15th Annual Privacy and Security Conference Harnessing the Power of the Digital Storm: Can We Have it All? Feb 5-7, 2014, Victoria, BC

General Information

Held in Victoria, British Columbia, Canada this conference is a must attend for those working in the privacy and security fields. Presented by the Office of the CIO, Government of British Columbia, this two-day conference, is recognized as one of the top tier events in North America. Anyone working in the information privacy and security fields will benefit from the speakers, discussions and networking at the conference. Attendees are from every level both within government and private industry. The conference draws an international audience of some 1,000 delegates with an interest in cutting edge policy, programs, law, research and technologies aimed at the protection of privacy and security.

On-line registration is open, make sure you register early before spaces sell out!


Reasons to Attend

  • Get face-to-face dialogue with international industry experts who have successfully implemented best practices solutions
  • Learn about current trends, issues and actions
  • Obtain your annual Continuing Professional Development credits
  • Discover new methods and products that can lower expenses and increase revenues
  • Take the pulse of what is happening for tools, technologies, and processes
  • Get Immediate answers and solutions to issues current in your organization


Conference Rates

Regular registration
after December 15, 2013
Public Sector $695.00 CAD
(plus GST)
Private Sector $925.00 CAD
(plus GST)


Registration Fees Include

  • 2 plated lunches
  • All coffee breaks
  • All keynotes, plenaries, panel sessions and business breakouts
  • Pre-conference workshops
  • Access to exhibit hall
  • Conference bag
  • Conference materials
  • On-line access to presentations post-event

The Victoria Conference Centre


Emrah Alpa

Solution Architect, HP Enterprise Security Products

Steve Anderson

Founder and Executive Director of OpenMedia.ca

Luk Arbuckle

Director of Analytics, Privacy Analytics Inc.

Michael Argast

Director of TELUS Security Solutions, Western Canada, TELUS

Ian Bailey

Assistant Deputy Minister of Technology Solutions, Ministry of Technology, Innovation and Citizens’ Services, Province of BC

Greg Belanger

Principal Security Solutions Architect, Symantec

Dr. Colin J. Bennett

Professor, Department of Political Science, University of Victoria

Charmaine Borg, MP

Member of Parliament for Terrebonne-Blainville (Quebec)

Theresa Campbell

President, Safer Schools Together

Dan Caprio

Co-Founder and Chairman, The Providence Group

Daniel Caron

Legal Counsel, Legal Services, Policy and Research Branch, Office of the Privacy Commissioner of Canada

Dr. Ann Cavoukian

Information and Privacy Commissioner for Ontario

Stewart Cawthray

Chief Security Architect, IBM Security Services (Canada)

Jeff Debrosse

Director, Security Research & Engineering, Websense Security Labs

Elizabeth Denham

Information and Privacy Commissioner for British Columbia

Asif Dhar

Principal & Chief Medical Informatics Officer, Deloitte Consulting LLP

David Eaves

Public policy entrepreneur and open data activist

Darrell Evans

Founding President, Freedom of Information and Privacy Association; Executive Director, Canadian Institute for Information and Privacy Studies

David Fewer

Director, Canadian Internet Policy & Public Interest Clinic, University of Ottawa

Greg Fitzgerald

Chief Marketing Officer, Cylance Inc.

J. William Galbraith

Former Executive Director, Office of the CSE Commissioner

Carlos Gil

Director, TELUS Security Architecture & Security Compliance

Christopher Gillespie

Privacy Advisor and Investigator, Privacy and Legislation Branch, Ministry of Technology, Innovation and Citizens' Services, Province of B.C.

Jeff Greene

Senior Policy Counsel, Cybersecurity and Identity, Symantec

Dr. Kevin Haggerty

Professor of Criminology and Sociology, University of Alberta

Jane Hamilton

Senior Policy Advisor, Innovation, Science and Economic Development Canada

Dr. Woodrow Hartzog

Assistant Professor, Cumberland School of Law, Samford University, Affiliate Scholar, The Center for Internet & Society at Stanford Law School

Preston Hogue

RVP, Center of Excellence, F5 Networks

Mike Huckaby

Senior Director, Global Pre-Sales, RSA

Deborah Hurley

Chair, Board of Directors, Electronic Privacy Information Center

Tamir Israel

Staff Lawyer, Canadian Internet Policy & Public Interest Clinic, University of Ottawa

Gillian Kular

Acting Intake Manager, PIPEDA Investigations Branch, Office of the Privacy Commissioner of Canada

Darren Laur

Director, Personal Protection Systems Inc.

Ann Makosinski

Student, St. Michael’s University School; 2013 Google Science Fair Winner

Matthew McCormack

Chief Technology Officer, RSA Global Public Sector

Michael McEvoy

Deputy Commissioner, Office of the Information & Privacy Commissioner for BC

Ken McLean

Sr. Privacy Investigator, Privacy Investigations, Office of the Chief Information Officer, Ministry of Labour, Citizens' Services and Open Government

Corynne McSherry

Intellectual Property Director, Electronic Frontier Foundation

Lance Mueller

Director of Forensics, Executive Forensics

David Padgett

Senior Auditor, Privacy, Compliance and Training Branch, Ministry of Citizens' Services, Province of British Columbia

Erinne Paisley

Student, Reynolds Secondary School

Steven Penney

Professor, Faculty of Law, University of Alberta

Claudiu Popa

CEO, Informatica Corporation

John Proctor

Vice President, Global Cyber Security, CGI

Richard Purcell

CEO, Corporate Privacy Group

JR Reagan

Principal, Deloitte & Touche LLP

Ed Rebane

Security Practice Lead, Western Canada, Bell Canada

Jennifer Rees-Jones

Senior Privacy Investigator, PIPEDA Investigations Branch, Office of the Privacy Commissioner of Canada

Courtney Remekie

Senior Solutions Consultant, Adobe Systems Canada

Rick Robson

Executive Consultant, Business Continuity Solutions Team Lead, Western Canada, CGI

Michael Roncon

Director Security Services, Western Canada, CGI

Jamie Ross

Senior Manager, Enterprise Risk Services, Deloitte

Stephen Saunders

Master Health Architect, Global Healthcare, CGI

Winn Schwartau

Security Theortician and Author; Founder, The Security Awareness Company

Jennifer Seligy

Legal Counsel, Legal Services, Policy and Research Branch, Office of the Privacy Commissioner of Canada

Andy Serwin

Partner - Global Privacy and Data Security Practice Group, Morrison & Foerster LLP

Bill Shihara

Manager, Security Threat Analysis and Security Engineering, BlackBerry Security

Cheryl Soderstrom

Chief Technologist, Cybersecurity, HP Enterprise Services

Jay Stanley

Senior Policy Analyst, The American Civil Liberties Union

Rick Tingman

Strategic Advisor, BI2PI.com

Elizabeth Vander Beesen

Director, Staff Administration, Information Access Operations, Ministry of Technology, Innovation and Citizens' Services

John D. Waddell, Q.C.

Lawyer, Mediator and Arbitrator, Waddell Raponi

Derrick Webber

Penetration Testing and Digital Forensics Team Lead, CGI

Holly Whalen

Global Vice President of GTM, Cylance

Naeem Zafar

Vice President, Identity Management, Oracle; Former CEO & Co-Founder, Bitzer Mobile
Print Agenda

*Invited Speaker

Click on the date of the agenda you would like to view. Please note the timezone listed on the agenda.

Wednesday, February 5, 2014

Presentation Files Privacy and Access in British Columbia

Privacy and Access in British Columbia: BC’s Freedom of Information and Protection of Privacy Act

This workshop will provide a high level overview of BC’s Freedom of Information and Protection of Privacy Act (FOIPPA). Presenters will discuss privacy which will include the authorities for public bodies to collect, use and disclose personal information and retention and security requirements. Participants will also hear about access to information, specifically, Open Information, DataBC and freedom of information rights, processes and exemptions.
This session, taken in conjunction with the afternoon privacy breach session will provide public body employees with a strong toolset to approach privacy within their respective areas. If you are interested in learning more about BC’s FOIPPA, how it impacts the work you do, and the tools available to help you, this session is for you.

Presentation Files Privacy and Access in British Columbia

9:00-12:00 Esquimalt Room

Crowdsourcing Security Strategy for the BC Public Service

Security incidents of recent months remind us that in the cyber world no one is immune. With adversaries ranging from nation-states to hacktivists, hanging onto a legacy security strategy will make you a sitting duck. Winn will examine critical trends in cyber security, future attack vectors, and challenge the audience with candid realities. Faced with an exponentially increasing attack surface, what strategy will you employ to mitigate future risk?
Come prepared to contribute in this townhall style format where everyone has a voice. Participants will have an opportunity to share their insights and experience with fellow industry professionals. If you want to play a role in shaping security strategy for the BC Public Service then attend this session.

9:00-12:00 Oak Bay Room

Information Protection in 3 Dimensions

Typical information protection of PII, IP, and national security information is independently managed with access control, transport, and storage security systems. This session will describe a new approach to persistently protecting information with preventative and detective controls in three interconnected dimensions:
1 - restricting access to a repository,
2 - content-centric security though document encryption outside the repository,
3 - continuous monitoring of all authorized and unauthorized access inside and outside the repository. Attend this session to understand how through using rights management and analytics technologies combined, all three interconnected dimensions can provide complete protection and monitoring of the information lifecycle as content is authored, stored, and distributed.

9:00-12:00 Theatre Room

Gone in 60 Milliseconds: Mobile devices, free WiFi and your data.

Smart phones and tablets broadcast information that anyone can use to discover where you live, where you work and the places you go. Free WiFi networks allow attackers to take control of your mobile device and laptop to access your private data and infiltrate your organization.This workshop presents a series of live demonstrations showing exactly how this is done and how easy it is. We show in real time what information the broadcasts your mobile devices send 24/7 reveal about you, and how attackers use fake WiFi access points and man-in-the-middle attacks to capture passwords, subvert VPNs, and install malicious software.The root causes of these dangers are explored, and we present solutions, both simple and complex, to safeguard your data, your privacy and your identity.

1:00-4:00 Saanich Room

Privacy Breaches Policies and Processes: best practices and lessons learned

This workshop will provide an overview of best practices and the steps to take in response to an actual or suspected privacy breach. The session will focus on incident coordination, investigation, containment, evaluation of harm and prevention and will highlight the Government of British Columbia’s process for responding to privacy breaches.

1:00-4:00 Theatre

Sharing in the age of big data - practical and proven techniques for managing your risk

Public and private sector organizations collect vast amounts of personal information. Innovative policy, services and products can be based on the analysis of this data. However, privacy and confidentiality concerns have made some organizations reluctant to take advantage of such large scale analytics, and of linking data sets to create a more detailed longitudinal view of their customers or patients. In addition to regulations that limit the use and disclosure of personal information, there are legitimate concerns about potential data leaks, compelled disclosures, and litigation from breaches or “surprising” uses. To safely realize the benefits of data, a proactive approach is required to assess and manage risk. In this workshop we will describe a complete framework for assessing and managing the privacy risks of using and sharing personal information for secondary purposes. This includes how data should be anonymized and dealing with the risks from stigmatizing analytics. We will also describe how to incorporate this approach into your organization’s existing information governance, security, privacy and risk management frameworks.

1:00-4:00 Oak Bay Room

Totally Disclosed - Keeping Pace with Access Requests

The Freedom of Information and Protection of Privacy Act (FOIPPA) just celebrated its 20th year!! A lot has changed since 1993 and within the last 5 years the provincial government has seen an unprecedented rise in volume and complexity of FOI requests received. This workshop will provide an overview of the various initiatives and work completed by the Information Access Operations Office (IAO) in responding to FOI requests. The workshop is being presented by IAO, as leaders of FOI Access to Information services on behalf of the ministries.

1:00-4:00 Sidney Room

Ethics Workshop;

In today's data rich, hyper-networked society the sheer diversity and volume of data sharing not only poses real-world risks in terms of privacy and security, but it also raises significant ethical and legal challenges that need to be addressed if our apparent race to “connect” is to prove both sustainable and beneficial in the long-term. This workshop embraces fundamental principles of ethics and applies them to a world of information uncertainty and in-security in order to set a solid foundation to guide professionals as they navigate the digital storm.

1:00-4:00 Colwood Room

Protecting Against Phishing, Identity Theft and Fraud

Phishing is a scam designed to trick people into disclosing their personal or financial information for the purpose of financial fraud or identity theft. Identity Theft occurs when someone uses someone else’s personal information, without their knowledge or consent, to commit a crime such as fraud, theft or forgery. The Canadian Anti-Fraud Centre reported Fraud and Identity Theft dollar losses for 2012 at just over 16 million dollars. Plan to participate in this workshop where the need for technical controls and user education in corporate environments will be discussed.

Thursday, February 6, 2014

Presentation Files Security and Privacy

Security and Privacy, A Balancing Act

Today’s data driven, mobility focused environment is driving dramatic change in the user experience. Unfortunately, with these new capabilities come new security challenges, the response to which creates a careful balancing act between security and privacy. The discussion will focus on how the security landscape has changed and how security professionals are trying to both protect their enterprises as well as the privacy rights of its employees and customers.

Presentation Files Security and Privacy

Presentation Files Data, Data Everywhere – The Need for Big Privacy in a World of Big Data

Data, Data Everywhere – The Need for Big Privacy in a World of Surveillance and Big Data

The revelations of Edward Snowden regarding the NSA have created a firestorm of controversy, bringing into question our very right to privacy. The absence of transparency and accountability by government intelligence agencies makes these revelations all the more troubling. This has prompted companies such as Google, Microsoft, Facebook, Twitter, Apple, AOL, LinkedIn and Yahoo to form a coalition called, Reform Government Surveillance, to demand that governments address the practices and laws regulating the government surveillance of law-abiding citizens. What is Canada doing?
We also have the massive growth of Big Data to contend with – how will this impact our privacy? The positive-sum framework of Privacy by Design is ideally suited to address this issue since it enables the operation of multiple functionalities. But the response to Big Data will need to be equally “Big” in scope – so enter Big Privacy! Come hear Commissioner Cavoukian explain how Big Privacy could lead to a doubly-enabling, win-win proposition.

Presentation Files Data, Data Everywhere – The Need for Big Privacy in a World of Big Data

Presentation Files Broken Trust

Broken Trust: (How Quickly) Can The Damage to Our Internet Be Repaired?Broken Trust: (How Quickly) Can The Damage to Our Internet Be Repaired?

Companies of all sizes are losing billions in revenues; growth rates for sectors like cloud-based SaaS solutions and network devices have been stunted; encryption standards are difficult to trust. The altruism of every innovative organization is now regarded with suspicion. The online activities of governments are assumed to be evil.
The Internet has lost its lustre. Our relationship with the medium is no longer filled with wonder and anticipation. The Internet itself will survive, but what will it take - and how long will it take? In this presentation security author and consultant Claudiu Popa will outline the steps necessary to rebuild the trust, the effort required and estimated duration for 'remediation'.
A discussion of the positive and negative aspects will identify the numerous reasons for businesses and government agencies to get in on the opportunities as early as possible and realize not only financial gains but significant competitive differentiators and build a loyal following. Trust - not cryptocurrencies - is the real gold of the digital economy, and there's about to be a mad rush for this scarce, raw material.

Presentation Files Broken Trust

Presentation Files Big Data: trends and governance

Privacy vs Progress: Governance and Use of Big Data

The evolving IT landscape introduces many new risks into our corporate environment. Carlos will review the top issues and risks that keep him up at night and present a number of methodologies and processes that have proven successful at managing the privacy and integrity of TELUS’ critical systems and data.

Presentation Files Big Data: trends and governance

Presentation Files Big Data Needs Big Privacy!

Harnessing the Power of Big Data and Predictive Analytics Can we have it all?

The industrial world is undergoing a seismic shift in productivity and efficiency as machines become increasingly intelligent. The result will create an Industrial Internet that will have the same effects as the consumer internet. Predictive analysis gives insight in real time “software eating the world” requiring more companies and government to make strategic decisions on their willingness to invest in technology and take risks to capture the increasing value chain. A key element of success will be to strike a balance between security and liberty, enabling the digital information amassed to become liquid. A demand for law and policies to protect privacy and intellectual property while adopting standards for speeding the flow of big data across country borders.

Presentation Files Big Data Needs Big Privacy!

Presentation Files Where is the true value in Security and how do you make it deliver Privacy?

Where is the true value in Security and how do you make it deliver Privacy?

More and more organizations are being asked to do more security for a small budget. At the same time the threats are becoming more complex and the cost of achieving due diligence continues to increase. This talk will discuss what you need to do to show value in security and how you use that security to deliver privacy requirements.

Presentation Files Where is the true value in Security and how do you make it deliver Privacy?

Presentation Files Using IT Asset Management Solutions as Investigative Tools

Using IT Asset Management Solutions as Investigative Tools

Most organizations have procedures in place to safeguard data in the event a mobile device is lost or stolen or if an employee is suspected of suspicious behaviour. However, these typical processes often fail to take advantage of the investigative data that may be available from an organization’s IT asset management tools. This presentation will share how organizations can access this data for more in-depth investigations into an event that may be suspicious and help determine whether or not a breach or threat truly exists.

Presentation Files Using IT Asset Management Solutions as Investigative Tools

Presentation Files The Internet of Everything: Fridgebots, Smart Sneakers & Data Protection

The Internet of Everything: Fridgebots, Smart Sneakers & Data Protection

What is the ‘Internet of Things’ and can we define it today? Internet of Things, Cyber-Physical Systems, Internet of Everything, Industrial Internet - whatever you call it, it’s the idea that physical devices are in some way connected to the internet and interact with one another with little to no human interaction. No longer science fiction, the number of physical devices connected to the internet is growing rapidly by the day and there are no signs of slowing down. However, with endless possibilities come great concerns. What are the privacy and security implications related to the data being shared? How will it affect individuals, businesses, or the government? And finally, what can we do today to prepare for something that we don’t truly understand? The Internet of Things – are we ready?

Presentation Files The Internet of Everything: Fridgebots, Smart Sneakers & Data Protection

Presentation Files How Protected Is Your Enterprise?

How Protected Is Your Enterprise?

When it comes to your data centre assets, protection and compliance monitoring is simply a must have. In today’s world, your security efforts need to protect your physical, virtual and cloud environments. This session will provide insight into challenges and importance of protection while exploring why simply relying on antivirus alone just isn't enough. The next generation of threats is coming - do you have next generation protection?

Presentation Files How Protected Is Your Enterprise?

Presentation Files Accountability Framework Training Program

Accountability Framework – Key Concepts for Practical Implementation

Accountability is the first principle underlying all privacy laws, and the Commissioners have said that in their investigations and audits, they will be looking at the whole organization – expecting to find evidence of a privacy management program that is implemented and operational. This session outlines the key concepts required to put the Accountability Framework into everyday practice. It will help delegates gain more insight so that they can begin to recognize the barriers to implementing an accountable privacy management program.

Presentation Files Accountability Framework Training Program

Presentation Files Business Driven Identity Management at ICBC

Business Driven Identity Management at ICBC

A Case study of IAM at ICBC- The presentation will provide both a business view and a technical understanding of the challenges faced and the lessons learned during the last several years planning, designing and implementing an identity management platform. The case study will talk about ICBC's experience with Oracle Identity and Access Management 11g and their strategic consulting partner Simeio Solutions.

Presentation Files Business Driven Identity Management at ICBC

Friday, February 7, 2014

Presentation Files The Transparency Effect

The Transparency Effect

Big Data. Privacy breaches. Surveillance. As a society, we cannot meaningfully engage on any of these topics without transparency. A transparency approach gives citizens and civil society groups the information they need to make informed decisions and contribute to the public policy debate. Transparency also has the added benefit of holding decision-makers to account for past and present choices. Transparency is particularly important as we explore the role of big data in the public sector, and the future of mass internet surveillance by national security agencies both inside and outside Canada. This presentation will describe how a transparency approach can address these and other issues in privacy and security.

Presentation Files The Transparency Effect

Presentation Files Security – It’s an ecosystem thing...

Ecosystem Security: What You Fail to Consider Could Harm You

In the days of the mainframe we thought about the security of the system. As we moved to client server we thought about the security of the organization. Next we expanded our thinking to include partners and customers. This eventually culminated in our current need to consider the security of the overall ecosystem. How do you define, understand and evaluate the elements of that ecosystem? How do you blend tools, policies and strategies both alone and in combination with the other parties in your value chains? How you address risks across all of these systems will be a measure of your success in securing your enterprise. While you may not be able to completely address all risks, you have no chance of mitigating those you don't consider.

Presentation Files Security – It’s an ecosystem thing...


Cybersecurity and the Digital Economy

The 2002 OECD Guidelines for the Security of Information Systems and Networks provide a set of high level principles for security in an open and interconnected environment. Currently under review to ensure their continued applicability to today's digital economy, this presentation will outline key themes and new concepts emerging from the review. The OECD has an important role to play in cybersecurity by contributing economic and social perspectives to the global dialogue.


Presentation Files Dumping DRM: Why Security Researchers Should Be Resisting “Digital Content Locks”

Digital Rights Management

Digital rights management technologies promise to inhibit copyright infringement. This panel will discuss the benefits and costs of DRM, its legal context, and consider whether it is time to abandon DRM in favor of alternative business models and strategies

Title Sponsor

Platinum Sponsors

Gold Sponsors

Conference Sponsors & Exhibitors