Privacy, Security & Records Management Conference
October 26th - 27th, 2015 | Delta Bow Valley, Calgary, AB
2015 PIPA Connections Conference Agenda
Monday October 26th 2015
|8:15 am - 8:45 am|
|9:00 am - 12:00 pm|
W1 : PIPA Boot Camp Show Details
PIPA Boot Camp
PIPA Boot Camp is an intensive half-day workshop that serves as basic training in Alberta's Personal Information Protection Act, including roles and responsibilities, collection, use, disclosure, protection and security. Whether you are new to PIPA or feel you need a refresher, you will leave this highly interactive session with greater understanding, tips and tools to help navigate through Alberta's PIPA legislation in your day-to-day business.
Privacy and Information Management Consultant,
Joan Dunlop worked for several years as an analyst and resource administering the Alberta Freedom of Information and Protection of Privacy (FOIPP) Act. Joan is skilled at clarifying obligations of organizations and individuals regarding the care and control of personal information as well as balancing the need for protection with the need for transparency and access. Joan’s consulting work involves Privacy Gaps Assessments, Privacy Impact Assessments and Privacy and Security Investigations, as well as designing and delivering privacy and records management training in the public and private sector in several provinces and the Yukon. Joan is always delighted to return home to Saskatchewan to catch up on the access and privacy scene in Saskatchewan and go shopping at the Rider Store.
W2 : Illustrating the connections between Privacy and Records Management Show Details
Illustrating the connections between Privacy and Records Management
The typical organization has it's share of challenges, from privacy breaches to knowledge loss, but most of these problems can be traced back to how we handle the information assets their knowledge workers create. To address this root cause it has become necessary to look at all aspects of how we handle information as a whole; from privacy and access to recordkeeping and information technology. This workshop will give an overview of information governance, as a discipline and how it relates to privacy and access management. We will also look at specific examples of how privacy relates to the various aspects of information governance and how current privacy and access methods can be integrated into every facet of information governance.
President, ARMA Edmonton &,
Manager, Water Knowledge Management Office, EPCOR Utilities Inc.
Graduating with a degree in Information Systems Management from the University of Maryland, John has spent the past seven years working in the records and information management field. His current role involves managing both information and knowledge functions for EPCOR Water Services Incorporated, including providing advice on privacy and information security issues. In the past John has provided support to multiple public sector organizations, assisting in privacy related issues such as Access to Information requests, document security classification, and other records and privacy activities. John is also the current President of the ARMA International Edmonton chapter.
W3 : Information Security Management Frameworks when you don't have Security Professionals on staff! Show Details
Information Security Management Frameworks when you don't have Security Professionals on staff!
Building a security program can seem like an overwhelming task if you are just starting out, or if you are new to the managing a security program that is already established. What are the key components of a security program, and where do you start building or improving?
Ideal for smaller organizations, or organizations without an established Information Security Program, this workshop will highlight concepts patterned on a well- known maturity model and apply these concepts to a common security framework. This session will lead participants through:
Participants will leave this session with an understanding of how to build the roadmap and an early draft of their own documented roadmap, tailored for their environment.
Currently working with ATB Financial, Brad 'RenderMan' Haines is also the author of several security books, most recently '7 Deadliest wireless technologies attacks' from Syngress. He is one of the more visible and vocal members of the wardriving community, appearing in various media outlets and speaking at conferences several times a year. Render is usually nearby on any wardriving and wireless security news, often causing it himself. His skills have been learned in the trenches working for various IT companies as well as his involvement through the years with the hacking community. A firm believer in the hacker ethos and promoting responsible hacking and sharing of ideas, he wrote the 'Stumbler ethic' for beginning wardrivers and greatly enjoys speaking at corporate conferences to dissuade the negative image of hackers and wardrivers and to educate the public.
|12:00 pm - 12:30 pm|
Boxed Lunch for Workshop Participants
Boxed Lunch for Workshop Participants
|12:45 pm - 1:00 pm|
Opening Remarks with Service Alberta - Assistant Deputy Minister, Cathryn Landreth
Opening Remarks with Service Alberta - Assistant Deputy Minister, Cathryn Landreth
We are pleased to welcome Service Alberta, Assistant Deputy Minister Cathryn Landreth, to provide welcoming remarks and open the conference.
ADM, Open Government,
Government of Alberta
Cathryn leads Service Alberta's Open Government Division, which provides services in the areas of: the Open Government Program, Information Management Policy for GoA, administration of privacy legislation, and the Vital Statistics, Corporate and Personal Property Registries.
Cathryn has served as an ADM for approximately 11 years, during which time she has lead and managed major change initiatives in several large divisions. She also served on the executive team for the Premier's Council for Economic Strategy. During her 31-year career in the GoA, Cathryn has had the opportunity to establish, lead, or support numerous cross government committees, councils or teams.
Cathryn brings with her a broad strategic view coupled with convergent thinking, significant capacity in relationship building across the Government of Alberta, with key external stakeholders and with other jurisdictions. Cathryn demonstrates a dedicated service focus to Albertans and to government, and significant experience in leading and influencing cross-government teams, in significant initiatives for corporate improvement.
|1:00 pm - 2:00 pm|
Deconstructing Privacy Show Details Salon Ballroom
Former Information and Privacy Commissioner, Student, Speaker, Mentor
Do privacy laws serve any purpose now? Most of what one reads about privacy is really about data security (ie breaches), which is arguably a privacy issue, but is it? Security does not really raise issues of collection, use or disclosure per se. Of course if you don't collect it, it isn't a risk. But it seems there are no limits on collecting, using and disclosing.
This interesting and interactive contemplation will take a look at the current state of our country's laws and where they are potentially headed.
Former Information and Privacy Commissioner,
Student, Speaker, Mentor
Alberta's second Information and Privacy Commissioner appointed in 2002. Since retired from public service, Mr. Work was born in Calgary, received his Bachelors Degree in Political Science and Masters Degree in Environmental Design from the University of Calgary and obtained a law degree in 1981 from McGill University. He practiced corporate commercial law in Calgary, worked for the Attorney General of Bermuda, and was seconded to the United Nations Environmental Program. After returning to Canada in 1987, Mr. Work took a contract position with the World Bank and was assigned to the country of Mauritius. From 1991 to 1996 Mr. Work worked as Parliamentary Counsel to the Legislative Assembly of Alberta, and General Counsel to the Ethics Commissioner of Alberta. In 1996 Mr. Work began his career at the Office of the Information and Privacy Commissioner as General Counsel and Assistant Commissioner. Mr. Work was appointed to a five-year term as Information and Privacy Commissioner in May 2002.
|2:05 pm - 3:05 pm|
1A : Legislative Labyrinth Show Details Conservatory
This practical session will help you navigate the privacy law framework in Alberta and understand how the public and private sector privacy legislation work together. Learn how the privacy principles underlying PIPA, PIPEDA, FOIP, HIA and the new Digital Privacy Act provide a foundation for understanding and applying these various legislative frameworks to your business. Hear about both the similarities and the important distinctions that you need to know in making good decisions about personal information, personal health information and health information, and about the other laws that can affect the decisions you make. A brief overview of data security will also be discussed.
Partner & Chair of the National Technology Transactions Law Group. ,
Tom is a partner and chair of the National Technology Transactions Law Group. His practice focuses extensively on technology, intellectual property, privacy and related commercial legal issues for clients in the energy, financial institution, health, forestry, information technology and telecommunications industry sectors. Tom has significant experience negotiating complex systems integration, software development, collaboration, research and development, joint venture, distribution, OEM, alliance, reseller and technology transfer agreements. His experience extends to leading or advising on merger and acquisition transactions involving technology, IP and commercial legal issues. In addition to technology and other industry sector clients that Tom has represented at Dentons, he has extensive legal and business experience in the software and telecommunications businesses. Tom’s unique combination of business and legal experience allows him to provide practical, business-focused legal advice to his clients.
1B : Recent Cases Show Details Salon A
Cara-Lynn will serve up an interesting "Charcuterie Plate" or a sampling of recent PIPA Orders out of Alberta. An overview of recent cases of interest from Alberta or other jurisdictions will be touched on as they relate to private sector privacy and access issues.
Director - Mediation and Investigation,
Office of the Information and Privacy Commissioner of Alberta
Cara left her civil litigation practice to begin her career in privacy and access joining the Calgary Police Service in 1997 as FOIP Coordinator. At the Calgary Police Service, she was responsible for the implementation and administration of the FOIP section. Since leaving the CPS in 2003, she has acted as a consultant to both private and public sector parties on a variety of issues dealing with policy development, legal counsel or as a privacy officer. She was one of the founding members of the Canadian Bar Association, Privacy and Access Law Subsection for Southern Alberta, worked with Service Alberta in the creation of an information bulletin and forms with respect to law enforcement and FOIP, and was involved with teaching and curriculum development for the University of Alberta, Faculty of Extension, Information Access and Protection of Privacy Certificate Program (IAPP). She joined the Office of the Alberta Information and Privacy Commissioner (OIPC) as a Portfolio Officer in 2011. In January 2014, Cara joined the senior leadership team at the OIPC as the Director, Mediation and Investigation.
1C : The Seven Deadly Sins of Privacy Non-Compliance: Tips for Small and Medium-Sized Businesses Show Details Salon C
The Seven Deadly Sins of Privacy Non-Compliance: Tips for Small and Medium-Sized Businesses
What do the seven deadly sins have to do with privacy compliance? We’ll use these cardinal sins to demonstrate some of the steps to take to avoid privacy pitfalls.
This presentation will cover current privacy and data protection issues of interest, including how businesses can avoid these sins. For instance, we will give examples such as how
lead to over-sized problems which distract attention, resources, and operations away from core business activities.
Partner - Edmonton Office,
Anne Côté is a partner in the Edmonton office of Field LLP and is Chair of the firm's Privacy Group. She maintains a practice primarily in privacy law, labour and employment law, and administrative law. Anne represents clients in inquiries before the Alberta Information and Privacy Commissioner, in professional regulatory and administrative matters, and has appeared before all levels of courts in Alberta and at the Supreme Court of Canada. Anne provides ongoing advice to a range of clients to guide them through the complex landscape of privacy policies, employment policies, outsourcing agreements, legislative compliance, and records management issues. She is also co-Chair of the Canadian Bar Association's Northern Alberta Privacy Law Section.
Partner - Edmonton Office,
Melissa Timbres is a partner in the Edmonton office of Field LLP and is a member of the firm’s corporate commercial and privacy groups. She provides advice to private and public sector clients and organizations regarding policy development, commercial agreements, and other privacy compliance issues.
|3:05 pm - 3:25 pm|
Networking & Refreshment Break
Networking & Refreshment Break
|3:25 pm - 4:25 pm|
2A : Set yourself apart by pro-actively managing privacy obligations and risks Show Details Salon A
Set yourself apart by pro-actively managing privacy obligations and risks
In this interactive session, nationally-recognized compliance experts will share current best practices for a pro-active approach to managing privacy in organizations large and small. Privacy commissioners expect organizations to have robust management frameworks in place. Key risks will be used to illustrate how privacy management frameworks will help you meet Commissioner, and public, expectations through a comprehensive information-governance approach. You will also learn how compliance attestations can help you comply and to ensure that when you outsource services you are dealing with the right people.
KPMG - Risk Consulting, IT Adisory Practice
Ivan Alcoforado is a Senior Manager in KPMG’s Risk Consulting – IT Advisory practice with 18 years of experience helping design and deliver projects for large clients in Information Risk, Security & Privacy, IT Governance, Risk & Compliance, Identity and Access Management, IT Service Management, Business Continuity and Program & Project Management. During his career, Ivan serviced organizations in Financial Services, Public Sector, Energy & Utilities, Oil & Gas, Consumer Goods and Telecommunications segments. He has a degree in Industrial Engineering, a post-graduate Executive MBA, is a Project Management Professional (PMP) and a Certified Information Systems Security Professional (CISSP). Ivan has been a frequent presenter and writer on a variety of security and privacy topics like: - IT Audit Master Class – Emerging technologies, IT audit management and organization protection - Leveraging Industry Standards to Address Industrial Cybersecurity Risk - Emerging Challenges & Solutions for Data Privacy and Control - 20 Questions You Should Answer About Your Cyber Security Readiness - Protecting Information Assets with a well defined Security Strategy - The Dos and Don’ts of Service Organization Control Audits over Privacy, Security and Confidentiality
Privacy Consultant, and former Information and Privacy Commissioner for BC and Deputy Attorney General of BC,
David was British Columbia's Information and Privacy Commissioner from 1999 to 2010, Registrar of Lobbyists from 2003 to 2010, and Deputy Attorney General of British Columbia from 2010 to 2012. His involvement in privacy, access to information and open government policy and practice began 25 years ago. He acted as legal counsel to many businesses, local governments, school boards, not-for-profits and other clients over the years. As Information and Privacy Commissioner, David issued numerous appeal decisions, investigation reports, policy papers and resources for private and public sector organizations. He has been a well-known speaker over the years at conferences in Canada and internationally on a wide range of privacy and access to information topics. David participated actively in negotiation and implementation of the APEC Privacy Framework from 2004 to 2009. He has been a member of numerous advisory committees and working groups over the years, both at home and abroad.
2B : Cybersecurity: Strategies to Minimize Risks Show Details Salon C
Cybersecurity: Strategies to Minimize Risks
We will discuss strategies to minimize risk and manage consequences related to data breach. Where there is data, there is the potential for data loss. How an organization prepares for and manages a data breach will have a measurable impact on the outcome. A data breach that could potentially cost millions of dollars and shatter an organization’s reputation can, if handled effectively, be brought under control and have a significantly reduced impact.
Roland Hung is an associate in our Litigation Group in Calgary. Mr. Hung has appeared in Provincial Court and the Court of Queen's Bench, and has both chambers and trial experience. He also has experience representing parties before administrative boards, mediations (including mediation before the Federal Court), and arbitration hearings. He has represented clients in disputes concerning commercial contracts, director liability, departing fiduciary obligations, product liability and a variety of other matters concerning complex commercial transactions. In addition to his litigation experience, Mr. Hung has experience advising businesses on various issues ranging from regulatory compliance to privacy matters. With respect to privacy matters, Mr. Hung has assisted major Canadian and international public and private sector clients to meet or exceed industry standards and government requirements. The clients that Mr. Hung has assisted include financial institutions, manufacturing, pharmaceutical companies, information technology providers, municipalities, educational and medical institutions and not-for-profit organizations. Mr. Hung assisted these clients in assessing their privacy policies, practices, and programs to ensure compliance. In addition, Mr. Hung has advised and represented clients in matters regarding privacy requests, complaints, cross-border transactions, privacy audits, breach notification and court actions for damages. Prior to joining the Firm, Mr. Hung had the opportunity to work in-house as at a large multinational pipeline and oil and gas company. He also worked as a business consultant where he developed business plans, and managed the sale and development of several Web-based companies. He brings the benefits of these experiences to his client work when finding practical business solutions. Mr. Hung received his B.Sc. in 2004 and B.Comm (Hons.) First Class in 2006 from the University of Alberta, and his LLB in 2009 from the University of Calgary. He was called to the Alberta bar in 2010. Roland is fluent in English and Chinese. Mr. Hung is currently the Chair of the Privacy and Access Section of the Canadian Bar Association in Alberta. Mr. Hung has spoken at the Lexpert Social Media Law Conference, the Federated Press Cloud Computing Conference, the Canadian Bar Association, the University of Calgary Law School, and the Data Marketing Conference in Toronto. He has also been involved with presentations made at the American Bar Association Annual Conference and was a guest lecturer at the University of Calgary Law School.
2C : “Real Life” and PIPA’s Rules for Personal Employee Information Show Details Conservatory
“Real Life” and PIPA’s Rules for Personal Employee Information
From conducting background checks to health information to surveillance to discipline, this session will cover the legislative basics in this area, while discussing the various best practices and resources available to employers.
Manager FOIP/PIPA Service - Information Access and Protection,
Joanne Gardiner is the Manager of FOIP Services in Information Access and Protection, Service Alberta, and manages the Corporate access and privacy program for the Government of Alberta. This includes the Personal Information Protection Act (PIPA) in addition to the Freedom of Information and Protection of Privacy (FOIP) Act. Joanne is currently in the role of FOIP Coordinator for Service Alberta and led the onboarding of three other Government Departments in a common and integrated service provision model: Agriculture and Forestry, Culture and Tourism, and Seniors. These Departments have a new manager and FOIP Coordinator, freeing Joanne up to focus on the Corporate program.
Joanne’s educational background is in Environmental Sciences and Computer Science and yet she ended up as a public servant for 15 years, working for some of that time with access and privacy legislation and policy in both British Columbia and Alberta. Joanne has spent a substantial amount of time presenting and talking about access and privacy principles and led facilitation of the FOIP Act Review consultation on the road in 2013. In addition to many Corporate initiatives and responsibilities, a review of PIPA by Special Committee has also begun.
Mathews, Dinsdale & Clark LLP
Loretta is a partner in our Employment, Labour, Privacy, Occupational Health and Safety (OHS) and Workers' Compensation practices. Prior to joining the Firm, Loretta worked at National law firms in addition to working in-house as the Manager of Legal Services and Corporate Policy with a municipality on a broad range of issues. She brings the benefits of this experience to her clients when working with them to both resolve disputes and in proactive strategic planning and risk management initiatives.
Loretta has defended employers and prime contractors in regulatory proceedings and appeared before all levels of Court in Alberta in addition to the Labour Relations Board. She is effective advising on national, provincial and federal OHS programs. Loretta has her H2S Alive and WHMIS training (valid until 2014), which enables her to rapidly access sour gas and other oil and gas facilities and has been listed as a leading occupational health and safety practitioner in the Canadian Legal Lexpert Directory. She frequently speaks at professional conferences and in house training sessions and has been published in national publications such as Canadian Occupational Safety.
|4:30 pm - 6:30 pm|
Tuesday October 27th 2015
|8:45 am - 9:00 am|
Welcome Back! Show Details
|9:00 am - 9:50 am|
Jill Clayton - Information and Privacy Commissioner of Alberta Show Details Salon Ballroom
Jill Clayton - Information and Privacy Commissioner of Alberta
|9:50 am - 10:40 am|
Hidden Risks of Biometric Identifiers and How to Avoid Them Show Details Salon Ballroom
Professor, University of Calgary
Hidden Risks of Biometric Identifiers and How to Avoid Them
Technology that identifies you by something you are is showing up in e-passports, laptop login screens, smart firearms and even consumer products, like the iPhone. Current generation systems generally use static biometric features, such as fingerprints, iris scans and facial recognition, either measured directly or mediated through a device, such as a smartphone. We are on the cusp of a revolution that will usher in dynamic (e.g. gestural, heart rhythm, gait analysis) and chemical (e.g. DNA, body odor, perspiration) biometrics. There will also be hybrid technologies, such as the Nokias vibrating magnetic ink tattoos (US Patent 8, 766, 784) and the password pill from Proteus Digital Health. Biometrics will also play an increasingly significant role as one of the factors in multi-factor authentication. The author created one of the first typing rhythm recognition algorithms and one of the earliest DNA sequencing machines in the 1980s and has a long term perspective on this subject. Like all new technologies, advances in biometrics will bring new advantages and also new risks. This presentation surveys cutting edge biometric technologies and provides a framework for evaluating them from the perspectives of security, reliability, privacy, potential for abuse and perceived creepiness. Learn what is coming down the biometrics road now, so you'll be ready to intelligently choose and implement these technologies as they come on the market in the near future.
University of Calgary
As a member of the Government of Canada's Blue Ribbon Panel on Smart Communities, I was exposed to how the "best and brightest" thinkers were shaping the use of technology to improve our individual and collective lives. That program granted $60M to twelve projects across Canada, some of which have become icons for the intelligent application of technological tools. I continue as an active participant in the activities of the New York City-based Intelligent Community Forum, helping to adjudicate the Smart Community of the Year competition, and also write and consult in this area. A lifelong interest in information security has resulted in my teaching Canada's first course in Computer Security (in 1974!) as well as the creation of a CBC Ideas series called Crimes of the Future which predicted future problems such as identity theft and biocrimes such as "organlegging." This program won the Canadian Science Writers Award in 1984. I do regular technical and non-technical analysis in this field and have collaborated with law enforcement, law firms, individuals and corporations on urgent issues such as identity theft, cyberstalking, information warfare and privacy issues. I was qualified as an expert witness in 2004 in "computer forensics and the workings of the Internet" by the Court of Queen's Bench of Alberta. I also spent some fascinating time with Canadian Forces Bravo Company in Afghanistan. In addition to scholarly publications and conferences, I am a regular columnist for the Calgary Herald and other Canwest newspapers, as well as the Business Edge News Magazine, where I serve as National Technology Correspondent. I appear regularly on radio and television discussing high tech issues, and serve on boards including the Information Technology Council of Canada, the Rotary Club of Calgary, and the Canadian Voice Care Foundation. My current research focuses on the positive and negative effects of technology adoption both in the developed and developing worlds, and how technology can be a driver for economic and social development. I have developed the concepts of "Internet Persistence" and "Silent Information" in recent book chapters, and continue to work to help us define the ever-changing line between the useful sharing of information and the (sometimes unforeseen and self-inflicted) invasion of our privacy.
|10:40 am - 11:00 am|
Networking & Refreshment Break
Networking & Refreshment Break
|11:00 am - 12:00 pm|
3A : The Security of Things (The Internet of Things) Show Details Salon A
The Security of Things (The Internet of Things)
Imagine a network of ordinary, physical objects network-enabled that have the capacity to observe and collect information about their environments and then share that data with each other or any other device/person connected to the Internet. Essentially, we are moving into an era that it isn’t just computers that are connected to the Internet. Household appliances, security systems, home heating and lighting, and even cars are all becoming Internet-enabled devices. These devices can help us on our daily basis activities, but also becoming the focus of security threats. Nobody expects a baby monitor being used to spy on us, our television profiling our habits or even our car being hacked by malicious attackers. In this session we are going to talk about the growing number of Internet-enabled devices emerging in the market as well the potential risks of introducing them into our lives.
Solution Delivery Architect,
More than 15 years of experience in IT implementing and managing infrastructure and security solutions. Experience in designing and implementing secure solutions performing security reviews identifying negative performance trends and security vulnerabilities. Specialties: Network and Information Management, Operating Systems, IT Security Architecture, Risk Management, Cloud Computer Security, Business Intelligence, Business Process Mapping, Process Improvement, ServiceNow Architecture. Experience developing and delivering awareness and teaching material in network, network security and operational systems areas. • Solution Delivery Architect – IT Security / ITSM at Nexen Energy • IT Security Instructor at SAIT
3B : Privacy and Governance in Condo Boards and Housing Associations Show Details Salon C
Privacy and Governance in Condo Boards and Housing Associations
Condominium boards present special challenges for managing effective privacy and governance: a mix of volunteer boards, contracted service providers and interested owners and tenants, all dealing with issues in the most intimate of spaces – your own home! Bringing together experts in Alberta’s Personal Information Protection Act and Condominium Property Acts, this panel discussion will deal with the key principles for ensuring appropriate balances are struck in governing a community of home owners. Starting with a brief summary of basic privacy and condo governance principles, you will then have the opportunity to ask questions of these experts.
Canadian Condominium Institute
Condo Community Expert: Stephen Cassady has lived in a condominium for the past 18 years. During those years he has been a condo tenant, owner and landlord. For Stephen, condominium provides the perfect housing environment for his need and expectations. Always one to participate in community, he’s been the president of a 107 unit complex, and a board member of a 205 unit complex. Eight years ago he joined the board of the Canadian Condominium Institute, where he has served 4 years as their South Alberta chapter president, and currently is a national director. In 2013, he received the organizations Distinguished Service Award for contribution to the condominium industry. With a background in software and database management for clients including the federal government, an Alberta municipality, medical and commercial businesses, Stephen launched the consulting company 247Condo in 2006. 247Condo provides condominium consulting to government and private companies, along with operating the condominium document management system CondoPapers, which is the largest document distributor for condominium documents in Alberta. Stephen has worked with Service Alberta on the rewrite of the Condominium Property Act, and has provided research papers on condominium loans and district energy opportunity within condominiums. For the past few years he’s also been a court appointed administrator for troubled condominiums. Stephen has presented seminars and workshops on condominium governance, performance and best practices in AB, SK, MB, ONT and NB. He has co-authored the condominium director’s course taught by the Canadian Condominium Institute in south Alberta.
Statute Administrator, Condominium Property Act,
Condominium Property Act Expert: Kelly Refah is a Statute Administrator with Service Alberta and a member of the project team overseeing the modernization of Alberta’s Condominium Property Act (CPA). In her role as Statute Administrator, Kelly provides information and advice to a wide range of stakeholders regarding regulatory requirements for developers, boards, and unit owners and general rules governing condominium corporations. For the past several years, Kelly her team have been actively working to enhance consumer protection and provide condominium corporations with the tools to govern more responsibly and efficiently. As a former condominium owner and board member, Kelly also has practical experience in the day-to-day issues affecting condominiums.
Christina Hopkins Crichton
Access and Privacy Advisor,
PIPA expert: Christina Hopkins Crichton is an Access and Privacy Advisor with experience in privacy legislation, business planning and performance measurement, and policy development. She is a graduate of the Information Access and Protection of Privacy certificate through the University of Alberta and holds a Masters of Science in International Politics from the University of Edinburgh. Starting her career in the financial services industry, Christina worked on anti-money laundering and terrorist financing policy and became interested in the balance of privacy rights with business and compliance needs while working on those issues. She has advised on compliance initiatives in the federal and Alberta governments and a crown corporation. In her current role in Service Alberta’s Information Access and Protection branch, she conducts Privacy Impact Assessments and provides privacy advice to the public, private and non-profit sectors, and was on the working group for the last amendment of the Personal Information Protection Act (PIPA). Christina is an owner, member and resident of a condominium community in Edmonton and a first-time landlord.
MODERATOR: Nicole McLellan Betker
Access and Privacy Advisor,
Nicole McLellan Betker is an Access and Privacy Advisor with Service Alberta and former president of a 152 condominium community; in which she owns a unit located in southeast Edmonton. Nicole is a recent graduate of the Information Access and Protection of Privacy certificate through the University of Alberta. She provides advice about public and private sector privacy legislation, stakeholder relations management, implementation of policy and procedures, and notification statements for the collection, use and disclosure of personal information. Becoming an access and privacy advisor was a career change for Nicole just over two years ago; however, she has over 15 years of professional experience including public speaking, policy development, and program implementation. Through the Canadian Condominium Institute (CCI), this past spring Nicole completed the Condominium Management 100 and 200 courses and attended the CCI annual conference held in Edmonton. Nicole enjoys working with the public to better educate about privacy and access to information rights; and about the realities of living in a condominium community.
3C : Bill S4 - Otherwise known as the Digital Privacy Act Show Details Conservatory
Bill S4 - Otherwise known as the Digital Privacy Act
Bill S-4, the Digital Privacy Act, came into force on June 18, 2015. The Government of Canada claims that it provides important improvements to Canada’s private sector privacy legislation, the Personal Information Protection and Electronic Documents Act (PIPEDA) and that it will ensure the safety and security of Canadians when they surf the web or shop online. Experts and critics, however, are concerned that it will open the floodgate to warrantless data-sharing and become an extensive threat to the privacy rights it apparently aims to preserve.
It is concerning that the new provisions allow the internet service providers (ISPs) to share customer subscriber information to any organization that is investigating an actual or anticipatory breach of federal or provincial law without any customer consent. These new guidelines are applicable even for a possible breach of contract, such as a copyright violation, or any illegal activity.
Without any court oversight, the broadly worded new amendments run contrary to the decisions of Canadian courts on privacy protection, which had previously established clear limits and oversight on basic subscriber information disclosures.
Evidently, Bill S-4 does not effectively balance the rights of Canadians for reasonable expectation of privacy and the public interest.
Researcher (Articling Student),
Alberta Civil Liberties Research Centre (ACLRC)
Hasna Shireen just completed her articling studentship at the Alberta Civil Liberties Research Centre (ACLRC) researching on access to information and is currently awaiting her call to the Bar. Prior to joining the ACLRC, she also worked as an articling student at Bennet Jones LLP and Calgary Legal Guidance (CLG). Previously, she was a research associate at the D-NET, Bangladesh (Associate of CARE, Canada) on a human rights project dedicated to empower the socially disadvantaged people, and a faculty of law at the Northern University Bangladesh. She holds an LL.M. (Master of Laws) in Energy, Natural Resources and Environmental Law from the University of Calgary.
|12:00 pm - 1:00 pm|
Buffet Lunch for all participants
Buffet Lunch for all participants
|1:00 pm - 2:00 pm|
4A : Information Governance Show Details Salon A
This session will demonstrate the scope and concept of information governance and its relationship to access, privacy, and records management while also providing some practical direction on developing and implementing information governance in your organization.
1. Current definitions about information governance and the convergence with privacy, security and emerging digital information ethical issues.
2. Developing function-based tools and policies to meet challenges for controlling, securing and monitoring information content, retention, use, disclosure, and access.
3. Identifying and resolving challenges of institutional skepticism, individualism, and resistance to change when implementing an information governance program.
Leading Cenera’s Privacy and Information Management practice, Rick has a passion for providing comprehensive and lasting solutions for his clients. He is trained as an archivist and bring over 25 years of professional information management experience to the table. With this background, Rick has developed a great understanding and respect for how information functions within organizations and society. Warm, fun and engaging, Rick is committed to making the high standards of his field work on the ground for clients. With keen insight in the field of privacy regulation, Rick is able to demonstrate complicated concepts to clients in ways that are easy for them to understand. Rick has completed numerous privacy gaps reviews and privacy impact assessments and has applied his knowledge to such areas as information security policies and procedures, information management programs, including policy/procedure frameworks, classification schemes, retention schedules and digital preservation. A first-generation immigrant and an avid soccer fan, Rick enthusiastically followed the successful run of the Dutch national squad in the most recent World Cup. For those of you who follow the English Premier League, he is a Tottenham Hotspur supporter.
4B : Update to Cloud Computing Case Law Show Details Salon C
Update to Cloud Computing Case Law
This presentation will review:
A specific focus of the presentation will be the use of cloud service providers in other countries and in particular the United States.
Head, Intellectual Property,
Bennett Jones LLP
Martin Kratz leads the intellectual property, anti-spam practice and co-leads the ecommerce practice for Bennett Jones. His practice is focused on intellectual property and technology law, including substantive IP and IP transactions, procurement, commercialization, strategy and opinions, anti-spam, data protection, privacy, ecommerce, strategic alliances, mergers, acquisitions and technology transfers among technology companies. His practice includes the software, telecommunications, electronic commerce, entertainment, energy and pharmaceutical industries.
Martin has written over 450 publications on various topics involving intellectual property, technology law or on related topics including the following recent books: Canadian Anti-Spam Law, 2014; Canadian Internet Law, 2013; Outsourcing (Canada) 2012; Licensing 2012; Electronic Commerce Law 2012; Canadian Intellectual Property Law, 2nd Ed., 2010.
Martin is national co-director of Osgoode Hall Law School's Intellectual Property LLM program and teaches in that program.
Martin is a Fellow of the Intellectual Property Institute of Canada, and of the Canadian Information Processing Society; and a member of: the ABA's Science & Technology, Patent, Copyright & Trademark, Sports & Entertainment and International Sections, and a member of the AIPLA.
4C : Is a Bring Your Own Device (BYOD) Program the Right Choice for Your Organization? Show Details Conservatory
Is a Bring Your Own Device (BYOD) Program the Right Choice for Your Organization?
BYOD is an arrangement whereby an organization authorizes its employees to use personal mobile devices, such as smartphones and tablets, for both personal and business purposes. There are a number of cost-benefit factors believed to be the driving factors for the adoption of BYOD programs including cost management, improve employees’ satisfaction and productivity. However, from a privacy and security standpoint, BYOD may stand for Bring Your Own Disaster and the adoption of BYOD may prove to more costly if not properly and securely implemented. The objective of this presentation is to assist an organization in making the right call when it comes to the adoption of BYOD. The presentation focuses on key privacy and security risks that should be considered when making decisions to adopt BYOD.
Nji L. Nji
Senior Information Privacy and Security Manager ,
Office of the information and Privacy Commissioner of Alberta
Nji (pronounced En-jee) is a Senior Information Privacy and Security Manager within the Compliance and Special Investigation team at the Office of the Information and Privacy Commissioner (OIPC). In addition to ensuring compliance with Alberta’s three privacy legislations (Health Information Act, Freedom of Information and Protection of Privacy Act and Personal Information Protection Act), I advise the Privacy Commissioner and her staff on information or cyber security matters. Prior to my current position, I worked at Alberta Health and Alberta Health Services. While at Alberta Health, with inputs from appropriate stakeholders, I drafted the first version of the Provincial Organizational Readiness Assessment (p-ORA) and the Provincial Logging and Auditing Standard (PLAS). The p-ORA is a security assessment used for assessing the state of administrative, technical and physical security controls in community physician offices prior to granting them access to Alberta Netcare electronic health record applications as per section 3(1)(c) of Alberta Electronic Health Record Regulation. The goal of the PLAS was/is to ensure the implementation of consistent logging and auditing controls in health information repositories across Alberta’s health sector. The logging and auditing requirements in the PLAS were, in 2010, incorporated into the Alberta Electronic Health Record Regulation (sections 6(1) and 6(2)). While at AHS, I provided IT security and information privacy advise to various business areas and project groups. I hold a B.Sc. in Physics and Computer Science, M.Sc. in Physics, Masters of Information Systems Security Management and a CISSP certification.
|2:05 pm - 3:05 pm|
5A : Bill C-51 Show Details Salon C
Bill C-51. Prime Minister Trudeau has indicated he will support this legislation, but will pass amendments. What are the current implications of this legislation on our privacy rights? What amendments should be implemented? Should the bill be scrapped altogether?
Alberta Civil Liberties Research Centre
Linda McKay-Panos is the Executive Director of the Alberta Civil Liberties Research Centre. She taught Language Arts and Social Studies with the Calgary Board of Education for 7 years before returning to university to obtain a Law Degree. She practiced law for a time, before joining the Alberta Civil Liberties Research Centre in 1992 as a Research Associate. Linda is a sessional instructor in the faculties of Law and Arts at the University of Calgary. Linda received her Bachelor of Education, Juris Doctor and Master of Laws degrees from the University of Calgary. She was called to the Alberta Bar in 1991. Linda is the author of several publications dealing with civil liberties, access to information, privacy, human rights, discrimination, equality and related topics. Linda received the 2001 Suzanne Mah Award and an Alberta Centennial Medal in 2005 for her work in human rights in Alberta.
5B : Data Breach Management Show Details Conservatory
Data Breach Management
Osler, Hoskin & Harcourt LLP
Rachel advises clients on a broad range of privacy, data security and information-management matters, including information security-breach responses, cross-border data transfers, online and mobile marketing, behavioural tracking, employee monitoring and internal investigations, payment card systems, outsourcing transactions, health information privacy, data governance and strategic management of information assets. Rachel also drafts and negotiates contractual agreements concerning information security, and develops policies, procedures and training programs. She counsels clients on compliance with federal, provincial and international privacy requirements, including the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s anti-spam legislation (CASL), Alberta’s Personal Information Protection Act (PIPA) and Health Information Act.
Office of the Information and Privacy Commissioner, Alberta
Brian Hamilton, MPA, CISA, CISSP, has conducted precedent-setting investigations involving data encryption, biometric identification, and malware and led Alberta?s first successful privacy offence conviction. Brian?s team reviews Privacy Impact Assessments, investigates privacy complaints, and provides compliance advice to Alberta?s health sector. Serving as a member of the COACH Privacy and Security Steering Committee, Brian contributes to national guidelines for Canada?s eHealth sector and is a past Instructor with the University of Alberta?s Information Access and Privacy Program.
5C : CASL Enforcement Show Details Salon A
Canada’s Anti-Spam Legislation (CASL), and the resulting amendments to PIPEDA, Canada’s federal privacy law, have been in force for just over a year now.
Hear from the federal Privacy Commissioner’s office as it explains its mandate and responsibilities under the legislation, the challenges it faces as it seeks to enforce its part of the compliance landscape, how it interacts with its enforcement partners: the CRTC and the Competition Bureau and how it is seeking to reach out and communicate with stakeholders on this issue. The session will also introduce some tips you can take away to protect your organization from inadvertently getting caught offside the PIPEDA anti-spam provisions.
Senior Advisor - Investigations Branch,
Office of ther Privacy Commissioner of Canada
Trevor Yeo joined the OPC’s PIPEDA Investigations Branch in January 2008. As Senior Advisor, Trevor has led complex investigations into the privacy practices of organizations such as Nexopia and Ganz. At present, he is the working-level lead on the OPC’s CASL-related enforcement activities, including its relations with the CRTC and Competition Bureau. Prior to joining the OPC, Trevor worked in the financial services sector (life insurance, pensions, credit union and group benefits) both overseas and in Canada, predominantly in UK and offshore compliance, anti-money laundering and insurance fraud investigation roles. Trevor also worked in the not-for-profit sector as a fundraising manager for a national Canadian health charity. Trevor holds a BA honours degree in English from the University of Southampton (UK) and the IAPP’s CIPP/C designation.
|3:05 pm - 3:25 pm|
Networking & Refreshment Break
Networking & Refreshment Break
|3:25 pm - 4:15 pm|
PCI Compliance: What it was supposed to be, what it has become...and where is it headed! Show Details Salon Ballroom
Managing Director, Corporate Solutions & Services
PCI Compliance: What it was supposed to be, what it has become...and where is it headed!
Does the thought of accepting credit cards on your web site scare the heck out of you? It should, especially if you are not PCI Compliant...and in today's day and age, quite complicated.
Stay for the last session of the conference to learn what security vendors (specifically those focussed on PCI Compliance and Attestation), don't want you to know.
The original PCI Complinace standards were originally designed by credit card companies, and they were never intended to be a barrier for businesses who wanted accept credit cards as a method of payment...that wouldn't make sense given how they generate revenue. The original standards were based on three basic principles, and if you adhered to #1, the other 2 didn't apply. They are:
What we have now is a world and a system that the credit card companies never envisioned, nor are they comfortable with.
Join Bashir Fancy, former Executive VP with VISA, and original architect of the PCI Standards to learn what it was supposed to be, what it has become...and Bashir's predictions on where it is headed.
Corporate Solutions & Services
Mr. Fancy is now the Managing Director of Corporate Solutions & Services Inc. having recently left Deloitte & Touché LLP as a Senior Executive Advisor. Prior to joining Deloitte, Mr. Fancy was the Executive Vice President of Risk Management & Security for Visa International as well as the global head of Internal Audit. Mr. Fancy has had tremendous success in developing and implementing Fraud Prevention programs for Visa and their “member banks”. Mr. Fancy was a key player in the development of the “Account Information Security (AIS) standards”, which has now come to be known as PCI-DSS standards. Mr. Fancy managed the “payment division of SNS (3rd party processor) which provided point of sale and back office credit card processing for all major Canadian banks. Mr. Fancy has held senior management positions at Citibank, Air Canada, Supermarket Group (major retailer), after having started his accounting career at West Wake and Price, with majority of the group becoming part of PWC.