19th Annual Privacy and Security Conference Security & Privacy: A Global Evolution Feb. 7-9, 2018, Victoria, BC

General Information

Held in Victoria, British Columbia, Canada this conference is a must attend for those working on the transformation of the public and private sectors into the 4th generation digital economy. Presented by the Office of the CIO, Ministry of Citizens’ Services, Province of British Columbia, this three-day conference, is recognized as one of the top tier events in North America. Anyone working in the information privacy and security fields will benefit from the speakers, discussions and networking at the conference. Attendees are from every level both within government and private industry. The conference draws an international audience of some 1,000 delegates with an interest in cutting edge policy, programs, law, research and technologies aimed at the protection of privacy and security.

It is with great admiration that we dedicate the 19th Annual Privacy & Security Conference to Joseph Alhadeff’s memory.  Joseph Alhadeff, a wonderful man and brilliant privacy expert who worked for Oracle, passed away in May 2017 at the age of 57.  Many of you will remember Joe as he has graced the stages of the Privacy & Security Conference for almost all of its past 18 years.  We invite you to celebrate his life with us during the conference. Join subject matter experts and close friends of Joe’s at the panel session “What Would Joe Do?” as they reminisce about his career and discuss his outlooks on today’s pressing privacy and security issues.

Reasons to Attend

  • Timely, motivational presentations from leading industry experts
  • Learn about current trends, issues and actions
  • Valuable CPD credits to maintain a variety of qualifications essential for your career
  • Unparalled networking opportunities
  • Informative 3-hour pre-conference educational sessions and 1.5-hour technical panel sessions
  • Get immediate answers and solutions to issues current in your organization

Conference Rates*

Early Bird registration
by December 15, 2017
Regular registration
after December 15, 2017
Public Sector $675.00 CAD
(plus GST)
$795.00 CAD
(plus GST)
Private Sector $795.00 CAD
(plus GST)
$950.00 CAD
(plus GST)

*We are pleased to offer our Alumni program, providing a special rate to past attendees.  Delegates who have attended this conference before will receive the special price of $595 when they register on or before September 29th.  Please contact us for the promo code if you did not receive it by email.

Registration Fees Include

  • 2 plated lunches
  • All coffee breaks
  • All keynotes, plenaries, panel sessions and applied sessions
  • Pre-conference educational sessions
  • Access to networking lounges
  • Networking reception Thursday evening
  • Conference notebook
  • Conference materials
  • On-line access to presentations post-event

Victoria Conference Centre

There’s nowhere in the world like Victoria. It’s small yet sophisticated; a technology leader and an historic capital city; a vibrant business community yet surrounded by nature. At its heart is the Victoria Conference Centre – an exceptional experience for delegates and world-class support for planners.

Victoria Conference Centre
720 Douglas Street,
Victoria, BC
V8W 3M7

Keynote Speakers

Kevin Albano

Global Lead, Threat Intelligence, IBM X-Force IRIS

Ray Boisvert

Provincial Security Advisor, Government of Ontario

Jeffery Butler

Author and Millennial Expert

Elizabeth Denham

Information Commissioner, UK Information Commissioner’s Office

Mark Fernandes

Global Leader, Cyber Innovation and Strategy, Deloitte

Jonathan Fox

Director, Privacy Engineering and Strategy and Planning, Chief Privacy Office, Cisco

Directeur Mario Harel

President of Canadian Association of Chiefs of Police (CACP)

Preston Hogue

Senior Director of Security Marketing, F5 Networks

Chris Inglis

Former Deputy Director, NSA

Jill Kot

Deputy Minister, Ministry of Citizens’ Services, Province of BC

Alex Loffler

Principal Technology Architect, TELUS

CJ Ritchie

Government Chief Information Officer, Ministry of Citizens’ Services, Province of BC

Marc Rotenberg

President, Electronic Privacy Information Center (EPIC)

Mark Ryland

Director, Security, Amazon Web Services

John Scott

CEO, 2Keys Corporation

Honourable Jinny Sims

Minister, Ministry of Citizens’ Services, Province of BC

Richard Thieme

Author and Futurist

John Weigelt

National Technology Officer, Microsoft Canada

Speakers

Emmanuel Abiodun

Architect (VP), Oracle

Martin Abrams

Executive Director and Chief Strategist, Information Accountability Foundation

Dana Adams

Director, Security Services, TELUS

Kevin Albano

Global Lead, Threat Intelligence, IBM X-Force IRIS

Polly Allen

Director of Product Management, Research Metrics, Elsevier

James Argue

Network Security Architect, Ministry of Citizens' Services, Province of BC

Alan Arslan

Privacy Advisor, Privacy, Compliance and Training, Province of BC

Nik Badminton

Futurist

Ian Bailey

Assistant Deputy Minister and Chief Information Officer, Ministry of Attorney General, Province of British Columbia

Rhianna Begley

A/Director, Strategic Privacy, Privacy, Compliance and Training Branch, Ministry of Citizens' Services, Province of BC

Dr. Colin J. Bennett

Professor, Department of Political Science, University of Victoria

Ray Boisvert

Provincial Security Advisor, Government of Ontario

David Bryan

Global Leader of Technology, IBM X-Force Red (@videoman)

Dave Bullas

Senior Technical Specialist, SailPoint

Jeffery Butler

Author and Millennial Expert

Dan Caprio

Co-Founder and Chairman, The Providence Group

Dan Carayiannis

RSA Archer Public Sector Director, RSA

Natalie Cartwright

Co-Founder and COO, Finn.ai

Clarence Chio

Artificial Intelligence & Security Specialist

Jill Clayton

Information and Privacy Commissioner, Office of the Information and Privacy Commissioner for Alberta

Andrew Clement

Professor Emeritus; Co-Founder, Identity Privacy and Security Institute (IPSI), University of Toronto

Chris Cochrane

National SE Director, Canada, CyberArk

Don Costello

Director, Security, Privacy & Compliance Management, Ministry of Social Development and Poverty Reduction, Province of BC

Daniel Crowley

Research Baron, IBM X-Force Red

Stephen Curran

Principal, Cloud Compass Computing, Inc.

Elizabeth Denham

Information Commissioner, UK Information Commissioner’s Office

John Desborough

Director, Consulting & Technology Services, MNP

Ian Donaldson

Acting Assistant Deputy Minister, Ministry of Citizens’ Services, Province of BC

Dr. Khaled El Emam

CEO and Founder, Privacy Analytics

Dean Evans

Data Security and Protection Expert, IBM

Joel Fairbairn

Executive Director, Strategic Policy and Legislation Branch, Ministry of Citizens’ Services, Province of BC

Paul Falohun

Senior Security Analyst, Ministry of Citizens’ Services, Province of BC

Geoff Fawkes

Chief Executive Officer, Vancosys Data Security Inc.

Mark Fernandes

Global Leader, Cyber Innovation and Strategy, Deloitte

Joanna Fletcher

Blockchain Evangelist; Cultural Auditor, Top of the Crop

Quinn Fletcher

Senior Privacy and Policy Advisor, Privacy, Compliance and Training, Province of BC

Jonathan Fox

Director, Privacy Engineering and Strategy and Planning, Chief Privacy Office, Cisco

Celeste Fralick

Senior Principal Engineer & Chief Data Scientist, McAfee

Dr. Robert Fraser

President and CEO, Molecular You

Stephen Gordon

Executive Director and Cloud Strategy Lead, Ministry of Citizens’ Services, Province of BC

Joe Gordon

Sales Engineer, LogRhythm

Robin Gould-Soil

Chief Privacy Officer, HSBC Canada

Peter Guest

Public Sector Technical Leader, IBM

Willian Guilherme

Senior Sales Engineer, Proofpoint

Jane Hamilton

Senior Policy Advisor, Innovation, Science and Economic Development Canada

Directeur Mario Harel

President of Canadian Association of Chiefs of Police (CACP)

Sonny Hashmi

Managing Director, Global Government, Box

John Hewie

National Security Officer, Microsoft Canada

Dustin Heywood

Senior Managing Consultant, IBM X-Force Red (@evilmog)

Preston Hogue

Senior Director of Security Marketing, F5 Networks

Sophia Howse

Executive Director, Provincial Identity Management Program, Ministry of Citizens’ Services, Province of BC

Fuad Iddrisu

Executive Director & CISO, Government of Saskatchewan

Chris Inglis

Former Deputy Director, NSA

Sorana Ionescu

Acting Vice President, Information and Technology Services, IESO

Ryan Jepson

Acting Inspector, Calgary Police Service

Michelle Johnson Cobb

Chief Marketing Officer, Skybox Security

John Jordan

Executive Director, Services Strategy, Province of BC

Handol Kim

General Manager, Quadrant Business Unit, D-Wave Systems

Kevin Kim

Privacy Manager, First Nations Health Authority

Danielle Kingsbury

Chief of Staff, Baron Hunter Group; Founder and President, CyberSecPsych

Dr. Douglas Kingsford

Chief Medical Information Officer and Executive Medical Director, Interior Health

Jill Kot

Deputy Minister, Ministry of Citizens’ Services, Province of BC

Martin Kratz

Partner, Bennett Jones LLP

Dawn Lake

Corporate Director, Information Access & Privacy, BC Clinical and Support Services

Dan Lathigee

Senior Project Manager, Ministry of Citizens’ Services, Province of BC

Dr. Victoria Lemieux

Associate Professor, University of British Columbia

Caitlin Lemiski

Senior Policy Analyst, Office of the Information and Privacy Commissioner for B.C

Tom Levasseur

Owner and IT Security Specialist, HackingAway.org

Sarah Jamie Lewis

Anonymity & Privacy Researcher

Alex Loffler

Principal Technology Architect, TELUS

Holly Longstaff

Research Privacy Advisor, Provincial Health Services Authority

Dr. Catalina Lopez-Correa

Vice President, Sector Development and CSO, Genome BC

David Loukidelis

David Loukidelis Privacy & Access Consulting Services; former BC Information and Privacy Commissioner

Sarah Lyons

Chief Operating Officer, Privacy Analytics

David Majetic

Sr. Solution Engineer, Box

Justin Malczewski

Regional Manager, Security Solutions, Cisco Systems

Erwin Malzer

Vice Chair, BC Clinical and Support Services

Derek Manky

Global Security Strategist, Fortinet

Will Martin

Director of Global Solutions Engineering, Symantec Canada

Dave Masson

Country Manager, Darktrace

Drew McArthur

Acting Information and Privacy Commissioner for British Columbia

Tim McCreight

President, Risk Rebels

Dr. Kimberlyn McGrail

Scientific Director, Population Data BC; Associate Professor, UBC School of Population and Public Health

Rene McIver

Chief Security Officer, SecureKey Technologies Inc.

Nathan McKay

Security Solutions Marketing Manager, F5 Networks

Terry McQuay

President and Founder, Nymity Inc.

Rory Paap

Principal Solution Engineer, Box

David Padgett

Senior Auditor, Privacy, Compliance and Training Branch, Ministry of Citizens' Services, Province of British Columbia

Eugene Parks

Chief Executive Officer, Biometric Creations

Gary Perkins

Executive Director, Chief Information Security Officer, Ministry of Citizens' Services, Province of BC

Richard Purcell

CEO, Corporate Privacy Group

Matt Reed

Acting Executive Director, Privacy, Compliance and Training, Province of BC

Courtney Remekie

Senior Solutions Consultant, Adobe Systems Canada

CJ Ritchie

Government Chief Information Officer, Ministry of Citizens’ Services, Province of BC

Kurt Roemer

Chief Security Strategist, Citrix

Holly Romanow

Senior Advisor, Privacy, Compliance and Training, Province of BC

Dr. Jamie Ross

Partner, Deloitte Canada

Marc Rotenberg

President, Electronic Privacy Information Center (EPIC)

Mark Ryland

Director, Security, Amazon Web Services

Adrian Sakundiak

Senior Strategic Advisor & Management Consultant, 20/20 Management Consulting

Mark Sangster

Vice President and Industry Security Strategist, eSentire

Kent Schramm

Director Cyber Risk, Deloitte Canada

Winn Schwartau

Security Theortician and Author; Founder, The Security Awareness Company

John Scott

CEO, 2Keys Corporation

Honourable Jinny Sims

Minister, Ministry of Citizens’ Services, Province of BC

David Skillicorn

Professor, School of Computing, Queen’s University

Anna Slomovic

Former Chief Privacy Officer, Equifax; Lead Research Scientist, Cyber Security Policy & Research Institute, George Washington University

Sarah Speevak

Legal Counsel, Office of the Privacy Commissioner of Canada

Jennifer Stoddart

Former Privacy Commissioner of Canada

Robin Syme

Executive Director, CanAssist

Richard Thieme

Author and Futurist

Jackson Thomas

Senior Manager, Cloud Platform Solution Consulting, Oracle

Jeannette Van Den Bulk

Executive Director, Policy and Legislation, Ministry of Jobs, Trade and Technology, Province of BC

Mark Van Hollebeke

Director of Privacy, Microsoft

Dominic Vogel

Chief Security Strategist, Cyber.SC

Howard Waldner

Dean of the School of Health and Public Safety, SAIT; Former President & CEO, Island Health

John Weigelt

National Technology Officer, Microsoft Canada

Bradley Weldon

Acting Deputy Commissioner, Office of the Information and Privacy Commissioner for BC

Phil White

Chief Technology Officer, BC Clinical and Support Services

Teresa Woods

Senior Auditor, Privacy, Compliance and Training Branch, Ministry of Citizens' Services, Province of British Columbia

John Wunderlich

Chief Privacy Officer, JLINC Labs
Print Agenda

*Invited Speaker

Wednesday, February 7, 2018

9:00am-12:00pm Theatre

IBM Presents: PACS & Passwords: Real Life Lessons by IBM's Ethical Hackers

Don’t miss this session based on real life lessons learned. IBM’s Best and Brightest Ethical Hackers from X-Force Red are ready to share the worst of the worst and how to safe guard against it!

Part 1: Physical Access Control Systems: A Double-Edged Sword
Physical Access Control Systems, or PACS, are increasingly common in businesses for a number of reasons. While these systems make it easy to grant or revoke access to physical assets, keep a watchful eye on a building, or keep track of who's visiting a campus, there are also drawbacks. Putting a computer in something means there's a potential for it to be hacked, and centralizing control of something means that an attacker who can compromise the central point of control holds (literally in this case!) the keys to the kingdom.

This lecture will provide an overview of different types of PACS, the advantages and disadvantages to deploying them, previously found vulnerabilities, and what the discovery of more bugs in these systems could mean for the businesses using them.

Part2: Password Cracking for Fun and Profit with EvilMog and VideoMan
Learn the ins and outs of Password Cracking with. We will cover what kind of hardware works well, software, tools, and things that we have uncovered over the years in regards to password hashes. We will also talk about what works to mitigate a lot of these risks, and what to incorporate into your information security program to help reduce the risk of attackers compromising your systems.

9:00am-12:00pm Saanich Room

BC Ministry of Citizens’ Services – Privacy, Compliance and Training Branch presents: How to be a Privacy Officer

Designating a Privacy Officer is a key aspect of any privacy management program, and empowering that Privacy Officer with clear role definition ensures success. But what does it mean to be a Privacy Officer? This workshop will walk through the roles and responsibilities of this type of position and provide tips on how to establish a privacy culture within your organization.

This workshop is useful for those currently in the role who want to sharpen their skills or those who aspire to be future Privacy Officers and want to learn more about the role. We’ll offer some practical tips along with insight into how Privacy Officers fit into an organization’s overall privacy management program.

This session will address topics such as:
• What is a privacy management program
• PIAs, privacy breaches, training and contracts
• Program measurements
• Influencing a positive privacy environment

Join us for an informative discussion on this critical position.

8:30am-12:00pm Oak Bay Room

BC Ministry of Citizens’ Services – Information Security Branch presents: Breach the CyberWall and Win 1st Prize

Be part of the second CyberWall Competition at Victoria’s 2018 Privacy and Security Conference. Expect a fun, challenging, educational and team-building event, designed for people with minimal or entry-level hacking skills.

Teams of 4 will work together to break through cyber defenses, disrupt a virtual company and capture the secrets. Be part of the winning team and take home the coveted 1st prize. Tom Levasseur, veteran cyber breach event organizer and owner of Hackingaway.org, leads each team through the event ensuring an organized, productive and learning experience.

This morning session is less technical, so suitable for people with only basic IT skills. The session lasts 3.5 hours and does not require any previous hacking knowledge! The competition is not an event for people with advanced hacking skills.

Participants play the role of the cyber criminals trying to break into the target organization's IT infrastructure. The target is composed of firewalls, routers, servers and desktops in a complex and realistic but safe environment. By working in teams everyone contributes the skills they have - and learns from each other.

Teams work together to be the first to break through to each stage, gather points, and win the challenge. Then wrap up with time to understand, and learning to defend.

First come first serve, plan to register quickly following registration opening on January 22nd (all registered conference delegates will receive an email on this date with registration instructions). A waiting list will be created in case of over registration.

Participants must bring their own laptop; laptops will not be provided. Participants will be using RDP (Remote Desktop Protocol) software for this event. RDP software is included in all recent versions of MS-Windows, and available for free download from Mac App Store. Participants will connect using a network wire. Your laptop must have a RJ45 connector or a USB-to-Ethernet 10/100 connector.

Upon attending this workshop, participants will be able to:
• Understand how hackers use tools and techniques to exploit vulnerabilities in computer systems;
• Where authorized, use specific tools and techniques to test system security in their organizations;
• Understand how to better protect systems from attack;
• Call on others from the event for advice and help.

9:00am-12:00pm Esquimalt Room Presentation Files James Argue StephenCurran

BC Ministry of Citizens’ Services – Information Security Branch presents: Block This Way: Securing Identities using Blockchain

The Internet was designed to interconnect networks. The original design principles of the Internet, the ability to withstand unreliable communications channels, the ability to operate with large parts of the infrastructure destroyed, to do without centralized control, and without “smart” devices in the core, has clearly worked extremely well.

What the original designers did not forsee is the massive global growth of the Internet which now includes billions of humans, millions of businesses, governments, not-for-profits, and even more devices. Further, the original networks that were interconnected were, by definition, trusted as they were part of the small community developing the technology. As a result, the original designers left out a significant element - they did not include a means to establish trusted channels of communication amongst (the now billions of) users of the Internet. This has led to the situation today where large scale challenges exist - massive data breaches, exponentially increasing numbers of username/passwords per person, and the inability of governments to offer high value services such as passport issuance.

The Internet needs an upgrade. We need a scalable, secure and usable way to exchange data between network users (be they humans, organizations, software, things) that includes proof of integrity and origin.

In this workshop we will explore the combination of technologies which may provide the opportunity to give the Internet this much needed upgrade. This interactive workshop will use practical examples to learn about blockchains that protect identities.

Topics include:
* The Challenge - Identity on the Internet
* Public / private keys, asymmetric, and symmetric cryptography
* Key Management Systems - Historical - Centralized, Self-Managed
* Blockchain, DIDs and Self-Sovereign Identities (SSI)
- Decentralized Key Management Systems
- Implementations: HL-Indy and Sovrin, uPort, etc.
* SSI and Verifiable Claims - Demo
* What’s on the Ledger? Blockchain Browser - Demo, try it yourself
- Create a DID
- Incorporate
- Get a Permit
* Recap and looking forward - where is this going?
- Building Blocks - Crypto, Private/Public Keys
- Key Management - Decentralized
- Managing your own identity - and data
- Login
- Data Sharing
- The Government Role - claims producer - permits and licenses

Presentation Files James Argue StephenCurran

9:00am-12:00pm Sidney Room

Ethics Session: Ethical Decision Making in Research Privacy

This session will explore an approach to privacy grounded in applied ethics principles and concepts. Attendees will have the opportunity to work through a series of real-life case studies in the research domain guided by ethics tools. The goal of this session is to empower attendees to use “all things considered” holistic judgements concerning privacy.

9:00am-12:00pm Colwood Room

BC Ministry of Citizens’ Services – Information Security Branch presents: Practical and Innovative Technologies to Improve Life

The workshop will highlight technologies developed under CanAssist’s CanStayHome initiative and technologies that are being provided to BC’s Child Development Centres.

Funded since 2014 by the Province of BC, CanStayHome focuses primarily on developing innovative yet practical technologies that enable vulnerable seniors to remain living in their own homes for as long as safely possible. These technologies are designed both to address gaps in what is available commercially and to have the potential for broader distribution across BC.

Under funding received from the BC Ministry of Children and Family Development in 2017, CanAssist is delivering innovative, practical technologies to children across BC who access Early Intervention Therapy and/or School-Aged Therapy services provided by MCFD-contracted agencies – often called Child Development Centres (CDCs). The technologies provided will improve outcomes for children living with special needs.

1:00pm - 4:00pm Theatre

Privacy Analytics presents: Data Sharing Platforms: Experiences from the Private and Public Sectors

There is significant demand for access to customer / citizen / patient data for secondary purposes, including for research, policy development, communications and marketing, as well as product development. The legal authorities that allow such data access will vary by type of organization (for example, public vs private) and jurisdiction. These authorities have an impact on the design and operation of the technology platform to provide access and the policies that need to be in place. For example, the levels of pseudonymization, anonymization, and notice will vary, as well as the extent to which each of these methods contributes to managing privacy risk.

In this session we will present examples of implementing data sharing platforms, pseudonymization and anonymization methodologies, and policies for sharing health data in Alberta (presented by Adrian Sakundiak), for releasing smart meter data to third parties from Ontario (presented by Sorana Ionescu and Sarah Lyons), using and disclosing financial and mobile phone data (presented by Khaled El Emam), as well as describing current progress on developing a BC government-wide guidance document for the de-identification of personal information to facilitate the secondary use of such citizen information (presented by Rhianna Begley). These illustrate different ways that the balance between protecting individual privacy and maximizing data utility for various analytics purposes can be achieved at scale. Attendees will be able to have in depth discussions with the presenters to learn from their experiences (the successes and the challenges).

1:00pm - 4:00pm Saanich Room

BC Ministry of Citizens’ Services – Information Security Branch presents: Defensible Security: How the 80/20 can Improve Your Posture

Cybersecurity has never been as imperative as it is today. Most organizations have failed to invest at a rate that has sustained previously achieved capability levels. Others have never reached a level of security maturity adequate to mitigate risks to an acceptable level.

This non-technical workshop will assist attendees in understanding the Defensible Security framework as designed by the OCIO, and provide practical ways of achieving a hygiene level security posture in the most efficient way possible.

All attendees will be provided access to Defensible Security tools and templates. Printouts will be provided at the workshop, however exercises can be completed digitally if participants bring their own laptop with Microsoft Office and wireless capability; laptops will not be provided.

Recommended attendees: Information Officers, Information Security Officers, Risk Officers, Security Analysts, Security Architects, Security Consultants, Security Engineers, Security Administrators

Upon attending this workshop, participants will be able to:
• Understand how to leverage defensible security within their organization
• Gain a clear understanding of the Defensible Security framework
• Understand the control objectives for the control elements
• Understand how to utilize the tools and templates

1:00pm - 4:30pm Oak Bay Room

BC Ministry of Citizens’ Services – Information Security Branch presents: Breach the CyberWall and Win 1st Prize

Be part of the second CyberWall Competition at Victoria’s 2018 Privacy and Security Conference. Expect a fun, challenging, educational and team-building event, designed for people with minimal or entry-level hacking skills.

Teams of 4 will work together to break through cyber defenses, disrupt a virtual company and capture the secrets. Be part of the winning team and take home the coveted 1st prize. Tom Levasseur, veteran cyber breach event organizer and owner of Hackingaway.org, leads each team through the event ensuring an organized, productive and learning experience.

This afternoon session is for new and returning participants, and requires a few more advanced technical skills. However, the competition is not an event for people who already have advanced hacking skills.

Participants play the role of the cyber criminals trying to break into the target organization's IT infrastructure. The target is composed of firewalls, routers, servers and desktops in a complex and realistic but safe environment. By working in teams everyone contributes the skills they have - and learns from each other.

Teams work together to be the first to break through to each stage, gather points, and win the challenge. Then wrap up with time to understand, and learning to defend.

First come first serve, plan to register quickly following registration opening on January 22nd (all registered conference delegates will receive an email on this date with registration instructions). A waiting list will be created in case of over registration.

Participants must bring their own laptop; laptops will not be provided. Participants will be using RDP (Remote Desktop Protocol) software for this event. RDP software is included in all recent versions of MS-Windows, and available for free download from Mac App Store. Participants will connect using a network wire. Your laptop must have a RJ45 connector or a USB-to-Ethernet 10/100 connector.

Upon attending this workshop, participants will be able to:
• Understand how hackers use tools and techniques to exploit vulnerabilities in computer systems;
• Where authorized, use specific tools and techniques to test system security in their organizations;
• Understand how to better protect systems from attack;
• Call on others from the event for advice and help.

1:00pm - 4:00pm Colwood Room

BC Ministry of Citizens’ Services – Privacy, Compliance and Training Branch presents: Unpacking PIAs

The Privacy Impact Assessment (PIA) is a helpful tool in any organization – when wielded properly. The PIA can make the difference between a privacy-invasive and a privacy-enhancing initiative – without compromising business objectives or adding significant costs. It can be an educational tool or serve business and project planning needs.

This workshop is for those who have never written a PIA and for the more seasoned PIA writers. You will walk away from this workshop equipped with a deeper understanding of the intent behind each section of the BC Government’s PIA template. In particular, you will be able to:
• Identify privacy risks within a project;
• Identify personal information, including the potential for the mosaic effect;
• Document the entire data flow of a project;
• Figure out if a project is a data-linking initiative or a common or integrated program;
• Write a compliant collection notice; and
• Identify personal information banks.

Join us for a lively discussion on PIAs so that the next PIA you draft will go smoothly.

1:00pm - 4:00pm Esquimalt Room

BC Ministry of Citizens’ Services – Privacy, Compliance and Training Branch presents: De-mystifying Government’s Information Management Self Assessment Process – A Simulation

This session will guide delegates through a simulation of a Ministry Information Management Self Assessment using select criteria from government’s Baseline Framework. This is an experiential workshop introducing key concepts and assessment processes by simulating the interview, collection and reporting processes that government’s Information Management Assessment team uses in assessing the maturity of information management practices. The workshop will appeal to those who want to take some of the mystery out of government’s Information Management Assessment team, the Baseline Framework and the Self Assessment process.

1:00pm - 4:00pm Sidney Room

Box Presents: Digital Government Transformation with Cloud Content Management

Government agencies face rising pressures of their own in the new knowledge economy. Traditional government processes often end up hobbled by legacy, siloed technology solutions that prove inadequate. At the same time, agencies at the Federal, Provincial and Local levels are challenged by budget reductions and increased expectations from their stakeholders. As such, public sector agencies are constantly facing several competing pressures:
• Cybersecurity challenges are evolving in complexity and volume
• End users expect seamless, easy-to-use technologies enabling mobility
• Agencies are pressured to reduce costs and complexity
• Digital enablement of mission requires scalable, secure platforms
• Unstructured content and data is growing exponentially, increasing IT overhead in managing content at scale while maintaining compliance

Working through a series of case studies and demos relevant to the British Columbia public sector, in this session you will learn:
• How to take a government-wide approach to digital transformation
• Privacy and security must haves; enabling secure inter-agency and constituent content collaboration
• How to mitigate risk by ensuring sensitive data is securely managed and compliance requirements are met; Cloud platforms can vastly improve the overall cybersecurity posture compared with the status quo.
• The components and approaches to consider for digital transformation journey; This new way of thinking is essential to meeting the expectations of constituents who increasingly look to agencies to deliver services similar to forward-thinking private sector companies.

Thursday, February 8, 2018

7:30am

Registration & Networking Lounge Open

8:10am - 8:15am Carson Hall (Salon ABC)

Call to Conference - Master of Ceremonies

8:15am - 8:25am Carson Hall (Salon ABC)

Welcome Remarks

8:25am - 8:40am Carson Hall (Salon ABC) Presentation Files CJRItchie

Welcome Remarks

Presentation Files CJRItchie

8:40am - 9:15am Carson Hall (Salon ABC) Presentation Files ElizabethDenham

Keynote Presentation - 2018: New Regulation, New Role – UK Commissioner on Britain, Europe and Canada

Presentation Files ElizabethDenham

9:15am - 9:55am Carson Hall (Salon ABC) Presentation Files Marc Rotenberg Keynote

Keynote Presentation - EPIC v. Commission: US Commissions, State Voter Data, and Privacy Protection

In July 2017, EPIC filed a historic lawsuit against the US Presidential Advisory Commission on Election Integrity. EPIC was seeking to block the collection of state voter data by the US federal agency. Exactly six months later, President Trump disbanded the Commission by Executive Order, putting to an end the controversial data gathering program. In this overview, EPIC President Marc Rotenberg describes the theory of the case, the related efforts by other civil rights organizations, the actions of US election officials, the outcome, and next steps.

9:55am - 10:10am Upper & Lower Foyers

Morning Break - Sponsored by Nymity

10:10am - 10:40am Salon A Presentation Files PrestonHogue

Concurrent Keynote Presentation by F5 Networks - Take an Application Centric Approach to Security to Ensure Privacy of Your Data

Applications are becoming the business. Applications are also the gateway to your data. 86% of breaches start with application attacks, or identity attacks that collect credentials and give attackers access to applications. Managing risk and securing your data requires an application centric approach to security.

Presentation Files PrestonHogue

10:10am - 10:40am Salon B

Concurrent Keynote Presentation by Deloitte - Next Generation Cyber Security – How Innovation Drives Both Risk and Opportunity

Digital innovation in the public sector has the opportunity to create significant value for citizens. It can also introduce new risks and vulnerabilities that can be exploited by increasingly diverse and advanced cyber adversaries. Innovation also has the potential to enhance cybersecurity capabilities, in areas such as process automation and cognitive technologies. Chris Inglis, former Deputy Director of the National Security Agency, was tasked with protecting the most critical cyber assets and information of the United States during his tenure from 2006-2014, and can speak first hand to the importance of a continued focus on innovation in maintaining an effective cybersecurity program. Mark Fernandes, Deloitte’s Global Leader of Cyber Innovation and Strategy leads a team that is focused exclusively on next generation cyber capabilities and technologies across a number industries, both in Canada and internationally. Join Chris and Mark for a wide-ranging discussion regarding evolving cyber threats, and the role that emerging technologies and approaches can play in defending against them.

10:10am - 10:40am Theatre Presentation Files JonathanFox

Concurrent Keynote Presentation by Cisco - Delivering Business Value with Data Protection and Privacy

Data is fast becoming the new currency in today’s hyperconnected digital world. Data has enormous potential for innovation and value creation, but if you do not know where the data you’ve collected is, who is in charge of it, or why it is there, you are at serious risk. With regulators and governance bodies worldwide enacting increasingly stringent measures to protect personal data, the compliance landscape is becoming ever more complex. Michelle Finneran Dennedy, vice president and chief privacy officer at Cisco, will discuss how data privacy is taking center stage in security discussions today, why privacy policies and practices must be redefined for the digital era, how data can drive growth and development, and how to get ready for upcoming regulatory changes.

Presentation Files JonathanFox

10:45am - 12:00pm Salon A

Concurrent Panel Session - Panel A: Internet of Things: Shedding Light on Smart City Privacy & Surveillance

Cities and communities generate data through a vast and growing network of connected technologies that power new and innovative services ranging from apps that can help drivers find parking spots to sensors that can improve water quality. Such services improve individual lives and make cities more efficient. While smart city technologies can raise privacy issues, sophisticated data privacy programs can mitigate these concerns while preserving the benefits of cities that are cleaner, faster, safer, more efficient, and more sustainable.

10:45am - 12:00pm Salon B Presentation Files Dark Web Panel

Concurrent Panel Session - Panel B: Shedding Light on the Dark Web

The dark web is the world-wide web content that exists on dark nets, overlay networks which use the internet but require specific software, configurations or authorization to access. The dark web is used for illegal activities such as illegal trade, forums and media exchanges for pedophiles and terrorists. Botnets are often structured with their command and control services based on a censorship-resistant hidden service. Hackers sell their services for financial institutions, banks, governments and private organizations. Although much of the dark web is innocuous, prosecutors and government agencies among others are convinced that it is a haven for criminal activities and social injustices.

Presentation Files Dark Web Panel

10:45am - 12:00pm Theatre

Concurrent Panel Session - Panel C: Blockchain: The Ingenious Protocol that has the Capacity to Revolutionize Virtually Every Industry

Blockchain is defined as "a digital ledger in which transactions made in bitcoin or another cryptocurrency are recorded chronologically and publicly". However, blockchain's uses are not limited to just the financial sector. Blockchain can also be used as an incorruptible, yet transparent database of information, a decentralizer and accelerator of technology, and as the ultimate form of personal identification.

Government and private sector organizations across the globe are exploring the use of blockchain technology to improve operations. The ability to record transactions on distributed ledgers offers new approaches for governments and businesses to improve transparency, prevent fraud and establish trust.

This exciting panel will examine how organizations around the world are taking the first steps in adopting distributed ledger technology with various blockchain initiatives and pilot projects.

10:45am - 12:00pm Salon C

Concurrent Panel Session - Security Technical Panel: Consumer Privacy and Security in the Mobile Ecosystem

The growth of the mobile Internet, led by the success of smartphones and mobile broadband technology continues to bring widespread benefits and opportunities to people around the world. It also creates new challenges regarding the security and privacy of mobile users' personal information.

One of the major challenges faced by the growth of the mobile Internet is that the security and privacy of consumers’ personal information is regulated by a patchwork of geographically bound privacy regulations, while the mobile Internet is international.

Governments should ensure legislation is technology neutral and that its rules are applied consistently to all players in the Internet ecosystem, while the mobile industry needs to ensure privacy risks are considered when designing new apps and services.

How do stakeholders from across the mobile industry work to develop a consistent approach to privacy protection while promoting trust in mobile services?

12:00pm - 1:15pm Carson Hall (Salon ABC) Presentation Files Mario Harel

Luncheon Keynote Presentation - Security, Privacy and Investigative Capabilities in a Digital World

Directeur Mario Harel, President of the Canadian Association of Chiefs of Police, will discuss privacy and security from a law enforcement perspective. This session will address the investigative capabilities of policing agencies in today's digital world and the challenges they face in obtaining the evidence they need to bring some criminals to justice. Directeur Harel will make the case for a much needed change in laws, technology, corporate policies and public expectations if law enforcement is to be expected to fight cybercrime within the existing environment.

Presentation Files Mario Harel

12:00pm - 1:15pm Crystal Ballroom

Networking Luncheon

1:15pm - 1:50pm Carson Hall (Salon ABC) Presentation Files Kevin Albano

Keynote Presentation - Threat Intelligence to Enhance Cyber Resiliency

The Cyber Resiliency Life Cycle consists of five phases and incorporates asset, identity and vulnerability management to better protect organizations against a broad array of cyber threats. In this session, we will discuss how threat intelligence can improve the effectiveness of the Cyber Resiliency’s five phases: Prepare, Protect, Detect, Respond and Recover, helping you prioritize threat actors, find hidden threat activity, and enabling you to better respond to cyber incidents thanks to enriched and contextualized incident response findings. In addition, post-incident threat intelligence helps you gauge the effect to business operations and suggests improvements to the resiliency plan, so you can better prepare for the next attack.

Presentation Files Kevin Albano

2:00pm - 2:30pm Salon A

Applied Session - The Enterprise Immune System: Using Machine Learning for Next-Generation Cyber Defence

From insiders to sophisticated external attackers, the reality of cyber security today is that the threat is already inside. A fundamentally new approach to cyber defense is needed to detect and investigate these threats that are already inside the network - before they turn into a full-blown crisis.

Based on unsupervised machine learning and probabilistic mathematics developed by specialists from the University of Cambridge, new ‘immune system’ technologies are capable of learning the ‘self’ of an organization. By analyzing every network, device, and user, and modelling them as they go about their day-to-day activity, the Enterprise Immune System can establish a highly accurate understanding of normal behaviour. It can therefore spot abnormal activity as it emerges, and even take precise, measured actions to automatically curb the threat.

Rules and signatures are not keeping pace with today’s rapidly evolving cyber attacks. The Enterprise Immune System represents a fundamental step-change in automated cyber defence, is relied upon by organizations around the world, and can cover up to millions of devices.

In this session, learn:
· How new machine learning and mathematics are automating advanced cyber defense
· Why 100% network visibility allows you to detect threats as they happen, or before they happen
· How smart prioritization and visualization of threats allows for better resource allocation and lower risk
· Real-world examples of unknown threats detected by ‘immune system’ technology

2:00pm - 2:30pm Salon B

Applied Session by F5 Networks - Identity Awareness: Do We Have It? Do We Need It?

With the millions upon millions of identities, passwords, and accounts compromised every year it is safe to say that we don’t – at least not all of us do, and not in practice in the real world. This session will take a look at what constitutes “identity” today, and how it is used out in the wild. What does it mean to be able to identify someone and why does it actually matter? How has technology allowed us to make better use of identity and how has it failed us – or more importantly, how have we failed to make use of available technology to facilitate the kinds of interactions that make caring about identity worthwhile? We will also challenge some current assumptions about identity and discuss how the rapid rise of technologies such as Bitcoin and other crypto-currencies reflect the public’s perception of identity, and of the financial and governmental institutions that depend on the idea of verifiable identity.

2:00pm - 2:30pm Salon C

Applied Session - The Security Effectiveness Challenge

The adversary continues to adapt while defenders are challenged with a fragmented and complex security offering. This session will cover the security gaps that exist today and what to consider when increasing security effectiveness and building an integrated security architecture.

2:00pm - 2:30pm Theatre Presentation Files Dominic Vogel

Applied Session - New Age Enterprise Security Playbook: First 100 Days

Cyber security is not rocket science. In this applied session, learn about developing an effective and efficient enterprise security program that starts with strong culture and risk communication. If you recently became a CISO or security director you will learn how to build your playbook for your first 100 days on the job. Ditch the dated old school security ways and embrace a more modern approach. The pillars of building the new age enterprise security are: developing a positive security culture, making secure business processes easy, reducing alert overload, fostering enduring business relationships, constant communication with executives, and getting the biggest bang for your limited bucks with risk prioritization.

Presentation Files Dominic Vogel

2:00pm - 2:30pm Saanich Room

Applied Session by CyberArk - Privileged Accounts: Keys to the Kingdom

Stealing and exploiting privileged accounts is critical for threat actors in 100% of all advanced attacks. In this session, we’ll look behind the scenes on some of the most high profile breaches and the role privilege has played in these sophisticated attacks. Armed with this knowledge, CyberArk will then discuss a structured 7 step hygiene program to bring visibility and control to their most sensitive accounts.

2:00pm - 2:30pm Oak Bay II Room

Applied Session - Ransomware LIVE Demo

Ransomware has become widespread in the past few years. As defenders we need to understand it. In this fast-paced and practical session you'll see exactly how the most widespread ransomware attack of 2017 was built, and then witness a LIVE demonstration (not a video or a simulation) of the attack in action. You will fully understand the ramifications of such a campaign. A brief discussion will follow to highlight what we've learned, and why this attack was so successful. You're gonna' wanna' cry.

2:00pm - 2:30pm Esquimalt Room Presentation Files Celeste Fralick

Applied Session by McAfee & Avecto - Innovating with Machine Learning, Deep Learning, and AI

Understanding the differences between statistics, machine learning, deep learning, and artificial intelligence is paramount to growth in security. In this talk, a review of this analytic hierarchy will be presented, as well as where McAfee is innovating and applying state-of-the-art analytics. Machine learning myths and critical vendor dialogues will be presented, and you'll learn how privilege management and application control from Avecto can minimize your attack surface against even the growing threat of adversarial machine learning.

Presentation Files Celeste Fralick

2:00pm - 2:30pm Sidney Room

Applied Session - Meaningful Consent at Internet Scale

The asymmetry between users and platforms continues to grow - to the detriment of both. Small enterprises, governments, and publishers all find themselves revolving around platforms built on network effects. People talk about a distributed web but the centres of power have shifted.

Setting aside regulatory solutions, what are the kinds of technical protocols that can address this asymmetry? Is there a SSNT “Simple Social Network Transfer” Protocol out there to enable a distributed social graph between competing companies? There is no network effect in email because of SMTP.

At the heart of these platforms is a broken notice and consent system built on terms that no-one reads. This session will present a protocol and service that enables individuals and organizations to negotiate terms at scale, instead of individuals only having the choice of “Take it or leave it”.

2:00pm - 2:30pm Oak Bay I Room Presentation Files Jane Hamilton

Applied Session - Update on International Privacy Developments

Jane Hamilton, Senior Advisor with the Marketplace Framework Policy Branch at ISED, will provide an update on international privacy developments related to EU adequacy, including information on Canada’s engagement with the European Commission to ensure the continuity of Canada’s adequacy status under the new General Data Protection Regulation (GDPR).

Presentation Files Jane Hamilton

2:30pm - 2:45pm Upper & Lower Foyers

Afternoon Break - Sponsored by Ziften

2:45pm - 4:00pm Salon A

Concurrent Panel Session - Panel A: Smart Machines, Deep Learning & Big Data

Deep Learning is a form of machine learning that uses a computing model inspired by the structure of the brain which requires less human supervision, a technology that makes many applications smarter and more natural through experience. With massive amounts of computational power, machines can now recognize objects and translate speech in real time. Smart machines are currently used for understanding speech, personal assistance, controlling robots, aiding vision for self-driving cars, image recognition, identifying patterns, fraud detection, predicting behaviours and advertising. This is just the beginning as smart machines and deep learning open up a new era in technology.

2:45pm - 4:00pm Salon B Presentation Files GDPR Panel

Concurrent Panel Session - Panel B: GDPR - Canadian Privacy Law No Longer Adequate for Europeans: What Is at Stake?

International experts will discuss the EU's General Data Protection Regulation, as the private and public sector transform into the new world of the digital economy.
• What is GDPR and how will it affect my organization and my clients?
• How does the GDPR apply to Canadian companies and organizations?
• How do I ensure I am prepared when the new laws come into effect?
• What are the consequences if I am not compliant with GDPR regulations?

Presentation Files GDPR Panel

2:45pm - 4:00pm Theatre

Concurrent Panel Session - Panel C: Data Breaches - Another Day Another Breach: Why Do They Occur and What Should Be Done to Prevent Them?

Can the average citizen really protect themselves from identity fraud? Using secure Internet lines and updating passwords are things we can control, but consumers actually have very little ability to protect themselves from fraud. What can we do when organisations such as banks, hospitals, stores and Internet companies are breached? With the recent Equifax breach, Credit Reporting Agencies, the very organisations that are designed to verify our identity and information, have been exposed as having inadequate security procedures in place. This panel will examine recent data breaches, the causes and the effects they have had, and what we need to do to prevent future ones.

2:45pm - 4:00pm Salon C Presentation Files Dave Bullas

Concurrent Panel Session - Privacy Technical Panel: Data Classification: What Is It and Why Is It Important for Your Organization?

The data classification process goes far beyond making information easy to find. Data classification is necessary to enable modern enterprises to make sense of the vast amounts of data available at any given moment. Data classification provides a clear picture of the data within the organization’s control and an understanding of where data is stored, how it’s most easily accessed, and how data is best protected from potential security risks. Data classification, once implemented, provides an organized information framework that facilitates more adequate data protection measures and promotes employee compliance with security policies.

Presentation Files Dave Bullas

4:10pm - 4:15pm Carson Hall (Salon ABC)

Tribute to Joe Alhadeff Video

4:15pm - 5:15pm Carson Hall (Salon ABC)

Dedication to the Life and Work of Joe Alhadeff - Panel: What Would Joe Do?

Joseph Alhadeff, a wonderful man and brilliant privacy expert, passed away in May 2017 at the age of 57. Many of you will remember Joe as he has graced the stages of the Privacy & Security Conference for almost all of its past 18 years. Most recently VP for Global Public Policy and Chief Privacy Officer for Oracle, Joe was a sought after speaker around the world and we were privileged to have him return to our conference year after year and, most importantly, to call him a good friend.

It is with great admiration that we dedicate the 19th Annual Privacy & Security Conference to Joe's memory. We invite you to celebrate his life with us during the conference. Join subject matter experts and close friends of Joe's during this panel session as they reminisce about his career and discuss his outlooks on today's pressing privacy and security issues.

5:15pm - 5:20pm Carson Hall (Salon ABC)

Day 1 Closing Remarks

5:20pm - 6:00pm Upper Foyer

Networking Reception

Friday, February 9, 2018

7:45am

Registration & Networking Lounge Open

8:30am - 8:35am Carson Hall (Salon ABC)

Administrative Announcements

8:35am - 8:55am Carson Hall (Salon ABC)

Opening Introductions - In Retrospect: Reflections from BC’s Acting Information and Privacy Commissioner

Drew McArthur was appointed Acting Information and Privacy Commissioner for British Columbia in June 2016. As he completes the final chapter of his tenure, Acting Commissioner McArthur will share experiences and perspectives from his time in office, along with details about the recent, current, and future work of the Office of the Information and Privacy Commissioner.

8:55am - 9:30am Carson Hall (Salon ABC)

Keynote Presentation by Microsoft - Maintaining the Cyber-Status Quo is No Longer Enough

Not a week goes by without another story of a network breach, data spill, personal info hostage taking or denial of service storm. Once the dust settles, it becomes painfully apparent that these malicious actions could have been reasonably thwarted using well-known safeguards and longstanding guidance. With Maclean’s magazine calling 2018 as the year for cyberwar, doing the same things and running the same plays for information security is no longer enough. John Weigelt will explore how organizations can adjust their frame of reference for information security, adopt new models and tools to keep steps ahead of the ever advancing threat community.

9:30am - 10:05am Carson Hall (Salon ABC)

Keynote Presentation: Securing Vital Assets in an Increasingly Digital Enabled and Threatened Environment

We now live in a world where technological innovation consistently outpaces privacy and security policies. This disparity is being amplified by society’s shift towards a “fifth dimensional warfare” reality, which involves a broad range of threat actors—from criminal to nation-state. Organizations now operate in a world where individuals can access an ever-growing list of digital tools that can be weaponized and used to act out grievances. In this new digital era what is at risk? Who is threatening the sustainability of the current social construct and economic model? What motivates their behaviour? And, what strategies will provide long-term cyber security resilience?

10:05am - 10:25am Upper & Lower Foyers

Morning Break - Sponsored by Ziften

10:25am - 10:55am Salon A Presentation Files John Scott

Concurrent Keynote Presentation by 2Keys - Balancing Cyber Security and Digital Rights and Privacy

Effective cyber security depends on the ability to detect and resolve behaviours in advance of their impact. At the same time, legal trends such as information fiduciaries, informed consent requirements, the tort of seclusion, and digital privacy as a constitutional and property right will impact the design of systems that require digital identity and downstream data to deliver their value. If systems limit information inputs and practices to meet digital rights, is the ability to detect and protect in advance compromised?

Presentation Files John Scott

10:25am - 10:55am Salon B Presentation Files Alex Loffler

Concurrent Keynote Presentation by TELUS - Applying Machine Learning Techniques to Cybersecurity Analytics and Incident Response

A review of the current state of today’s Machine Learning techniques and how they are improving detection accuracy and reducing incident response time through automated or active defence.

Presentation Files Alex Loffler

10:25am - 10:55am Theatre Presentation Files Mark Ryland

Concurrent Keynote Presentation by Amazon Web Services - A Global Perspective on Privacy-Minded Public Sector Organizations Operating Securely in the Cloud

Governments around the world are vigilant about protecting the privacy of their citizens’ information. As cloud computing becomes more prevalent, governments have questions about how cloud service providers can protect PII and business confidential data. Join Mark Ryland as he describes how Amazon Web Services secures citizen data, explains privacy-related best practices for governments operating in the cloud, and provides specific examples of how organizations around the world are addressing privacy issues in the cloud.

Presentation Files Mark Ryland

11:00am - 12:15pm Salon A

Concurrent Panel Session - Panel A: Privacy and Security Issues in Healthcare

There are many recent examples of major hacking and denial of service attacks of a global nature that have impacted the largest of Healthcare networks and hospital facilities ie. NHS, and many of the largest US based organizations. Further, the targets are likely to increase exponentially with the drive to further digitization & integration of hospital and primary care based networks and connections to individual patient portals, mobile apps and hand-held devices. The challenge is to mitigate these risks while promoting further digitization to improve the efficient delivery of quality healthcare in a sustainable way.

11:00am - 12:15pm Salon B

Concurrent Panel Session - Panel B: Lessons Learned from Top CISOs Across Canada

A Chief Information Security Officer can be defined as a senior-level executive responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats. However, the position is much more than responding in the face of a data breach or security incident. The CISO is tasked with anticipating new threats and actively working to prevent them from occurring. The CISO must work with other executives across different departments to ensure that security systems are working smoothly to reduce the organization's operational risks in the face of a security attack. Join this panel as they discuss the life of a CISO and learn about the disasters they must avert on a daily basis.

11:00am - 12:15pm Theatre

Concurrent Panel Session - Panel C: Artificial Intelligence: Applications, Implications and Ethics

Artificial Intelligence (AI), defined as intelligence exhibited by machines, is poised to transform everyday life through its use in a wide range of activities, including medical diagnosis, electronic trading, robot control and remote sensing. AI is drastically changing various industries, such as finance, healthcare, education, transportation and more. However, these changes come with a host of new questions and responsibilities.

• How do we make people accountable for the decisions made by machines?
• Does artificial intelligence weight the scale to the advantage of those with power?
• Does machine learning make consent irrelevant?
• As machines continue to replace humans, will we find ourselves alienated, devalued and frustrated?
• What are the unintended consequences of developing self-improving AI that could become vastly more powerful than humans?

This exciting panel will examine the rapidly advancing world of artificial intelligence and the drastic changes, both good and bad, that it promises to deliver.

11:00am - 12:15pm Salon C Presentation Files Dr. Khaled El Emam

Concurrent Panel Session - Privacy Technical Panel: De-Identification – Protecting Data Privacy and Preserving Data Utility

This panel will provide data privacy/security professionals and legal counsel with an introduction to the principles and methods of statistical disclosure limitation that can be used to de-identify personal data while assuring that both data privacy and statistical/analytic accuracy are appropriately protected and balanced. Participants will learn the basics of statistical disclosure risk analysis data intrusion scenarios, the importance of both sample and population uniqueness, record linkage methods, formulations of re-identification risks, k-anonymity, differential privacy and other de-identification approaches, the definition of quasi-identifiers and the significance of their classification, Participants will also learn about the types of disclosure analyses, including equivalence class analyses; geography analyses; and family key analyses. After this session, participants will be able to work more successfully with statistical disclosure experts to understand and manage statistical de-identification for data sets.

Presentation Files Dr. Khaled El Emam

12:15pm - 1:30pm Carson Hall (Salon ABC) Presentation Files Jeff Butler

Luncheon Keynote Presentation - Be a Talent Magnet! - How to Attract, Manage and Engage the Millennial Workforce

Recently, the Millennial generation took the stage as the largest generation in the U.S. workforce. Millennials (Generation Y), born between 1981 to 2000, are your current and future leaders and they are bringing tremendous change, innovation and opportunity. In this program you will hear up-to-the-minute data and case studies, author Jeff Butler helps you better understand your organization’s millennials. This program covers the end to end Millennial employee lifecycle from hiring, managing and retaining. Each segment of the cycle will have both high level theories as well tactical strategies that attendees can immediately begin using after the program. Some include: how to create an enticing message to attract a millennial’s attention, practical tips of managing difficult employees, and retention strategies that CEO Jack Welch implements at General Electric.

Presentation Files Jeff Butler

12:15pm - 1:30pm Crystal Ballroom

Networking Luncheon

1:40pm - 2:10pm Salon A

Applied Session - Developers, Developers, Developers. When DevOps Fails to Secure

In the last year, I’ve found some pretty stupid security mistakes. Blatantly overlooked controls, or flat out lazy system admins. I will show real-world examples of misuse & abuse, and improper data handling of passwords inside application code. When talking about the security of a system as a whole, we must remember a breech in one system, can lead to a breach on another system because of the implicit trust relationships we build to get the job done.

I will cover how we pulled down 1.2M hashes and cracked them and what controls were missed, and how to prevent it from happening again.

1:40pm - 2:10pm Salon B

Applied Session by Microsoft - Advancing a Digital Geneva Convention to Protect Cyberspace During Times of Peace

Effective cybersecurity is critical to international peace and economic stability. Governments continue to invest in greater offensive capabilities in cyberspace, and nation-state attacks on civilians are on the rise. The cyber arms race is clearly under way. However, the risk and dangers of cyber weapons are not well understood. These two issues together – the clandestine nature and the unpredictability of offensive online activity are creating vulnerabilities at a scale and speed that we haven’t seen before. The world needs new international rules to protect the public from nation state threats in cyberspace and by building on the work done to date, governments, the technology sector and civil society groups can pave the way for a legally binding agreement that will ensure a stable and secure cyberspace.

1:40pm - 2:10pm Salon C

Applied Session by Adobe - The Intersection Between Cybersecurity and Public Policy

1:40pm - 2:10pm Theatre

Applied Session by LogRhythm - Most Organizations are Not Equipped to Staff a 24X7 SOC

Cyberattacks such as WannaCry and Petya/NotPetya are becoming today’s norm. Keeping up with the growing rate of cyberattacks may seem impossible when your business is lacking in security resources and staff. Most organizations report that they cannot afford to staff a 24x7 security operations center (SOC).

What does this mean? If you are without a functioning SOC, your organization could be at risk for major delays in detecting and responding to incidents. Threatening or anomalous events could go unmonitored. Your business is at a far greater risk of falling victim to a cyberattack.

You’re stuck in an impossible situation. Luckily, there is a solution. Building an automated SOC can enable your team to rapidly detect and respond to threats.

Seven Steps to Building Your SOC
In this process, you’ll learn to:
1. Develop your strategy
2. Design your solution
3. Create processes, procedures, and training
4. Prepare your environment
5. Implement your solution
6. Deploy end-to-end use cases
7. Maintain and evolve your solution

1:40pm - 2:10pm Saanich Room Presentation Files Martin Abrams

Applied Session - Accountability and Over-The-Top Processing

Your car tracks your braking and whether you look in the mirror. This makes us safer. But it also translates into whether we are too old to drive or should get a promotion. What’s right, and how do we model in a consistent fashion. This session will start that discussion.

Presentation Files Martin Abrams

1:40pm - 2:10pm Oak Bay I Room

Applied Session by Proofpoint - Impostor Email Threats – Building an Effective Program to Protect Against Email Fraud

Impostor email threats (also called business email compromise or CEO fraud) have hit more than 40,000 organizations since the FBI’s Internet Crime Complaint Center (IC3) began tracking this type of scam in late 2013. These attacks have collectively scammed victims out of more than $5.1 billion dollars globally since 2015. These messages are sent in low volume, but the small few that succeed can yield millions of dollars in fraudulent transfers, and leakage of confidential information. Finally, with the GDPR compliance and the U.S government mandate for DMARC implementation deadline approaching rapidly, organizations are scrambling to understand what successful compliance means from a BEC perspective, and how they can prevent these types of attacks from happening by implementing the right technologies, such as email authentication. Join us to learn more about the treat of imposter emails and how to overcome this major security challenge.

1:40pm - 2:10pm Oak Bay II Room Presentation Files Winn Schwartau

Applied Session - Provable Security: The Impact on Policy Makers

Did you know we CAN measure security? Quantitatively? Be the First Public and Private Policy Makers to learn how this single advance impacts you

Often, Government and Enterprise Policy is based upon security and privacy controls that we all know do not work. Many of these controls are no more than a single outpost on the Maginot Line of network defense. What if there was a security model that is mathematically justifiable? One that works for coding, networking and the human and physical aspects of security. And what if that model provides quantitative criteria for security? Real provable math? (No product pitch! Pure policy and theory!)

Let’s suppose a new security model could identify the millions of users whose computers are infected with malware that makes them part DDoS, Spam and other hostile botnets. What should public and privacy policy be? Do we help them or persecute them? What if we could identify the specific IoT device causing mayhem? How would policy be written, then, and who is responsible for its breach?

What is we could measure, under strict controls, the relative efficacy of cyber-security products, and compare them. How would purchasing and liability policy change? What if we could reduce credit-card risk by 1,000% with one simple change. How would policy differ. And finally, how would this affect the forensics and business of cyber-insurance?

This highly interactive discussion is not a lecture. It’s a dynamic interchange of how organizations, public and private, can and should prepare for a potentially seismic shift in provable security models.

Winn Schwartau is often called the Father of CyberWar and Civilian Architect of Information Warfare (1988-2003). Since 1999 he has shifted his attention to solving the internet’s most daunting problems. He has a few ideas he’d like to share.

Presentation Files Winn Schwartau

1:40pm - 2:10pm Esquimalt Room

Applied Session - Private or Public? How to Meet FIPPA Expectations as a PIPA Body

First Nations Health Authority (FNHA) is a non-profit society subject to BC’s private sector privacy law Personal Information Protection Act (PIPA). However, due to its strong need of data exchanges and frequent partnerships with public sector institutions, such as the Ministry of Health and regional health authorities of BC, FNHA has often been compelled to demonstrate its commitment and conformance with the public sector privacy law Freedom of Information and Protection of Privacy Act (FIPPA), that is generally deemed more rigorous and stringent in laying out rules and restriction for privacy protection. This session will present as an example how FNHA planned, communicated, and implemented its privacy-related activities to resolve the discrepancies between PIPA and FIPPA.

1:40pm - 2:10pm Sidney Room

Applied Session - Client Control of Personalized Health Data

Scientific data is doubling every 1.3 years. Technologies in molecular-level analysis are rapidly advancing and able to deliver precise, personalized health information. With precision health tools, practitioners and patients can make better informed health decisions based on the client’s individual dense dynamic data cloud. The data will become valuable to the individual and for scientific and clinical innovation. What mechanisms need to be in place to ensure that an individual’s data is kept private and in their control?

1:40pm - 2:10pm Colwood Room

Applied Session - Making the Transition to Blockchain Recordkeeping: Why, How, What and When

This paper will discuss findings of an ongoing research project called “Records in the Chain”, based at the University of British Columbia in Vancouver, Canada. The project entails conducting case study analyses of several projects involving the application of blockchain technology to creation, capture and management of land, identity, and medical records. Dr. Lemieux will discuss what the case studies reveal about why government bodies and other organizations are choosing to experiment with and adopt blockchain record keeping, how they have been undertaking their pilots of blockchain record keeping solutions, what these pilots entail, and when we might expect to see widespread adoption of blockchain record keeping based on the early findings of the research project.

2:10pm - 2:25pm Upper & Lower Foyers

Afternoon Break

2:25pm - 3:40pm Salon A

Concurrent Panel Session - Panel A: Genomics and Personalized Medicine: Are We Ready for It?

Personalized medicine is being driven in part by our growing capacity to generate and handle large amounts of genomic and other “omic” data. It holds the promise of a health care system that delivers the “right treatment to the right patient at the right time”. The paradigm for health is changing, whether we want it to or not, and systems built based on the “one treatment for most people at the same time” model with data from randomized controlled trials will need to change. What do we need to be doing to adapt?

2:25pm - 3:40pm Salon B

Concurrent Panel Session - Panel B: Biometrics: The Solution to Digital Identity Management is Literally at our Finger Tips!

Biometrics uses unique physiological characteristics, such as fingerprints, face or iris recognition, to identify people and bridges the gap between our physical and digital identities. As our world becomes more and more digital, protecting our identity becomes increasingly important. Tools that are fool proof and easy to use are essential in this age and the use of biometrics to protect our identities combines both trust and convenience. The future, where biometrics will be your trusted passport in your journey through a mobile, digital life, has begun.

2:25pm - 3:40pm Theatre

Concurrent Panel Session - Panel C: Which Cloud is the Right Cloud and How do People and Organizations Ensure Their Data is Safe?

Cloud computing and storage provides users with capabilities to store and process their data in third-party data centres. Organizations use the cloud in a variety of different service models and deployment models. Security concerns associated with cloud computing fall into two broad categories: security issues faced by cloud providers and security issues faced by their customers. However, responsibility for cloud security must be shared. The provider must ensure that their infrastructure is secure and that their clients’ data and applications are protected, while the user must take measures to fortify their application and use strong passwords and authentication measures. Join this panel and learn more about remaining secure in the cloud, both at work and at home

2:25pm - 3:40pm Salon C

Concurrent Panel Session - Panel D: Achieving Meaningful Consent in the Digital Age

Some say that privacy is about controlling one’s own personal information. Consent is a key element of that control. But what is consent and when should consent be required? What is meaningful consent and when can implied or express consent be relied on? What should governance of consent—specifically, the corporate accountability and enforcement mechanisms—look like? This panel will delve into these complex questions from different perspectives: privacy protection authority, private-sector organizations and academia. Attendees will learn how discussions around consent are evolving in Canada and beyond and also gain an understanding of the panelists’ unique perspectives on consent

3:50pm - 4:30pm Carson Hall (Salon ABC) Presentation Files Richard Thieme

Closing Keynote Presentation - Real Birds in Digital Cages: The Chickens Come Home to Roost

So who do you think you are? Whatever you reply, Richard Thieme will go zen on you and say, no, not that.

Because identity is by social agreement and social agreement is manufactured, managed, and manipulated on the internet these days. We should all know that by now, but knowing something and acting on it are two different things. We live in the confines of prior technologies as if they define our lives – think “horseless carriages” before “automobiles”. Even as the frames of the 20th century dissolve, we live as if they persist.

The Russians have been at it for a long time, but so have we and many others. To have a clue as to what’s real these days, we need to be counter intelligence experts, and most don’t have the time for that. So we uncritically accept that we live in digital cages large enough to let us flap our wings and have the illusion of freedom and flight, but the cage keeps turning and takes us with it.

Richard Thieme invented that phrase,“real birds in digital cages,” a quarter of a century ago. He has worked with colleagues at the NSA, the Pentagon, the Secret Service, the FBI, and more to frame ways to flee those cages. Reality is that which does not go away even when we refuse to believe in it. The task is not trivial but it IS necessary if we are to remain capable of sane decisions as a digital tsunami washes away the structures of a prior society.

Presentation Files Richard Thieme

4:30pm - 4:40pm Carson Hall (Salon ABC)

Closing Remarks

4:40pm - 4:45pm Carson Hall (Salon ABC)

Closing Announcements

Title Sponsor

Platinum Sponsors

Gold Sponsors

Conference Sponsors & Exhibitors

Academic & Event Partners

Fairmont Empress Hotel Room Block

If you need to make accommodation arrangements, the Fairmont Empress is offering a special conference rate of $169/night for Corporate reservations and $149/night for Government reservations. Please note that this room block ends January 12, 2018.

Please contact the hotel directly at (250) 384-8111 to book a room or book online using the following links:

Government Reservations – https://aws.passkey.com/go/privacyandsecurity2018
Corporate Reservations – https://aws.passkey.com/go/privacysecurityconfcorp2018

Fairmont Empress
721 Government Street
Victoria, BC
V8W 1W5

https://www.fairmont.com/empress-victoria/

YYJ Airport Shuttle Discount

If you are needing transportation from the Victoria International Airport to Downtown Victoria/Empress Hotel why not consider using the YYJ Airport Shuttle.

When booking the shuttle online or over the phone please use the promo code REBOOT20.  This will give you 20% off tickets.

For more information please visit their website at www.yyjairportshuttle.com or call them at 1-855-351-4995.

Harbour Air Seaplanes Discount

Flying in from Vancouver or Seattle for the conference? Arrive in style in Victoria’s Inner Harbour with Harbour Air.  Subject to availability, attendees will receive a 20% discount on their regular fares for confirmed travel to/from Victoria between February 5 and 11, 2018. Please note that all rates are subject to tax and fees. This offer cannot be combined with any other offers or promotions or be paid by Airbucks or TurboBucks and cannot be applied to private charters. In order to receive this special discounted rate, attendees can contact the Reservation Department directly by phone at 1.800.665.0212, by e-mail at reservation@harbourair.com or online at www.harbourair.com and quote the promotional code ‘P&SC02-18’. Also be advised that you will need to provide a copy of  your registration to the conference upon check-in.

All schedules and location information can be accessed through their website at www.harbourair.com.

Call for Speakers

  • Please note that the call for speakers closed September 29, 2017.
  • The Advisory Board for the 2018 Privacy and Security Conference is pleased to announce that the Call for Speakers is now closed.
  • Subject matter experts working within the privacy and information security communities are invited to submit papers on their area of expertise. Of particular interest are briefs on cutting-edge subjects and themes suitable for presentation in either a panel session, technical panel session or keynote address. Hosted by the Office of the Chief Information Officer, Ministry of Citizens’ Services, Government of British Columbia, this three-day conference draws an international audience focused on policy, programs, law, research and technologies aimed at the protection of privacy and security.
  • Date: February 7-9th, 2018
    Location: The Victoria Conference Centre, Victoria, British Columbia
  • 2018 Conference Suggested Topics (not exhaustive):
    • Advanced Robotics
    • Artificial Intelligence
    • Augmented & Virtual Reality
    • Autonomous Driving
    • Big Data Analytics
    • Biometrics/Geometrics
    • Blockchain
    • Cloud Computing
    • Crypto Currency
    • Cyber Security
    • Dark Web
    • Data Classification
    • Digital Privacy Rights
    • Drones
    • Ethics
    • Healthcare Privacy & Security
    • Internet of Things
    • Mobile Privacy & Security
    • Open Data
    • Ransomware
    • Smart Cities

    Deadline:

    All entries must be received by midnight of September 29th, 2017. Invited speakers will be notified by October 31st, 2017.

    Submissions:

    Submissions will be accepted electronically using the form below.

    Presentation Types:

    • Issue papers: An executive or management briefing on a prominent issue or aspect of information privacy or security.
    • Case studies: Descriptions of a specific information privacy or security situation or incident, or research results. Names of organizations can be kept anonymous to maintain confidentiality if necessary.
    • Research: Results or developments in cutting edge research on new information privacy and security technologies.
    • Sociological/ Philosophical perspective: A candid and/or introspective look at the impacts of new technological developments on privacy, security, social consciousness, or social functioning.

    Have Questions or Need More Information?