20th Annual Privacy and Security Conference Looking Back and Leading Forward in a Digital World Feb.6-8, 2019, Victoria, BC

General Information

Privacy and data protection is the number one issue businesses around the world are facing. Personal privacy is at the forefront of information sharing and social media requirements. For the past 20 years, the Privacy and Security Conference has been the number one conference on the issues of privacy and security globally.

Presented by the Offices of the CIO and Corporate Information and Records Management, Ministry of Citizens’ Services, Province of British Columbia, this three-day conference attracts over 1000 delegates and 100 international subject matter experts. It provides essential education, training and opportunities for CPD credits for individuals who are responsible for the transformation of the public and private sector into the new digital economy.

Reasons to Attend

  • Timely, motivational presentations from leading industry experts
  • Learn about current trends, issues and actions
  • Valuable CPD credits to maintain a variety of qualifications essential for your career
  • Unparalled networking opportunities
  • Informative 3-hour pre-conference educational sessions and 1.5-hour panel sessions
  • Get immediate answers and solutions to issues current in your organization

 

Conference Rates*

Early Bird registration by December 14, 2018 Regular registration after December 14, 2018
Public Sector $750.00 CAD (plus GST) $925.00 CAD (plus GST)
Private Sector $850.00 CAD (plus GST) $1,250.00 CAD (plus GST)

*We are pleased to offer our Alumni program, providing a special rate to past attendees. Delegates who have attended this conference before will receive the special public sector price of $675 or private sector price of $795 when they register on or before September 28th. Please contact us for the promo code if you did not receive it by email.

Registration Fees Include

  • 2 plated lunches
  • All coffee breaks
  • All keynotes, plenaries, panel sessions and applied sessions
  • Pre-conference educational sessions
  • Access to networking lounges
  • Networking reception Thursday evening
  • Conference notebook
  • Conference materials
  • On-line access to presentations post-event

Social Media

Stay connected and engaged in the conversation leading up to and during the conference by following along on Twitter. Use the event hashtag to follow others who are already posting, and include it in your tweets to add to the existing discussions. The hashtag for this year’s conference is #PSV20th and our twitter handle is @Reboot_Comm. We would appreciate you sharing your voice with our other followers.

Victoria Conference Centre

There’s nowhere in the world like Victoria. It’s small yet sophisticated; a technology leader and an historic capital city; a vibrant business community yet surrounded by nature. At its heart is the Victoria Conference Centre – an exceptional experience for delegates and world-class support for planners.

Victoria Conference Centre
720 Douglas Street
Victoria, BC
V8W 3M7

Keynote Speakers

Nikolas Badminton

Chief Futurist, futurist.com

Robert Barton

Distinguished Systems Engineer, Cisco

Doug Boykin

Global Privacy Engineer, OneTrust

Dr. Ann Cavoukian

Three-term Information and Privacy Commissioner of Ontario; Distinguished Expert-in-Residence, Privacy by Design Centre of Excellence, Ryerson University

Adam Frank

CTO Security Intelligence, IBM

Chad Gray

Principal, Cybersecurity and Privacy, PwC

Preston Hogue

RVP, Center of Excellence, F5 Networks

Jeff Jonas

Founder & CEO, Senzing

Scott Jones

Head, Canadian Centre for Cyber Security

Michael McEvoy

Information and Privacy Commissioner for British Columbia

Greg Smolynec

Deputy Commissioner, Policy and Promotion, Office of the Privacy Commissioner of Canada

Pamela Snively

VP, Chief Data & Trust Officer, TELUS

Sir Rob Wainwright

Partner, Deloitte North-West Europe; Former Executive Director, Europol

John Weigelt

National Technology Officer, Microsoft Canada

Speakers

Alan Arslan

Privacy Advisor, Privacy, Compliance and Training Branch, Ministry of Citizens' Services, Province of BC

Erinn Atwater

Research Director, Open Privacy

Nikolas Badminton

Chief Futurist, futurist.com

Alan Baratz

Executive Vice President, R&D and Chief Product Officer, D-Wave Systems

Amir Belkhelladi

Partner, Risk Advisory Leader - Eastern Canada, Deloitte

Dr. Colin J. Bennett

Professor, Department of Political Science, University of Victoria

Benjamin Bergen

Executive Director, Council of Canadian Innovators

Dayna Beuthin

Senior Privacy Investigator, Corporate Information and Records Management Office, Ministry of Citizens’ Services, Province of BC

Doug Boykin

Global Privacy Engineer, OneTrust

Andre Boysen

Chief Identity Officer, SecureKey Technologies Inc.

Joni Brennan

President, Digital ID & Authentication Council of Canada (DIACC)

Bonnie Butlin

Co-Founder & Executive Director, Security Partners’ Forum

Dan Carayiannis

Archer Public Sector Director, RSA

Scott Carroll

Senior Privacy Investigator, Corporate Information and Records Management Office, Ministry of Citizens’ Services, Province of BC

Dr. Ann Cavoukian

Three-term Information and Privacy Commissioner of Ontario; Distinguished Expert-in-Residence, Privacy by Design Centre of Excellence, Ryerson University

Larry Chin

Cybersecurity Solutions Architect, Kaspersky Lab

Jill Clayton

Information and Privacy Commissioner, Office of the Information and Privacy Commissioner for Alberta

Dr. Andrew Clement

Professor Emeritus, Faculty of Information, University of Toronto

Dr. John Comiskey

Professor, Monmouth University; Former Lieutenant, New York Police Department

Marceline Cook

Senior Security Analyst, Ministry of Citizens’ Services, Province of BC; Gender Equity Advisor

Ian Costanzo

Solution Architect, Anon Solutions

Sean Crowe

HealthCare and Communities Manager, Cisco

Stephen Curran

Principal, Cloud Compass Computing, Inc.

Joseph Cutler

Partner, Perkins Coie LLP
Moderator: Martin Dawes

Dr. Martin Dawes

Co-Founder and Scientific Director, GenXys

Ian Donaldson

Assistant Deputy Minister, OCIO Enterprise Services, Ministry of Citizens’ Services, Province of BC

Kimberley Dray

Senior Information Security Analyst, University of Victoria

Joyce Drohan

Partner, BC Leader for Omnia AI, Deloitte

Dr. Jay Fedorak

Information Commissioner, Office of the Information Commissioner, Jersey (Channel Islands)

Michael Fenrick

Partner, Paliare Roland Rosenberg Rothstein LLP

Dr. Teri Fisher

Physician and Clinical Assistant Professor, University of British Columbia; Founder & Host, Voice-First Health and Alexa in Canada

Dr. David Flaherty

Former Information and Privacy Commissioner for BC

Quinn Fletcher

Privacy Officer, Ministry of Health and Ministry of Mental Health and Addictions

Dr. Robert Fraser

CSO & President, Molecular You

David Furlonger

Distinguished VP, Analyst, Gartner

J. William Galbraith

Former Executive Director, Office of the CSE Commissioner

Tom Gede

Of Counsel, Morgan, Lewis & Bockius LLP

Bob Gordon

Strategic Advisor, Canadian Cyber Threat Exchange (CCTX)

Robin Gould-Soil

Chief Privacy Officer, HSBC Canada

Jane Hamilton

Senior Policy Advisor, Innovation, Science and Economic Development Canada

Megan Hetherington

Privacy Investigator, Corporate Information and Records Management Office, Ministry of Citizens’ Services, Province of BC

John Hewie

National Security Officer, Microsoft Canada

Dustin Heywood

Senior Managing Consultant, IBM X-Force Red (@evilmog)

Tamara Hunter

Associate Counsel, DLA Piper

David Izzard

Architecture & Cyber Security Manager, City of Surrey

Keith Jansa

Vice President, Standards and Innovation, CIO Strategy Council

Michelle Johnson Cobb

Chief Marketing Officer, Skybox Security

Scott Jones

Head, Canadian Centre for Cyber Security

Sheila Jordan

Chief Information Officer, Symantec Corp

John Jordan

Executive Director, Emerging Digital Initiatives, Ministry of Citizens’ Services, Province of BC

Dom Kapac

Senior Security Analyst, Ministry of Transportation and Infrastructure, Province of BC

Constantine Karbaliotis

Director of Cybersecurity & Privacy, PwC Canada

Derek Keen

Senior Solution Architect, Varonis Systems

Vivek Khindria

Vice President Security and Risk, Loblaw Companies Limited

Nathan Kinch

Co-founder and CEO, Greater Than X

Andy Kirkland

Director, Information Security - Strategy, Engagement, and Architecture, ISO for the Americas, Starbucks Coffee Company

Jill Kot

Deputy Minister, Ministry of Citizens’ Services, Province of BC

Dr. Alena Kottova

Sessional Professor, University of Victoria, Faculty of Engineering; Vancouver Island University, Department of Computing Science

James Krull

Information Security Officer, Government Digital Experience Division, Ministry of Finance, Province of BC

Hayden Lansdell

Assistant Deputy Minister, Digital Platforms and Data Division, OCIO, Province of BC

Dr. Victoria Lemieux

Professor of Archival Science & Founder, Blockchain@UBC

Christian Leuprecht

Class of 1965 Professor in Leadership, Royal Military College and Queen’s University

Dave Lewis

Global Advisory CISO, Cisco

Dr. Holly Longstaff

Research Privacy Advisor, Provincial Health Services Authority

Dr. Catalina Lopez-Correa

Chief Scientific Officer & Vice-President Sectors, Genome BC

David Loukidelis

Privacy Lawyer and Consultant; former Information & Privacy Commissioner for BC

Danny Luedke

Product Marketing Director, Dragonchain

Jason Madey

Senior Security Strategist, Carbon Black

Erwin Malzer

Healthcare Transformation Advocate

David Marcos

Principal Program Manager, Microsoft

Robert Martin

Chief Information Security Officer, Alberta Health Services

Jason Maynard

Technical Solutions Architect, Cybersecurity, Cisco

Drew McArthur

Principal, The McArthur Consulting Group

Michael McEvoy

Information and Privacy Commissioner for British Columbia

Dr. Kimberlyn McGrail

Scientific Director, Population Data BC; Professor, UBC School of Population and Public Health

Coleman Mehta

Senior Director, Policy, Palo Alto Networks

Dr. Michele Mosca

Professor, Combinatorics and Optimization, University of Waterloo; Co-founder, Institute for Quantum Computing, University of Waterloo

Dr. Kenneth A. Moselle

Director, Applied Clinical Research Unit, Island Health

Kevin Murphy

Director, Cybersecurity Operations, City of Seattle

Shankar Narayan

Technology and Liberty Project Director, American Civil Liberties Union of Washington

Danielle Naylor

Senior Privacy Investigator, Corporate Information and Records Management Office, Ministry of Citizens’ Services, Province of BC

Peter Near

Field CTO, VMware Canada

David O'Toole

President and CEO, Canadian Institute for Health Information

Cristina Onosé

Lead, Privacy Advocacy & Thought Leadership, PwC Canada

Dr. Christopher Parsons

Research Associate, The Citizen Lab, Munk School of Global Affairs and Public Policy, University of Toronto

Ryan Patrick

Supervisor, Transportation Management Centre, City of Winnipeg

Jennifer Pereira

Privacy Advisor, Privacy, Compliance and Training, Province of BC

Gary Perkins

Executive Director, Chief Information Security Officer, Ministry of Citizens' Services, Province of BC

Ray Pompon

Principal Threat Research Evangelist, F5 Networks

Richard Purcell

CEO, Corporate Privacy Group

Chris Quon

Privacy Advisor, Privacy, Compliance and Training Branch, Ministry of Citizens’ Services, Province of BC

Murray Rankin

Chair, National Security and Intelligence Review Agency

CJ Ritchie

Government Chief Information Officer, Ministry of Citizens’ Services, Province of BC

Yoel Robens-Paradise

Gevity, Vice President, Gevity Canada West

Joe Roets

CEO, Dragonchain

Joan Ross

Field CISO, Fortinet

Deepak Rout

Solution Specialist Enterprise Security, Microsoft

Rachel Roy

Partner, Allevato Quail & Roy

Sherry Rumbolt

Senior Information Security Officer, CFB Esquimalt, Department of National Defence

Douglas Santos

Security Strategist, Fortinet

Dr. Stephanie Simmons

Assistant Professor of Physics and Canada Research Chair in Quantum Nanoelectronics, Simon Fraser University

Honourable Jinny Sims

Minister, Ministry of Citizens’ Services, Province of BC

Shelly Smith

Records & Information Management Coordinator, City of Winnipeg

Pamela Snively

VP, Chief Data & Trust Officer, TELUS

Ajay Sood

VP, Country Manager, Symantec Canada

Jennifer Stoddart

Strategic Advisor, Fasken; Former Privacy Commissioner of Canada

Dr. Kelly Sundberg

Associate Professor, Mount Royal University

Rob Taylor

Cloud Infrastructure Specialist, Oracle Canada ULC

Ashley Tolbert

Cyber Security Engineer and Researcher, Stanford University

Jeannette Van Den Bulk

Deputy Commissioner, Office of the Information and Privacy Commissioner for BC

Paul Vane

Deputy Information Commissioner, Office of the Information Commissioner, Jersey (Channel Islands)

Micheal Vonn

Policy Director, BC Civil Liberties Association

Bradley Weldon

Director of Policy, Office of the Information and Privacy Commissioner for BC

Mitch Wexler

Principal, Politrain Consulting

Kristin Wilkes

Chief Information Officer, Capilano University

Marnie Wilking

Global Chief Information Security Officer, Orion Health

Nora Young

Host of Spark: 21st Century Life, CBC Radio
Print Agenda

*Invited Speaker

Click on the date of the agenda you would like to view. Please note the timezone listed on the agenda.

Wednesday, February 6, 2019

8:00am

Registration Desk Opens

9:00am - 12:00pm Theatre

OneTrust presents: Global Privacy Workshop: A Practitioners Playbook for Compliance

The GDPR changed the way people and businesses think about privacy. With its extraterritorial scope and high noncompliance fines, it forced companies to implement ongoing, operational and privacy-focused initiatives by design into their businesses, changing the way companies interact with customers, employees and vendors. Since its enforcement date, the regulation has been a catalyst for new data protection laws across the globe, specifically California's new Consumer Privacy Act. In this session, we'll discuss the overarching requirements of the CCPA and GDPR and provide a comprehensive readiness roadmap and action plan for consumer rights, vendor risk management as well as incident and breach response. This workshop will enable practitioners to connect, share experiences, and learn the latest regulatory requirements and implementation best practices.
· Breakdown the overarching requirements of the CCPA, GDPR and EEA member state laws and gain an understanding of the current regulatory environment
· Learn the strategies and tactics for managing a cohesive global privacy program
· Takeaway a readiness roadmap and action plan for managing consumer rights, vendor risk, and incident and breach response

9:00am - 12:00pm Saanich 1 Room

BC Ministry of Citizens’ Services – Privacy, Compliance and Training Branch presents: Unpacking PIAs

The Privacy Impact Assessment (PIA) is a helpful tool in any organization – when wielded properly. The PIA can make the difference between a privacy-invasive and a privacy-enhancing initiative – without compromising business objectives or adding significant costs. It can be an educational tool or serve business and project planning needs.

This workshop is for those who have never written a PIA and for the more seasoned PIA writers. You will walk away from this workshop equipped with a deeper understanding of the intent behind each section of the BC Government’s PIA template. In particular, you will be able to:
• Identify privacy risks within a project;
• Identify personal information, including the potential for the mosaic effect;
• Document the entire data flow of a project;
• Figure out if a project is a data-linking initiative or a common or integrated program;
• Write a compliant collection notice; and
• Identify personal information banks.

Join us for a lively discussion on PIAs so that the next PIA you draft will go smoothly.

9:00am - 12:00pm Saanich 2 Room

BC Ministry of Citizens’ Services – Privacy, Compliance and Training Branch presents: Privacy Breach and Information Incident Management Tabletop Session

Improve your information incident response skills in an interactive session hosted by the Investigations Unit of the Privacy, Compliance and Training Branch. This tabletop workshop will focus on the information incident response process and cover the steps required for reporting, recovering, remediating, and preventing privacy breaches.

Participants will play the role of investigator during several hands-on simulations intended to develop a stronger privacy knowledge-base and gain a better understanding of the resources available when involved in an information incident. Expect a fun and dynamic event designed for people with minimal to no experience in responding to a privacy breach or information incident.

In each simulation, participants will work together throughout the 3-hour session to assess the risk of the compromised information, develop a notification plan, and prevent future breaches from occurring. A lively debate is expected and encouraged!

Upon attending this workshop, participants will:
• Better understand what constitutes a privacy breach and information incident;
• Be more equipped to respond to a privacy breach or information incident within their organization;
• Understand how to prevent future breaches from occurring;
• Know what resources are available to them within government and the broader public sector.


*Max. 25 attendees – will be repeated in afternoon*

9:00am - 12:00pm Oak Bay Room

BC Ministry of Citizens’ Services – Information Security Branch presents: Hack the Server and Win 1st Prize (Basic Level)

Hack your way in at Victoria’s 20th Annual Privacy and Security Conference. Expect a fun, challenging, educational and team-building event, designed for people with entry-level to advanced hacking skills.

Teams will work together to break through cyber defenses, disrupt a virtual company and capture their secrets. Be part of the winning team and take home the coveted 1st prize.

Two sessions are scheduled for February 6th, 2019, each lasting 3 hours. The morning session teaches basic level hacking skills while the afternoon session will discuss more advanced level attacks.

Participants play the role of the cyber criminals trying to break into the target organization's IT infrastructure. The target is composed of firewalls, routers, servers and desktops in a complex and realistic but safe environment. By working in teams everyone contributes the skills they have - and will learn from each other.

Teams work together to be the first to break through to each stage, gather points, and win the challenge.

Maximum 24 people for the morning workshop!

The first workshop on Basic level hacking skills will start at 9:00am and the Advanced level will start at 1pm.

Participants must bring their own laptop with a Kali Linux OS or Windows 10 OS with Kali for Windows installed from the Microsoft Store.

Upon attending this workshop, participants will be able to:
• Understand how hackers use tools and techniques to exploit vulnerabilities in computer systems;
• Where authorized, use specific tools and techniques to test system security in their organizations;
• Understand how to better protect systems from attack;
• Call on others from the event for advice and help.

9:00am - 12:00pm Sidney Room Presentation Files VON Session

BC Ministry of Citizens’ Services – Information Security Branch presents: Digital Trust Hands-On: Learn How to Join the Verifiable Organizations Network

A hands-on workshop covering both business and technical aspects of an organization becoming a participant in the Verifiable Organizations Network (VON). Attendees will gain insight into both business and technical aspects of a Hyperledger Indy based solution.

The attendees will learn how to deploy an organizational Hyperledger Indy based VON-X Issuer/Verifier service, so they can get hands-on experience about what it would take to on-board a permit service onto VON. Their service will issue Verifiable Credentials to TheOrgBook and enable a permitting workflow. The attendees will consider the business context - how would this affect existing workflows within their organizations, what would the value be to their business? They’ll also see the technical components in action - what’s involved in becoming an organization that consumes Verifiable Claims, and that issues Credentials.

Bring your laptop!

Presentation Files VON Session

9:00am - 12:00pm Colwood Room

The Ethics of Research Privacy Workshop

This session will explore an approach to privacy grounded in applied ethics principles and concepts. Attendees will have the opportunity to work through a series of real-life case studies in the research domain guided by ethics tools. The goal of this session is to empower attendees to use “all things considered” holistic judgements concerning privacy.

1:00pm - 4:00pm Theatre

Dragonchain presents: Privacy Revolution: How Blockchain Is Reshaping Privacy

In a world where every company is becoming progressively more digital, the collection and use of personal data is being challenged by changing customer attitudes and increased government regulation. To preserve and even increase the potential of personal data, businesses need to embrace the principles of privacy to turn these potential risks into opportunities for differentiation and growth.

Blockchain is an emerging a technology enabler for privacy, with new models for data ownership, transparency, and decentralized identity. This session will explore how blockchain technology and privacy intersect.

We will start with a brief introduction the fundamentals of blockchain technology, then explore if blockchain can be used in conjunction with personal information, and finally, how it can be used as an enabler for complete transparency over what data is being collected and how it is used. We will cover best practices for working with private data in conjunction with regulations such as GDPR, and how we can use decentralized identity to give users ownership of their data and digital identities.

1:00pm - 4:00pm Saanich 1 Room

Microsoft Presents: Microsoft Information Protection and Governance – Helping You Meet Your Security, Privacy and Compliance Obligations

The amount of electronic data being created by organizations is growing exponentially. Appropriately protecting that data from increasing external threats and internal mishandling while ensuring compliance is maintained with policies, regulation and legislation consistently ranks as a top concern for every organization. In recent years Microsoft has delivered significant innovations in the areas of Information Protection and Governance that works across devices, apps, on-premises and cloud services which are being broadly adopted by organizations across Canada today. Every organization is different, but every data governance strategy requires:

• Understanding of your data inventory
• Policies to protect data
• Training to support the strategy
• Ability to monitor and measure

In this workshop, participants will learn how the Microsoft integrated set of solutions infused with AI can help you meet your security, privacy, compliance and information management obligations. Specific topics we will cover include:

• Update on the Microsoft Security, Privacy and Compliance approach (whiteboard session)
• Microsoft’s investments in GDPR and how that has improved privacy capabilities for Canadian organizations
• How to Discover, Classify, Protect and Monitor sensitive information as it is created and shared across organizational boundaries
• Govern data throughout its lifecycle including retention and disposition, enforcing data loss prevention and managing investigations (or ATIPs) with eDiscovery and legal hold.

This workshop will include significant demonstrations of Information Protection and Governance capabilities based on real scenarios from Canadian public sector organizations. Workshop participants who would like to have hands on participation in some of the demos are encouraged to bring their own laptop. You will be provided with login credentials to an Office 365 environment where you will be able to explore both the administrative and end user experiences.

1:00pm - 4:00pm Saanich 2 Room

BC Ministry of Citizens’ Services – Privacy, Compliance and Training Branch presents: Privacy Breach and Information Incident Management Tabletop Session

Improve your information incident response skills in an interactive session hosted by the Investigations Unit of the Privacy, Compliance and Training Branch. This tabletop workshop will focus on the information incident response process and cover the steps required for reporting, recovering, remediating, and preventing privacy breaches.

Participants will play the role of investigator during several hands-on simulations intended to develop a stronger privacy knowledge-base and gain a better understanding of the resources available when involved in an information incident. Expect a fun and dynamic event designed for people with minimal to no experience in responding to a privacy breach or information incident.

In each simulation, participants will work together throughout the 3-hour session to assess the risk of the compromised information, develop a notification plan, and prevent future breaches from occurring. A lively debate is expected and encouraged!

Upon attending this workshop, participants will:
• Better understand what constitutes a privacy breach and information incident;
• Be more equipped to respond to a privacy breach or information incident within their organization;
• Understand how to prevent future breaches from occurring;
• Know what resources are available to them within government and the broader public sector.

*Max. 25 attendees *

1:00pm - 4:00pm Oak Bay Room

BC Ministry of Citizens’ Services – Information Security Branch presents: Hack the Server and Win 1st Prize (Advanced Level)

Hack your way in at Victoria’s 20th Annual Privacy and Security Conference. Expect a fun, challenging, educational and team-building event, designed for people with entry-level to advanced hacking skills.

Teams will work together to break through cyber defenses, disrupt a virtual company and capture their secrets. Be part of the winning team and take home the coveted 1st prize.

Two sessions are scheduled for February 6th, 2019, each lasting 3 hours. The morning session teaches basic level hacking skills while the afternoon session will discuss more advanced level attacks.

Participants play the role of the cyber criminals trying to break into the target organization's IT infrastructure. The target is composed of firewalls, routers, servers and desktops in a complex and realistic but safe environment. By working in teams everyone contributes the skills they have - and will learn from each other.

Teams work together to be the first to break through to each stage, gather points, and win the challenge.

Maximum 24 people for the afternoon workshop!

The first workshop on Basic level hacking skills will start at 9:00am and the Advanced level will start at 1pm.

Participants must bring their own laptop with a Kali Linux OS or Windows 10 OS with Kali for Windows installed from the Microsoft Store.

Upon attending this workshop, participants will be able to:
• Understand how hackers use tools and techniques to exploit vulnerabilities in computer systems;
• Where authorized, use specific tools and techniques to test system security in their organizations;
• Understand how to better protect systems from attack;
• Call on others from the event for advice and help.

1:00pm - 4:00pm Esquimalt Room

BC Ministry of Citizens’ Services – Privacy, Compliance and Training Branch presents: How to be a Privacy Officer

Designating a Privacy Officer is a key aspect of any privacy management program, and empowering that Privacy Officer with clear role definition ensures success. But what does it mean to be a Privacy Officer? This workshop will walk through the roles and responsibilities of this type of position and provide tips on how to establish a privacy culture within your organization.

This workshop is useful for those currently in the role who want to sharpen their skills or those who aspire to be future Privacy Officers and want to learn more about the role. We’ll offer some practical tips along with insight into how Privacy Officers fit into an organization’s overall privacy management program.

This session will address topics such as:
• What is a privacy management program?
• PIAs, privacy breaches, training and contracts
• Program measurements
• Influencing a positive privacy environment

Join us for an informative discussion on this critical position.

1:00pm - 4:00pm Sidney Room Presentation Files Alena & Kimberley

BC Ministry of Citizens’ Services – Information Security Branch presents: YOU are the Alpha and Omega of a Secure Future: Explore, Understand and Practice Your Role in Advancing a Positive Cybersecurity

This seminar provides an opportunity to explore in depth the weakest link of cybersecurity – individual’s digital habits and behaviors. Through a number of practical activities and games we will address the ethical issues related to cybersecurity and test several simple ethical decision-making techniques and guides. Investigation of privacy and anonymity helps us to understand, navigate and manage the risks we are exposed to from malicious players. This workshop is a session with professional representatives who will provide different viewpoints from their positions in the industry and academia. In bringing theory and practice together for discussion, the audience will learn about real life experiences and key factors for achieving successful transition to ethically responsible digital citizen.

After attending this workshop, participants will be able to:

• Understand the digital landscape and the role individuals play in creating secure future.
• Realize that many of the questions to ask in respect of secure digital future are related to Ethics and ethical decision-making.
• Be familiar with simple ethical decision-making process
• Know what to expect from malicious players and recognize when targeted.
• Identify how and why an individual’s security may be in danger of being compromised.
• Understand the essential difference between privacy and anonymity.
• Understand the different professional perspectives on the impact of user’s digitally improper habits.
• Clearly understand how to implement and recommended to others the steps required of ethical digital citizens.
• Plan for managing personal digital footprint and adjust behavior respecting the realities of cyber-connected world.
• Understand and see in action a variety of methods to improve the quality of cybersecurity training in their organizations.

Presentation Files Alena & Kimberley

1:00pm - 4:00pm Colwood Room

GDPR for Beginners

An interactive session which takes participants on a GDPR journey. It is all too easy to become embroiled in everyday data protection complexities. Attendees will benefit from getting back to basics and then diving a little deeper into a range of topics.

This is an opportunity to reinforce your GDPR knowledge; what is your understanding of each of the principles? Participants will have the opportunity to act as Information Commissioners to assess the correct applications of ‘Data Subject rights’. Cross-border transfers will be discussed and debated with attendees.

Thursday, February 7, 2019

7:30am

Registration & Networking Lounge Open

8:15am - 8:20am Carson Hall (Salon ABC)

Call to Conference - Master of Ceremonies

8:20am - 8:30am Carson Hall (Salon ABC)

Welcome Remarks

8:30am - 8:45am Carson Hall (Salon ABC)

Welcome Remarks

8:45am - 9:25am Carson Hall (Salon ABC) Presentation Files JeffJonas

Keynote Presentation: Big Data, Big Responsibility

The EU’s General Data Protection Regulation (GDPR) went into effect May 25, 2018. The new California Consumer Privacy Act (CCPA) comes into effect in 2020. With these and similar laws come big responsibilities for organizations. Jeff Jonas, data scientist and Privacy by Design (PbD) advocate, will do a deep dive into these new laws and their ramifications to the data management community, including some "gotchas" that will likely cause even the best GDPR programs to unwittingly fall out of compliance.

Presentation Files JeffJonas

9:25am - 10:00am Carson Hall (Salon ABC) Presentation Files AnnCavoukian

Keynote Presentation: The Essential Need to Embed Privacy and Security, by Design

The GDPR has raised the bar dramatically for privacy and data protection, returning control back to the individual, where it belongs! For the first time, Privacy by Design, and Privacy by Default are also included in the GDPR, making it a true game changer. The timing couldn't be better since surveillance has risen dramatically: let's put the brakes on surveillance in the digital world and fuel the growth of decentralization. Yes, we can do this!

Presentation Files AnnCavoukian

10:00am - 10:15am Upper & Lower Foyers

Morning Break

10:15am - 10:45am Salon A Presentation Files PrestonHogue

Concurrent Keynote Presentation by F5 Networks:
Making Application Threat Intelligence Practical

The daily volume of cyber-attacks targeting applications and frequency of associated breaches is overwhelming to even the most experienced security professionals. In this session we cover the most important lessons learned from F5 Labs’ analysis of global attack data and breach root causes attributed to application threats to help you understand attackers’ top targets, their motives, and the changing application security landscape of systems they use to launch application attacks from. Addressing these application threats requires practical controls that every organization can be successful with. We close the session out with some tips and tricks you can start working on immediately to address the most common application threats, and appropriately prioritize your application security controls in the areas you are most likely to get attacked.

Presentation Files PrestonHogue

10:15am - 10:45am Salon B Presentation Files RobWainwright

Concurrent Keynote Presentation by Deloitte:
Data: Friend and Foe in the Fight Against Cybercrime

Convergence: the integration of physical and cyber risks to enable cybercrime, financial crime and terrorism by well-organized and well-resourced adversaries. Data is the new currency for these organizations, enabling a more advanced, coordinated and effective global criminal economy than ever before.

Data also represents a critical tool for intelligence and policing agencies and civil governments to detect and respond to these risks. Sir Robert Wainwright will describe the role of data in enabling these organizations to counter advanced criminal enterprises and nation states. This will be based in part on his experience with the transformation of Europol into a global cyber and financial crime intelligence powerhouse, supporting tens of thousands of investigations per year across the EU. He will also share his perspectives on the need to balance data utility with the evolving privacy expectations of citizens and governments in a complex and changing regulatory environment.

Presentation Files RobWainwright

10:15am - 10:45am Theatre Presentation Files AdamFrank

Concurrent Keynote Presentation by IBM: Is Your SOC Overwhelmed? Artificial Intelligence and MITRE ATT&CK Can Help Lighten the Load

Security analysts are challenged to sift through thousands of security alerts to investigate and accurately identify threats. What’s more, analysts must contend with IT systems moving to the cloud, and an explosion in the number of devices and applications, with minimal resources and a shortage of trained staff. IBM Security Intelligence CTO Adam Frank will discuss how Artificial Intelligence brings the MITRE ATT&CK framework to life.

Presentation Files AdamFrank

10:50am - 12:05pm Salon A

Concurrent Panel Session - Panel A: Artificial Intelligence - Should Canada Be A Leader Developing Ethical Standards For AI?

Will Canada’s adoption of AI in the Public Sector ensure it is governed with clear values, ethics, and law in accordance with human rights? The government wants to use AI to predict outcomes and gain deeper insights into behavioural patterns and trends. The government wants to use AI to improve its interaction with citizens. The government wants to offload low-value tasks from employees and make business process more efficient.

How will artificial intelligence affect our lives? We could build a richer society and perhaps enjoy a shorter working week, but there are countless pitfalls to avoid and they are not trivial. Hamfisted moves that lead to routine exploitation in our daily lives that leave society more divided than ever and threaten the fundamentals of democracy.

10:50am - 12:05pm Salon B Presentation Files CristinaOnose JayFedorak TomGede TamaraHunter

Concurrent Panel Session - Panel B: GDPR: Why Should You Care?

With so many digital channels and technological advances, we provide and create more data than ever before and it’s vital this data is treated with respect. Organizations, both large and small, need to ensure they are taking the necessary steps in protecting their customers’ valuable information from exposure to potential threats around the world. Why is this necessary? Data Protection Agencies and customers around the world are demanding it…..and there are stiff penalties for ignoring these requirements. All companies, no matter where they are located, that have European customers and require access to personal data from Europe must comply with GDPR regulations, or face great financial consequences. Panelists will discuss the reasons behind GDPR regulations, how to ensure your organization is fully compliant and the risks of ignoring the requirements of this new piece of important legislation.

Presentation Files CristinaOnose JayFedorak TomGede TamaraHunter

10:50am - 12:05pm Theatre

Concurrent Panel Session - Panel C: Should Your Health Data Be Managed on A Blockchain?

Blockchain has promise to overcome many of our current healthcare data and records management challenges. This includes overcoming digital health data silos, to providing users with greater control and security assurance of their health data/records, to streamlining the consent process for sharing of health data in healthcare research. But is it really stable and secure enough for our health data and medical records? Blockchain technology creates an immutable and transparent record of a transaction. Is it possible to reconcile these features with protection of personal privacy? It’s also complicated for the average user to use. Are people ready to take on this level of complexity?

Personalized medicine relies upon the application of big data analytic techniques. Can these techniques be applied to data that is decentralized and distributed over a blockchain network? This panel discussion considers active research on the application of blockchain technology to the management health data and records. Each of the panelists is actively engaged in research to answer these questions whether our health data should be managed on a blockchain and, if so, how it should be managed.

10:50am - 12:05pm Salon C

Concurrent Panel Session - Panel D: Shining a Light on the Encryption Debate

In a world of increasing cyber threats, access to and the use of strong encryption technology is essential to secure digital transactions, ensure public safety and protect national security interests. However, the same data encryption that protects us also makes it difficult for police and other state agencies to gather intelligence on those who might be instigating the cyber threats in the first place. Strong data encryption protects individuals and their right to privacy, but some governments have called for limits on the public availability of this technology. Do the interests of national security override the right to personal privacy, or should individual rights be maintained at all costs, even if it is to the detriment of a country and its government?

12:05pm - 1:20pm Carson Hall (Salon ABC)

Luncheon Keynote Presentation: Freedom™ - Security and Privacy in 2030

Nikolas Badminton will discuss how our current trajectory towards a world where data, privacy, surveillance, and our human rights is being undermined by big tech and bigger government. He'll also talk about how we can prepare for a more equal future and empower people to be in charge of their own destinies.

12:05pm - 1:20pm Crystal Ballroom

Networking Luncheon

1:20pm - 1:55pm Carson Hall (Salon ABC) Presentation Files DougBoykin

Keynote Presentation by OneTrust: CCPA & GDPR - Overlaps and Gaps to Consider in Your Harmonized Privacy Program

The California Consumer Privacy Act (CCPA) is outlines new privacy rights for consumers and requirements around the protection of personal data. While in certain ways, the CCPA does overlap with the GDPR, there are several key differences, as well as notable exemptions, that businesses should know. For instance, the CCPA and GDPR have varying definitions of personal data and different consumer (or data subject) rights. Additionally, only certain California businesses are in scope of the CCPA while the GDPR applies to any organization that processes the personal data of citizens within the European Union (EU). In this session, we will review these and other similarities and differences in greater detail, enabling you to streamline efforts when addressing the two regulations.
• Hear actionable recommendations for the CCPA and its impact on businesses
• Learn the similarities and differences between the GDPR and CCPA
• Discover ways to bridge CCPA and GDPR activities for a harmonized privacy strategy

Presentation Files DougBoykin

2:05pm - 2:35pm Salon A Presentation Files DouglasSantos

Applied Session by Fortinet: Fileless Attacks, Persistence Methods and How to Hunt Them

Fileless attacks seems to be the new buzzword in the security industry, but for those who have been around enough understand that these are nothing but new, what has changed are the tools available and a few new techniques that allow for this avenue of attack. In this presentation I will go over a few of the first fileless attacks, their evolution and how to hunt for them using some of the same tools that attackers use to perpetrate these attacks.

Presentation Files DouglasSantos

2:05pm - 2:35pm Salon B

Applied Session by Cisco: Passive and Active Defense

Most organizations (IT/OT) are focused on building out their security posture leveraging passive defensive capabilities but in today's threat landscape this is not enough. Passive defense is a necessity but active defense takes your defensive capabilities to the next level which further enhances your passive defensive capabilities. Learn how to take the next step when it comes to defending.

Details:
- Understand passive defense
- Learn the differences between passive and active defense
- Review active defense in detail

2:05pm - 2:35pm Salon C Presentation Files DanCarayiannis

Applied Session by RSA: Privacy, Security, Risk and the Digital Revolution

The future of privacy in the ever evolving digital age presents government organizations with plenty of opportunities and risks in the area of privacy. Now more than ever government organizations interacting with and serving the general public cannot rely solely on past practices, they need to be mindful and vigilant of the security threats and risks that come with the use of new digital technologies. This session will look at privacy thru the lens of and ever evolving digital world, security and what organizations can and need to do in order to minimize risks, provide secure appropriate information access and ensure privacy mandates are being met.

Presentation Files DanCarayiannis

2:05pm - 2:35pm Theatre Presentation Files DustinHeywood

Applied Session by IBM: Modern Realities of Securing Active Directory & the Need for AI

Over the last 5 years assumptions about active directory have been challenged and a new reality has emerged. Learn from a Hacker how tools like Powershell, C#, and standard windows system administration tools are used to attack networks and how traditional monitoring miss attacks. Learn how traditional defenses aren't enough and what you can do to defend your network.

Presentation Files DustinHeywood

2:05pm - 2:35pm Esquimalt Room

Applied Session by Carbon Black: The Pilot’s Checklist – Suppressing Risk in a New Age of Threats and Regulations

The leading cause of data breaches is not pure hacking attempts – it’s from neglecting basic security hygiene. Let’s talk about instituting thorough checklists, like pilots do, to tackle the low hanging fruit – vulnerability, credential, configuration management, etc., to make more time for threat hunting and bolstering defenses. The threatscape is incredibly fluid, with new and emerging threats coming from all vectors, and the fact of the matter is that most organizations are not equipped to handle Adversary 2.0.

2:05pm - 2:35pm Oak Bay I Presentation Files KevinMurphy

Applied Session: Cybersecurity Update: Phishing to Ransomware – Looking Ahead: 2019 and Beyond

Ransomware: Will your company become the next Atlanta? Learn and discuss the latest best practices for how to protect your data and infrastructure in this highly interactive session where you learn from your peers.

Presentation Files KevinMurphy

2:05pm - 2:35pm Oak Bay II Presentation Files MarcelineCook

Applied Session: Creating Equity for Women & Minorities in Information Security

Women and minorities are vastly underrepresented in the Information Security workforce. Figures show just 11-20 % of IS workers are women, and even fewer of those are of intersectional minorities. In this presentation Marceline Cook challenges why this could be and what steps IS can take to improve.

Presentation Files MarcelineCook

2:05pm - 2:35pm Saanich Room

Applied Session by Kaspersky Lab: Threat Mitigation and The Current Threat Landscape

A discussion on the current threat landscape, the threats that organizations are currently facing and the measures that can be taken to protect against cybersecurity incidents.

2:05pm - 2:35pm Sidney Room

Applied Session: Understanding Video Surveillance, Site Security, and Reasonable Expectation of Privacy

Property owners and managers increasing are using video surveillance as a central means to achieve heightened site security. Understandably, property owners and managers must ensure they meet their duty of care as it relates to protecting occupants of their property against crime – using video surveillance as a means to demonstrate their efforts. However, these same owners and managers must also ensure they provide occupants a reasonable degree of privacy –– informing when video surveillance is in use. This session provides a general overview of the key considerations that must be taken when using security surveillance cameras. Upon completion, participants will have gained new and important insight regarding the use of security surveillance cameras, promoting a balanced approach to security and privacy, and ultimately how crime reduction through design (Crime Prevention Through Environmental Design - CPTED) can most aptly be achieved.

2:35pm - 2:50pm Upper & Lower Foyers

Afternoon Break

2:50pm - 4:05pm Salon A

Concurrent Panel Session - Panel A: FinTech: Perils and Opportunities

The rapid and often disruptive development of technological advances is fundamentally changing the financial landscape by altering the interaction between customers and providers of financial services, lowering the barriers for new entrants, and enabling the emergence of new business models and ecosystems. Banks have to adapt to the new competitive environment by becoming trusted custodians of clients’ financial data while at the same time intelligently analyzing their data and behavior to anticipate needs and deliver tailor-made solutions while ensuring they mitigate and manage cyber risk.

2:50pm - 4:05pm Salon B

Concurrent Panel Session - Panel B: Women in Technology: Creating a New Normal

What would a more gender-inclusive technology sector look like and act like? This engaging panel will discuss the unique challenges and barriers women in technology and security face today. They’ll share their advice on how to break stereotypes, how to get more women into tech and how to promote and support women already in the field. Join us for a nuanced discussion on redefining the new normal.

2:50pm - 4:05pm Theatre

Concurrent Panel Session - Panel C: Smart Cities: Soon to Be a Reality, But Are We Ready for Them?

The 21st-century knowledge-based and data-driven economy is all about IP and data. “Smart cities” are the new battlefront for big tech because they serve as the most promising hotbed for additional intangible assets that hold the next trillion dollars to add to their market capitalizations. “Smart cities” rely on IP and data to make the vast array of city sensors more functionally valuable, and when under the control of private interests, an enormous new profit pool.

As the world becomes increasingly digital, almost all aspects of our lives will be affected, including the cities we live in and how they are managed. Private companies have developed the technology and are ready to forge ahead to demonstrate how emerging technologies can make cities more affordable, easier to travel within and more environmentally sustainable. Government has fallen behind in this area, as it scrambles to keep up with the pace of change. Rules and regulations need to be quickly put into place surrounding the data this new technology generates. Who does this data belong to? Who has access to it? Where is it stored? Who will benefit from the data? Who monetizes the data and what are some of the ethical issues surrounding it?

2:50pm - 4:05pm Salon C

Concurrent Panel Session - Panel D: Healthcare: Protecting the Most Sensitive Data

Electronic health records and other advances in health information technology can enhance and facilitate access to information, clinical investigations, diagnosis, treatment, and patient outcomes allowing doctors, medical researchers and patients around the world to benefit from this information.

There is no doubt that access to data can improve healthcare immensely, but what are we doing to protect people’s valuable personal information from those who seek to use it for destructive purposes? Data breaches occur on a daily basis, continually putting our sensitive information at risk. Doctors and hospitals are ultimately responsible for protecting this information, but how do they ensure privacy and instill confidence in their patients?

4:15pm - 5:15pm Carson Hall (Salon ABC)

Panel Session - 20 Years of Privacy & Data Protection

5:15pm - 5:20pm Carson Hall (Salon ABC)

Day 1 Closing Remarks

5:20pm - 6:00pm Upper Foyer

Networking Reception

Friday, February 8, 2019

7:45am

Registration & Networking Lounge Open

8:20am - 8:25am Carson Hall (Salon ABC)

Administrative Announcements

8:25am - 8:55am Carson Hall (Salon ABC) Presentation Files MichaelMcEvoy

Opening Introductions: Privacy, Big Data, and Politics in the Digital Age

Michael McEvoy, British Columbia’s Information and Privacy Commissioner, will focus on today’s dramatically shifting privacy landscape. He’ll share his experiences in the United Kingdom, where he was seconded to the Information Commissioner’s Office to work on the Cambridge Analytica investigation prior to his appointment as Commissioner in April 2018. Commissioner McEvoy will also discuss how big data and politics have converged in other jurisdictions around the world, and he’ll share recent work of the Office of the Information and Privacy Commissioner.

Presentation Files MichaelMcEvoy

8:55am - 9:30am Carson Hall (Salon ABC)

Keynote Presentation: Privacy and Our Democracy

In his address, Deputy Commissioner Smolynec will discuss how privacy goes beyond narrow obligations to safeguard data, organizational commitments to assess risk, or even individual claims of information ownership. The right to privacy, he will argue, is essential to sustaining freedom and democracy. While efficiency, innovation and transparency are important drivers, they cannot come at the expense of privacy, lest we put at risk those societal values we all hold dear: fairness, respect, equality and freedom.

9:30am - 10:05am Carson Hall (Salon ABC)

Keynote Presentation by Microsoft: Unleashing Trusted Innovation on the Shoulders of Experience

The past 20 years has seen two decades of both rapid technical innovation as well as tremendous business transformation. In 1998 few, if any, would have predicted the technology advances in machine learning, the internet of things, blockchains or even bots all driven by the power of trusted hyperscale cloud. Even fewer foresaw the social and business transformation that now occurs in conjunction with this technological advancement. This change, however, can often strain our existing frame of reference for standards, policies or legislative environment that guide the activities of individuals and organizations and act as a inhibitor to innovation. John Weigelt, National Technology Officer, will discuss some of the technology elements that have had the greatest impact on our lives, the business transformation that has occurred as a result of these elements and explore how we can leverage our collective experience to catapult local innovation ahead of others.

10:05am - 10:25am Upper & Lower Foyers

Morning Break

10:25am - 10:55am Salon A Presentation Files RobertBarton

Concurrent Keynote Presentation by Cisco: Security in the Age of Cyberwarfare

As the world is becoming hyperconnected new efficiencies and opportunities are emerging, however this increases the risk of cyberattack. In both industry and government innovative strategies are being developed to leverage cybersecurity architectures to protect critical infrastructure effectively and efficiently.

Rob Barton will lead us through a series of instructive use cases to highlight the opportunities and threats.

Presentation Files RobertBarton

10:25am - 10:55am Salon B Presentation Files PamSnively

Concurrent Keynote Presentation by TELUS: Building Stakeholder Trust to Support Data Innovation

In the current international environment, stakeholder trust in respect of data use is at, perhaps, an all-time low. Designing data governance models to build trust in the area of privacy and data ethics is now a business imperative.

In this session, we’ll discuss:
· Current ethical challenges in data analytics and key ways to earn stakeholder trust;
· Operationalizing a data governance program that can transform an organization’s approach to data and data ethics; and
· The benefits of Privacy and Ethics by Design.

Presentation Files PamSnively

10:25am - 10:55am Theatre Presentation Files ChadGray

Concurrent Keynote Presentation by PwC: Critical Infrastructure Kung-Fu: Evaluating Attacks and How to Defend

Industry 4.0 and the new digital age. The new revolution of technology and innovation is upon us, and promises greater connectivity, automation, efficiency, and scaling.... but is it secure? Industrial environments, including Oil & Gas, Utilities, Manufacturing, Transportation and many other Operational Technology (OT) environments are incorporating these new technologies. IoT devices are becoming ubiquitous, and being added to our enterprise environments as well. These efforts are intended to bridge the gap between legacy systems, often past their extinction date of security support, while bringing the latest and greatest technologies to connect with them, in an attempt to extract the greatest value possible. This discussion will focus on both attackers and defenders. As your honorary sensei, I hope to share with you the philosophy and mindset of your adversary - how they think, prepare, and act - and most importantly, how to prepare yourself from being the next victim. In the words of the legendary Bruce Lee - "Don't get set into one form, adapt it and build your own, and let it grow, be like water". Adopt this mindset to always stay a step ahead, and earn your black-belt in security.

Presentation Files ChadGray

11:00am - 12:15pm Salon A

Concurrent Panel Session - Panel A: Politics and Privacy Regulation

The Facebook/Cambridge Analytica controversy reveals that political parties and campaigns thrive on personal data. Politicians require businesses and public agencies to follow privacy laws to ensure personal information is kept secure and not improperly used. However, in Canada at least, political parties are not subject to the same level of scrutiny when it comes to how they collect, store and use people’s data. A House of Commons committee has recently recommended significant changes to Canada’s privacy laws, including tighter restrictions on political parties, in order to protect Canadians’ privacy and the country’s democratic voting system. Should political parties be subject to the same privacy protection rules as apply to government agencies and the corporate sector? Or are there essential differences that call for a different set of expectations and legal requirements?

11:00am - 12:15pm Salon B Presentation Files Genetic Privacy Panel

Concurrent Panel Session - Panel B: Genetic Privacy and Genomic Driven Medicine – “Big Pharma Would Like Your DNA”

Precision medicine allows medical professionals to analyze a person’s genetic makeup and target treatments based on their specific needs. This new technology will not only assist in diagnosing and preventing genetic diseases, but it will also help prevent adverse drug reactions, the 4th leading cause of death in Canada. While the idea of individualized healthcare brings great hope, there are still a number of hurdles that must be overcome. In order for precision medicine to be successful, individuals must be willing to give up their genetic privacy to be used for scientific purposes. How will this valuable data be stored and protected and how can we be sure our genetic data cannot be used against us in the future?

Moderator: Martin Dawes

Presentation Files Genetic Privacy Panel

11:00am - 12:15pm Theatre

Concurrent Panel Session - Panel C: Is Canada a Global Leader in Cyber Security?

The Government of Canada’s national cyber security strategy outlines a working relationship with the provinces and private sector to improve cyber security in the country. The strategy promises a commitment to support advanced research, foster digital innovation and assist in developing cyber skill and knowledge to position Canada as a global leader in cyber security.

Cyber security is driving innovation and economic activity in Canada and contributes $1.7 billion to Canada’s GDP and provides over 11,000 jobs. The global cyber security industry is expected to grow 66% by 2021. Governments, academia and the private sector can collaborate to create new opportunities, investment and foster leading-edge research and development.

This panel will discuss the new Government of Canada cyber security strategy and outline the benefits and challenges it provides in positioning Canada as a global leader in cyber security.

12:15pm - 1:30pm Carson Hall (Salon ABC)

Luncheon Keynote Presentation

12:15pm - 1:30pm Crystal Ballroom

Networking Luncheon

1:40pm - 2:10pm Salon A

Applied Session: The CX of Privacy: A Practical Workshop

With privacy moving to the forefront of people's minds all around the world, many organisations are scratching their heads - searching for ways make data sharing (or a lack of it) valuable, meaningful and engaging for their customers. This goes beyond static policies. It's about operationalising strong data ethics. It's about bringing to life proactive privacy and security. It's about making privacy part of the value proposition. It's privacy as a competitive advantage.

“Years ago I urged people to embed Privacy, by Design. With trust at an all-time low, it's now time to design for trust. And the best way to overcome the trust gap is with Data Trust by Design. This is an essential ingredient to enabling user empowerment."
— Ann Cavoukian, Ph.D., LL.D. (Hon.), M.S.M. Privacy by Design Centre of Excellence, Ryerson University

In this hands on workshop Nathan Kinch, CEO of Greater Than X, will guide you through a practical Data Trust by Design activity. Together we'll produce trustworthy outputs that inform, empower and enable people to make simple and active choices about how their data is an isn't used.

1:40pm - 2:10pm Salon B Presentation Files KennethMoselle

Applied Session: “Real-World” De-Identification of Transactional Data Extracted from Electronic Health Records - Breaking the Curse of Dimensionality

Researchers who seek to detect better practices or predict better outcomes from "real world" data extracted from clinical information systems must be supplied with very high dimensional datasets that are deeply refractory to privacy protection via application of 'classic' data de-identification tools (e.g., "k-anonymization"). Nevertheless, the privacy risk model out of which these tools are fashioned is a foundational component of methods that can provide meaningful operational definitions of key constructs such as "identifiable", or "risk", or "low risk" - or "de-identified"! This presentation will cover a "meta-k-anonymization framework" that is intended to scale out to the privacy challenges associated with "real world" (almost invariably high dimensional) health datasets whose analytical content must be protected in order to derive products that warrant application back to the points of service.

Presentation Files KennethMoselle

1:40pm - 2:10pm Salon C Presentation Files DerekKeen

Applied Session by Varonis: The Modern State of Insecurity

Online security is in a constant state of flux; we face threats today that are entirely new to those we dealt with only a year or two ago. Yet at the same time, we’re still dealing with the same fundamental threats we were decades ago with the likes of SQL injection and ransomware dating as far back as the 80’s. This dichotomy also plays out in the sophistication of attacks we’re seeing today with news headlines announcing nation state backed espionage with equal regularity to Amazon S3 buckets exposing everything to the public due to simple configuration errors.

In this talk, you’ll see how these threats are evolving and which are the ones we need to be especially conscious of in the modern era. It looks at real world examples of both current and emerging threats and talks about actionable steps we need to take as an industry to stem the flow of data breaches and other malicious activity. The Modern State of Insecurity is a scary yet necessary lesson on how we’re still getting security wrong today.

Presentation Files DerekKeen

1:40pm - 2:10pm Theatre Presentation Files ConstantineKarbaliotis

Applied Session by PwC: The New NAFTA - A Continental Market in Data, and Practical Implications for Privacy

The new NAFTA - USMCA, CUSMA or T-MEC, depending on what country you're in - incorporated some elements of the TPP in relation to creating a continental market in digital goods and services. It effectively prohibits discrimination based on the location of the organization providing services, but at the same time sets up privacy frameworks such as the APEC Cross Border Privacy Rules as the mechanism by which privacy is protected as data moves. It sets some goals in relation to cybersecurity as well as privacy protections. What does this mean for continental data flows and outsourcing - does this set a new expectation, a new minimum - and is it liberating organizations seeking to do cross-border business? How will this impact data localization expectations? This session will examine the impact of the privacy elements of the new agreement, how it will impact Canadian adequacy with the EU, and how Canadian organizations should consider CPBR in light of the need to do business with the EU, as well as expanding opportunities for data flows both in North America and in APEC member countries.

Presentation Files ConstantineKarbaliotis

1:40pm - 2:10pm Saanich Room

Applied Session by Oracle: What is a 2nd Generation Data Centre? (how to deliver superior privacy in a public data centre)

Oracle has built a second generation cloud infrastructure - in Canada - that meets the strict security and privacy regulations in the province. Join Oracle Cloud Specialist, Rob Taylor, for an introduction and first look at Oracle Cloud Infrastructure (OCI). This fast paced session will discuss the requirements that drive the need and how these new cloud services are more secure, less expensive, and better performing than comparable services in first generation clouds.

1:40pm - 2:10pm Oak Bay II

Applied Session: Addressing Privacy Concerns as the City of Winnipeg Combines Innovation, Connectivity & Data for Service Improvement - A Case Study

Seven years ago Winnipeg’s 650 signalized intersections were looked after by one man, Construction ruled the roads, paperwork was king and little to no information was available to drivers. In 2017 Winnipeg’s first Transportation Management Centre (TMC) opened bringing about changes that turned Winnipeg’s traffic information from Jurassic to Jetsons. With over 160 camera’s capturing traffic information 24/7 for over 60% of the regional road network, the TMC has begun to revolutionize the driving experience through innovation and information.

Sharing traffic information through crowdsourcing apps by remotely accessing cameras that have the ability to zoom in as far as three kilometres has raised significant privacy concerns. This case study will describe how information and data flow through the TMC’s technologies and the steps taken to identify and mitigate privacy concerns in order to ensure compliance with current privacy legislation.

1:40pm - 2:10pm Esquimalt Room

Applied Session: Update on International Privacy Developments - Innovation, Science and Economic Development Canada (ISED)

Jane Hamilton, Senior Advisor with the Marketplace Framework Policy Branch at ISED, will provide an update on international privacy developments related to OECD, APEC and EU adequacy, including information on Canada’s ongoing engagement with the European Commission to ensure the continuity of Canada’s adequacy status under the General Data Protection Regulation (GDPR).

2:10pm - 2:25pm Upper & Lower Foyers

Afternoon Break

2:25pm - 3:40pm Salon A

Concurrent Panel Session - Panel A: Quantum Computing Will Create Jobs but Which Ones?

Quantum computing is the attempt to harness the laws of quantum mechanics to build incredibly powerful computers that can perform some incredibly demanding computational tasks, tasks so demanding that they would otherwise take the age of the universe to perform.

What are quantum computers good for? Experts have some ideas, like optimizing shipping logistics, breaking modern encryption methods, discovering a complex molecule for a drug, or designing fertilizers. Industry needs to make the computers more accessible to everybody, not just quantum physicists. What opportunities by harnessing quantum technology for next generation cryptography/security will enable a secure set of tools to re-establish the status quo, but also make things better? What are the security challenges and how do we protect privacy?

2:25pm - 3:40pm Salon B Presentation Files KennethMoselle

Concurrent Panel Session - Panel B: The Ethics of Integrated Data

If data is the new oil, is it being ethically extracted, consumed and made available? The integration and subsequent use of new data for evidence informed policy or decision making is increasingly common. How much do we know about what is happening in this space and how it is happening? Who needs to know? Would they agree with current approaches if they did know?

Recent revelations of how organizations are using information have thrown this conversation into the national spotlight. Are individuals more upset that it is happening or that they weren’t aware in the first place? This sets the stage for the great debate of how best to balance an individual’s privacy with the critical role population-level information provides in informing public policy decisions.

Presentation Files KennethMoselle

2:25pm - 3:40pm Theatre Presentation Files AndyKirkland

Concurrent Panel Session - Panel C: Cloud Computing: Strategies for Responsible Adoption of Cloud Services

Cloud is here and it’s not going away. It’s the present and the future. Organizations must have a digital strategy that incorporates leveraging cloud services or risk missed opportunity and lost relevance. Employees are subscribing to and using cloud services on a daily basis whether their organizations know it or not. What expectation is there that organizations are aware and managing use of cloud services? Are organizations that continue to defend their use of traditional and on-premise hosted solutions becoming losing relevance? Is there any time where cloud is not an appropriate direction? What are examples of successful adoption strategies? Where are successful organizations on the adoption path?

Increasingly, organizations are adopting Cloud First policies recognizing it is unrealistic to maintain resources necessary to meet client demands for innovative solutions. After conducting its own Privacy Impact Assessment, the New Zealand Privacy Commissioner issued a statement that they “… have evaluated the risks and believe that [cloud services] offer … better data security than [they] can deliver [them]selves.” Attend this session to find out how to responsibly adopt cloud services while keeping onside with privacy, security, legal, compliance, and risk.

Presentation Files AndyKirkland

2:25pm - 3:40pm Salon C

Concurrent Panel Session - Panel D: Cyber from the Top: What are Your Executives Thinking

What’s on the mind of Canada’s top cyber executives and how are they planning to address fundamental topics and issues pertaining to Canadian cybersecurity?

This is your chance to meet five leaders, influencers and authors of the Canadian Cybersecurity 2018 – An Anthology of CIO/CISO Enterprise-Level Perspectives, and hear their thoughts on their respective areas of expertise in Canadian cybersecurity. The session will be moderated by Gary Perkins (CISO, Province of BC).

You will have a chance to ask questions. Please download and read the book that was recently published by the Cybersecurity Leadership Exchange Forum (CLX Forum) before attending. Topics discussed will include:

• Coaching teams on cybersecurity issues
• Which security considerations to prioritize, and how
• Cybersecurity information sharing and collaboration
• Security-as-a-Service
• Moving from waterfall to dev ops frameworks

To learn more about CLX Forum, watch the intro video here. Join CLX Forum at www.clxforum.org.

3:50pm - 4:15pm Carson Hall (Salon ABC)

Closing Keynote Presentation

4:15pm - 4:30pm Carson Hall (Salon ABC) Presentation Files CJRitchie

Closing Remarks & Announcements

Presentation Files CJRitchie

Title Sponsor

Platinum Sponsors

Gold Sponsors

VIP Reception & Dinner Sponsors

Conference Sponsors & Exhibitors

Event Partners

Fairmont Empress Hotel Room Block

If you need to make accommodation arrangements, the Fairmont Empress is offering a special conference rate of $179/night for Corporate reservations and $159/night for Government reservations. Please note that this room block ends January 18, 2019.

Please contact the hotel directly at (250) 384-8111 to book a room or book online using the following links:

Government Reservations – https://book.passkey.com/go/PSCGOV0219
Corporate Reservations – https://book.passkey.com/go/privacysecurityconfcorp2019

Fairmont Empress
721 Government Street
Victoria, BC
V8W 1W5

https://www.fairmont.com/empress-victoria/

It has been brought to our attention that individuals are contacting sponsors and speakers, citing the Reboot Privacy & Security Conference, to offer hotel reservation services. To be clear, these individuals are not in any way affiliated to our conference, and are not authorised to use the Reboot Communications name. No one should contact you directly to book your hotel room or to offer you a special discounted rate. If you receive one of these calls, it is a scam. They are not affiliated with Reboot Communications or the Privacy & Security Conference. Thank you to those who have alerted us to this matter. To book your room in a safe manner please follow the information on this page only.

YYJ Airport Shuttle Discount

If you are needing transportation from the Victoria International Airport to Downtown Victoria/Empress Hotel why not consider using the YYJ Airport Shuttle.

When booking the shuttle online or over the phone please use the promo code REBOOT20. This will give you 20% off tickets.

For more information please visit their website at www.yyjairportshuttle.com or call them at 1-855-351-4995.

Harbour Air Seaplanes Discount

Flying in from Vancouver or Seattle for the conference? Arrive in style in Victoria’s Inner Harbour with Harbour Air. Subject to availability, attendees will receive a 20% discount on their goFlex and goGold fares for confirmed travel to/from Victoria between February 4 and 10, 2019. Please note that all rates are subject to tax and fees. This offer cannot be combined with any other offers or promotions or be paid by Airbucks or TurboBucks and cannot be applied to private charters.

In order to receive this special discounted rate, attendees can contact the Reservation Department directly by phone at 1.800.665.0212, by e-mail at reservation@harbourair.com or online at www.harbourair.com and quote the promotional code ‘P&SC02-19’. Also be advised that you will need to provide a copy of your conference registration upon check-in.

All schedules and location information can be accessed through their website at www.harbourair.com.

Testimonials

Celebrate 20 Years of Privacy and Security Solutions!

Why should you attend? Here’s what past attendees of the conference are saying:

One of the strongest conferences globally on the issues of both privacy and security.” – Elizabeth Denham, UK Information Commissioner

I’ve heard from many delegates over the years that this is one of the best privacy and security conferences that they attend anywhere.” – Ian Bailey, Assistant Deputy Minister and Chief Information Officer, Ministry of Attorney General, Province of BC

It’s a great gathering of privacy professionals, security professionals, information management professionals, regulators, civil society.” – Jill Clayton, Information and Privacy Commissioner of Alberta

We’ve partnered with Reboot to create a venue where privacy and security, people who have mutual goals in terms of protecting information, meet together, share information, become more collaborative in their practices and end up being more united in the ways they approach their goals. Great learning opportunities for the two professions … You also have other kinds of representation: public sector, private sector, health care, technology, civil society. All of these different groups have different perspectives and we all have very common goals, just different ways of getting there. So that sharing is very, very helpful.” – Richard Purcell, CEO, Corporate Privacy Group

“I love the conference. This is one of the most well executed and also impactful conferences that I go to each year … It is one of the best executed security conferences on the globe.” – Preston Hogue, Senior Director of Security Marketing, F5 Networks

I find the attendees to be a very wide spectrum, from the technical to the purely policy-oriented, and I get to learn and see things from a different perspective. For me, that is very valuable.” – Winn Schwartau, Security Theoritician & Author

This is the #1 professional development opportunity for privacy and security experts on the west coast.” – Gary Perkins, Chief Information Security Officer, Province of BC

It’s one of the few conferences I love coming to every year, because it’s an opportunity to learn more from a privacy and security perspective. You get the chance to see and listen to peers in the industry, talking about issues that really matter to us in the security and privacy world.” – Tim McCreight, President, Risk Rebels