Belvue Museum, Place des Palais 7

Organised by The Providence Group, Reed Smith LLP and the AEGIS Project, a Horizon 2020 project accelerating EU-US cooperation in privacy and cybersecurity.


  • Travis Hall, Telecommunications Policy Specialist, Office of Policy Analysis and Development (OPAD), US Department of Commerce, National Telecommunications and Information Administration (NTIA)
  • Rogier Holla, Deputy Head, CERT-EU, Computer Emergency Response Team, EU institutions, bodies and agencies
  • Naomi Lefkovitz, Senior Privacy Policy Advisor, Information Technology Lab at the National Institute of Standards and Technology, U.S. Department of Commerce.
  • Caitlin Hennesey, Privacy Shield Team Lead, US Department of Commerce, International Trade Administration (ITA) 
  • Dan Caprio, moderator, Co-Founder, Chairman, The Providence Group
  • Gerry Stegmaier Partner, Reed Smith, LLP 
  • Fabio Martinelli Ph.D., Senior researcher, Istituto di Informatica e Telematica,
  • Jonathan Litchman, Co-Founder, CEO, The Providence Group  

Global privacy regulators and privacy professionals must begin to take a strategic view of privacy risk management by challenging the assumptions that have been made about the type of risk they are trying to manage and the thinking that went into conceptualizing the manifestation, likelihood, and impact of the risk.

The European General Data Protection Regulation (GDPR) is an excellent example of the confusion between managing privacy compliance risk and privacy risk management. GDPR is often described as a risk-based approach to data protection, but it is more of a road map for risk-based compliance leveraging the language of risk management. This is a distinction with a difference, especially when it comes to thinking about future privacy risks and steps needed to frame and mitigate these risks.
Privacy risk, given its relationship to cybersecurity risk, is an enterprise risk, requiring active participation of senior executives across the entire business.

Anticipating future privacy risk is about more than making specific predictions about the future. It involves using analytical tools, such as wargames, scenario analysis, and counterfactual narratives to understand the range of potential risks. Only when the risk landscape is rigorously understood can senior executives make the appropriate risk-based decisions.

The panel has been organized by The Providence Group, a cybersecurity consulting and risk management firm in Washington, D.C, and the AEGIS Project, a Horizon 2020 project that aims to accelerate EU-U.S. cooperation in cybersecurity and privacy.