Leading with Privacy

Overview

Friday, January 26, 2024, from 9am to 4pm
Beckman Institute for Advanced Science and Technology, 405 N. Mathews Ave. Urbana, IL and Online

Free | Lunch available for in-person attendees

Decisions about privacy affect our professional, educational, and personal lives. The in-person conference with streaming available will cover balancing privacy goals and innovation, data rights, data collection risks, and implementing privacy principles in higher ed, among other topics. Leave with a better understanding of privacy policy including legal, ethical, and industry perspectives.

Registration for conference with lunch closes January 19. Registration for in-person or online attendance without lunch closes January 25.

Schedule

Session Descriptions and Speakers

Keynote

Kim Milford is Deputy CIO and Chief Information Security Officer, University of Illinois at Urbana-Champaign. She draws on her experience in research and education to lead strategy, direction, and innovation related to cybersecurity, identity protection, and privacy. Prior to this role, she was the Executive Director and CISO at the REN-ISAC, working with research and education institutions and partners to provide member institutions with the information and tools to better defend their environments from threats. Her service in higher education includes positions at Indiana University, the University of Rochester, and University of Wisconsin-Madison. Milford provides cybersecurity expertise and presentations at national and regional conferences and seminars. She guest lectures and teaches cybersecurity courses and training and has authored/co-authored many articles on the subject. 

Online Advertising and National Security

Behind the scenes on almost all websites and apps is a system that operates auctions for ad space. That system, called “Real Time Bidding”, causes a vast and ongoing data breach. As a result, intimate data about U.S. leaders and military personnel is leaking to China and elsewhere.

Dr. Johnny Ryan, FRHistS, is Senior Fellow at the Irish Council for Civil Liberties and Senior Fellow at the Open Markets Institute. He is focused on surveillance, data rights, competition/anti-trust, and privacy. Open Markets called him “a renowned global privacy expert”. Protocol named him “The thorn in Google’s side”. Tagesspiegel listed him as one of the digital people who shaped 2021. Die Zeit calls him “Google’s biggest headache”. He was awarded the EPIC International Champion of Privacy Award 2023. He currently has litigation and regulatory proceedings in several jurisdictions. Dr Johnny Ryan – Irish Council for Civil Liberties (iccl.ie) 

Balancing AI Innovation and Privacy

As AI becomes more integrated into our daily lives, it raises significant privacy concerns. This panel will specifically focus on the privacy and data risk aspects associated with human-computer interactions and technological advancements, including Large Language Models. Our conversation will comprehensively explore significant challenges, delving into the ethical aspects of data collection and the extensive ramifications of algorithmic decision-making. Additionally, we will discuss approaches for understanding and interpreting AI in organizations despite the potential risks involved. By addressing the current AI challenges and benefits, we aim to highlight the necessity for trustworthy AI. Join us for an engaging roundtable discussion exploring the complex relationship between privacy and AI in our increasingly interconnected world. We look forward to hearing audience perspectives as we explore this nuanced topic.

Christopher Lee – Principal Privacy Engineer, MITRE
Michael Curtin – Innovation Coordinator, UIUC
Ece Gumusel – Privacy Analyst, UIUC

Privacy Implications in the New World of AI

AI by way of ChatGPT and other Large Language Models have captured the attention of all of us over the past year or so. What are the important privacy considerations in this new landscape? What does AI governance actually mean? This discussion will focus on the unique privacy challenges presented by AI and how to best embrace this technology while implementing realistic guardrails.

Jay Averitt, Jay Averitt is currently a Senior Privacy Product Manager at Microsoft, where he manages Technical Privacy Reviews involving M365 CoPilot, GPT, and other LLM products. He was previously a Privacy Engineer at Twitter, where he managed technical privacy reviews across the platform. He has 10+ years of experience in privacy as both a privacy technologist and a privacy attorney. He graduated with a BS in Management Information Systems from Auburn University and a JD from the University of Alabama School of Law.

Saima Fancy is a passionate Privacy and Security Evangelist. Her professional background and work is cross-cutting across various disciplines ranging from Data Privacy and Security, Engineering, Health Law and Policy and AI privacy and ethics. She leverages her diverse experiences and perspectives and funnels them into her passion – the interdisciplinary field of Privacy Engineering.  Currently, Saima is a Senior Privacy Specialist at Ontario Health. Previous roles include: Privacy Engineer at Twitter and Senior Privacy Advisor at Telus Health.  During her free time, Saima volunteers as Faculty Council at the University of Toronto Faculty of Engineering, NIST Privacy Workforce Public Working Group (Risk Assessment), IAPP and mentors engineering students and those pivoting their careers to privacy and cybersecurity.  She presents at various IAPP, WiCYS and (ISC)2 events (amongst others).  Additionally, she guest lectures at the University of Toronto. 

Privacy From a Covered Entity’s Perspective

Understand the importance of maintaining privacy and confidentiality standards within a healthcare environment, the regulatory framework to which a covered entity must adhere, and common roadblocks experienced with sharing patient information.

Allison Slocum serves as the Vice President, Corporate Integrity Officer and Regulatory Counsel for Carle Health. She holds master’s degrees in health administration and geriatric health and is a graduate of the University of Illinois Law School, summa cum laude, practicing healthcare law. She regularly provides counsel to internal stakeholders focusing on privacy standards and the federal regulatory environment.   

Regulated Research and CUI at Illinois

Protecting Controlled Unclassified Information (CUI) is a critical concern for UIUC’s research community. Many of our researchers are already working on projects from Federal agencies with CUI requirements in data handling, access, and protection. We’ll discuss CUI at the University, its requirements for handling and protection, and our growing Regulated Research compliance program. We will discuss ongoing efforts, support, and what to expect in the future of CUI in research.

Josh Erenberg is the Regulated Research Program Manager within Technology Services. In this role, he enables Federally funded research projects on campus with Controlled Unclassified Information through technology and consultation, as well as expanding the University’s capabilities to conduct this research. In coordination with the Research Administration community, Josh is developing the systems, processes, and support structures to facilitate regulated research from proposal to disposal.

Students In the Data: Learning Analytics and Privacy   

As higher education institutions and vendors pursue ever increasing data gathering on students through electronic and physical spaces, they must also address the significant risks for privacy breaches and other significant questions about data capture and use. How do we understand where students’ data actually goes and by whom it is used? Which students’ risk being most impacted by this data collection? Does the data gathering actually assist current students? In this presentation, Abigail Goben will review findings from a multi-year investigation into student perceptions of privacy and discuss considerations and obligations of institutions and students to understand and advocate for privacy-respecting practices.

Abigail Goben, MLS, is an Associate Professor and Data Management Librarian at the University of Illinois Chicago, where she additionally serves as the Data Policy Advisor in the Office of the Vice Chancellor for Research. She was a co-investigator for the IMLS funded DataDoubles project, a US-based study examining undergraduate student perceptions of student privacy and library participation in learning analytics. Her current research projects include the #WomenLaborCOVID project, which examines the impact of the pandemic on women in the workforce; identifying accessibility needs for data set reuse and preservation; and a ten-year retrospective of data librarian job ads.

Riding Safely in the Data Lane: Uber’s Privacy Compliance and App Features

Join us for an insightful panel discussion with two leading experts from Uber as they delve into the world of privacy compliance and the innovative privacy features integrated into the Uber app. Discover how Uber is committed to safeguarding your data while providing a seamless and secure experience. Learn about the latest advancements in technology and Uber’s dedication to protecting your personal information.  

Ruby Zefo serves as Uber’s first Chief Privacy Officer and Associate General Counsel, Privacy & Cybersecurity. Her team’s mission is to drive Uber’s efforts to be a trusted steward of users’ personal data in every market where Uber operates. Her role includes leading the global privacy & cybersecurity legal team and co-chairing Uber’s AI Law & Ethics Council. Her favorite Uber value is Build with Heart. Prior to joining Uber, Zefo was a Vice President at Intel Corporation where she served as Chief Privacy & Security Counsel, Group Counsel for the Artificial Intelligence Products Group, Group Counsel for Intel Security/McAfee, Legal Director for Corporate Affairs, and Legal Director of Trademarks & Brands. Her career history also includes in-house attorney roles at Sun Microsystems and litigation associate at Fenwick & West. Zefo serves on the advisory boards of TruU and Relativity, and she has served on the boards of directors of the International Trademark Association, National Cybersecurity Alliance, and International Association of Privacy Professionals.  In 2017, Ruby was named one of Forbes’ 40 Women to Watch Over 40.  She holds a B.S. in business administration with highest honors from the University of California at Berkeley, and a J.D. from Stanford Law School. 

Zach Singleton, Senior Product Manager, Marketplace Trust & Privacy Engineering, Uber. As Director of Product Management for Uber’s Privacy, Equity and Safety Product Teams, Zach Singleton is responsible for the company’s Privacy Center, Recording Products, Accessibility, Tech enabling users to identify as they choose on the platform, and the myriad of work surrounding it, such as feature prioritization, testing, and experimentation. He is also the creator of Uber’s Product Equity Team and the creator of the company’s Uber Career Prep program. Zach is someone that has tech at his core. He holds a Bachelor’s degree in Economics from UC Berkeley and an MBA from Stanford University. He started his career as a Consultant in Technology Strategy at Deloitte. He then worked on the Trust & Safety Strategy Team at Google before joining Uber as a Product Manager where he has remained for the past 7 years.

Big 10 Academic Alliance Privacy Panel

Privacy professionals from around the Big 10 will discuss our various privacy programs and how we implement privacy principles at our universities. We’ll touch on our available resources and strategies we have used for expanding a culture of privacy awareness, plus where we’re all headed. Audience participation is encouraged.

Jennifer Elliott, Senior Privacy Officer, The Ohio State University
Joseph Gridley, Chief Data Privacy Officer, University of Maryland
Lauren Popp, Chief Health Information Privacy Compliance Officer, University of Minnesota
Phil Reiter, Associate Director, Privacy, University of Illinois, Urbana-Champaign

Privacy Engineering as a Profession: Challenges and Common Misconceptions

Privacy Engineering is an emerging field that is gaining traction as compliance mandates become more complex and require technical expertise. The definition of what constitutes privacy engineering remains fluid and depends on how privacy is perceived in each organization. This panel will discuss the need to define privacy engineering as a profession, common misconceptions about skill requirements and hiring, and the way forward to better understand this dynamic discipline.

Shea Swauger, Future of Privacy Forum (Moderator) is a Senior Researcher at FPF focusing on data sharing and data ethics. Hailing from academic librarianship, he holds a Master’s of Library and Information Science and is about halfway into a PhD in Education and Critical Studies. His main areas of work and research involve privacy, ethics, and technology. 

Daniel Smullen, Amazon As a proud alumnus of Carnegie Mellon University Cylab, Dr. Daniel Smullen had the distinction of working with the founders of the inaugural and only Privacy Engineering academic program during his doctoral and postdoctoral studies. His unique academic training and extensive R&D career have culminated in numerous patents and a substantial publication record in top-tier journals spanning privacy engineering, privacy enhancing technologies, machine learning, artificial intelligence, natural language processing, and human-computer interaction. Daniel has had the privilege of partnering with policymakers, regulators, government and military sponsors, and industry leaders, solidifying his expertise and impact within these critical domains. Daniel is currently an applied scientist at Amazon Lab126, working on complex problems within Alexa Sensitive Content Intelligence.

Liam Christopher Webster, University of California, Berkeley Liam Webster is a Researcher at the International Computer Science Institute, where he has worked on projects exploring the data practices of mobile applications. His industry-focused work at App Census, combined with his academic endeavors, has fostered a keen interest in Privacy Engineering. Liam recently graduated from the University of California, Berkeley with a B.S. in Electrical Engineering and Computer Science. At Berkeley, he was involved in the Usable and Experimental Security Laboratory and also took part in student teaching. Liam’s emerging career is driven by a commitment to advancing the field of privacy
engineering.

Nandita Rao Narla is the Head of Technical Privacy and Governance at DoorDash. Previously, she was a founding team member of a data profiling startup and held various leadership roles at EY, where she helped Fortune 500 companies build and mature privacy, cybersecurity, and data governance programs. Beyond checkbox compliance programs, Nandita is interested in developing products that respect user privacy and build trust. She is a Senior Fellow at Future of Privacy Forum and serves on the Advisory Boards and technical standards committees for IAPP, Ethical Tech Project, X Reality Safety Initiative, Institute of Operational Privacy Design, and NIST.

Nikita Samarin, University of California, Berkeley, is pursuing a Ph.D. in Computer Science at UC Berkeley, Nikita Samarin researches the role of software engineering in privacy compliance. His record includes publications and papers on topics spanning privacy engineering, authentication, and secure machine learning. A research assistant at the International Computer Science Institute (ICSI) and Center for Long-Term Cybersecurity (CLTC), he is also a former Data Science Fellow at UC Berkeley and an RSAC Security Scholar. His previous experiences include research roles at EPFL and UCI, and teaching at the University of Edinburgh, where he earned his BSc with Honors in Computer Science. 

Information presented in these sessions reflects the views of the presenter/s and are not necessarily those of the University of Illinois, or its colleges, units or employees. The University of Illinois does not endorse and is not affiliated with the individual speakers or their companies or institutions.