Held in Victoria, British Columbia, Canada this conference is a must attend for those working in the privacy and security fields. Presented by the Office of the CIO, Government of British Columbia, this two-day conference, is recognized as one of the top tier events in North America. Anyone working in the information privacy and security fields will benefit from the speakers, discussions and networking at the conference. Attendees are from every level both within government and private industry. The conference draws an international audience of some 1,000 delegates with an interest in cutting edge policy, programs, law, research and technologies aimed at the protection of privacy and security.
On-line registration is open, make sure you register early before spaces sell out!
Reasons to Attend
- Get face-to-face dialogue with international industry experts who have successfully implemented best practices solutions
- Learn about current trends, issues and actions
- Obtain your annual Continuing Professional Development credits
- Discover new methods and products that can lower expenses and increase revenues
- Take the pulse of what is happening for tools, technologies, and processes
- Get Immediate answers and solutions to issues current in your organization
after December 15, 2013
|Public Sector||$695.00 CAD
|Private Sector||$925.00 CAD
Registration Fees Include
- 2 plated lunches
- All coffee breaks
- All keynotes, plenaries, panel sessions and business breakouts
- Pre-conference workshops
- Access to exhibit hall
- Conference bag
- Conference materials
- On-line access to presentations post-event
The Victoria Conference Centre
Click on the date of the agenda you would like to view
Wednesday, February 5, 2014
• Presentation Files Privacy and Access in British Columbia
Privacy and Access in British Columbia: BC’s Freedom of Information and Protection of Privacy Act
This workshop will provide a high level overview of BC’s Freedom of Information and Protection of Privacy Act (FOIPPA). Presenters will discuss privacy which will include the authorities for public bodies to collect, use and disclose personal information and retention and security requirements. Participants will also hear about access to information, specifically, Open Information, DataBC and freedom of information rights, processes and exemptions.
This session, taken in conjunction with the afternoon privacy breach session will provide public body employees with a strong toolset to approach privacy within their respective areas. If you are interested in learning more about BC’s FOIPPA, how it impacts the work you do, and the tools available to help you, this session is for you.
Presentation Files Privacy and Access in British Columbia
9:00-12:00 • Esquimalt Room
Crowdsourcing Security Strategy for the BC Public Service
Security incidents of recent months remind us that in the cyber world no one is immune. With adversaries ranging from nation-states to hacktivists, hanging onto a legacy security strategy will make you a sitting duck. Winn will examine critical trends in cyber security, future attack vectors, and challenge the audience with candid realities. Faced with an exponentially increasing attack surface, what strategy will you employ to mitigate future risk?
Come prepared to contribute in this townhall style format where everyone has a voice. Participants will have an opportunity to share their insights and experience with fellow industry professionals. If you want to play a role in shaping security strategy for the BC Public Service then attend this session.
9:00-12:00 • Oak Bay Room
Information Protection in 3 Dimensions
Typical information protection of PII, IP, and national security information is independently managed with access control, transport, and storage security systems. This session will describe a new approach to persistently protecting information with preventative and detective controls in three interconnected dimensions:
1 - restricting access to a repository,
2 - content-centric security though document encryption outside the repository,
3 - continuous monitoring of all authorized and unauthorized access inside and outside the repository. Attend this session to understand how through using rights management and analytics technologies combined, all three interconnected dimensions can provide complete protection and monitoring of the information lifecycle as content is authored, stored, and distributed.
9:00-12:00 • Theatre Room
Gone in 60 Milliseconds: Mobile devices, free WiFi and your data.
Smart phones and tablets broadcast information that anyone can use to discover where you live, where you work and the places you go. Free WiFi networks allow attackers to take control of your mobile device and laptop to access your private data and infiltrate your organization.This workshop presents a series of live demonstrations showing exactly how this is done and how easy it is. We show in real time what information the broadcasts your mobile devices send 24/7 reveal about you, and how attackers use fake WiFi access points and man-in-the-middle attacks to capture passwords, subvert VPNs, and install malicious software.The root causes of these dangers are explored, and we present solutions, both simple and complex, to safeguard your data, your privacy and your identity.
1:00-4:00 • Saanich Room
Privacy Breaches Policies and Processes: best practices and lessons learned
This workshop will provide an overview of best practices and the steps to take in response to an actual or suspected privacy breach. The session will focus on incident coordination, investigation, containment, evaluation of harm and prevention and will highlight the Government of British Columbia’s process for responding to privacy breaches.
1:00-4:00 • Theatre
Sharing in the age of big data - practical and proven techniques for managing your risk
Public and private sector organizations collect vast amounts of personal information. Innovative policy, services and products can be based on the analysis of this data. However, privacy and confidentiality concerns have made some organizations reluctant to take advantage of such large scale analytics, and of linking data sets to create a more detailed longitudinal view of their customers or patients. In addition to regulations that limit the use and disclosure of personal information, there are legitimate concerns about potential data leaks, compelled disclosures, and litigation from breaches or “surprising” uses. To safely realize the benefits of data, a proactive approach is required to assess and manage risk. In this workshop we will describe a complete framework for assessing and managing the privacy risks of using and sharing personal information for secondary purposes. This includes how data should be anonymized and dealing with the risks from stigmatizing analytics. We will also describe how to incorporate this approach into your organization’s existing information governance, security, privacy and risk management frameworks.
1:00-4:00 • Oak Bay Room
Totally Disclosed - Keeping Pace with Access Requests
The Freedom of Information and Protection of Privacy Act (FOIPPA) just celebrated its 20th year!! A lot has changed since 1993 and within the last 5 years the provincial government has seen an unprecedented rise in volume and complexity of FOI requests received. This workshop will provide an overview of the various initiatives and work completed by the Information Access Operations Office (IAO) in responding to FOI requests. The workshop is being presented by IAO, as leaders of FOI Access to Information services on behalf of the ministries.
1:00-4:00 • Sidney Room
In today's data rich, hyper-networked society the sheer diversity and volume of data sharing not only poses real-world risks in terms of privacy and security, but it also raises significant ethical and legal challenges that need to be addressed if our apparent race to “connect” is to prove both sustainable and beneficial in the long-term. This workshop embraces fundamental principles of ethics and applies them to a world of information uncertainty and in-security in order to set a solid foundation to guide professionals as they navigate the digital storm.
1:00-4:00 • Colwood Room
Protecting Against Phishing, Identity Theft and Fraud
Phishing is a scam designed to trick people into disclosing their personal or financial information for the purpose of financial fraud or identity theft. Identity Theft occurs when someone uses someone else’s personal information, without their knowledge or consent, to commit a crime such as fraud, theft or forgery. The Canadian Anti-Fraud Centre reported Fraud and Identity Theft dollar losses for 2012 at just over 16 million dollars. Plan to participate in this workshop where the need for technical controls and user education in corporate environments will be discussed.
Thursday, February 6, 2014
• Presentation Files Security and Privacy
Security and Privacy, A Balancing Act
Today’s data driven, mobility focused environment is driving dramatic change in the user experience. Unfortunately, with these new capabilities come new security challenges, the response to which creates a careful balancing act between security and privacy. The discussion will focus on how the security landscape has changed and how security professionals are trying to both protect their enterprises as well as the privacy rights of its employees and customers.
Presentation Files Security and Privacy
• Presentation Files Data, Data Everywhere – The Need for Big Privacy in a World of Big Data
Data, Data Everywhere – The Need for Big Privacy in a World of Surveillance and Big Data
The revelations of Edward Snowden regarding the NSA have created a firestorm of controversy, bringing into question our very right to privacy. The absence of transparency and accountability by government intelligence agencies makes these revelations all the more troubling. This has prompted companies such as Google, Microsoft, Facebook, Twitter, Apple, AOL, LinkedIn and Yahoo to form a coalition called, Reform Government Surveillance, to demand that governments address the practices and laws regulating the government surveillance of law-abiding citizens. What is Canada doing?
We also have the massive growth of Big Data to contend with – how will this impact our privacy? The positive-sum framework of Privacy by Design is ideally suited to address this issue since it enables the operation of multiple functionalities. But the response to Big Data will need to be equally “Big” in scope – so enter Big Privacy! Come hear Commissioner Cavoukian explain how Big Privacy could lead to a doubly-enabling, win-win proposition.
Presentation Files Data, Data Everywhere – The Need for Big Privacy in a World of Big Data
• Presentation Files Broken Trust
Broken Trust: (How Quickly) Can The Damage to Our Internet Be Repaired?Broken Trust: (How Quickly) Can The Damage to Our Internet Be Repaired?
Companies of all sizes are losing billions in revenues; growth rates for sectors like cloud-based SaaS solutions and network devices have been stunted; encryption standards are difficult to trust. The altruism of every innovative organization is now regarded with suspicion. The online activities of governments are assumed to be evil.
The Internet has lost its lustre. Our relationship with the medium is no longer filled with wonder and anticipation. The Internet itself will survive, but what will it take - and how long will it take? In this presentation security author and consultant Claudiu Popa will outline the steps necessary to rebuild the trust, the effort required and estimated duration for 'remediation'.
A discussion of the positive and negative aspects will identify the numerous reasons for businesses and government agencies to get in on the opportunities as early as possible and realize not only financial gains but significant competitive differentiators and build a loyal following. Trust - not cryptocurrencies - is the real gold of the digital economy, and there's about to be a mad rush for this scarce, raw material.
Presentation Files Broken Trust
• Presentation Files Big Data: trends and governance
Privacy vs Progress: Governance and Use of Big Data
The evolving IT landscape introduces many new risks into our corporate environment. Carlos will review the top issues and risks that keep him up at night and present a number of methodologies and processes that have proven successful at managing the privacy and integrity of TELUS’ critical systems and data.
Presentation Files Big Data: trends and governance
• Presentation Files Big Data Needs Big Privacy!
Harnessing the Power of Big Data and Predictive Analytics Can we have it all?
The industrial world is undergoing a seismic shift in productivity and efficiency as machines become increasingly intelligent. The result will create an Industrial Internet that will have the same effects as the consumer internet. Predictive analysis gives insight in real time “software eating the world” requiring more companies and government to make strategic decisions on their willingness to invest in technology and take risks to capture the increasing value chain. A key element of success will be to strike a balance between security and liberty, enabling the digital information amassed to become liquid. A demand for law and policies to protect privacy and intellectual property while adopting standards for speeding the flow of big data across country borders.
Presentation Files Big Data Needs Big Privacy!
• Presentation Files Where is the true value in Security and how do you make it deliver Privacy?
Where is the true value in Security and how do you make it deliver Privacy?
More and more organizations are being asked to do more security for a small budget. At the same time the threats are becoming more complex and the cost of achieving due diligence continues to increase. This talk will discuss what you need to do to show value in security and how you use that security to deliver privacy requirements.
Presentation Files Where is the true value in Security and how do you make it deliver Privacy?
• Presentation Files Using IT Asset Management Solutions as Investigative Tools
Using IT Asset Management Solutions as Investigative Tools
Most organizations have procedures in place to safeguard data in the event a mobile device is lost or stolen or if an employee is suspected of suspicious behaviour. However, these typical processes often fail to take advantage of the investigative data that may be available from an organization’s IT asset management tools. This presentation will share how organizations can access this data for more in-depth investigations into an event that may be suspicious and help determine whether or not a breach or threat truly exists.
Presentation Files Using IT Asset Management Solutions as Investigative Tools
• Presentation Files The Internet of Everything: Fridgebots, Smart Sneakers & Data Protection
The Internet of Everything: Fridgebots, Smart Sneakers & Data Protection
What is the ‘Internet of Things’ and can we define it today? Internet of Things, Cyber-Physical Systems, Internet of Everything, Industrial Internet - whatever you call it, it’s the idea that physical devices are in some way connected to the internet and interact with one another with little to no human interaction. No longer science fiction, the number of physical devices connected to the internet is growing rapidly by the day and there are no signs of slowing down. However, with endless possibilities come great concerns. What are the privacy and security implications related to the data being shared? How will it affect individuals, businesses, or the government? And finally, what can we do today to prepare for something that we don’t truly understand? The Internet of Things – are we ready?
Presentation Files The Internet of Everything: Fridgebots, Smart Sneakers & Data Protection
• Presentation Files How Protected Is Your Enterprise?
How Protected Is Your Enterprise?
When it comes to your data centre assets, protection and compliance monitoring is simply a must have. In today’s world, your security efforts need to protect your physical, virtual and cloud environments. This session will provide insight into challenges and importance of protection while exploring why simply relying on antivirus alone just isn't enough. The next generation of threats is coming - do you have next generation protection?
Presentation Files How Protected Is Your Enterprise?
• Presentation Files ￼Accountability Framework Training Program
Accountability Framework – Key Concepts for Practical Implementation
Accountability is the first principle underlying all privacy laws, and the Commissioners have said that in their investigations and audits, they will be looking at the whole organization – expecting to find evidence of a privacy management program that is implemented and operational. This session outlines the key concepts required to put the Accountability Framework into everyday practice. It will help delegates gain more insight so that they can begin to recognize the barriers to implementing an accountable privacy management program.
Presentation Files ￼Accountability Framework Training Program
• Presentation Files Business Driven Identity Management at ICBC
Business Driven Identity Management at ICBC
A Case study of IAM at ICBC- The presentation will provide both a business view and a technical understanding of the challenges faced and the lessons learned during the last several years planning, designing and implementing an identity management platform. The case study will talk about ICBC's experience with Oracle Identity and Access Management 11g and their strategic consulting partner Simeio Solutions.
Presentation Files Business Driven Identity Management at ICBC
Friday, February 7, 2014
• Presentation Files The Transparency Effect
The Transparency Effect
Big Data. Privacy breaches. Surveillance. As a society, we cannot meaningfully engage on any of these topics without transparency. A transparency approach gives citizens and civil society groups the information they need to make informed decisions and contribute to the public policy debate. Transparency also has the added benefit of holding decision-makers to account for past and present choices. Transparency is particularly important as we explore the role of big data in the public sector, and the future of mass internet surveillance by national security agencies both inside and outside Canada. This presentation will describe how a transparency approach can address these and other issues in privacy and security.
Presentation Files The Transparency Effect
• Presentation Files Security – It’s an ecosystem thing...
Ecosystem Security: What You Fail to Consider Could Harm You
In the days of the mainframe we thought about the security of the system. As we moved to client server we thought about the security of the organization. Next we expanded our thinking to include partners and customers. This eventually culminated in our current need to consider the security of the overall ecosystem. How do you define, understand and evaluate the elements of that ecosystem? How do you blend tools, policies and strategies both alone and in combination with the other parties in your value chains? How you address risks across all of these systems will be a measure of your success in securing your enterprise. While you may not be able to completely address all risks, you have no chance of mitigating those you don't consider.
Presentation Files Security – It’s an ecosystem thing...
• Presentation Files REVIEW OF THE OECD SECURITY GUIDELINES
Cybersecurity and the Digital Economy
The 2002 OECD Guidelines for the Security of Information Systems and Networks provide a set of high level principles for security in an open and interconnected environment. Currently under review to ensure their continued applicability to today's digital economy, this presentation will outline key themes and new concepts emerging from the review. The OECD has an important role to play in cybersecurity by contributing economic and social perspectives to the global dialogue.
Presentation Files REVIEW OF THE OECD SECURITY GUIDELINES
• Presentation Files Dumping DRM: Why Security Researchers Should Be Resisting “Digital Content Locks”
Digital Rights Management
Digital rights management technologies promise to inhibit copyright infringement. This panel will discuss the benefits and costs of DRM, its legal context, and consider whether it is time to abandon DRM in favor of alternative business models and strategies
The 15th Annual Privacy and Security Conference is proudly sponsored by the following companies.