16th Annual Privacy and Security Conference Data @ Large: The Real World of Data, Privacy and Security Feb 11-13, 2015, Victoria, BC

General Information

Held in Victoria, British Columbia, Canada this conference is a must attend for those working in the privacy and security fields. Presented by the Office of the CIO, Government of British Columbia, this two-day conference, is recognized as one of the top tier events in North America. Anyone working in the information privacy and security fields will benefit from the speakers, discussions and networking at the conference. Attendees are from every level both within government and private industry. The conference draws an international audience of some 1,000 delegates with an interest in cutting edge policy, programs, law, research and technologies aimed at the protection of privacy and security.

Reasons to Attend

  • Get face-to-face dialogue with international industry experts who have successfully implemented best practices solutions
  • Learn about current trends, issues and actions
  • Obtain your annual Continuing Professional Development credits
  • Discover new methods and products that can lower expenses and increase revenues
  • Take the pulse of what is happening for tools, technologies, and processes
  • Get Immediate answers and solutions to issues current in your organization

Conference Rates

Regular registration
after December 15, 2014
Public Sector $725.00 CAD
(plus GST)
Private Sector $925.00 CAD
(plus GST)

Registration Fees Include

  • 2 plated lunches
  • All coffee breaks
  • All keynotes, plenaries, panel sessions and business breakouts
  • Pre-conference workshops
  • Access to exhibit hall
  • Conference bag
  • Conference materials
  • On-line access to presentations post-event

The Victoria Conference Centre

There’s nowhere in the world like Victoria. It’s small yet sophisticated; a technology leader and an historic capital city; a vibrant business community yet surrounded by nature. At its heart is the Victoria Conference Centre – an exceptional experience for delegates and world-class support for planners.

Victoria Conference Centre
720 Douglas Street,
Victoria, BC
V8W 3M7

Keynote Speakers

General Dick Berlijn

Senior Board Advisor, Deloitte; Retired Royal Netherlands Air Force four-star general

Christian Byrnes

Managing Vice President, Gartner

René Hamel

Director for the Forensics and E-Discovery Group, TELUS Security Solutions

Aran Hamilton

President and Co-Founder, Vantage Analytics; President, DIACC

Dr. Gus Hosein

Executive Director, Privacy International

John Proctor

Vice President, Global Cyber Security, CGI

Jim Reavis

CEO, Cloud Security Alliance

David Richards

Vice President, Director of Operations, DIACC

Marc Saltzman

Freelance Journalist and Broadcaster, Technology Expert

John Stewart

Senior Vice President, Chief Security and Trust Officer, Cisco Systems

Christopher Surdak, JD

Global Subject Matter Expert, Information Governance, Analytics and eDiscovery, HP Software

Chief Clive Weighill

President, Canadian Association of Chiefs of Police

Tim Wu

Internet Advocate; Professor, Columbia Law School; Author, The Master Switch

Paola Zeni

Director of Global Privacy, Ethics and Compliance, Symantec Corporation


Faiz Abdulla

CEO, PaySavvy

Bram Abramson

Chief Legal and Regulatory Officer, TekSavvy Solutions Inc.

Joe Alhadeff

Vice President Global Public Policy and Chief Privacy Strategist, Oracle Corporation

Steve Anderson

Founder and Executive Director of OpenMedia.ca

Spiros Angelopoulos

Enterprise Architect, Security, Oracle

Abha Apte

Research Analyst, IE Market Research Corp.

Arash Asli

CEO, Yocale

Nizar Assanie

Vice President of Research and COO, IE Market Research Corp.

Kerry Augustine

Regional Director, Manitoba, CIPS; President and Co-Chair, Canadian Cyber Defence Challenge

Robin Bayley

President, Linden Consulting Inc.

Dr. Colin J. Bennett

Professor, Department of Political Science, University of Victoria

Gerry Bliss

Information Risk Management Advisor and Adjunct Professor, University of Victoria

Christian Byrnes

Managing Vice President, Gartner

Kevin Chan

Head of Public Policy, Facebook Canada

George Chow

Chief Technology Officer, Simba Technologies

Rob Clyde

Vice President, ISACA International

Ben de Bont

Chief Security Officer, HP Cloud Services, Hewlett-Packard

Ahmed Etman

General Manager, Cyber Security, Cisco Systems Canada

Geoff Fawkes

Chief Executive Officer, Vancosys Data Security Inc.

Phil Fodchuk

Partner - Enterprise Risk Services, Deloitte

Michael Garvin

Senior Manager, Product Management, Symantec

George Gilka

Senior Security Consultant, CGI

Christopher Gillespie

Privacy Advisor and Investigator, Privacy and Legislation Branch, Ministry of Technology, Innovation and Citizens' Services, Province of B.C.

Aran Hamilton

President and Co-Founder, Vantage Analytics; President, DIACC

Jane Hamilton

Senior Policy Advisor, Innovation, Science and Economic Development Canada

Mari Heiser

Senior Technical Staff Member, IBM Cloud, SoftLayer

Charles Herring

Consulting Security Architect, Lancope

Bette-Jo Hughes

Associate Deputy Minister and Government Chief Information Officer, Ministry of Technology, Innovation and Citizens' Services, Province of British Columbia

John Jacobson

Deputy Minister, Ministry of Technology, Innovation and Citizens’ Services, Province of British Columbia

David Karp

Vice President Technical Marketing, Digital Guardian

Ellen Koskinen-Dodgson

President, TMC IT and Telecom Consulting Inc.

Steve Ladurantaye

Head of News & Government Partnerships, Twitter Canada

Don Laursen

Senior Product Manager, F5 Networks

Caitlin Lemiski

A/ Adjudicator, Office of the Information and Privacy Commissioner for B.C.

Dr. Avner Levin

Director, Privacy & Cyber Crime Institute, Ryerson University

Kathryn Loewen

Founder & CEO, Control

Charmaine Lowe

Executive Director, Information Stewardship Policy Branch, Ministry of Technology, Innovation and Citizens’ Services, Province of British Columbia

Boris Mann

Founder and Managing Partner, Full Stack

Michael McEvoy

Deputy Commissioner, Office of the Information & Privacy Commissioner for BC

Colin McKay

Head of Public Policy & Government Relations, Canada, Google

Carolina Moura

Legal Consultant, Faculdade de Direito da Universidade Nova de Lisboa

Kharis O’Connell

Head of Product, Archiact

Michael O’Shaughnessy

Senior Communication Advisor, Social Media Team, Department of Foreign Affairs, Trade and Development

Eileen Padgett

A/Director of Operational Privacy, Privacy and Legislation Branch, Office of the Chief Information Officer, Ministry of Technology, Innovation and Citizens' Services

David Padgett

Senior Auditor, Privacy, Compliance and Training Branch, Ministry of Citizens' Services, Province of British Columbia

Dr. Christopher Parsons

Managing Director, Telecom Transparency Project, University of Toronto

Gary Perkins

Executive Director, Chief Information Security Officer, Ministry of Citizens' Services, Province of BC

Bernd Petak

Consultant, Bernd Petak Consulting

Richard Purcell

CEO, Corporate Privacy Group

Peter Reid

Privacy Officer, HP Business Groups & Global Functions, Hewlett-Packard Company

Michael Roncon

Director Security Services, Western Canada, CGI

Asif Savvas

Associate Partner, Simeio Solutions

Valerie Silva

Senior Advisor, PIPEDA Investigations, OPC

Robert Stroud

President, ISACA International

Alan Swain

VP of Technology and Operations, Wavefront

Troy Taillefer

Senior Policy Analyst, Office of the Information and Privacy Commissioner for B.C.

Dr. Paul Terry

President and CEO, PHEMI

Kirsten Thompson

Lawyer, McCarthy Tetrault

Jane Thornthwaite

MLA, North Vancouver-Seymour

oline Twiss

Policy Analyst, Office of the Information and Privacy Commissioner for B.C.

Micheal Vonn

Policy Director, BC Civil Liberties Association

John D. Waddell, Q.C.

Lawyer, Mediator and Arbitrator, Waddell Raponi

Mark Weinstein

Founder & CEO, MeWe

Bradley Weldon

Senior Policy Analyst, Office of the Information and Privacy Commissioner for B.C.

Norman Wilhelm

Associate, Toddington International Inc.

Alex Wright

Sr. Director, Government Records Service, Ministry of Technology, Innovation and Citizens’ Services
Print Agenda

*Invited Speaker

Click on the date of the agenda you would like to view. Please note the timezone listed on the agenda.

Wednesday, February 11, 2015


Registration Desk Opens

9:00-12:00 Saanich Room Presentation Files Norman Wilhelm Facebook Handout Google Handout

BC Ministry of Technology, Innovation and Citizens’ Services – Information Security Branch presents: Conducting Online Investigations

This half day workshop will provide an overview of the techniques and tools used to uncover evidentiary material on the Internet for investigations. The workshop will cover utilization of various search engines, social media sites, the deep web, and the dark web.

Presentation Files Norman Wilhelm Facebook Handout Google Handout

9:00-12:00 Theatre

BC Ministry of Technology, Innovation and Citizens’ Services – Information Security Branch presents: Creating a Safe Online Environment for the Plugged in Youth Generation

With the Internet, generation Z has more of a social playground available than ever before. Unlike the school yard of old, the bullies, lunch money extortionists and other like hazards can have much farther reaching impacts. This educational session is for anyone interested in working with, and creating, young, smart, ethical and social media aware participants. Educators & School Administration, parents, counsellors, students and anyone working with or interested in creating a safer online environment will benefit by attending.

9:00-12:00 Oak Bay II Room

BC Ministry of Technology, Innovation and Citizens’ Services – Privacy and Legislation Branch presents: Privacy Tools

This educational session is targeted to those that develop, or manage the development of privacy impact assessments. This interactive session will provide practical knowledge with respect to how to best address and assess privacy implications in programs and projects of all sizes. Participants will learn how to become more effective and efficient in using the standard suite of privacy tools with a focus on the privacy impact assessments, but also including information sharing agreements, research agreements and privacy protection schedules.

9:00-12:00 Oak Bay I Room

BC Ministry of Technology, Innovation and Citizens’ Services – Information Security Branch presents: Policy Primer: IM/IT Policies: What you need to know!

Have you ever wondered if it’s ok to use your mobile device for personal use? Have you ever wondered if it’s ok to store work data in the cloud? This session will focus on key areas of information protection policies commonly needed in the day-to-day work life of a civil servant.

9:00 – 12:00 Esquimalt Room

Office of the Privacy Commissioner of B.C. presents: Employee Privacy --- Checked at the Office Door?

In today’s workplace, employers have access to a growing number of tools and technologies to evaluate and monitor their employees. These tools are used during the hiring process (reference checks, social media checks, police information checks) as well as after (surveillance, keystroke logging, geo-location data, driving habits). But employees don’t check their privacy rights at the office door. Monitoring could reveal an employee stealing company secrets, but it could also reveal a pending divorce, a person’s sexual orientation, or other sensitive personal information. Who gets to know what, and when? And where should employers draw the line? In this workshop, offered by the Office of the Information and Privacy Commissioner of BC, we’ll take a look at what the law says, what the real world does, and how to make sure you and your organization make the right choices to stay compliant with privacy laws.

1:00-4:00 Oak Bay I Room Presentation Files Incident Response Session

BC Ministry of Technology, Innovation and Citizens’ Services – Information Security Branch presents: Incident Response in a Hostile Environment

Recent cyber-attacks on retail, IT, healthcare, financial institutions, and government remind us that no-one is immune. Today's assaults are more sophisticated, targeted, and persistent, contributing to a threat landscape that is more complex than ever. With finite resources, organizations must be vigilant to avoid common pitfalls. Preparation and planning in advance is vital to dealing effectively with cyber-attacks and mitigating harmful effects that include reputational damage, business disruption, and/or financial loss. Knowing what you're going to do before a problem occurs will give you the confidence that you can recover from an incident when it happens. Attend this session to understand what capabilities you need to have in place to respond to challenges that arise.

Presentation Files Incident Response Session

1:00-4:00 Theatre

BC Ministry of Technology, Innovation and Citizens’ Services – Information Security Branch presents: Remaining Social in a Social Media Generation

Canada leads the world in having the highest social media network penetration with 82%, compared to 75% of Americans, with 99% of all Canadian students having access to the Internet outside of school. Today's generation uses the Internet for homework research, talking with friends, updating social networking pages, playing games, and more, so it's easy to see how one might lose track of time. Excessive Internet use, however, can negatively affect young people's school work, health and social lives. It's reported that 40% of today's youth sleep with their phones. This session will examine the social and psychological changes in new generations from being constantly plugged-in, discuss the concerns associated with constant internet use and the possible future intricacies and ramifications of remaining social in an online world.

1:00-4:00 Esquimalt Room

BC Ministry of Technology, Innovation and Citizens’ Services – Government Records Services - Information Access Operations Branch presents: Managing and Providing Access to Government Records in the Digital Age

Government’s records and information landscape has been changing. No longer are most government records held in file rooms and managed in hard copy, but are electronic and scattered in diverse locations; including e-mail, LAN drives, databases, records management applications and personal file spaces. We have expanded from simply printing and filing to managing electronic records. A digital record carries metadata and can be changed easily as it is being developed by many individuals providing input. We are now in the age of immediate information with the ability to access records 24/7. With Open Information, and Freedom of Information legislation, citizens expect to be able to obtain records quickly and are increasingly intolerant of poor governance.

This workshop will explore and discuss the work being completed in records management, access to information and open information, to ensure we meet the expectations of the public. We have a new generation of staff entering the workforce who want to use new tools and have the right information at the right time. For this reason, we need to preserve and safeguard information while providing the right access in the time expected. Through this new landscape we need to ensure that high and low value records are managed accordingly, minding the needs of privacy and security. Join us as we take you on the journey through the Electronic Records Road Map.

1:00-4:00 Oak Bay II Room

BC Ministry of Technology, Innovation and Citizens’ Services – Privacy and Legislation Branch presents: Privacy Management Programs and Audits

A privacy management program is a framework of policies, procedures and practices, that taken together promote and enhance a culture of privacy in all organizations; big or small, public sector or private. Developing a privacy management program for your organization will help build trustful relationships with clients, employees, stakeholders and regulators through accountable and appropriate handling of personal information. Participants in this interactive session will learn how to build the central pillars of a robust privacy management program, and a model for auditing your organization’s compliance with it.

1:00-4:00 Colwood Room Presentation Files Rob Clyde

ISACA presents: Dealing with a Cyber Future that is Already Here

The velocity of technological change in cyber space is unlike any time before. While we are yet figuring out security for recent technologies like social media, mobile, Big Data and the Cloud, newer technologies such as the internet of things are already staring us in the face… The future seems to have already happened. Moreover, data breaches and cyber attacks from dedicated adversaries are accelerating. Are we agile enough to take on today’s cyber security challenge and make a difference? How can I start or enhance a career in cyber security? Hear practical advice from a long-time security professional and how ISACA’s CSX can help.

Presentation Files Rob Clyde

1:00 – 4:00 Saanich Room

Ethics Session: Ethics in a World of Information Uncertainty and Insecurity

In today's data rich, hyper-networked society the sheer diversity and volume of data sharing not only poses real-world risks in terms of privacy and security, but it also raises significant ethical and legal challenges that need to be addressed if our apparent race to “connect” is to prove both sustainable and beneficial in the long-term. This workshop embraces fundamental principles of ethics and applies them to a world of information uncertainty and insecurity in order to set a solid foundation to guide professionals as they navigate the digital storm.

1:00 – 3:00 Sidney Room

Canadian Cyber Defence Challenge presents: Cyber Security Education: An Imperative for Canada’s Future

Canada is moving to address a national problem: inadequate supplies of the talent needed to secure Canadian businesses’ competitiveness as well as the country’s overall prosperity. One area that is starting to receive a great deal of attention is cyber security. Our daily life, economic vitality, and national security depend on a stable, safe, and resilient cyberspace. Cyber security experts and leaders agree that the ability to use technology safely and securely is becoming a fundamental life skill in the 21st Century. This is the focal point for the Canadian Cyber Defence Challenge (CDC) – essentially making sure young people adopt safe and secure online practices from an early age in order to strengthen the cybersecurity posture of our nation. This presentation provides an overview of how the Canadian Cyber Defence Challenge Program plays a strategic role in realizing this commitment. Based on the efforts of a group of dedicated IT security professionals and volunteers, the CDC has taken a bold step forward in working with government, industry, and education to ensure systems vital to Canadian security, economic prosperity and quality of life are protected.

Thursday, February 12, 2015

7:00 Upper & Lower Foyers

Registration & Networking Lounge Open

8:00-8:10 Salon AB

Call to Conference

8:10-8:20 Salon AB

Welcome Remarks

8:20-9:00 Salon AB

Session1 - Keynote Speaker - Net Neutrality, Privacy & Security -- A Misunderstood Relationship?

With recent developments in Canada, the United States, and Europe, Net Neutrality has become a focal point for debates about the future of the Internet and everyone who does business on it. However, the implications of Net Neutrality rules and policies for the privacy and security world may be just as important. Join Tim Wu, Professor at Columbia University and former US government official, who coined the phrase Net Neutrality, to learn what's next.

9:00-9:40 Salon AB

Session 2 - Keynote Speaker - We Aren't Ready For the Future

The future is supposed to be promising. Boundless innovation is supposed to bring fortune and intelligence. But it's going to be a mess. That won’t be just because we can’t build privacy into the future. More importantly it will be because we have still so much wrong now with our approaches to technology, law, and politics. In this talk Gus will draw together developments in the internet of things, smart cities, and struggles over metadata to highlight where we are failing today and how we may fall tomorrow.

9:40-10:00 Upper & Lower Foyers

Morning Break & Book Signing

10:00-10:40 Salon AB

Session 3 - Concurrent Keynote Speaker - CSI in the Digital Age

Today, data is everywhere. That means your organization is at risk to security breaches, everywhere. It also means that if you find your organization having to deal with statutory compliance issues, corporate espionage, human resources matters or complex litigations, you will need to know where the data is, where it has been, who has had access to it and how it has been modified.

With years of experience with civil and criminal investigations, Rene Hamel will explain how a Digital Forensics investigator can find relevant digital evidence within massive stores of electronic documents in a Big Data environment. Everything from the:

• collection of active, archival and forensic data
• recovery of deleted, damaged and sometimes fragments of files
• extraction of records from cellphones, iPads, and other mobile devices
• extraction of metadata to assist digital investigations
• adherence to a proper “chain of custody” process in the context of electronic documents
• usage of a proper authentication process for electronic evidence during the collection and preservation processes

10:00-10:40 Theatre

Session 3 - Concurrent Keynote Speaker - Cybersecurity: Where Do We Go From Here?

General (retd.) Dick Berlijn will address the topic of cyber security from a nontechnical perspective. He rather approaches the issue from a societal viewpoint, emphasizes the value of our digital environment for current societies, talks about the evolving threat landscape, gives his opinion on what needs to be done and focusses on what this should mean for leaders in the different organizations.

10:45-12:00 Salon AB Presentation Files Nizar Assanie Peter Reid

Session 4 - Panel A: Big Data Analytics - Montetizing Big Data

The exploding volume, complexity, diversity and velocity of big data have forced the public and private sector to re-evaluate their entire analytic portfolio. Big data and analytics have come together. There’s big data for massive amounts of detailed information and there’s advanced analytics which is a collection of different tools including predictive analysis, data mining, statistics, artificial intelligence, and natural language processing. Big data analytics is the hottest new practice in business intelligence today. What are the opportunities, challenges and issues related to the promise of these new technologies and their impact on the public sector?

Presentation Files Nizar Assanie Peter Reid

10:45 – 12:00 Theatre

Session 4 - Panel B: Social Media & Digital Diplomacy

Social media is promising new opportunities across a broad spectrum of public services. As the Internet and its ubiquitous applications extend globally, an increasing number of governments and their public service agencies are embracing social media as one of the major mechanisms to interact with the public. Social media provides a new wave of Web-based applications and channels for citizens to share constructive ideas and opinions and play active roles in various areas in the public sector. At the same time, social media helps government organizations and elected officials of different government levels to actively listen to citizens and constantly monitor their existing services as well as develop new initiatives. Effective integration of Web 2.0 technologies and applications into existing Internet infrastructure adds visibility and accountability in the public sector and enhances services to citizens. This panel will discuss the value of social media to the public sector as well as discuss the potential issues of conflict, privacy and security.

Video link: https://www.youtube.com/channel/UCIVMBvs03h74NSdQMH31jKA

10:45 - 12:00 Salon C Presentation Files Faiz Abdulla Bernd Petak

Session 4 - Panel C: The Future of Digital Payments and Currency

New currencies in the digital economy including Bitcoin, crowdfunding, loyalty points and Amazon coins, are competing with traditional sources of currency. The future of untraceable digital currencies will create government scrutiny and challenge the trust of every day citizens. Will we open ourselves up to new forms of payment, or play it safe with more conventional ones?

Presentation Files Faiz Abdulla Bernd Petak

12:05-1:10 Salon AB Presentation Files John Proctor

Luncheon Keynote Address - What Do You Do When it Goes Wrong?

Prevention by itself is no longer sufficient, it has become essential to develop organizational capabilities to effectively detect and respond to malicious behavior. When the ‘cyber fire’ breaks out, you need to have ‘cyber smoke’ alarms to detect it, a plan to respond to it and fully understand who your cyber fire brigade is and what they need to do.

Presentation Files John Proctor

12:05-1:10 Crystal Ballroom

Luncheon Keynote Address - The DIACC: Building the Foundation of Canada's Digital Economy

Canada’s economic future depends on developing a secure and convenient system for digitally validating an individual's identity using reliable sources, while placing the individual in control of what personal and/or private information is shared. The DIACC will discuss what Canada is doing to achieve this goal.

1:15-1:55 Salon AB Presentation Files Paola Zeni

Session 5 - Keynote Speaker - Data @ Large: The Journey of a Privacy Professional from Compliance to Governance

Technology, an ever changing regulatory landscape, along with key global trends have pushed privacy professionals more and more from compliance to data governance and data stewardship, causing an enhanced need for security and privacy. Join Paola Zeni to share the story of a journey from privacy policies to privacy-by-design, through big data, internet of things, large data breaches, and mobility.

Presentation Files Paola Zeni

2:00-2:30 Salon AB

Session 6 - Applied Session: Cybersecurity, Is Your Head in the Sand or Are You Ready For Action?

The recent well publicized attacks, including Sony have awakened us all to the fact that cyber threats are targeting us all whether government, enterprises and even individuals!  Why now?  Why has the evolution and nature of these attacks accelerated and should we simply apply more traditional security and risk approaches or is this totally new phenomena require a dramatic change in approach?
Robert will share key aspects of the changing nature of advanced persistent threats and discuss innovative methods for professionals to arm themselves against the changing threat landscape.

2:00-2:30 Sidney

Session 6 - Applied Session: Is Privacy Legislation Really Broken?

At a privacy legislation anniversary event last year, legislation authors expressed dismay at the degree to which these laws have been misunderstood and misapplied. Before that meeting and since, Canadian privacy commissioners have gone on record urging the revision of our privacy laws.So what’s the issue? This session touches on the ethical underpinnings of privacy legislation, considers what the architects were thinking when they drafted the legislation, and provides examples of just how far we have strayed from those original concepts. It explores the factors influencing legislation misinterpretation and it offers opinion on how compliant we are with the original goals of privacy legislation while addressing the impact of these gaps on our information environment today.

2:00-2:30 Theatre

Session 6 - Applied Session: Hybrid Cloud Security

Security is a critical concern for cloud providers and consumers alike. With increasingly complex infrastructure combined with ever more sophisticated cyber-attacks, consistent policies, governance and data protection is a continual challenge in a cloud environment. Join Ben de Bont, HP Cloud’s Chief Security Officer (CSO), for a fast-paced discussion on what cloud users need to consider in order to protect their organizations data from attack in a hybrid-cloud world. Ben will evaluate threat actor motives and skill-sets, and the importance of transparency into security practices, backed by real-world case studies on how HP Cloud addresses these important security challenges.

2:00-2:30 Salon C

Session 6 - Applied Session: The Adversary’s Footsteps – Understanding Cyber Criminal Motives and Techniques to Improve Cyber Security

Why am I or my organization a target? How do hackers attack networks and systems? What can we do to detect or prevent a breach? Sun Tzu wrote “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” Symantec’s Michael Garvin will lead attendees through a hacker’s motives and methods to understand how knowing the adversary can help improve cyber security.

2:00-2:30 Saanich

Session 6 - Applied Session: SSL/ TLS and Encryption Everywhere

This session will cover some of the major trends in SSL/TLS and how these trends will force a re-thinking on how we design our Security Solutions and Applications against a “Zero Trust” paradigm and what it means in 2015 and beyond.

Areas covered: IETF TLS 1.3, HTTP 2.0, SSL 3.0 and recent vulnerabilities, RSA and Forward Secrecy, ECC and debate over which curves (NIST/NSA Suite B, Curve25519) Key and Certificate Management at scale, 2K certificates to 2M certificates and the Internet of Everything (IoE). Certifications and Standards: FIPS 140-2, ISO/IEC 19790, SP-800-90 RNGs.

2:00-2:30 Colwood

Session 6 - Applied Session: Network Functions Virtualization – Challenges and Opportunities in Securing an NFV System

In her role as an analyst at IE Market Research (IEMR), Abha has conducted extensive research in the area of NFV through in-depth analysis and insights obtained from a wide range of Tier 1 / 2 CSPs and NFV solution vendors. This session will discuss the current perceptions toward (and techniques being developed for) managing privacy and security in an NFV ecosystem.

2:00-2:30 Oak Bay II

Session 6 - Applied Session: Gone in 60 Seconds: An Insecure Database is an Easy Target

As the City of Medicine Hat discovered, automated attacks are more common than you would expect. According to leading industry reports, 98% of breached data originates from database servers and nearly half are compromised in less than a minute! Almost all victims are not even aware of a breach until a third party notifies them and nearly all breaches could have been avoided through the use of basic controls.

There’s no turning back the clock on stolen data, but you can put in place controls to ensure your organization won’t be the next headline by securing data at the source. Join us to understand data security risks, threats and vulnerabilities and how you can address them with basic controls including:

• Detecting and blocking SQL injection attacks, privilege escalation, and threats,
• Easily analyzing and auditing event data and take action in a timely fashion,
• Controlling and analyzing access by database privileged user credentials and
• Using production data freely in nonproduction environments without violating data privacy regulations or risking a sensitive data leak.

Hear how the City of Medicine Hat protects the SQL Server data of its Gas and Electrical On-line Billing system with limited resources and no impact on performance.

2:00-2:30 Oak Bay I Presentation Files Michael Roncon

Session 6 - Applied Session: Cyber Innovations: Co-Sourcing Secure Outcomes

How do you identify a partner who can help you do more security with less money? Co-Sourcing Enterprise Security is a realistic approach, which government and private sector organisations can use in order to meet today’s ever-growing security challenges and growing costs.

When security outsourcing isn’t a feasible option, and in-sourcing presents a whole array of challenges including talent acquisition, training costs and retention of resources, Governments are now looking to Co-Sourcing as a way to ‘Do more with Less’.

The Co-Source approach offers options to partner with a credible security services partner that provides Governments global expertise, best of breed technology and reduced operating costs…Secure Outcomes is the Deliverable.

Presentation Files Michael Roncon

2:00-2:30 Esquimalt

Session 6 - Applied Session: It’s About the Data, Stupid

Ask yourself this: If you could only protect one thing, what would it be? Chances are, it’s your data. It’s the target of hackers and malicious insiders—and it needs to be at the center of your security team’s approach. While an IT Security Pro’s world is noisy, we need to put on our noise cancelling headphones and blinders to start with what is most important in our organizations… the data.

2:30-2:50 Upper & Lower Foyers

Afternoon Break (Sponsored by Adobe)

2:50-4:05 Salon AB

Session 7 - Panel A: Cyber Security May Be the Most Crucial Element to the Growth of Every Industry in the 21st Century

The Center for Strategic and International Studies (CSIS) estimates that Cyber Security is a $400 Billion problem that is getting worse each year. As more businesses move online to buy, sell and connect with customers personal data theft affects millions of people each year.

2:50-4:05 Theatre

Session 7 - Panel B: Drones: The Next Futuristic Technology

The drone industry is growing at a rapid pace. Aerospace research company Teal Group has estimated that sales of military and civilian drones will total over $89 billion in the next 10 years. The possible fields of application for UAVs are unlimited.

No doubt, drone usage will bring different benefits but also raise numerous implications under security and privacy perspectives. Amazon is just one of numerous companies that will use unmanned aerial vehicles for civilian purposes. The US Federal Aviation Administration (FAA) has approved their use for police and government agencies, issuing about 1,400 permits over the past several years, and it will authorize civilian air space use by 2015. The situation is quite similar in Europe, where the use of drones for civilian use is expected to start by 2016.

The principal risks are represented by the possibility that groups of criminals and cyber terrorists could hack unmanned aerial vehicles, with intent of harming the population. Drones could be attacked for several purposes, and hackers could be intentioned to interfere with the services they provide and could abuse them for cyber espionage or could hijack them for sabotage.

Privacy and civil liberties advocates have raised many doubts about the legitimacy of facial recognition cameras, thermal imaging cameras, open Wi-Fi sniffers, license plate scanners and other sensors.

2:50-4:05 Salon C Presentation Files George Gilka

Session 7 - Panel C: “The E-Tail Revolution”: How the Consumer-Driven Digital Economy is Changing the Way We Shop

The online retail industry has exploded over the past several years, revolutionalizing the concept of shopping, and pushing customer experience to the forefront. While these changes present a variety of opportunities, they are not without their challenges. From online privacy and security issues, to shipping difficulties and a loss of traditional contact with customers, retail companies are being forced to learn about the world of “digital natives” and how they prefer to do business in order to survive online

Presentation Files George Gilka

4:10-4:50 Salon AB Presentation Files John Stewart

Session 8 - Keynote Speaker - Tipping the Balance of Power Towards Cyber Security Defenders

We live in a world today defined by massive expansion of Internet-connected devices, increasingly dangerous and widespread threats, and business and technical change on many fronts. Recent trends and breaches reported in the media consistently provide stark reminders that more needs be done to achieve better IT security. All of this has driven the topic of Cyber Security as a key issue in boardrooms and for top leaders around the globe. Cisco Systems’ SVP and Chief Security and Trust Officer, John N. Stewart, will discuss the challenges of attaining effective, sustainable IT security. Stewart will advocate that security professionals need to achieve higher levels of trust with their customers, while striving for a state of information superiority over their adversaries. He will also pose that a methodical convergence of trust, partnerships, technologies, processes, and people can change the balance of power towards cyber security defenders.

Presentation Files John Stewart

5:00-6:00 Upper Foyer

Networking Reception

Friday, February 13, 2015

7:30am Upper & Lower Foyers

Registration & Networking Lounge Open

7:55-8:00 Salon AB

Administrative Announcements

8:00-8:10 Salon AB

Opening Introductions

8:10-8:35 Salon AB Presentation Files Joe Alhadeff

Opening Address - Policy in Context: A Recipe for Informed Decision Making

Today's digital economy and information society are ever more global and complex including a variety of actors across supply chains, transactions and social interactions. As organizations create internal governance policies for themselves, their partners, suppliers and users; as governments create public policies for agencies, businesses, citizens and consumers of government services and as individuals consider how to treat each other and the organizations they interact with, it becomes clear that one size cannot fit all. Within this online ecosystem are myriad subsystems and interactions which operate in context rich environments and which need to be informed by the nuances of their applicable context. In this talk we will highlight the interaction between policies, processes and technology in appropriately addressing the context. The analysis of this interaction will take into account the use of Big Data to better understand the data in context as well as how a comprehensive governance program can address concerns related to privacy and security which might arise from a more complete view of data and the inferences that may be drawn from it.

Presentation Files Joe Alhadeff

8:35-9:15 Salon AB

Session 9 - Keynote Speaker - Tech It Out: The Future is Nigh

If you thought today’s tech was cool, to quote ‘70s rockers Bachman-Turner Overdrive, “baby you ain’t seen nuthin’ yet.” This lighthearted yet informative chat focuses on 10 mind-blowing near future technologies worth getting excited about – but also acknowledging potential security and privacy risks. From the wearables revolution and virtual reality (VR) headsets to self-driving cars and space tourism to domestic robots and the smart home, this video-heavy chat would serve as an entertaining peek into the near future of consumer technology.

9:15-9:55 Salon AB

Session 10 – Keynote Speaker - Privacy and Markets: A Love Story

Ask an economist about privacy and chances are he will tell you how it will harm the market. Too much privacy hampers efficiency by hiding important information. Ask a privacy scholar about markets and she is just as likely to be skeptical. We sacrifice our privacy on the altar of markets and market thinking. Are privacy and markets really so opposed? This talk explores the surprising symbiosis between markets and privacy and what that symbiosis means for law and policy. The claim is not that more privacy always makes markets more efficient or that markets necessarily yield privacy. Rather, the very market mechanism assumes and relies upon the existence of privacy, while simultaneously allowing privacy to achieve its ultimate ends.

9:55-10:15 Upper & Lower Foyers

Morning Break

10:15-10:55 Salon AB Presentation Files Jim Reavis

Session 11 - Keynote Speaker - Building Trust in Global Cloud Computing Systems

Hear Jim provide his perspective on enterprise lessons learned and current trends in cloud computing. Jim will discuss the future of how trust is achieved on a global basis between consumers and providers of cloud services. Jim will highlight the value of cloud transparency and the importance of CSA's Security, Trust & Assurance Registry (STAR) program in building customer trust.

Presentation Files Jim Reavis

11:00-12:15 Salon AB

Session 12 - Panel A: Heads in the Cloud: Facing the Challenges of Current Computing Models

As the digital economy moves rapidly toward centralized cloud services and storage, cross-border issues become increasingly important. Cloud computing companies are now offering these services outside their home markets. What are the policy and legal challenges associated with cross-border cloud computing, data privacy, security, and ensuring the free flow of information? These issues continue to create havoc in today’s global economy.

11:00-12:15 Theatre Presentation Files Nik Badminton Carolina Moura

Session 12 - Panel B: Wearable Devices are Going Mainstream: Are Consumers Poised for a Privacy Nightmare?

ABI Research estimates the global market for wearables in health and fitness alone could reach 170 million devices by 2017. Big-time technology players have taken the hint and are making a big leap into the world of wearable tech. Wearable technology has moved beyond product concepts to actual consumer products. However, building hardware for the wearables market is only the first challenge. Companies are challenged to create differentiated experiences, products that work, and useful technologies people will incorporate into their daily lives. We will discuss the marriage between hardware and software, how companies will take on the challenge to improve consumers lives and in the end, build something that consumers will adopt. Canada’s Privacy Commissioner recently warned that information collected by sensors within Internet-connected objects like wearable tech “can yield a tremendous amount of data that can be combined, analyzed and acted upon without adequate transparency, accountability or meaningful consent.

Presentation Files Nik Badminton Carolina Moura

11:00-12:15 Salon C

Session 12 - Panel C: The Internet of Things

The Internet of Things (IoT) represents transformative 21st century technology that promises to revolutionize homes, cars, healthcare, education and society in general. The IoT presents both the opportunity and challenge of protecting privacy and security while encouraging innovation and creative new services. Whether we call it the Smarter Planet, the Internet of Everything or the Industrial Internet, the IoT is about innovation and the future of the Internet ecosystem itself. This panel will discuss a positive policy framework that supports trust and confidence.

12:15-1:25 Salon AB

Luncheon Keynote Address - Sharing Information With the Police and Privacy Protection Issues Are Not Worlds Apart

There is legitimate concern regarding information sharing with the police. Let’s dig a little deeper into the issue and see if the concern is perceived or real.

12:15-1:25 Crystal Ballroom Presentation Files Christian Byrnes

Luncheon Keynote Address - The Next Wave: Disruptive Technology and Security

For the last four years Gartner has been telling the world about the impact that the “Nexus of Forces” will have on business and government. In 2014 we were able to see the results of that impact. One of the most disruptive, and risky, changes is being called the Internet of Things. The security implications, when combined with shifts in the threat environment need rapid attention by all IT using organizations and with clear leadership by security practitioners. This presentation is the call to action along with best practices for surviving the onslaught.

Presentation Files Christian Byrnes

1:30 - 2:00 Salon AB Presentation Files Bernd Petak

Session 13 - Applied Session: Understanding Bitcoin - The Two Simple Ideas Behind Crypto-Technology

Crypto-technology, and especially Bitcoin are everywhere these days. The world is more and more divided into those that “get” this technology and those that don’t. Many explanations of how this stuff works are steeped in quasi-political buzzwords and complicated tech-speak that sometimes even the presenter doesn’t truly understand. The reality is that there are two core ideas behind crypto-technology that are essential to “getting” it. This talk will present those two core ideas in terms anyone can absorb. No degree in Computer Science or Math is required. You’ll leave with a fundamental understanding of what makes Bitcoin and smart contracts work, and be much more ready to answer your own questions about what these innovations can and can’t do.

Presentation Files Bernd Petak

1:30 - 2:00 Salon C

Session 13 - Applied Session: Digital Security: A Global Economic Approach

As Chair of the OECD Working Party responsible for digital security, Jane will describe the final steps of work underway to update the OECD Security Guidelines. Building on two decades of experience in this area, this work places a new emphasis on achieving the full economic and social potential of the global digital environment. The session will describe how the multi-stakeholder approach to this work involving business and industry, civil society and the technical community is ensuring a balanced approach.

1:30 - 2:00 Saanich

Session 13 - Applied Session: People Power & Anonymity: A Perspective on Living in 2015

With the revelations of the NSA and the rise of huge social and utility-based consumer platforms we are seeing the world becoming more aware and demanding a choice on privacy and data control. This a session will look at this situation and will discuss:
- How people are becoming more concerned about privacy and use of data
- Modern surveillance techniques that affect everyone
- How surveillance and choosing anonymity online will equalize the game
- ...and how to work ethically (and fairly) with people-based data

1:30 - 2:00 Theatre

Session 13 - Applied Session: What They Don’t Know Could Cost You: Right to Information Laws and the Value of Transparency Reports

Canadians’ enjoy a right to access the information held about them by commercial enterprises; such requests can be extremely expensive to respond to depending on the breadth of the individual's request. After providing examples of how corporate responses do, and do not, satisfy customers I explain how transparency reports can satiate customers’ interest in a company’s data handling practices. Such reports provide condensed explanations of corporate data handling practices and, in addition to satiating customer concerns, can help businesses understand their own information collection, use, disclosure, and deletion practices. I conclude by discussing some best practices for developing transparency reports and the processes that companies can engage in to improve their reports over time.

1:30 - 2:00 Esquimalt

Session 13 - Applied Session: The Risks of Body-Worn Cameras

Following several high-profile fatal shootings calls for police officers to wear cameras and record their interactions with the public, in the name of police accountability and transparency, have increased. In the US almost 150,000 people signed a petition to that effect. This session will discuss the privacy risks of such a massive deployment of body-worn cameras and how, if at all, these risks can be managed.

1:30 - 2:00 Colwood

Applied Session - How to be a Privacy Complainer (or deal with one)

In this session, the speaker outlines her extensive history making complaints directly to organizations under Canadian privacy laws (as required before complaining to a commissioner). She describes her experiences, frustrations, successes, failures and tips for complainers, as well as the common deficiencies in organizations’ responses and lessons for organizations designing their complaints processes.

1:30 - 2:00 Oak Bay I

Applied Session - Preventing, Preparing for and Responding to Your Next Breach

Sony. Target. Montana Department of Health and Public Services. eBay. JP Morgan Chase.

Breaches happen. They’re a daily fact of business that many organizations would like to avoid, but sooner or later, reality will catch up and you’ll need to deal with the inevitable. This session will provide you concrete tips and advice on how to:

• Prevent those breaches which are preventable. Build the operational processes and systems necessary to identify your surface area of vulnerability, minimize them and ensure you are secure.
• Prepare for the breach before it occurs. Understand the necessary steps to developing a good incident response plan, complete fire drills, and ensure the tools are in place to support your response.
• Respond to the breach rapidly, effectively and completely to minimize damage and return to normal operations as quickly as possible.

You can’t always stop the breach from happening, but you can ensure when it does, the impact to your organization is minimized and you have the resiliency to get back to normal rapidly.

1:30 - 2:00 Oak Bay II

Applied Session - Data, Data, Who Has the Data?

This session will explore and discuss privacy and security concerns in cloud. Do you know where your data will reside? How do you approach the many compliance requirements facing organizations today?

2:00-2:15 Upper & Lower Foyers

Afternoon Break (Sponsored by Adobe)

2:15-3:30 Salon AB

Session 14 - Panel A: Online Privacy Rights

Recent revelations of wide-spread Internet surveillance by police across much of the world have caused alarm among academic and others concerned about lack of information around the extent to which governments snoop on citizens. Canadian telecommunications companies collectively receive an average of 1.2 million requests for information a year. Authorities routinely ask for and are given information about individual customers, typically IP addresses and phone numbers, and in some cases contents of email conversations. The Supreme Court ruled warrants are required for online records to protect countless law-biding Citizens from being spied on by government.

2:15 – 3:30 Theatre

Session 14 - Panel B: Public Sector Adoption of Cloud

With promises of cost savings, increased availability, and agile service delivery cloud is an attractive option for any organization. Public sector has demonstrated interest in realizing these benefits and others such as reduced need for technology refresh cycles. However, survey data suggests that cloud computing adoption is lower in government than in the private sector. Is this due to more stringent security and privacy requirements? How do citizens feel about data being in the cloud? What steps can we take to mitigate any real or perceived risks? Join this panel session for what is sure to be a lively debate on government agencies and the use of cloud services.

2:15 – 3:30 Salon C

Session 14 - Panel C: Mobile Privacy & Security

Security and privacy has become increasingly important in mobile computing. It is of particular concern as it relates to the security of personal and business information now stored on smart phones.  Mobile security will total around $2.5 Billion Dollars by the end of 2015.

Mobile communications collects all kinds of personal information including photos, contact information, browser history, financial information, location data and now mobile payment options to many of our suppliers. We share this information with carriers, data analytics companies, governments, data resellers, social networks and advertising networks. 

Smart phones as communications tools are causing profound changes in the organization of information systems and therefore they have become the source of new risks. How do we manage these risks in the proliferation of mobile devices?

3:35-4:15 Salon AB Presentation Files Chris Surdak

Session 15 - Closing Keynote Speaker - Predictive Analytics, Privacy and You: Creeping Up on Creepy

Predictive analytics is a branch of Big Data where massive quantities of end-user data is mined in order to predict their future behaviour. The state of the art in this technology has advanced to the point where organizations can not only predict what people will do, their behaviours can actually be shaped or changed. Companies like Amazon, Google and Facebook are using these techniques to deliver to people exactly what they want, exactly when they want it.

While predictive analytics can generate extremely happy customers, there’s also a dark side to their use. To be effective, they require the use of vast quantities of behavioural data, which may reveal more of our psyche than we might want others to have access to. Indeed, organizations will be challenged to walk the razor’s edge between customer intimacy and creepiness.

In this session award-winning author and HP technology evangelist Christopher Surdak will discuss what organizations are doing with predictive analytics, how it’s being used to drive customer behaviour and what legal and regulatory responses may be coming in order to address the privacy concerns that technologies bring to bear.

Presentation Files Chris Surdak

4:15-4:25 Salon AB

Closing Remarks

4:25-4:30 Salon AB

Closing Announcements

Title Sponsor

Platinum Sponsors

Gold Sponsors

Event Partners

Conference Sponsors & Exhibitors

Media Partner

The Fairmont Empress

If you need to make accommodation arrangements, the Fairmont Empress is offering a special conference rate of $125/night for Corporate reservations and $100/night for Government reservations. Please note that this room block ends January 16, 2015.

Please contact the hotel directly at (250) 384-8111 to book a room or book online using the following links:

Government Reservations – https://resweb.passkey.com/go/pscgov
Corporate Reservations – https://resweb.passkey.com/go/pscc2015

Fairmont Empress
721 Government Street
Victoria, BC
V8W 1W5


Harbour Air Flight Discounts

Flying in from Vancouver or Seattle for the conference? Arrive in style in Victoria’s Inner Harbour with Harbour Air.  Subject to availability, attendees will receive 20% discount on their regular fares for confirmed travel to and from Victoria between February 10 and 15, 2015. Please note that all rates are subject to tax and fees. This offer cannot be combined with any other offers or promotions or be paid by Airbucks or TurboBucks. In order to receive this special discounted rate, attendees must contact the Reservation Department directly by phone at 1.800.665.0212 or by e-mail at reservation@harbourair.com and quote the promotional code PriSec15. Also be advised that you will need to provide a copy of  your registration to the conference upon check-in.

All schedules and location information can be accessed through their website at www.harbourair.com.


YYJ Airport Shuttle

If you are needing transportation from the Victoria International Airport to Downtown Victoria why not consider using the YYJ Airport Shuttle.

When booking the shuttle if you mention “Reboot Communications” you will receive a special discounted rate of $22.50* for a one way trip or $35.20* for a round trip.

For more information please visit their website at www.yyjairportshuttle.com or call them at 1-855-351-4995.

*Prices include all applicable taxes