Information Location Speakers Agenda Sponsors
Register Now Accommodations Presentations

The 3rd Annual Privacy, Access and Security Congress 2012

Oct 4, 2012 - Oct 5, 2012
The Westin Ottawa Hotel


Thank You!

On behalf of our conference advisory board, thank you to all of the delegates, speakers, sponsors, and moderators who attended the 3rd Annual Privacy, Access and Security Congress in Ottawa.  This was without doubt the best Congress yet, and simply could not have been done without your support and participation.

Thanks to those of you who tweeted and posted about the event, ensuring that those who could not attend were kept in the loop!  We will continue the conversations over the year and look forward to hearing more from you in the coming months.

Conference Survey (closes Oct.12th)

Your feedback is important to us as we continue to grow and expand this event.  Please take a few minutes to share your thoughts and suggestions by filling out this brief electronic survey.
Password:  pso2012

Conference Speaker Presentations

A reminder that conference presentations will be available on-line within a week of the conference ending. You will find them at:

Next Year!

We hope to have the pleasure of seeing you in Ottawa in 2013 for the 4th Annual Privacy, Access and Security Congress.  Dates for next year will be announced shortly.


2012 Congress Topics:
  • Responding to Cyber Threats of Tomorrow
  • Privacy Breaches
  • Open Government
  • BYOD
  • Governance and Accountability
  • Social Media and Security
  • Cross Border Data Flows: Multi National Cloud Environments
  • Identity Management and Privacy in a Common Service Delivery Model
  • Surveillance


CPE Credits:

A reminder that the Congress qualifies for CPE credits for most professional associations (e.g.. IAPP, (ISC)2, CAPAPA and ISACA)

This program can be applied towards 9 of the 12 hours of annual Continuing Professional Development (CPD) required by the Law Society of Upper Canada.  Please note that this program is not accredited for Professionalism hours or for the New Member Requirement.


2012 Conference Advisory Board
(From the Chief Information Officer Branch, Treasury Board of Canada Secretariat)

  • Pierre Boucher, Deputy Chief Information Officer
  • Mimi Lepage, Executive Director, Information and Privacy Policy
  • Colleen D’Iorio, Executive Director, Security
  • Julie Attallah, Manager, Community Engagement & Development, Information and Privacy Policy
  • Barbara Dundas, Senior Analyst, Information and Privacy Policy


Conference Rates:

Regular registration (after Sept. 7, 2012)
Public Sector $650.00 CAD (plus HST)
Private Sector $875.00 CAD (plus HST)
Student Rate $250.00 CAD (plus HST)


Registration Fees Include:

  • 2 plated lunches
  • All coffee breaks
  • Conference reception
  • All keynotes, plenaries, panel sessions and business breakouts
  • Access to exhibit hall
  • Conference portfolio
  • Conference materials
  • On-line access to presentations post-event


2012 Industry Advisory Board:

  • Shawn Cruise, Director, Public Sector Canada, Adobe
  • Grant Lecky, National Chair, Canadian Security Partners’ Forum (CSPF)
  • Ashley Lukeeram, Sr. Account Manager, Symantec (Canada)
  • Amanda Maltby, Chief Privacy Officer, Canada Post
  • Suzanne Morin, Assistant General Counsel – Privacy, Research In Motion Limited
  • Brian O’Higgins, President, Brian O’Higgins and Associates
  • Winn Schwartau, Author, Speaker, Security Theorist
  • Sheldon Shaw, Director of Business Development,  Bell
  • Roger Tremblay, Sr IT Security Consultant
  • Fiaaz Walji, Sr. Director, Websense Canada Inc.
  • Don Williams, Business Development Director, Justice & Public Safety, Sierra Systems


Information Location Speakers Agenda Sponsors
Register Now Accommodations Presentations

The 3rd Annual Privacy, Access and Security Congress 2012

The Westin Ottawa Hotel

Loading Map....
Information Location Speakers Agenda Sponsors
Register Now Accommodations Presentations

The 3rd Annual Privacy, Access and Security Congress 2012

The following speakers will be speaking at The 3rd Annual Privacy, Access and Security Congress 2012.
Please note this page will be updated constantly as we build our agenda for this event. To view a speaker's biography please click on their photo or name.

Bill Abbott

Senior Counsel - Regulatory Law and Privacy Ombudsman, Bell Canada

Greg Akers

Senior Vice President of Advanced Security Initiatives, Global Government Solutions Group, Cisco

Dmitri Alperovitch

Co-Founder & CTO, CrowdStrike Inc.

Jon Baker

Systems Engineer, Endpoint Management and Mobility Group, Symantec

Louis Beauséjour

Assistant Deputy Minister, Integrity Services Branch, Service Canada

Patrick Bedwell

Vice President of Products, Fortinet

Dr. Colin J. Bennett

Professor, Department of Political Science, University of Victoria

Anne Bertrand

Access to Information and Privacy Commissioner, Government of New Brunswick

Pierre Boucher

Deputy Chief Information Officer, Treasury Board of Canada Secretariat

Barbara Bucknell

Strategic Policy Analyst, Office of the Privacy Commissioner of Canada

Ashley Casovan

Strategic Coordinator for the Chief Information Officer, City of Edmonton

Derick Cassidy

Founder and CTO, Device Identity

Corinne Charette

CIO of the Government of Canada, Treasury Board of Canada Secretariat

William J. Cook

Partner, McGuireWoods LLP

Colleen D'Iorio

Executive Director, Security, Treasury Board of Canada Secretariat

Robert Dick

Director General, National Cyber Security Directorate, Public Safety Canada

Sean Doherty

Chief Technology Officer, Enterprise Security Group, Symantec

David Elder

Counsel, Stikeman Elliott LLP

Jean-Francois Gauthier

Executive Director, Loran Technologies

Paul J. Girard

Executive Director & Chief Information Officer, Treasury Board of Canada Secretariat

Sharon Hagi

Senior IT Architect and Consultant, IT Security Strategy Consulting Services, IBM Canada

Mike Huckaby

Senior Director, Global Pre-Sales, RSA

Trevor Hughes

President and CEO, International Association of Privacy Professionals

Adam Kardash

Managing Director and Head, Access/Privacy, Heenan Blaikie

Jason Kataila

Account Manager, Endpoint Management and Mobility Group, Symantec

Dr. Ian Kerr

Canada Research Chair in Ethics, Law & Technology, Faculty of Law, University of Ottawa

Martin Kyle

Principal Architect, Sierra Systems

Michel Laviolette

Senior Director, Chief Information Officer Branch, Treasury Board of Canada Secretariat

Mimi Lepage

Executive Director of Information and Privacy Policy, Treasury Board of Canada Secretariat

Kristin Lovejoy

General Manager, IBM Security Services Division (former IBM Global VP of IT Risk & CISO)

Amanda Maltby

General Manager, Compliance and Chief Privacy Officer, Canada Post Corporation

Alex Manea

Manager, Services Security, Research In Motion

Jonathan McHale

Deputy Assistant U.S. Trade Representative for Telecommunications and Electronic Commerce Policy

Toni Moffa

Deputy Chief/ADM, Information Technology Security Program, Communications Security Establishment Canada

Suzanne L. Morin

Assistant General Counsel, Privacy, Research In Motion Limited

Chris Poulin

Industry Security Systems Strategist, IBM

Dr. Teresa Scassa

Canada Research Chair in Information Law, University of Ottawa

Winn Schwartau

"The Civilian Architect of Information Warfare," Author, Speaker, Security Theorist, Serial Entrepreneur, Distinguished Fellow Ponemon Institute, and Founder, SecurityExperts.Com

Jawahar Sivasankaran

Distinguished Engineer, Cisco

Henry Stern

Senior Security Investigator, Cisco

Jennifer Stoddart

Privacy Commissioner of Canada, Government of Canada

Dean Turner

Director, Global Intelligence Network, Symantec

Fiaaz Walji

Senior Director, Websense Canada Inc.

Stephen Walker

Senior Director, Information Management Directorate, CIOB, Treasury Board of Canada Secretariat

Dr. David Whyte

Technical Director, Cyber Defence, Communications Security Establishment Canada

Sara Wiebe

Corporate Secretary & CPO, Human Resources and Skills Development Canada

Information Location Speakers Agenda Sponsors
Register Now Accommodations Presentations

The 3rd Annual Privacy, Access and Security Congress 2012


Updated , October 1, 2012

Go to Complete Schedule

Sort by: Day/Time or Alphabetic


Registration - See on schedule

Thursday at 7:30am

Call to Conference: MC - See on schedule

Thursday at 8:30am

With: Winn Schwartau

Keynote Speaker - See on schedule

Thursday at 9:00am

With: Dmitri Alperovitch

For the past several years, we have seen a constant stream of announcements of serious intrusions by both nation-states and cybercriminal actors into numerous large and small commercial, non-profit, and government organizations, who as a result had suffered significant losses of valuable intellectual property, trade secrets and sensitive national security information. Many of these victims had spent significant financial and personnel resources to build defense-in-depth capabilities and employed a variety of best-of-breed security technologies. Yet, they have all have fallen prey to targeted and persistent adversaries who had relentlessly stalked and pursued them, ultimately succeeding in worming their way in and penetrating all layers of security solutions. Dmitri Alperovitch has led global investigative teams that have uncovered and investigated such groundbreaking cyberespionage operations as Night Dragon, Shady RAT and Operation Aurora. In this talk, Alperovitch will describe the lessons he has learned from pursuing and investigating nation-state cyberespionage adversaries and discuss the need for a new cybersecurity framework that places emphasis on deterrence strategies and raising costs to the adversary, in addition to purely preventative measures.

Keynote Speaker - See on schedule

Thursday at 9:45am

With: Louis Beauséjour

The expectations of Canadians in terms of service are evolving rapidly. HRSDC is developing new and innovative ways of serving our clients while protecting the privacy and security of personal information and programs. Strong Identity Management (IdM) is central to meeting these expectations as it is the starting point of the trust relationship and confidence between the public and government, and it is a critical enabler of service delivery, security, privacy and program integrity. The scope of IdM is broad and affects many facets of people’s lives including how organizations conduct business in Canada. The collection, use, management and the secure storage of identity information is critical to protecting the rights of citizens, ensuring privacy, and ensuring national security. Identity management is the cornerstone of programs, benefits and service delivery processes in HRSDC. Identity management is the cornerstone of programs, benefits and service delivery processes in HRSDC. A coherent and consistent IdM approach assists HRSDC in delivering to the right person/organization the right access, at the right time and for the intended purpose. Moreover, in an environment of fiscal restraint, an effective IdM reduces costs, inefficiencies, risks of errors and, improves the service experience for clients. The presentation will provide a glimpse into HRSDC’s Identity Management Program with a focus on service delivery and privacy and how it could support a Government of Canada enterprise-wide Federation of Identity and emerging opportunities for identity-based partnerships with other levels of government and the private sector.

Refreshment Break - See on schedule

Thursday at 10:15am

Concurrent Panel Session - See on schedule

Thursday at 10:35am

With: Anne Bertrand (h), Bill Abbott, Sara Wiebe, William J. Cook

Data breaches are serious, especially in a time where we are creating information at a historic rate. The panel will discuss the concerns for frequency of data breaches, the notification process and the issues arising as a result of that process, and the impact and effect privacy breaches have. As the panelists are all experts in different areas, the various perspectives (Regulator’s perspective, private sector and “widespread” perspective, e.g. Corporations doing business in several jurisdictions) are going to be of specific interest.

Concurrent Panel Session - See on schedule

Thursday at 10:35am

With: Winn Schwartau (h), Dr. David Whyte, Patrick Bedwell, Paul J. Girard

Because using social media is so easy; because it can turn anyone with an opinion or something to say into their own broadcast station; because social media has become so ingrained into our lives, many people simply do not understand the risks. Identity Theft affects tens of millions of people every year. So, should you or your kids be posting home addresses, detailed school data, mother’s maiden names and other personal information that can help criminals steal your identity or target your children? What about your vacation and travel plans. Does it really make sense to announce in public that your home will be empty for two weeks? Did you know that many of your photos are geo-tagged with the GPS coordinates where they were taken? Posting pictures of your children gives away their exact location. Do you want that information accessible to everyone on the internet? So, what can you do to improve your social networking security posture at home and at the office? Come to this exciting session, get involved and share ideas!

Luncheon - See on schedule

Thursday at 11:55am

Luncheon Keynote Address - See on schedule

Thursday at 12:35pm

With: Trevor Hughes

Around the world, legislative and regulatory debates are raging over the proper way to manage data in the information economy. These debates are central to the field of privacy, but we focus on them exclusively at our peril. As legislation struggles to keep up with the advance of technology and business models, many technological gate-keepers are creating privacy standards with far-reaching global effects. And we thus have an important new source of law in the field of data protection: code.


Today’s information professionals need to understand this “code of privacy” and learn how to navigate within it. This session will explore the areas where the code of privacy is emerging – browsers, mobile apps, platforms, consumer plug-ins -- and provide guidance on how to effectively monitor and respond to developments in this dynamic field.

Keynote Speaker - See on schedule

Thursday at 1:15pm

With: Sean Doherty

We are living in explosive times; at least, where information growth is concerned. Some analysts predict that at current growth rates, planet earth could run out of physical space to store information within the next 50 years – even with the inclusion of cutting-edge storage technologies.

A similar problem erupted during the industrial revolution. Burgeoning factories and a sudden influx of workers to urban areas created a rapidly growing garbage problem. The common approach to waste management left cities like Paris surrounded by trash piles that rose “higher than the city walls.”

As with today’s information management situation, new management approaches were required. Innovative solutions emerged, such as storage, transportation, incineration, toxic waste handling and recycling – waste management processes that are still being improved upon today.

So how are we to deal with the byproduct of an information age? How are we to securely and efficiently manage information now and into the future? In this session, Sean will discuss steps to ensure we are not consumed by explosive information growth.

Business Breakout Session - See on schedule

Thursday at 2:05pm

With: Chris Poulin

Organizations are continually looking for new and improved ways to protect valuable information that resides on their corporate and virtual networks. With risks coming from many directions, including insider fraud and the evolving complexity of external vulnerabilities, the pressure to protect IT resources and gain better network and application visibility is only increasing. Join this session to understand how an effective Security Intelligence Platform can provide comprehensive network intelligence from the predictive/prevention phase through the reaction/remediation phase and enables cross-domain analytics, reporting and management capabilities across all elements of the IBM Security Framework -- protecting your People, Data, Applications and Infrastructure.

Business Breakout Session - See on schedule

Thursday at 2:05pm

With: Jawahar Sivasankaran

Empowered employees, consumer devices, work anywhere requirements, contractor and temp access. All of these can potentially bring great business value to the enterprise, but can add tremendous challenges to IT and Security organizations. If you are grappling with the following challenges, this session will provide some answers and directions. 1) Centralized policy enforcement for employees, partners and guests 2) Global entitlement policy for employee owned devices 3) Ubiquitous access across Wired, Wireless and Remote access (Hardware & Software VPN) 4) Onboarding, registration and management of devices 5) Context aware security requirements This session will cover best practices based on Cisco’s internal deployment as well as the lessons learned through the hundreds of “peer to peer” discussions with global customers.

Afternoon Break - See on schedule

Thursday at 2:35pm

Concurrent Panel Session - See on schedule

Thursday at 2:55pm

With: Mimi Lepage (h), Ashley Casovan, Dr. Teresa Scassa, Jean-Francois Gauthier, Stephen Walker

In March 2011, the Government of Canada launched its Open Government strategy based on three pillars: Open Information, Open Data, and Open Dialogue. This panel represents different levels of government - municipal, provincial and federal - and is designed to share with the audience the experience that the various levels of government have had to date with Open Government. We are coming to this session with the hope to have an open and frank dialogue and looking forward to your questions!

Concurrent Panel Session - See on schedule

Thursday at 2:55pm

With: Toni Moffa (h), Colleen D'Iorio, Dean Turner, Henry Stern, Robert Dick

Trends indicate that cyber threats are increasing in frequency, volume and sophistication resulting in an communications environment that is inherently vulnerable and untrustworthy. This panel will discuss the changes necessary to current approaches in cyber threat response and explore future options for more effectively dealing with cyber threat challenges from both a public and private sector perspective.

Keynote Address - See on schedule

Thursday at 4:15pm

With: Corinne Charette

The Government of Canada is committed to designing and delivering citizen-centered services and to ensuring the internal administrative operations of government are as efficient and effective as possible. At the heart of this endeavour is the management of security and privacy as a key enabler for the delivery of government programs. The Chief Information Officer of the Government of Canada’s address will touch on the key strategic initiatives being implemented by the Government of Canada to ensure success.

Reception - See on schedule

Thursday at 4:45pm

Administrative Announcements MC - See on schedule

Friday at 8:30am

With: Ian Kerr

Keynote Address - See on schedule

Friday at 8:50am

With: Colin J. Bennett

"Mega-Events" like the Olympic Games pose peculiar and extensive security challenges. The overwhelming imperative is that "nothing should go wrong." There are, however, an almost infinite number of things that can "go wrong"; producing the perceived need for pre-emptive risk assessments, and an expanding range of security measures, including extensive forms and levels of surveillance. Colin Bennett discusses the themes in his book "Security Games: Surveillance and Control at Mega-Events" in the light of the experiences of the 2010 Vancouver Olympics and the 2012 London Olympics. He raises questions about how the legacies of these events have more persistent effects on privacy and civil liberties." See:

Keynote Address - See on schedule

Friday at 9:30am

With: Kristin Lovejoy

In a hyper-connected world, security is increasingly complex and difficult to manage. To capture a global snapshot of how information security strategies and plans are changing, IBM recently surveyed information security leaders from nine countries and a broad range of industries. This research reveals a distinct pattern of progression among security organizations - and the distinguishing traits of those that are most secure and mature. The organizations leading the way are taking a more proactive, integrated and strategic approach to information security, highlighting models worth emulating and providing headlights into the evolving business leadership role of the Chief Information Security Officer.

Morning Break - See on schedule

Friday at 10:00am

Concurrent Panel Sessions - See on schedule

Friday at 10:20am

With: Adam Kardash (h), Amanda Maltby, Barbara Bucknell, Suzanne L. Morin

The accountability model, as set out in Canadian privacy legislation, is garnering considerable attention within the global privacy arena. This session will explore the meaning of the Canadian accountability model, and how a tailored privacy governance framework can address Canadian statutory requirements. The session will consist of a moderated, interactive discussion that will explore the practical impact of the increasing focus of Canadian privacy regulatory authorities in this regard, as set out in the comprehensive list of expectations in the guidance document, “Getting Accountability Right with a Privacy Management Program”, jointly released by the Office of the Privacy Commissioner of Canada, and the Offices of the Information and Privacy Commissioners of Alberta and British Columbia.

Concurrent Panel Sessions - See on schedule

Friday at 10:20am

With: Michel Laviolette (h), Alex Manea, Derick Cassidy, Fiaaz Walji, Martin Kyle

Are you faced with a tidal wave of employee-owned devices crashing on your firewall and challenging your enterprise policies? Or are you already surfing the BYOD wave? Are the advantages of allowing BYOD outweighing the risks? Can the threats be mitigated? Many enterprises, public and private alike are faced with increased pressures to embrace employee-owned devices on their networks. Most enterprises cannot keep pace with the rapid changing consumer device market, yet users are expecting them to do so. A paradigm has shifted! Users are often better “IT equipped” at home than at work. Join our panel of industry experts as we analyse the pros and cons, risks and threats, opportunities and challenges of embracing the BYOD model in the workplace.

Business Breakout Session - See on schedule

Friday at 11:40am

With: Mike Huckaby

In today's world of advanced threats and complex compliance issues it's no longer feasible for an organization to resist every attack or manage security based on compliance pressures. A more realistic goal is for security operations teams to be able to react quickly to determine how an attack happened, reduce the 'attacker free time', and put measures in place to prevent similar future attacks. All while automating the proof of compliance process. In this presentation, we will discuss how organizations can manage risk more efficiently and secure trust in IT through comprehensive visibility, actionable intelligence, and advanced security analytics for fast detection and investigation.

Business Breakout Session - See on schedule

Friday at 11:40am

With: Jason Kataila, Jon Baker

BYOD (Bring Your Own Device) is all the rage, but it’s also a scary proposition for most organizations. Are you wondering how to integrate BYOD into your organization while protecting your sensitive data and the devices that access them? Join us for this session to learn how you can intelligently apply controls to individual applications on your employee’s devices, without touching or affecting the rest of the device or the users’ personal information.

Networking Luncheon - See on schedule

Friday at 12:10pm

Luncheon Keynote Address - See on schedule

Friday at 12:45pm

With: Jennifer Stoddart

Privacy Commissioner of Canada Jennifer Stoddart shares her insights on the remarkable evolution of privacy over the 30 years that have followed the passage of the Privacy Act in Parliament. Commissioner Stoddart will reflect on some of the good, the bad … and perhaps even the ugly … of federal public sector privacy issues and trends of the last three decades.

Keynote Address - See on schedule

Friday at 1:25pm

With: Greg Akers

Enterprise executives must remain focused on increasing business productivity to maximize sustained profitable growth, even in the face of evolving and maturing IT threats. But who is truly responsible for managing risk in large enterprises and government institutions? Senior leadership plays a significant role in risk management as it holds the greatest influence at the humanistic, cultural, and institutional levels. The citizens of a nation look to its government leaders to set the tone that they will then follow. Individuals make risk management decisions every day and in a multitude of ways, while those in charge of IT implement the technologies that can help to mitigate risk. Everyone is ultimately accountable for protecting information assets and resources in these organizations—it’s our combined responsibility. Greg Akers, SVP, Advanced Security Initiatives, Cisco will provide perspective and strategies for minimizing enterprise risk, while maximizing business value through a strategic security approach that provides the strongest foundation for network security.

Afternoon Break - See on schedule

Friday at 1:55pm

Plenary Panel Session - See on schedule

Friday at 2:10pm

With: Colleen D'Iorio (h), David Elder, Jonathan McHale, Sharon Hagi

On December 7th, 2011, Prime Minister Stephen Harper and U.S. President Barack Obama announced the Beyond the Border Action Plan: A Shared Vision for Perimeter Security and Economic Competitiveness. One of the critical aspects of this action plan is cross border information sharing between Canada and the U.S. Given the constantly changing and increasingly hostile cyber threat landscape, how will citizens and businesses react to governments adopting multi-national clouds? How do we ensure that privacy of our citizens is maintained when information flows across multiple jurisdictions? How do we ensure that parties (such as governments and service providers) use the information only as stipulated in agreements? How do we ensure that the information is adequately protected and will not be compromised? How do we ensure that the appropriate data is located and expunged when required? Does the notion of a multi-national cloud environment help to alleviate some of these concerns or does it make it worse? The purpose of this panel will be to explore these as well as other questions.

Closing Keynote Address - See on schedule

Friday at 3:30pm

With: Mike Huckaby

Does anyone believe that perimeter defenses are enough to protect businesses today? With massive amounts of digital information, Bring Your Own Device, Cloud, Big Data and more, our perimeter is more porous and harder to defend. It's imperative to rethink security in a more balanced way, devoting additional resources to detection and response. Mike Huckaby will discuss how an Intelligence-Driven Security model that evaluates risk, security spend allocation, and skills of the security team can enable businesses to get ahead of the latest threats.

Closing Remarks – MC - See on schedule

Friday at 4:00pm

With: Ian Kerr

Information Location Speakers Agenda Sponsors
Register Now Accommodations Presentations

The 3rd Annual Privacy, Access and Security Congress 2012

The 3rd Annual Privacy, Access and Security Congress 2012 is proudly sponsored by the following companies.
If you would like to sponsor this event, please download the sponsorship brochure for more information.