Sally Wallace assumed her current position as the Associate Deputy Assistant Secretary for Privacy/Records Management on March 3, 2007.  In this role, she serves as the Executive in charge of VA’s Privacy and Records Management programs, as well as serving as VA’s Chief Freedom of Information Officer.  Prior to this, she served as the Associate Deputy Assistant Secretary for E-Government, responsible for VA’s e-government initiatives as a part of the President’s Management Agenda (PMA) while advocating electronic services to veterans and their beneficiaries.  She also served as VA’s Chief FOIA Officer, and managed VA’s Web presence and Privacy programs. 

From 2003 – 2006, Ms. Wallace served as the Associate Deputy Assistant Secretary for IT Operations.  In this capacity, she modernized VA’s telecommunications network services, improved VA’s Internet and Intranet presence, improved continuity of operations capability, and upgraded the VA Central Office campus communications and support services.   

An Army veteran, Ms. Wallace received a direct commission in 1976 and served with distinction until she separated in 1983.  She retired from the Army Reserve as a Colonel after 30 years of service.  She is a graduate of the Army Finance Basic Course, Advanced Course, Command and General Staff School, and the Army War College.   Her awards and decorations include the Meritorious Service Medal with three Oak Leaf Clusters, the Joint Service Commendation Medal, the Army Commendation Medal with one Oak Leaf Cluster, the Army Achievement Medal with one Oak Leaf Cluster, the National Defense Service Medal and the Office of Secretary of Defense Identification Badge. 

Ms. Wallace was appointed to the Senior Executive Service in March, 2003.  She received a B.S. in Business Administration from Central Michigan University in 1975, a M.S. in Information Systems Technology from George Washington University in 1984, and a Masters in Strategic Studies from the Army War College in 2000.   She is a 1992 graduate of the Leadership VA program.  She is also a Certified Information Systems Security Professional, granted by the International Information Systems Security Certification Consortium.    

Hugo Teufel III
Chief Privacy Officer
U.S. Department of Homeland Security
Hugo Teufel III was appointed Chief Privacy Officer of the U.S. Department of Homeland Security by Secretary Michael Chertoff on July 23, 2006. In this capacity and pursuant to Section 222 of the Homeland Security Act of 2002, Teufel has primary responsibility for privacy policy at the Department, to include: assuring that the technologies used by the Department to protect the United States sustain, and do not erode, privacy protections relating to the use, collection, and disclosure of personal information; assuring that the Department complies with fair information practices as set out in the Privacy Act of 1974; conducting privacy impact assessments of proposed rules at the Department; evaluating legislative and regulatory proposals involving collection, use, and disclosure of personal information by the Federal Government; and preparing an annual report to Congress on the activities of the Department that affect privacy.   Further, Teufel serves as the Department’s Chief Freedom of Information Act (FOIA) Officer. Teufel’s responsibilities as Chief FOIA Officer include assuring consistent and appropriate agency-wide statutory compliance and harmonized program and policy implementation. 

Before joining the Privacy Office, Teufel served as the first Associate General Counsel for General Law at the Department of Homeland Security.  Previously, Teufel served as the Associate Solicitor for General Law at the Department of the Interior.  In each position, Teufel oversaw the provision of legal advice and counsel to a cabinet-level agency on privacy and FOIA matters. 

Before joining the Administration, Teufel practiced law at Hall and Evans, in Denver, Colorado; served as Deputy Solicitor General for the State of Colorado; was an associate at McKenna & Cuneo, in Denver, Colorado; and was a clerk to Chief Judge Loren A. Smith of the U.S. Claims Court.   

Teufel graduated from the Washington College of Law of the American University and was the Senior Articles Editor of The Administrative Law Journal.  He is currently pursuing a master’s degree in national security and strategic studies from the Naval War College.  He is a member of the bars of Colorado and Maryland (inactive).  He is married and has a daughter. 

Stephen D. Quinn
Program Manager
National Institute of Standards and Technology
Stephen Quinn is a senior computer scientist at the National Institute of Standards and Technology (NIST). He is the program manager of the interagency and interdepartmental Information Security Automation Program (ISAP) and co-originator of the Security Content Automation Protocol (SCAP) http://nvd.nist.gov/scap.cfm with his NIST colleague Peter Mell. Steve also oversees the NIST National checklist program located at http://checklists.nist.gov.

Prior to joining NIST, Steve worked as consultant to the Department of Defense and large commercial outsourcings with Wall Street banking firms and insurance companies. Specifically, he comes from an operational background, having owned a company that provided services offering for vulnerability assessments, designing security architectures, code development, C&A, and ST&Es. His research experience includes computer viruses, intrusion detection systems (IDSs), vulnerability/misconfiguration identification, categorization, and remediation.   

Linda D. Koontz
Director, Information Management Issues
U.S. Government Accountability Office
Linda Koontz is Director, Information Management Issues, at the U.S. Government Accountability Office. She is responsible for issues concerning the collection, use, and dissemination of government information in an era of rapidly changing technology. 

Recently, Ms. Koontz has directed studies concerning privacy, data mining, information access and dissemination, and e-government. In addition, she has lead responsibility for evaluating governmentwide telecommunications and continuity of operations planning issues. Ms. Koontz’s group at GAO has issued numerous reports on these and other subjects, and she has testified frequently before congressional committees on her work. 

Ms. Koontz has a B.A. degree from Michigan State University, is a Certified Government Financial Manager, and is chair of the Association for Information and Image Management Standards Board. 

Patrick D. Howard, CISSP, CISM
Chief Information Security Officer
Department of Housing and Urban Development
Patrick has over twenty years of experience in information security. A former Military Police Officer, Patrick successfully served in military positions in law enforcement, operations, physical security, information security, and security management, retiring from the U.S. Army in 1992.

Since then he has served as an information security consultant with several government contracting firms in the Washington, D.C. area including Comsis Corp., PRC, and Troy Systems, supporting the Nuclear Regulatory Commission, US Coast Guard, Bureau of the Census, Bureau of the Public Debt, Securities and Exchange Commission, and Departments of Agriculture, Labor and Defense among others. Patrick was formerly employed as a Senior Manager for Ernst & Young (E&Y), LLC where he developed security consulting methodologies for E&Y's national IT security practice and created policies and standards for a variety of commercial clients. He has also performed consulting services for Netigy and Quinetiq Trusted Information Management, where he was charged with developing a consultant certification program, development and delivery of CISSP preparatory training, creation of corporate security consulting methodologies, and delivery of consulting services to commercial and government organizations.

Patrick has also served as an instructor for the Computer Security Institute, has written articles on security policy development, is co-author of Total CISSP Exam Prep Book, and is author of Building and Implementing a Security Certification and Accreditation Program. Most recently Patrick was employed by the Titan Corporation and was assigned full-time to the Department of Transportation Office of the Chief Information Officer, where he served as the DOT Certification and Accreditation Program Manager.

Patrick has a B.A. degree from the University of Oklahoma, and a M.A. from Boston University.

Marc Groman
Chief Privacy Officer
Federal Trade Commission
Marc Groman is the Federal Trade Commission's Chief Privacy Officer.  As CPO, Marc is directly responsible for managing the development and implementation of the FTC's agency-wide privacy program. Since his appointment as the agency's first CPO in September 2006, Marc has overseen the creation of policies and procedures to safeguard sensitive data and ensure compliance with federal privacy laws and standards. Marc reports directly to the Chairman's Office, serves as the Senior Agency Official for Privacy, and chairs the agency-wide Privacy Steering Committee.  He also coordinates the FTC's Breach Notification Response Team.   

In addition, Marc serves as Counsel to Lydia Parnes, Director of the FTC's Bureau of Consumer Protection, handling matters involving private sector privacy and data security issues, as well as  technology, e-commerce, and international privacy.  From 2000 through 2004, Marc was a staff attorney in the FTC's Division of Marketing Practices.  He served as the National Coordinator of the Inter-Agency Law Enforcement Task Force on Spam, coordinated Project Netforce, a law enforcement sweep of cybercrime and Internet fraud, and served as the Coordinator of the FTC's Internet Investigations Training program.      

Marc received his J.D. from Harvard Law School and his B.A. in International Relations from Tufts University.  He is a Certified Information Privacy Professional.    

Eric K. Federing
Executive Director, Business Public Policy, Government Affairs
KPMG LLP
KPMG LLP is one of the four largest audit, tax and risk advisory services firms in the world.  Based in Washington, DC, Federing is a senior strategic advisor to partners, practices and clients nationally.  His responsibilities are anchored to legislative, regulatory, political actions, public policy trends.  

Federing is a member of KPMG’s firm-wide privacy team and represents the firm (since 2001) to the joint American Institute if Certified Public Accountants/Canadian Institute of Chartered Accountants Privacy Task Force, composed of representatives from the breadth of the accounting profession, industry representatives, legal representatives, and academia.  He participated in the drafting of the firm’s privacy white paper entitled “A New Covenant with Stakeholders:  Managing Privacy as a Competitive Advantage.” 

Prior to joining KPMG in February 1999, Federing was a senior congressional adviser in the United States Congress, in both the Senate and the House.  During a 12-year tenure, he was experienced in the broadest range of issue analysis, opinion-making and consensus building.  Federing served as Press Secretary to Senator Joe Lieberman of Connecticut; as Director of Communications for the House Transportation and Infrastructure Committee (f.k.a., Public Works and Transportation Committee); and, Press Secretary to Rep. Norman Y. Mineta of California.  

Federing is a Phi Beta Kappa graduate (With Distinction) of The George Washington University, 1982.   He has been profiled Who’s Who in America, 2000, 2001, 2002, 2003, 2004, 2005 and 2006; Who’s Who in the World, 1999; Who's Who in the East, 1993-1994, 1995-1996, 2002 and 2006;  The Almanac of the Unelected, 1993 and 1994; and Who's Who Among Young American Professionals, 1992‑1993.   

Federing is a Principal, Council for Excellence in Government; a Board member of the National Japanese American Memorial Foundation; and, a Board member of the National Conference on Citizenship.