Privacy and data protection is the number one issue businesses around the world are facing. Personal privacy is at the forefront of information sharing and social media requirements. For the past 20 years, the Privacy and Security Conference has been the number one conference on the issues of privacy and security globally.
Presented by the Offices of the CIO and Corporate Information and Records Management, Ministry of Citizens’ Services, Province of British Columbia, this three-day conference attracts over 1100 delegates and 100 international subject matter experts. It provides essential education, training and opportunities for CPD credits for individuals who are responsible for the transformation of the public and private sector into the new digital economy.
Reasons to Attend
- Timely, motivational presentations from leading industry experts
- Learn about current trends, issues and actions
- Valuable CPD credits to maintain a variety of qualifications essential for your career
- Unparalled networking opportunities
- Informative 3-hour pre-conference educational sessions and many interesting panel sessions
- Get immediate answers and solutions to issues current in your organization
|Early Bird registration by December 13, 2019||Regular registration after December 13, 2019|
|Public Sector||$750.00 CAD (plus GST)||$925.00 CAD (plus GST)|
|Private Sector||$850.00 CAD (plus GST)||$1,250.00 CAD (plus GST)|
*We are pleased to offer our Alumni program, providing a special rate to past attendees. Delegates who have attended this conference before will receive the special public sector price of $675 or private sector price of $795 when they register on or before September 27, 2019. Please contact us for the promo code if you did not receive it by email.
Registration Fees Include
- 2 plated lunches
- All coffee breaks
- All keynotes, plenaries, panel sessions and applied sessions
- Pre-conference educational sessions
- Access to networking lounges
- Networking reception Thursday evening
- Conference notebook
- Conference materials
- On-line access to presentations post-event
Stay connected and engaged in the conversation leading up to and during the conference by following along on Twitter. Use the event hashtag to follow others who are already posting, and include it in your tweets to add to the existing discussions. The hashtag for this year’s conference is #PrivSecYYJ and our twitter handle is @Reboot_Comm. We would appreciate you sharing your voice with our other followers.
Victoria Conference Centre
There’s nowhere in the world like Victoria. It’s small yet sophisticated; a technology leader and an historic capital city; a vibrant business community yet surrounded by nature. At its heart is the Victoria Conference Centre – an exceptional experience for delegates and world-class support for planners.
Victoria Conference Centre
720 Douglas Street
Wednesday, February 5, 2020
Registration Desk Opens
9:00am - 12:00pm • Theatre
BC Ministry of Citizens’ Services – Information Security Branch presents: BC’s forecast: Clouds on the Horizon
Join some engaging discussions with Government’s Proctor of Privacy, Matt Reed and the Defender of Data, Gary Perkins. Recent amendments to FOIPPA have changed the playing field for public bodies in BC wanting to adopt cloud. Gary and Matt will discuss the impacts to the public sector with respect to cloud usage; where new cloud opportunities lay; how to ensure that your shiny new cloud is secure; and where to expect this space to move in the next few years.
Bring your questions to this interactive session and get some answers from the experts.
Outcomes of this exciting workshop:
• Greater understanding of FOIPPA, and its recent amendments
• Cloud implementation comfort
• An understanding of how to approach security in cloud-based solutions
• The role companies and individuals play in creating a secure future
• The role companies and individuals play in protection
9:00am - 12:00pm • Oak Bay Room
VMware presents: Join VMware Carbon Black for a Threat Hunting Challenge!
The VMware Carbon Black Threat Hunter Challenge is a fun dynamic capture-the-flag style event where you will get hands-on with our cloud based End Point Products. You will get the chance to hunt & identify attacks using real-life scenarios. Our next-gen endpoint tools capture deeper telemetry that facilitates turning the tables on the attacker by proactively looking for tell-tale behaviors.
Bring your laptop! We will provide a Map of the World Q&A score board to track each teams progress. Join us to put your threat hunting skills to the test! Sign up as an individual, or form a group of 3-5 with your colleagues!
• Fun - enter yourself or a small team for some collaborative hunting
• Learn - from hacking techniques and tradecraft used in actual incidents
• Step-up - be introduced to hunting, or advance your existing hunting skills
• Hands-on - with tools used by fed government, corporates and dot coms, IR pros
• Insight - how to uplift your organizations sec ops capabilities
• Glory – it’s all about the prizes and the 3 levels of challenge coins
The game is designed for all levels of threat hunters - from beginner to expert.
Questions? Contact firstname.lastname@example.org
9:00am - 12:00pm • Saanich Room
Microsoft presents: Security Leveraging Cloud & On-Premises Architecture and Azure Security
Join Microsoft’s Warren Dyck, Jacques van Zijl, and Rudi Groenewald for an exciting session covering:
• Microsoft Security’s approach and overview with Warren Dyck, Modern Workplace Specialist
• Security leveraging cloud & on-premises architecture and demonstration of protection across the attack kill chain with Jacques van Zijl, Technical Solutions Expert. Learn more about Security Operations, Secure Score, Threat Analytica, Incidents (Initiate Automated Investigation, Initiate Live Responds Session, Restrict APP Execution, Isolate Machine), Automated Investigation (Forensics), Advance Hunting, Reports, Threat & Vulnerability Management (Software Inventory, Remediation)
• Azure Security, Sentinel SIEM & SOAR Overview & Demonstration with Rudi Groenewald, Cloud Solutions Architect. Learn how the Microsoft Security portfolio relates to server infrastructure. With the help of Azure Security Center and the Microsoft cloud-based SIEM, Sentinel, discover how we help our customers find and neutralize threats in an online world.
9:00am - 12:00pm • Sidney Room
BC Ministry of Citizens’ Services presents: DevSecOps – The New Zero Trust Security Model for BC Government Applications
Are you wanting to know how you can make your application secure - right from the start – and then for every line of code? Find out how the Developers Exchange has designed a zero-trust environment, integrating leading edge security tools into the BC Government’s Openshift Platform. We will have demonstrations of live pilot ministry applications using the new security environment. Bring your toughest questions and concerns and the team will work through them with you.
9:00am - 12:00pm • Esquimalt Room
BC Ministry of Citizens’ Services – Privacy, Compliance and Training Branch presents: IM Practice Review and You: A simple approach to assess and improve how your organization manages its information
We asked and we listened. There is a simple and effective way to assess your own information management practices. This session will guide delegates through a simulation of an IM self assessment using select criteria from government’s 2019 IM practice review framework. This is an experiential workshop introducing key concepts and assessment processes. Participants will simulate the interview, collection and reporting processes that can be used to assess the maturity of their current IM practices. The knowledge you gain will allow you to develop an evidence-based action plan for improvement. The workshop will appeal to those who want to address and improve processes for the effective management of their organization’s information.
9:00am - 12:00pm • Colwood Room
The Ethics of Research Privacy Workshop
This session will explore an approach to privacy grounded in applied ethics principles and concepts. Attendees will have the opportunity to work through a series of real-life case studies in the research domain guided by ethics tools. The goal of this session is to empower attendees to use “all things considered” holistic judgements concerning privacy.
1:00pm - 4:00pm • Theatre
RSA presents: Killing the Password – The Future of Identity Risk
As we enter a new decade, it’s interesting to see how far we’ve come over the past 10 years in terms of identity and access management. When the 2010s began, only 38 per cent of data breaches used stolen credentials; by 2017, this figure was 81 per cent. As the pace of digitization has increased, identity and access assurance has become a critical issue and the single most important control for managing digital risk.
In this highly interactive workshop of Killing the Password – The Future of Identity Risk, we will be discussing the changing face of identity management. As we have become more reliant on digital interactions that rely on identities, new and unprecedented security challenges have been raised. Some of these new challenges and market dynamics that will be discussed are:
• Passwords suck
• Islands of identity expand
• Credential theft becomes credential hijacking
• Increasingly diverse users and use cases
• Rapidly evolving auth landscaping
At RSA, our mission is to enable security-sensitive enterprises to embrace and thrive from digital transformation without the fear from identity threats—known or unknown. Come join this workshop to do just that and welcome 2020 with an identity focused approach.
1:00pm - 4:00pm • Saanich Room
Fortinet presents: “You’re Going To Be Breached – What Are You Going To Do About it?” - An Interactive Incident Response Workshop
It’s an unfortunate fact in today’s cybersecurity world that every organization is going to be breached (if they haven’t already).
Are you ready? Do you know what to look for and what to do when you find it? Do you have the right people and processes in place?
Join Joan Ross, Field CISO at Fortinet, for this 3-hour, interactive, Incident Response workshop that will look at:
- The threats facing organizations every day and the tactics used by the bad actors
- The steps you should take when you believe you are under attack such as; operational level responses, management reporting and communications
- The vital role that the right technology plays in allowing the security team to effectively detect, contain and mitigate threats
- The roles and responsibilities that make up a coordinated and well-managed response
- Real-world Incident Response playbooks. Teams will be put in the driver’s seat reviewing current incidents and effective responses
1:00pm - 4:00pm • Oak Bay Room
BC Ministry of Citizens’ Services – Information Security Branch presents: How to be a Ministry Information Security Officer (MISO)
The role of a Ministry Information Security Officer is key to a successful security program and empowering that MISO with clear role definition ensures success. But what does it mean to be a MISO? This workshop will walk through the roles and responsibilities of this type of position and provide tips on how to establish a security culture within your organization.
This workshop is useful for those currently in the role who want to sharpen their skills or those who aspire to be future MISOs and want to learn more about the role. We’ll offer some practical tips along with insight into how MISOs fit into an organization’s overall security program.
This session will address topics such as:
• What is a security program?
• SOARs, security breaches, training and contracts
• Program measurements
• Influencing a positive security environment
Join us for an informative discussion on this critical security position to any organization.
1:00pm - 4:00pm • Esquimalt Room
BC Ministry of Citizens’ Services – Privacy, Compliance and Training Branch presents: A Principled Approach: Lessons on PIPA and the Privacy Principles
This workshop will help you navigate the balance between the privacy rights of the individual on one hand; and the needs of the organization on the other hand in the context of private organizations. You’ll learn the backbone of privacy legislation – the privacy principles – how those are applied, and how they can inform work in any sector. Presenters will use the Personal Information Protection Act (PIPA) as an example of how these principles are balanced in practice, but this session will be useful to anyone interested in learning the first principles of the privacy field.
During this workshop, we’ll cover the following:
* Overview of PIPA
* Consent – how it works in practice
* Oversight – the role of BC’s Information and Privacy Commissioner
* Resources that can help you meet your legislative requirements
You’ll walk away with a better understanding of B.C.’s private sector privacy legislation and tips to apply privacy in your day-to-day work.
1:00pm - 4:00pm • Sidney Room
BC Ministry of Citizens’ Services – Information Security Branch presents: Cybersecurity Awareness: The Need of Changing the Culture to Match Living in a Digital World
This workshop provides an opportunity to explore the difficulties of cybersecurity awareness programs as well as how to overcome them. Through a number of practical activities and games, you will learn how individual digital habits and behaviors fit into the complex world of cybersecurity. In this session you will learn key decision-making principles that can help you and the people of your organisation stay secure.
This interactive session brings theory and practice together for a collaborative experience that answers the question: “How can people go from being the weakest link to the strongest protection for your organisation?”
Thursday, February 6, 2020
Registration & Networking Lounge Open
8:20am - 8:30am • Carson Hall (Salon ABC)
8:45am - 9:25am • Carson Hall (Salon ABC)
Keynote Address: Global Trends in Digital Privacy: 2020 and Beyond
As digital innovation makes the world ever-smaller, UK Information Commissioner Elizabeth Denham gives her perspective on the global trends in data protection and privacy.
Elizabeth will reflect on the big cases her UK office have looked at, and reflect on their international influence from her perspective as chair of her global regulatory community.
She will also reflect on the impact of growing regulation around data protection and privacy, both from her current position, and as former Information and Privacy Commissioner for British Columbia.
Elizabeth will also discuss her recently launched children’s code, which received international headlines as it set out standards that online services should meet to protect children’s privacy.
9:25am - 10:00am • Carson Hall (Salon ABC)
Keynote Address: How to Effectively Keep Your Organization Cyber-Secure In An Ever-Changing Digital World
10:00am - 10:15am • Upper & Lower Foyers
10:15am - 10:45am • Salon A
Concurrent Keynote Address by F5 Networks: The Root Cause of Breaches in 2019
Analysis of 2019 public breach disclosures shows that, as in 2018, access attacks and formjacking remain the most successful tactics for data exfiltration. The close correlation between targets’ industries and predominant attack techniques indicate that these trends are driven more by shifts in web architectures, with defenses struggling to keep up, than by attacker creativity. Come learn what you need-to-know to defend your applications in 2020.
10:15am - 10:45am • Theatre
Concurrent Keynote Address by IBM
10:50am - 12:05pm • Salon A
Concurrent Panel Session - Panel A: Artificial Intelligence (AI) is Changing the World, Are We Ready for It?
Two-thirds of global businesses said AI technologies are important for their success. 70% of Canadian businesses have not even begun their AI planning. Canada’s early adopters are struggling to scale their pilots. AI promises efficiency and savings, as well as opportunities to eliminate repetitive tasks, reduce human error, and increase productivity. Business and policy leaders across Canada will engage to claim a leadership position in AI.
AI has the potential to be the catalyst for an era of unprecedented innovation, progress, and prosperity. Yet Canadians do not understand AI or see how its benefits outweigh the risks. Major concerns about AI’s impact on privacy, security, bias, consumer protection and more – and Canadians are looking to business and government leaders to provide answers and solutions to those questions. Left unaddressed, this lack of trust could have a serious impact on Canada’s future prosperity.
10:50am - 12:05pm • Salon B
Concurrent Panel Session - Panel B: Big Data DNA Data Storage -Bioethics, Personalized Medicine and Genomics
The rise of DNA data has experts concerned about protecting consumers personal privacy and how policy makers should think about DNA in the future. We have protected genetic information individually rather than using general privacy laws Genetic data can have multiple uses.
10:50am - 12:05pm • Theatre
Concurrent Panel Session - Panel C: Regulating Content on the Internet
The British Government will outline how internet regulations will reduce “online harms” encompassing any company that allow people to share or discover user-generated content or interact with each other online. Terrorist material, child abuse, trolling and disinformation are included in the regulations. Is the door open on censorship of the internet?
Moderating content on the internet has been a losing game of whack-a-mole. Tech platforms are responsible for both copyright and terrorist, abuse related material. Taking down objectionable content ignores the question of how it got there.
Britain’s approach is to require companies to design their services in a way that makes is harder for bad content to spread. Impose statutory “duty of care” and companies must take reasonable steps to keep their uses safe and tackle illegal and harmful activities on their service. The government will set up a new regulator whose mandate will be to publish guidelines for companies, oversee complaints, encourage co-operation between firms and issuing fines as well as other harsher penalties such as blocking websites or holding senior managers responsible. Maintaining national security and protecting the vulnerable must be balanced against individual’s liability.
10:50am - 12:05pm • Salon C
Concurrent Panel Session - Panel D: "Legitimacy by Design" in Community Safety and Well Being: Designing a Better Experience for Everyone
As practitioners in the human services sector continue to explore and embrace comprehensive approaches to harm, victimization, crime and disorder through community safety and well-being approaches, they often encounter challenges, particularly in the domain of information sharing with other human services agencies.
In this highly interactive discussion our moderator and panelists will lead a group discussion among attendees, on the idea of reframing the challenge of delivering a better experience of the human services system, especially for the most vulnerable and marginalized from a "Privacy by Design" framework, to a "Legitimacy by Design" framework in which privacy still remains an important consideration, but a consideration that is balanced by the opportunities that information sharing offers, especially the opportunity to provide a better experience to those whom human services agencies collectively serve.
12:05pm - 1:20pm • Crystal Ballroom
1:20pm - 1:55pm • Carson Hall (Salon ABC)
Keynote Address by OneTrust: All About the CCPA: A 5-Step Guide to Complying with California's Consumer Privacy Act
With the clock ticking down until the California Consumer Privacy Act (CCPA) comes into effect on Jan. 1, 2020, many companies are struggling to understand the sweeping new privacy law, its impact on the business, and how to manage compliance across a matrix of global privacy laws. While there are still amendments to be settled before 2020, there are several few key ways to get ready for the CCPA’s privacy governance and consumer rights requirements. In this session, we’ll outline what this new law means for your business, detail what changes to expect to see before it’s put into effect, and lay out a 5-step guide to demonstrating on-going compliance the CCPA. We’ll also share findings from research conducted with the International Association of Privacy Professionals (IAPP) on how ready (or not) businesses are for the CCPA, what factors are driving compliance and how the GDPR fits into CCPA readiness.
2:05pm - 2:35pm • Salon A
Applied Session by OneTrust: Compliance Checklist: Third-Party Risk for ISO 27001, GDPR, CCPA, and NIST
Standards and frameworks like ISO 27001, GDPR, CCPA and NIST include requirements for managing third-party relationships. To meet these obligations, organizations should build a defensible third-party risk management program. And with increasing scrutiny on third-party relationships, businesses are turning to automation for critical compliance tasks throughout the third-party risk management lifecycle, from due diligence and third-party selection to ongoing monitoring, oversight, and accountability. In this session we’ll breakdown the major considerations for these standards and frameworks as well as best practices to demonstrate compliance.
2:05pm - 2:35pm • Salon B
Applied Session by CrowdStrike: Combatting the Evolution of Cyber Crime
This brief will cover CrowdStrike’s latest and most recent intelligence trends pertaining to criminal cyber threat actors and their associated tactics, techniques, & procedures (TTPs). Topics covered will include:
• An assessment of the most capable criminal threat actors.
• Content on the evolution of ransomware.
• A review of how criminal groups are successfully breaching commercial and government organizations
2:05pm - 2:35pm • Salon C
Applied Session by IBM
2:05pm - 2:35pm • Oak Bay I Room
Applied Session by Guardicore: Defending Against Nation State Attacks & Ransomware
Cyber Threats are Rising, But We are Getting Smarter and Capable of Defending Ourselves
Nation state & ransomware attacks continue to climb. While both have become more sophisticated with time, so have we. In this session, Dave Klein will share real world attack examples to provide insights into the murky world of nation state actors who have become especially proficient in finding ways to create more havoc and damage and commit espionage He will discuss the interesting sophistication of ransomware attacks, many of which whom utilize state actor created tool kits to land and expand. While nation state attacks have become more brazen with attribution becoming more difficult; and while ransomware poses a real challenge, especially to local governments and to hospital healthcare sectors we have also grown in our capabilities to defend against them. The steps aren’t difficult and are easy to implement. Those who are vigilant can greatly limit the blast radius and effect of these attacks easily.
-How nation states attacks are increasing and how they try to obfuscate their origins through proxy actors and false-flag capabilities
-How ransomware attacks have increased and how they are getting through
-Prescriptive steps to thwart off or at worse easily recover from such attacks
2:05pm - 2:35pm • Oak Bay II Room
Applied Session: Privacy and the Public Health-Scape: Lessons Learned from the Trenches
Public health is more than hand washing campaigns and promoting condom use -- it is at the forefront of big health data analysis, and is leading the way in healthcare data integration to address significant issues impacting British Columbia, from the current opioid overdose crisis to chronic disease. Achieving success in these areas is increasingly tied to robust data governance and stewardship frameworks, breaking down data silos and ultimately supporting broader access to data itself. What remains critical in all of this is privacy: a key facet underpinning data partnerships and data acquisition, and a central component to the BCCDC’s “trust management” model. This presentation will shed light on the role of privacy in today’s public health landscape, provide key lessons learned from on-the-ground operations, and identify some of the emerging challenges in an increasingly data-driven health space.
2:05pm - 2:35pm • Saanich Room
Applied Session by SentinelOne: What happens when Privacy and Malware trends converge? Welcome to “Privacy Warfare”
Trends in both Privacy and Malware are converging. While the advertising industry has realized the power of targeted omni-channel marketing, cyber criminals have embarked on a similar journey towards targeted attacks on both organizations and individuals. Data science has propelled us towards a new era in which our identity is no longer just the static markers we are born with. Instead it is a meta-collection of data points that describe how we move through time and space, and what our decisions, preferences and movements are likely to be. When it is possible to re-identify data after it has been anonymized and track our behaviors in both the physical and cyber realms, we arrive at a point of no return: all static data that identifies us has been or will be stolen and collected and combined, and so all related meta-data from now on will be tied to our true identity. This opens the door to a new era in which criminals and nation states will soon be able to target victims uniquely. Like their commercial counterparts, they will have the ability to accomplish this at scale, with the same algorithmically-enhanced efficacy, and with 100% confidence in the identities they are targeting. Looking further out, criminals may find new ways to extort us as organizations and individuals…by modifying (vs. stealing) our privacy data. The only thing worse than a doctor losing access to a patient record due to a ransomware attack, is one whom has access to the record but cannot trust the accuracy of the information. Welcome to the era, then, of Privacy Warfare.
2:05pm - 2:35pm • Sidney Room
Applied Session by Replica Analytics: Accelerating AI with Synthetic Data
Data synthesis is a method for generating non-personal information that has the same statistical properties as real data. The basic concept is that a model is built to characterize the original data, and then synthetic data is generated from that model. Recent advances in statistical machine learning and deep learning mean that these models can capture many of the subtle characteristics of the original data, resulting in high utility data. However, if the synthesis model is overfit to the original data then the same values are replicated, and we may potentially have a privacy problem. Therefore, data synthesis is a balance between data utility and data privacy.
In addition to enabling access to data for AI and machine learning projects (which is becoming an increasingly challenging problem), common use cases for synthetic data include technology evaluation, open data, competitions and challenges, and software testing.
This presentation will provide a broad overview of data synthesis, focusing on structured data. We will examine methods to generate synthetic data, how to evaluate data utility, how to evaluate identity disclosure risks with synthetic data, and the results of a legal analysis to assess how various privacy regulations treat synthetic data (namely the GDPR, CCPA, and HIPAA). Healthcare examples will be used where relevant to illustrate the key points, although the basic principles and methods apply to other types of data.
2:05pm - 2:35pm • Esquimalt Room
Applied Sesion by Proofpoint: The Human Side of Cybersecurity: Can Your Users Be Trusted?
The roadmap of your IT environment is full of twists, turns, roadblocks, and potholes. Those with access are navigating a perilous journey -- often without explicit security awareness training to help identify warning signs along the way. With most threats trying to induce people to act emotionally, your users can become your greatest risk, clicking on malicious links that enable malware or expose confidential information. Join us for this session as we discuss best practices for adopting a people-centered, risk reduction approach to security awareness training that can transform your users from risky to ready navigators.
2:35pm - 2:50pm • Upper & Lower Foyers
2:50pm- 4:05pm • Salon A
Concurrent Panel Session - Panel A: Expanded Scope: A Review of National Security and Intelligence Activities in Canada
The National Security and Intelligence Review Agency (NSIRA) is an independent and external review body which reports to Parliament. NSIRA has a comprehensive mandate to review any Government of Canada national security and intelligence activity to ensure that they are lawful, reasonable and necessary. NSIRA also investigates public complaints regarding national security agencies and activities. Created under an omnibus national-security bill that added to the powers of the security and intelligence community in several important ways, the NSIRA was provided with a broad mandate to review those powers. NSIRA is not alone in this area, and its work is complemented by that of the National Security and Intelligence Committee of Parliamentarians and the Office of the Privacy Commissioner of Canada, among others. Has the bill given federal agencies power to collect and share too much information on Canadians? How will the review bodies use their review powers to be the eyes and ears of Canadians and give them more confidence in our Federal National Security community in the future?
2:50pm- 4:05pm • Salon B
Concurrent Panel Session - Panel B: The State of Biometrics and Facial Recognition: An Update on Legislation, the Science, and Privacy Concerns
Biometric uses are expanding rapidly, showing up in payments, healthcare, borders and travel, law enforcement, employment, and many other use cases. With the expanded uses, privacy and data protection concerns regarding biometrics are also increasing, attracting the attention of legislators and the public.
In Europe, the GDPR now regulates biometrics in the commercial sector. In the US, biometrics laws in Illinois and other states have created new consumer rights and in some cases, new liabilities for companies. Data breach statutes in multiple states have been and are being amended to include biometrics as a new category requiring specific notification. In past six months, three states and several cities in the US have passed either moratoriums or bans on facial recognition, with pending bans in two states.
This expert panel provides an update on the state of biometrics to ground the discussion, and lays out the core use cases in actual practice that are the subject of the most concern and legislation. Panelists will discuss key regulations and precedential enforcement actions and litigation in the EU, US, and Canada. Finally, this panel will discuss existing and potential legislative frameworks and other models available to address trust and biometric risks.
2:50pm- 4:05pm • Salon C
Concurrent Panel Session - Panel C: Does Canada Need a National Data Strategy?
Globalization and rapid technological development have fundamentally shifted the basic drivers of economic growth from the knowledge-based economy driven by intellectual property to the data-driven economy driven by data. The most valuable companies in the world are data companies. This new economy presents new challenges but also opportunities for Canadian businesses, individuals and policy-makers.
Canada’s data strategy to ensure that Canadians own the data they produce, and that governments and businesses are well-positioned to use it to grow our economy, protect privacy, promote the public interest and assert our sovereignty.
2:50pm- 4:05pm • Theatre
Concurrent Panel Session - Panel D: Internet of Things- Chips with Everything- Will IoT do for information what electricity did for energy?
A revolution estimated that by 2035 the world will have a “trillion” connected computers built into to everything we do as a consumer in the new digital world. In the long term the most conspicuous effects of the IOT will be in how the world works. The second phase of the internet that will carry business models that dominate the internet all conquering platform monopolies or date driven approaches that critics and privacy advocates call “surveillance capitalism” IOT promises huge benefits and will mature in an age that has become skeptical about where a connected, computerized future will be but will have to earn the trust of its users for a successful future. The panel will discuss ownership, data, surveillance, competition and a playground for hackers in this new connected world.
4:15pm - 4:50pm • Carson Hall (Salon ABC)
Closing Keynote - Amazon
5:00pm - 5:45pm • Upper Foyer
Reception open to all delegates
Friday, February 7, 2020
Registration & Networking Lounge Open
9:40am - 10:10am • Carson Hall (Salon ABC)
Keynote Address by Microsoft: Accelerating Responsible Innovation
While reports from superclusters and startup hubs capture our imagination with cool innovations, mainstream organizations in Canada seem content to maintain the status quo. With Canada finishing 35th in the world for ICT adoption, often investing pennies on the dollar when compared to its peers there is clearly work to be done to accelerate digital transformation across the Canadian economy. Instead of being inhibitors of progress, trust and confidence are catalysts for innovation when they are integrated into the innovation cycle. John will explore how organizations can accelerate their digital transformation and identify some of the principles, processes and tools for responsible innovation.
10:10am - 10:25am • Upper & Lower Foyers
10:25am - 10:55am • Salon A
Concurrent Keynote Address: Data: Are We Subjects to be Processed?
Notwithstanding the fact that General Data Protection Regulation (GDPR) in the EU is generally regarded as the most stringent or advanced data protection or privacy law currently in effect, is this kind of regulation fit for purpose in the 21st century? It still minimizes each person's digital autonomy through a notice and consent system designed to cede control. Do Fair Information Practice based legislation first developed at the dawn of the computer era make sense today? Do regulations originally built for large organization mainframe computers running batch jobs in glorious isolation make sense for a data ecology with hundreds or thousands of systems are part of online systems? If privacy is about digital autonomy, what does it say that the GDPR has created a taxonomy based around "Data Subjects", "Data Controllers" and "Data Processors". This talk will explore the business, legal, technical and social implications of putting the person in the centre of their own data. This means moving to a regime that empowers individual digital autonomy, moving processing to the person instead of submitting data to algorithms, and making the us the controller of our own data.
10:25am - 10:55am • Salon B
Concurrent Keynote Address by TELUS
10:25am - 10:55am • Theatre
Concurrent Keynote Address by RSA
11:00am - 12:15pm • Salon A
Concurrent Panel Session - Panel A: Voter Analytics and Micro-Targeting: Reflections on the 2019 Federal Election
The use of personal data in contemporary elections is now a matter of global importance and controversy. There are a range of issues: the appropriate use of voter analytics; the democratic responsibilities of powerful social media platforms; the accountability and transparency for targeted political ads; cyberthreats to the integrity of electoral procedures; and the spread of misinformation and “fake news” through malicious actors and automated bots.
This panel involves representatives from some major companies that were employed by political parties and candidates to discuss these pressing issues, and to reflect on the lessons of the 2019 federal election campaign.
What is the appropriate role for data analytics in modern democratic elections? Did micro-targeting occur in 2019, and was it effective? Was there evidence of malicious interference? What was the experience of the new ad transparency rules? And what should be the privacy rules for political parties and candidates?
11:00am - 12:15pm • Salon B
Concurrent Panel Session - Panel B: Smart Cities: The New Modernization Strategy Banking on “Your Data”
The future modernization plans for cities to develop policies and the general digital transformation is on everyone’s agenda. Leveraging smart technology and innovation to engage residents and solve some of our city’s most pressing issues is at stake. A well-connected, sustainable city where people work live and thrive in the new digital future is at stake.
The goal to transform cities into a modern, global city at the leading edge of innovation and technology with the creation of labs to test new tech in real-life, solve local innovation challenges and to bridge the gap between those that have access to technology and those who don’t is the plan.
Digital hubs to provide networking, connections to services, training, and tools in the mobile workplace, connected parks, free WiFi and main streets. Inter-modal transportation options bikes, cars, electronic vehicles, and automated traffic management systems are the benefits.
Portals that connect the digital ecosystem with access to services and information and open data, GIS, and other smart city technology will be central to the success of smart cities?
So what is the cost? Your data and your privacy, are we ready to address these challenges?
11:00am - 12:15pm • Theatre
Concurrent Panel Session - Panel C: Trusted Data - How Innovation is Promoting Data Sharing and AI
Governments seeking to foster growth in their digital economies need to be more active in encouraging safe data sharing between organizations. Tolerating the sharing of data and stepping in only where security breaches occur is no longer enough. Sharing data across different organizations enables the whole ecosystem to grow and can be a unique source of competitive advantage. But businesses need guidelines and support in how to do this effectively. Concerns with data sharing: how to formulate an overall data-sharing strategy, legal and regulatory considerations, technical and organizational considerations, and the actual operationalizing of data sharing.
11:00am - 12:15pm • Salon C
Concurrent Panel Session - Panel D: Digital Defenders: Empowering Girls To Explore Cybersecurity
Gary Perkins will engage Diamond Isinger, Provincial Commissioner of the Girl Guides of Canada in BC, and a youth spokesperson from GGC, about the brand-new Digital Defenders cybersecurity program. Join us to explore its influence on girls and young women, learn why girls and young women should be exposed to cybersecurity from a young age, and actions you can take. We will look to encourage parents and caregivers in the audience to encourage their girls to explore study and career opportunities in STEM because we all want to set girls up for success, and we will aim to activate industry leaders to lend their expertise as subject matter experts to support girl empowerment and equip today's youth with digital skills. Hearing the story of a Girl Guide who is exploring the Guiding program and STEM opportunities will inform our thinking about everything from informal work to barriers to the barriers or successes she may have experienced.
12:15pm - 1:30pm • Caron Hall (Salon ABC)
Luncheon Keynote Address: Women in the Workplace: the Barriers, the Challenges and the Disconnect
2019 has been a banner year for women in the workplace. With movements like #metoo, He for She; and books like Moment of Lift, there has been a lot of talk and discussion about women empowerment and advancement.
While many studies reveal that the state of women in the workplace is headed in the right direction, there are topics no one is talking about. In her talk, Humaira will share real stories of women, the barriers they face and more importantly, how we can influence real change that not only attracts and retains top female talent, but helps increase innovation that leads to better business outcomes.
12:15pm - 1:30pm • Crystal Ballroom
1:40pm - 2:10pm • Salon B
Applied Session by Varonis: Attackers Prey on Uncertainty: How to Fail at Threat Detection
It takes a lot of visibility and context to detect and respond to sophisticated threats. Attackers usually target data, where enterprises have the least visibility and most uncertainty. In this session, we’ll explore new, sophisticated threats from inside and out, demonstrate how easy it is for adversaries to bypass traditional controls, and present a methodology to better protect data at scale, improve threat detection, and reduce uncertainty
1:40pm - 2:10pm • Salon C
Applied Session by Splunk: Pull Up Your SOCs!
We all know how breaches happen. So why do they keep happening? Join Chris Vernon from Splunk for an engaging look at Security Operations Centres. Often there is gap between expectations of what implementing a SOC can do versus reality. We will discuss an evolutionary approach to security monitoring, to get the most out of your SOC.
1:40pm - 2:10pm • Theatre
Applied Session: Why Can't We Make Secure Software?
A lot is expected of software developers these days; they are expected to be experts in everything despite very little training. Throw in the IT security team (often with little-to-no knowledge of how to build software) telling developers what to do and how to do it, and the situation becomes strained. This silo-filled, tension-laced situation, coupled with short deadlines and pressure from management, often leads to stress, anxiety and less-than-ideal reactions from developers and security people alike.
This talk will explain how job insecurities can be brought out by IT leadership decisions, and how this can lead to real-life vulnerabilities in software. This is not a talk about “feelings”, this is a talk about creating programs, governance and policies that ensure security throughout the entire SDLC.
No more laying blame and pointing fingers, it’s time to put our egos aside and focus on building high-quality software that is secure. The cause and effect of insecurities and other behavioral influencers, as well as several detailed and specific solutions will be presented that can be implemented at your own place of work, immediately. No more ambiguity or uncertainty from now on, only crystal-clear expectations.
1:40pm - 2:10pm • Saanich Room
Applied Session: “Mind the Gap” – Future-Proofing your Privacy Program
Artificial Intelligence, Big Data, Internet of Things and other data and technology developments and trends are timely and relevant. Building in privacy by design and privacy by default are important; but will not enable you to anticipate every risk or prevent every privacy incident. And implementation of these strategies and technologies will only amplify your potential points of privacy failure.
The effectiveness of your holistic privacy program is still of paramount importance: if an incident is never identified or reported, if it gets lost in the gap, then you cannot effectively manage your risk. How can you future-proof your privacy program so it can be effective regardless of new data and technology trends and cyber risks?
This session will help you identify how to effectively future-proof your privacy program, with interactive discussion on the following topics:
- How to define the “gap”
- War stories demonstrating the gap (i.e., example incidents that aren’t covered by the media)
- How to identify and address the drivers of the gap in your organization
- Core elements of a holistic, integrated and effective Privacy Program
- Practical tips on future-proofing your privacy program by minimizing your gap and potential points of failure
1:40pm - 2:10pm • Oak Bay 1 Room
Applied Session: Deepfakes: What Can We Trust?
A deepfake is a video made portraying a person that is computer generated. They can be manipulated to say anything and interact with others. In the more malicious cases, celebrities have been targeted and inserted into adult films. They are getting more convincing and will soon be indiscernible from authentic video.
Deepfakes are currently a novelty and an amusement that is approaching a quality where widespread deceit could easily happen. It is estimated that in early 2020, the technology will be available for general users to perform a deepfake. When this happens, a user would be able to insert an image and apply it to someone in a video. We have already seen this with an app called Zao in China that will add the app user into a short clip of a movie. Knowing who to trust in the coming age will be hard when so called fake news can be delivered by trusted personas.
There are technologies to detect and prevent deepfakes. There are traces of tampering left when deepfake algorithms run. While this can be detected, it will only help in forensics. There will be very few methods that will be accessible to the public.
In this applied session, we will look at different examples of deepfakes and what is being done to detect them. It is possible to animate someone from a picture. Machine Learning (ML) can restore clarity to a blurry picture, then overlay that onto a video. With as little as 5 seconds of audio, a voice can be recreated and say anything that the manipulator desires. If a few of these technologies are combined, even a target with limited social exposure could be easily faked.
DeepFakes and Faceswapping has ethical issues. There are those in the AI community that are fighting to ensure that a zero-tolerance approach to the inappropriate use of these technologies. Should these technologies be open? They haven’t caused much harm.
1:40pm - 2:10pm • Oak Bay II Room
Applied Session: Enhancing Your Cybersecurity Culture with a Cybersecurity Ambassador Program
More and more the human factor is being recognised as a key component of an overall cybersecurity strategy. Technology alone will not solve our cybersecurity issues - we have to ensure that our people are aware and taking the appropriate action when confronted with phishing, social engineering, etc. Traditional cybersecurity awareness training - watch the videos, click the complete box - while part of baseline training, will fall short of expectations. What's needed is a change in the organisation's culture; good cybersecurity practices need to be viewed as a valued component of that culture. "Champions" or " Ambassador" programs are an effective way of creating and maintaining this culture change.
In this session Don will review the Security Awareness Maturity Model and why culture is an important part of a cybersecurity awareness program. He will then discuss the concept of an Ambassador program and how it can influence organisational culture. Finally, Don will get into the practical side of implementing and running an Ambassador program based on his experiences at Royal Roads University.
1:40pm - 2:10pm • Esquimalt Room
Applied Session: Implementing COBIT process governance at the BC Social Sector: A Case Study
Process binds people with machines, delivering business value such as information security. Join John Zimmermann, security architect for the BC Government Social Sector, to learn lessons they experienced while rolling out a governance framework to track the effectiveness of their information management processes. From inception to delivery, you’ll discover the challenges and opportunities encountered while adopting COBIT 5 as an ongoing transformational vehicle for their organization.
1:40pm - 2:10pm • Sidney Room
Applied Session: Privacy and Security of Electronic Records: Some Ethical Considerations
The duty to ensure the privacy and security of a person’s records are considered key aspects of the ethical framework that structure the development and use of electronic records. This presentation examines the ethical grounding of such a claim and outlines its limitations. In particular, it considers the ethical implications of technological developments, resource parameters and the equal and competing rights of others in light of the Principle of Equality and the Principle of Impossibility.
2:10pm - 2:25pm • Upper & Lower Foyers
2:25pm - 3:40pm • Salon A
Concurrent Panel Session - Panel A: Indigenous Data Governance
Explore the principles of Indigenous Data Governance with this expert panel. Learn how First Nations and Metis self-determination is reinforced through upholding First Nations and Metis data governance principles at each stage of data creation – collection, analysis and dissemination. Consider ownership, control of and access to indigenous data.
During this session we’ll also discuss individualistic and communal notions of privacy. Learn how protection of community interests is upheld in First Nations and Metis communities and the importance of cultural privacy.
Join us for this crucial discussion on indigenous data and information sovereignty.
2:25pm - 3:40pm • Salon B
Concurrent Panel Session - Panel B: Digital Assistants: Alexa Can Handle Patient Information - What Does That Mean for Privacy?
Voice enabled devices will allow customers to access personalized medical information, like medical diagnoses, pharmaceutical prescriptions and software that reads medical records. In the future customers will book medical appointments, access hospital post-discharge instructions and check on prescription delivery. The area of health records is famously contentious though a push to digitize medical records leads to fragmented paper trails filled with gaps. Doctors are frustrated with with the entire process and various software systems for health records lead to burnout. Health privacy laws ensures that health information can only be shared between patients and those in the healthcare system like doctors and hospitals. Can these new devices remain privacy compliant as we transform the $3.5 Trillion health system.
2:25pm - 3:40pm • Theatre
Concurrent Panel Session - Panel C: Public Cloud Computing: Is the Future of Privacy in the Cloud?
Gartner defines public cloud computing as a style of computing where scalable and elastic IT-enabled capabilities are provided as a service to external customers using Internet technologies—i.e., public cloud computing uses cloud computing technologies to support customers that are external to the provider’s organization. Using public cloud services generates the types of economies of scale and sharing of resources that can reduce costs and increase choices of technologies. From a government organization’s perspective, using public cloud services implies that any organization (in any industry sector and jurisdiction) can use the same services (e.g., infrastructure, platform or software), without guarantees about where data would be located and stored.
2:25pm - 3:40pm • Salon C
Concurrent Panel Session - Panel D: So Canada Needs New Privacy Law Fit for 2030 – What Does That Truly Mean?
Both major political parties had campaigns that signaled it is time for a new privacy law in Canada. We can all agree that the law should project individuals right to privacy and facilitate Canada’s digital future. But what does that actually mean when one puts pen to paper. This panel will begin the process of filling in the blanks.
3:50pm - 4:30pm • Carson Hall (Salon ABC)
Closing Keynote Address: Bringing Thinking and Technology Into Focus
Many of us have begun to reward speed over quality, distractedness over focus, and the negative effects are mounting. Technology was supposed to save our thinking; perhaps it’s doing the exact opposite.
Due to several alarming and rising factors including busyness, time mismanagement and distractedness, employees and leaders alike are struggling to cope. We all need a more reflective and responsive thinking mindset in order to take back control of our working lives. Better thinking is dependent on how open we are to new ideas, how evidence-based our decision-making can be, but mapped against how capable we remain to get things done. Technology can help, but we need to come to grips with its current effectiveness.
What to do? Dan suggests the introduction and use of Open Thinking, the continuous cycle of three key categories: Creative Thinking, Critical Thinking and Applied Thinking. When we use technology for “thinking good,” we’ll be much better off. Ultimately we need a return to balance between the key components of productive thought: Dream. Decide. Do. Repeat. The Pavlovian bell of mobile phone vibrations is no way to think in the year 2020.
• Recognize the effects poor thinking is having on both individuals and organizations.
• Understand the difference between reflection and action – being made aware of indifferent, inflexible and indecisive thinking attributes and how they affect our daily lives.
• Assess how technology can be used for positive Open Thinking, and how it inhibits it.
• Distinguish the traits that make up Creative, Critical and Applied Thinking—the hallmarks of Open Thinking—and learn ways in which to bring them into your daily habits.
Province of British Columbia 21st Annual Privacy and Security Conference is proudly sponsored by the following companies.
If you would like to sponsor this event, please download the Sponsorship Brochure for more information.
Conference Sponsors & Exhibitors
Hotel & Travel
Fairmont Empress Hotel Room Block
If you need to make accommodation arrangements, the Fairmont Empress is offering a special conference rate of $185/night for Corporate reservations and $159/night for Government reservations. Please note that this room block ends January 14, 2020.
Please contact the hotel directly at (250) 384-8111 to book a room or book online using the following links:
Government Reservations – https://book.passkey.com/go/psgovt2020
Corporate Reservations – https://book.passkey.com/go/privacyandsecurityconference
721 Government Street
It has been brought to our attention that individuals are contacting sponsors and speakers, citing the Reboot Privacy & Security Conference, to offer hotel reservation services. To be clear, these individuals are not in any way affiliated to our conference, and are not authorised to use the Reboot Communications name. No one should contact you directly to book your hotel room or to offer you a special discounted rate. If you receive one of these calls, it is a scam. They are not affiliated with Reboot Communications or the Privacy & Security Conference. Thank you to those who have alerted us to this matter. To book your room in a safe manner please follow the information on this page only.
YYJ Airport Shuttle Discount
If you are needing transportation from the Victoria International Airport to Downtown Victoria/Empress Hotel why not consider using the YYJ Airport Shuttle.
When booking the shuttle online or over the phone please use the promo code REBOOT20. This will give you 20% off tickets.
For more information please visit their website at www.yyjairportshuttle.com or call them at 1-855-351-4995.
Harbour Air Seaplanes Discount
Flying in from Vancouver or Seattle for the conference? Arrive in style in Victoria’s Inner Harbour with Harbour Air. Subject to availability, attendees will receive a 20% discount on their goFlex and goGold fares for confirmed travel to/from Victoria between February 3 and 9, 2020. Please note that all rates are subject to tax and fees. This offer cannot be combined with any other offers or promotions or be paid by Airbucks or TurboBucks and cannot be applied to private charters.
In order to receive this special discounted rate, attendees can contact the Reservation Department directly by phone at 1.800.665.0212, by e-mail at email@example.com or online at www.harbourair.com and quote the coupon code ‘P&SC02-20’. Also be advised that you will need to present a copy of your conference registration upon check-in.
All schedules and location information can be accessed through their website at www.harbourair.com.
Call for Speakers
Please note that the call for speakers closed September 27, 2019.
The Advisory Board for the 21st Annual Privacy and Security Conference is pleased to announce that the Call for Speakers is now closed.
Subject matter experts working within the privacy and information security communities are invited to submit papers on their area of expertise. Of particular interest are briefs on cutting-edge subjects and themes suitable for presentation in either a panel session, applied session, workshop or keynote address. Presented by the Province of British Columbia’s, Ministry of Citizens’ Services, this three-day conference draws an international audience focused on policy, programs, law, research and technologies aimed at the protection of privacy and security.
Date: February 5-7th, 2020
Location: The Victoria Conference Centre, Victoria, British Columbia
2020 Conference Suggested Topics (not exhaustive):
- Advanced Robotics
- Artificial Intelligence
- Augmented & Virtual Reality
- Big Data Analytics
- Cloud Computing
- Crypto Currency
- Cyber Security
- Dark Web
- Data Encryption
- ePrivacy Regulation
- Genetic Privacy & Precision Medicine
- Healthcare Privacy & Security
- Internet of Things
- Mobile Privacy & Security
- Open Data
- Politics and Privacy Regulation
- Quantum Computing
- Sensor Cities
- Social Media in Elections
- Voice First Technology
All entries must be received by midnight of September 27th, 2019. Invited speakers will be notified by October 31st, 2019.
Submissions will be accepted electronically using the form below.
- Issue papers: An executive or management briefing on a prominent issue or aspect of information privacy or security.
- Case studies: Descriptions of a specific information privacy or security situation or incident, or research results. Names of organizations can be kept anonymous to maintain confidentiality if necessary.
- Research: Results or developments in cutting edge research on new information privacy and security technologies.
- Sociological/ Philosophical perspective: A candid and/or introspective look at the impacts of new technological developments on privacy, security, social consciousness, or social functioning.
Have Questions or Need More Information?
- For conference content, themes and agenda questions, please contact: firstname.lastname@example.org
- For venue and conference administration questions, please contact: Reboot Communications Ltd. at 1-250-388-6060, or email@example.com
- For sponsorship questions, please contact Reboot Communications Ltd. at 1-250-388-6060 or firstname.lastname@example.org
- Submissions will only be accepted electronically