Higher Education Privacy Conference 2013

HEPC Logo PNG 01

2nd Annual     •    2013

The second annual Higher Education Privacy Conference (HEPC) will be held on Friday, May 10, 2013 at the George Washington University Law School in Washington, DC.

This one-day event focuses on privacy and information management in higher education. The event consists of a combination of speakers and smaller breakout discussion groups to foster interactivity and engagement. Participants have a wide array of backgrounds, from higher education information officers, security officers, privacy officers, compliance officials, and general counsel. Also attending are key individuals from industry, law firms, associations, and government regulators.

This event is invitation-only, but we welcome your reaching out to us if we haven’t invited you. If you have relevant background and experience, we’d be delighted to include you. If there are people at your institution – or elsewhere – that you think we ought to invite, please feel free to suggest their names to us.


1st Annual HEPC 2012


Friday, May 10, 2013 from 8 AM to 6 PM

George Washington University Law School
2000 H Street, NW
Washington, DC 20052


Daniel J. Solove
John Marshall Harlan Research Professor of Law, George Washington University
Senior Policy Advisor, Hogan Lovells
Founder, TeachPrivacy

Tracy Mitrano
Director of IT Policy and Institute for Computer Policy and Law. Cornell University


8:00 AM – 8:30 AMBreakfastSCC
8:30 AM – 9:00 AMIntroductory Remarks by Daniel Solove and Tracy MitranoSCC
9:00 AM – 10:45 AM

Panel, What Higher Education Can Learn About Privacy Programs from the Government and For-Profit Sector

  • Susan Blair, Chief Privacy Officer, University of Florida
  • Dennis Devlin, Assistant Vice President, Information Security & Compliance Services, George Washington University
  • Steve Mutkoski, Microsoft
  • Lisa Sotto, Hunton & Williams
  • Kathleen Styles, Chief Privacy Officer, U.S. Department of Education
  • Chris Wolf, Director, Privacy & Information Management Practice Group, Hogan & Lovells
10:45 AM – 11:15 AMBreakSCC
11:15 AM – 12:30 PM

Discussion Session 1:

Building a Bridge Between Privacy and Security

While privacy practices and programs have gained some recognition in higher education over the last couple of years, higher education still lags significantly behind government and for-profit industries as technical security has continued to have more sway.  How can privacy professionals bridge the programmatic gaps between “privacy” and “security?”  How do both privacy and security professionals help train and educate the campus community about these important areas of compliance, technology and business practice?


  • Jane Rosenthal, Director of Privacy Office, University of Kansas
  • Marcos Vieyra, Chief Information Security Officer, University of South Carolina

Group A – Stuart 402

Group B – Stuart 403

12:30 PM – 1:30 PMLunchSCC
1:30 PM – 2:00 PM

Special Presentation by Alan Fishel, Arendt Fox, On Negotiating Cloud Contracts

2:00 PM – 3:15PM

Discussion Session 2:

Moving Up to the Cloud

What should one require in contracts with cloud service providers?  What are the most important concrete measures that should be taken to ensure adequate privacy/security protections in these business negotiations and contract formation with cloud providers?


  • Sarah Morrow, Chief Privacy Officer, Penn State University
  • Madelyn Wessel, Associate University Counsel, University of Virginia

Group A – Stuart 402

Group B – Stuart 403

3:15 PM – 3:30 PMBreak 
3:30 PM – 4:45 PM

Discussion Session 3:

Implementing New Technologies

In the last generation, the term “information technology” had an emphasis on technology.  Increasingly, institutions are turning their attention to the “information” aspect of that term.  In this session we will discuss different strategies and approaches that institutions are taking to address how to do information management with the plethora of technologies used by staff, students and faculty.  In particular we will look at how to navigate vetting new technologies with information stewards; how to instruct faculty on appropriate use of institutional information for teaching, learning and research; and how to increase student awareness of what an online presence means both academically and in contemplation of personal and professional futures.


  • Rodney Petersen, Senior Government Relations Office, EDUCAUSE
  • David Sherry, Chief Information Security Officer, Brown University

Group A – Stuart 402

Group B – Stuart 403

4:45 PM – 6:00 PMReceptionSCC


Thank you to our sponsors, who have made this conference possible.

Logo TeachPrivacy PNG

Microsoft Logo

SafeGov Logo


Cornell Logo

GW IT Logo