Province of British Columbia
21st Annual Privacy and Security Conference Privacy & Security: Bringing Digital Into Focus Feb.5-7, 2020, Victoria, BC

General Information

Privacy and data protection is the number one issue businesses around the world are facing. Personal privacy is at the forefront of information sharing and social media requirements. For the past 20 years, the Privacy and Security Conference has been the number one conference on the issues of privacy and security globally.

Presented by the Offices of the CIO and Corporate Information and Records Management, Ministry of Citizens’ Services, Province of British Columbia, this three-day conference attracts over 1100 delegates and 100 international subject matter experts. It provides essential education, training and opportunities for CPD credits for individuals who are responsible for the transformation of the public and private sector into the new digital economy.

Reasons to Attend

  • Timely, motivational presentations from leading industry experts
  • Learn about current trends, issues and actions
  • Valuable CPD credits to maintain a variety of qualifications essential for your career
  • Unparalled networking opportunities
  • Informative 3-hour pre-conference educational sessions and many interesting panel sessions
  • Get immediate answers and solutions to issues current in your organization


Conference Rates*

Early Bird registration by December 13, 2019 Regular registration after December 13, 2019
Public Sector $750.00 CAD (plus GST) $925.00 CAD (plus GST)
Private Sector $850.00 CAD (plus GST) $1,250.00 CAD (plus GST)

*We are pleased to offer our Alumni program, providing a special rate to past attendees. Delegates who have attended this conference before will receive the special public sector price of $675 or private sector price of $795 when they register on or before September 27, 2019. Please contact us for the promo code if you did not receive it by email.

Registration Fees Include

  • 2 plated lunches
  • All coffee breaks
  • All keynotes, plenaries, panel sessions and applied sessions
  • Pre-conference educational sessions
  • Access to networking lounges
  • Networking reception Thursday evening
  • Conference notebook
  • Conference materials
  • On-line access to presentations post-event

Social Media

Stay connected and engaged in the conversation leading up to and during the conference by following along on Twitter. Use the event hashtag to follow others who are already posting, and include it in your tweets to add to the existing discussions. The hashtag for this year’s conference is #PrivSecYYJ and our new twitter handle is @PrivSecYYJ. We would appreciate you sharing your voice with our other followers.

Victoria Conference Centre

There’s nowhere in the world like Victoria. It’s small yet sophisticated; a technology leader and an historic capital city; a vibrant business community yet surrounded by nature. At its heart is the Victoria Conference Centre – an exceptional experience for delegates and world-class support for planners.

Victoria Conference Centre
720 Douglas Street
Victoria, BC
V8W 3M7

Keynote Speakers

Humaira Ahmed

Founder & CEO, Locelle

Ray Boisvert

Associate Partner (Ontario), IBM Security Services

Elizabeth Denham

Information Commissioner, UK Information Commissioner’s Office

Kevvie Fowler

Partner, Global Incident Response Leader & National Resilience Leader, Deloitte Canada

Debbie Gamble

Chief Officer, Innovation Labs & New Ventures, Interac Corp.

Ryan Jaeger

Senior Solutions Architect, AWS

Kevin Margatan

Privacy Engineer, OneTrust

Michael McEvoy

Information and Privacy Commissioner for British Columbia

Ken McPherson

CEO, Iceberg Networks

Dan Pontefract

Founder and CEO, The Pontefract Group

Murray Rankin

Chair, National Security and Intelligence Review Agency

Shira Rubinoff

President, Prime Tech Partners

Pamela Snively

VP, Chief Data & Trust Officer, TELUS

Sander Vinberg

Threat Research Evangelist, F5 Labs

John Weigelt

National Technology Officer, Microsoft Canada

John Wunderlich

Chief Privacy Officer, JLINC Labs; Board Member, MyData Global


Martin Abrams

Executive Director and Chief Strategist, Information Accountability Foundation

Dr. Andrew Adams

Deputy Director, Centre for Business Information Ethics, Meiji University, Tokyo, Japan

Ciaran Aiken

Lead, Privacy, Access and Governance, BC Centre for Disease Control

Alan Arslan

Privacy Advisor, Privacy, Compliance and Training Branch, Ministry of Citizens' Services, Province of BC

Stephanie Bacon

Director, Platform Services, Enterprise DevOps, BC Developers’ Exchange, Ministry of Citizens' Services, Province of BC

Lynn Barr-Telford

Assistant Chief Statistician, Statistics Canada

Imraan Bashir

Executive Director, Cyber Security, Treasury Board Secretariat

Dr. Danièle Behn Smith

Aboriginal Health Physician Advisor, Office of the Provincial Health Officer

Dr. Colin J. Bennett

Professor, Department of Political Science, University of Victoria

Chantal Bernier

National Privacy and Cybersecurity Practice Leader, Dentons Canada LLP

Jaimie Boyd

Chief Digital Officer, Province of BC

Andre Boysen

Chief Identity Officer, SecureKey Technologies Inc.

Joni Brennan

President, Digital ID & Authentication Council of Canada (DIACC)

Josh Burgess

Americas Threat Intelligence Advisor, CrowdStrike

Stacy Clarke

Inspector, Toronto Police Service

Jill Clayton

Information and Privacy Commissioner of Alberta

Dr. Andrew Clement

Professor Emeritus, Faculty of Information, University of Toronto

Elizabeth Denham

Information Commissioner, UK Information Commissioner’s Office

Don Devenney

Senior IT Security and Risk Specialist, Royal Roads

Bradley Dick

Manager, Cultural Safety and Reconciliation, Ministry of Children & Family Development

Pam Dixon

Founder & Executive Director, World Privacy Forum

Joyce Drohan

Partner, BC Leader for Omnia AI, Deloitte

Warren Dyck

Modern Workplace Specialist, Microsoft Canada

Dr. Khaled El Emam

Professor, School of Epidemiology and Public Health, University of Ottawa

Dr. Teri Fisher

Physician and Clinical Assistant Professor, University of British Columbia; Founder & Host, Voice-First Health and Alexa in Canada

Dr. David Flaherty

Former Information and Privacy Commissioner for BC

Michael Foltinek

Security Analyst, Information Security Branch, Ministry of Citizens’ Services, Province of BC

Dr. Robert Fraser

President and CEO, Molecular You

Bob Gordon

Strategic Advisor, Canadian Cyber Threat Exchange (CCTX)

Robin Gould-Soil

Consultant; Former Chief Privacy Officer, HSBC

Bill Griffin

Privacy Consultant, OneTrust

Rudi Groenewald

Cloud Solutions Architect, Microsoft Canada

Murtaza Hafizji

Sr. Advisor, Product Marketing, RSA

Layth Holubeshen

Security Analyst, Ministry of Citizens’ Services, Province of BC

Wendy Hurlburt

President and CEO, LifeSciences BC

Matt Hyson

Office of the CTO, Emerging Technologies, Aruba Networks/X10 Networks

Diamond Isinger

Provincial Commissioner, British Columbia, Girl Guides of Canada

Brittany Jackson

Senior Auditor, Privacy, Compliance and Training Branch, Ministry of Citizens’ Services, Province of BC

Tanya Janca

Security Trainer and Head Nerd, SheHacksPurple.Dev

Dr. Yann Joly

Research Director, Centre of Genomics and Policy, McGill

Dan Jones

Inspector, Edmonton Police Service

Honourable Anne Kang

Minister, Ministry of Citizens' Services, Province of BC

Dave Klein

Senior Director Engineering & Architecture, Guardicore

Dr. Eike-Henner Kluge

Professor, University of Victoria

Aaron Koning

Sales Engineer, Varonis

Jill Kot

Deputy Minister, Ministry of Citizens’ Services, Province of BC

Dr. Alena Kottova

Sessional Professor, University of Victoria, Faculty of Engineering; Vancouver Island University, Department of Computing Science

Lorraine Krugel

Director and Consultant, KRC Insights

Hayden Lansdell

Assistant Deputy Minister, Digital Platforms and Data Division, OCIO, Province of BC

Dan Lathigee

Strategy and Project Portfolio Manager, Information Security Branch, Ministry of Citizens’ Services, Province of BC

Dr. Tracey Lauriault

Assistant Professor, Critical Media and Big Data, Carleton University

Dr. Victoria Lemieux

Chief Information Security Officer, Molecular You; Cluster Lead, Blockchain@UBC

Christian Leuprecht

Class of 1965 Professor in Leadership, Royal Military College and Queen’s University

Dr. Holly Longstaff

Director, Privacy and Access, PHSA Research and New Initiatives, Provincial Health Services Authority

Kyle Loree

Director, Business Systems and Solutions, Consumer Protection BC

Matt Lourens

Security Engineering Manager, Check Point Software Technologies

Steve Lowry

Executive Director, AInBC

Ash Luft

Embedded Software Engineer, Starfish Medical

David Marcos

Chief, Privacy Strategy & Policy for Microsoft Azure

Dr. Florian Martin-Bariteau

Assistant Professor and Director, Centre for Law, Technology and Society, University of Ottawa

Jason Maynard

Technical Solutions Architect, Cybersecurity, Cisco

Drew McArthur

Principal, The McArthur Consulting Group

Dr. Kimberlyn McGrail

Scientific Director, Population Data BC; Professor, UBC School of Population and Public Health

Dr. Brenda McPhail

Director, Privacy, Surveillance, and Technology Program, Canadian Civil Liberties Association

Olena Mitovska

Sr DevOps Specialist, Enterprise DevOps, BC Developers’ Exchange, Ministry of Citizens’ Services, Province of BC

Lorene Novakowski

Partner, Fasken

Sue Paish

CEO, Canada’s Digital Technology Supercluster

Ian Paterson

CEO, Plurilock

Gary Perkins

Executive Director, Chief Information Security Officer, Ministry of Citizens' Services, Province of BC

Khushbu Pratap

Senior Principal Analyst, Gartner

Chris Quon

Privacy Advisor, Privacy, Compliance and Training Branch, Ministry of Citizens’ Services, Province of BC

Murray Rankin

Chair, National Security and Intelligence Review Agency

Matt Reed

Executive Director, Privacy, Compliance and Training Branch, Ministry of Citizens' Services, Province of BC

CJ Ritchie

Government Chief Information Officer, Ministry of Citizens’ Services, Province of BC

Sorcha Rochford

Senior Director of Organizing and Strategic Partnerships, NationBuilder

Joan Ross

Field CISO, Fortinet

Dan Ruch

Partner, Ruch & Associates

Sherry Rumbolt

Senior Information Security Officer, CFB Esquimalt, Department of National Defence

Alon Sadeh

Senior Solution Engineer, VMware

Terry Sangha

Solution Engineer, Western Canada, VMware

Dr. Teresa Scassa

Canada Research Chair in Information Law and Policy, University of Ottawa

Scott Scheferman

Principal Security Technologist, SentinelOne

Bryce Schroeder

Senior Director, Solution Consulting – Security & Risk Practice, ServiceNow

Elan Shedlaz

COO, Vyne Mobile

Jeff Silvester

Co-Founder & Chief Operating Officer, AggregateIQ

Shawn Slack

Director of Information Technology and Chief Information Officer, City of Mississauga

Greg Smolynec

Deputy Commissioner, Policy and Promotion, Office of the Privacy Commissioner of Canada

Pamela Snively

VP, Chief Data & Trust Officer, TELUS

Jennifer Stoddart

Strategic Advisor, Fasken; Former Privacy Commissioner of Canada

Jeannette Van Den Bulk

Deputy Commissioner, Office of the Information and Privacy Commissioner for BC

Jacques Van Zijl

Technical Solutions Expert, Microsoft Canada

Chris Vernon

Technical Sales Executive, Splunk

Sander Vinberg

Threat Research Evangelist, F5 Labs

Hussain Virani

Managing Consultant, X-Force IRIS, IBM Security Services

Micheal Vonn

Chief Executive Officer, PHS Community Services Society

Genevieve Weber

Archivist, Royal BC Museum

Mitch Wexler

Principal, Politrain Consulting

Teresa Woods

Senior Auditor, Privacy, Compliance and Training Branch, Ministry of Citizens' Services, Province of British Columbia

John Wunderlich

Chief Privacy Officer, JLINC Labs; Board Member, MyData Global

Dale "Dr. Z" Zabriskie

Evangelist, Security Awareness Training, Proofpoint

John Zimmermann

Senior Security Architect, Ministry of Social Development and Poverty Reduction, Province of BC
Print Agenda

*Invited Speaker

Click on the date of the agenda you would like to view. Please note the timezone listed on the agenda.

Wednesday, February 5, 2020


Registration Desk Opens

9:00am - 12:00pm Theatre

BC Ministry of Citizens’ Services – Information Security Branch presents: BC’s forecast: Clouds on the Horizon

Join some engaging discussions with Government’s Proctor of Privacy, Matt Reed and the Defender of Data, Gary Perkins. Recent amendments to FOIPPA have changed the playing field for public bodies in BC wanting to adopt the cloud. Gary and Matt will discuss the impacts to the public sector with respect to cloud usage; where new cloud opportunities lay; how to ensure that your shiny new cloud is secure; and where to expect this space to move in the next few years.

Bring your questions to this interactive session and get some answers from the experts.

Outcomes of this exciting workshop:
• Greater understanding of FOIPPA, and its recent amendments
• Cloud implementation comfort
• An understanding of how to approach security in cloud-based solutions
• The role companies and individuals play in creating a secure future
• The role companies and individuals play in protection of privacy

9:00am - 12:00pm Oak Bay Room

VMware presents: Join VMware Carbon Black for a Threat Hunting Challenge!

The VMware Carbon Black Threat Hunter Challenge is a fun dynamic capture-the-flag style event where you will get hands-on with our cloud based End Point Products. You will get the chance to hunt & identify attacks using real-life scenarios. Our next-gen endpoint tools capture deeper telemetry that facilitates turning the tables on the attacker by proactively looking for tell-tale behaviours.

Bring your laptop! We will provide a Map of the World Q&A score board to track each team's progress. Join us to put your threat hunting skills to the test! Sign up as an individual or form a group of 3-5 with your colleagues!

Why attend?
Fun - enter yourself or a small team for some collaborative hunting
Learn - from hacking techniques and tradecraft used in actual incidents
Step-up - be introduced to hunting, or advance your existing hunting skills
Hands-on - with tools used by fed government, corporates and dot coms, IR pros
Insight - how to uplift your organizations sec ops capabilities
Glory - it’s all about the prizes and the 3 levels of challenge coins

The game is designed for all levels of threat hunters - from beginner to expert.
Questions? Contact

9:00am - 12:00pm Saanich Room

Microsoft presents: Security Leveraging Cloud & On-Premises Architecture and Azure Security

Join Microsoft’s Warren Dyck, Jacques van Zijl, and Rudi Groenewald for an exciting session covering:

• Microsoft Security’s approach and overview with Warren Dyck, Modern Workplace Specialist
• Security leveraging cloud & on-premises architecture and demonstration of protection across the attack kill chain with Jacques van Zijl, Technical Solutions Expert. Learn more about Security Operations, Secure Score, Threat Analytica, Incidents (Initiate Automated Investigation, Initiate Live Responds Session, Restrict APP Execution, Isolate Machine), Automated Investigation (Forensics), Advance Hunting, Reports, Threat & Vulnerability Management (Software Inventory, Remediation)
• Azure Security, Sentinel SIEM & SOAR Overview & Demonstration with Rudi Groenewald, Cloud Solutions Architect. Learn how the Microsoft Security portfolio relates to server infrastructure. With the help of Azure Security Center and the Microsoft cloud-based SIEM, Sentinel, discover how we help our customers find and neutralize threats in an online world.

9:00am - 12:00pm Sidney Room

BC Ministry of Citizens’ Services presents: DevSecOps – The New Zero Trust Security Model for BC Government Applications

Are you wanting to know how you can make your application secure - right from the start - and then for every line of code? Find out how the Developers Exchange has designed a zero-trust environment, integrating leading edge security tools into the BC Government’s Openshift Platform. We will have demonstrations of live pilot ministry applications using the new security environment. Bring your toughest questions and concerns and the team will work through them with you.

9:00am - 12:00pm Esquimalt Room

BC Ministry of Citizens’ Services – Privacy, Compliance and Training Branch presents: IM Practice Review and You: A Simple Approach to Assess and Improve How Your Organization Manages Its Information

We asked and we listened. There is a simple and effective way to assess your own information management practices. This session will guide delegates through a simulation of an IM self-assessment using select criteria from government’s 2019 IM practice review framework. This is an experiential workshop introducing key concepts and assessment processes. Participants will simulate the interview, collection and reporting processes that can be used to assess the maturity of their current IM practices. The knowledge you gain will allow you to develop an evidence-based action plan for improvement. The workshop will appeal to those who want to address and improve processes for the effective management of their organization’s information.

9:00am - 12:00pm Colwood Room

The Ethics of Research Privacy Workshop

This session will explore an approach to privacy grounded in applied ethics principles and concepts. Attendees will have the opportunity to work through a series of real-life case studies in the research domain guided by ethics tools. The goal of this session is to empower attendees to use “all things considered” holistic judgements concerning privacy.

1:00pm - 4:00pm Theatre

RSA presents: Killing the Password – The Future of Identity Risk

As we enter a new decade, it’s interesting to see how far we’ve come over the past 10 years in terms of identity and access management. When the 2010s began, only 38 per cent of data breaches used stolen credentials; by 2017, this figure was 81 per cent. As the pace of digitization has increased, identity and access assurance has become a critical issue and the single most important control for managing digital risk.

In this highly interactive workshop of Killing the Password – The Future of Identity Risk, we will be discussing the changing face of identity management. As we have become more reliant on digital interactions that rely on identities, new and unprecedented security challenges have been raised. Some of these new challenges and market dynamics that will be discussed are:
• Passwords suck
• Islands of identity expand
• Credential theft becomes credential hijacking
• Increasingly diverse users and use cases
• Rapidly evolving auth landscaping

At RSA, our mission is to enable security-sensitive enterprises to embrace and thrive from digital transformation without the fear from identity threats—known or unknown. Come join this workshop to do just that and welcome 2020 with an identity focused approach.

1:00pm - 4:00pm Saanich Room

Fortinet presents: “You’re Going To Be Breached – What Are You Going To Do About it?” - An Interactive Incident Response Workshop

It’s an unfortunate fact in today’s cybersecurity world that every organization is going to be breached (if they haven’t already).

Are you ready? Do you know what to look for and what to do when you find it? Do you have the right people and processes in place?

Join Joan Ross, Field CISO at Fortinet, for this 3-hour, interactive, Incident Response workshop that will look at:
- The threats facing organizations every day and the tactics used by the bad actors
- The steps you should take when you believe you are under attack such as; operational level responses, management reporting and communications
- The vital role that the right technology plays in allowing the security team to effectively detect, contain and mitigate threats
- The roles and responsibilities that make up a coordinated and well-managed response
- Real-world Incident Response playbooks. Teams will be put in the driver’s seat reviewing current incidents and effective responses

1:00pm - 4:00pm Oak Bay Room

BC Ministry of Citizens’ Services – Information Security Branch presents: Become a Security Superstar

Gartner predicted in 2018 that there will be 1.5 million unfilled cybersecurity roles by the end of 2020. There is a huge opportunity to build a satisfying and interesting long-term career in cybersecurity. Come learn how you can build your career in information security and make a difference in your organization.

You don't need to be a technical guru to be an information security superstar. The field is broad, the roles are varied, the backgrounds are diverse, and the work is always evolving; you're always learning on the job. Come to our session for practical personal and professional success factors for Information Security Officers.

The session will showcase the BC government's Defensible Security Framework for practical tactical tools and tips to help you improve security in your organization.

Then, enjoy a fireside chat with security professionals from varied backgrounds who will discuss their career journey and what a day in the life of a security professional means to them.

Within the BC Government, the role of a Ministry Information Security Officer (MISO) is key to the success of security programs and the ongoing security of citizens' data. Whether you're inside or outside the public service, aspiring MISOs will get a look inside the life of an Information Security Officer.

1:00pm - 4:00pm Esquimalt Room Presentation Files PIPA Workshop

BC Ministry of Citizens’ Services – Privacy, Compliance and Training Branch presents: A Principled Approach: Lessons on PIPA and the Privacy Principles

This workshop will help you navigate the balance between the privacy rights of the individual on one hand; and the needs of the organization on the other hand in the context of private organizations. You’ll learn the backbone of privacy legislation – the privacy principles – how those are applied, and how they can inform work in any sector. Presenters will use the Personal Information Protection Act (PIPA) as an example of how these principles are balanced in practice, but this session will be useful to anyone interested in learning the first principles of the privacy field.

During this workshop, we’ll cover the following:

* Overview of PIPA
* Consent – how it works in practice
* Oversight – the role of BC’s Information and Privacy Commissioner
* Resources that can help you meet your legislative requirements

You’ll walk away with a better understanding of B.C.’s private sector privacy legislation and tips to apply privacy in your day-to-day work.

Presentation Files PIPA Workshop

1:00pm - 4:00pm Sidney Room

BC Ministry of Citizens’ Services – Information Security Branch presents: Cybersecurity Awareness: The Need of Changing the Culture to Match Living in a Digital World

This workshop provides an opportunity to explore the difficulties of cybersecurity awareness programs as well as how to overcome them. Through a number of practical activities and games, you will learn how individual digital habits and behaviours fit into the complex world of cybersecurity. In this session you will learn key decision-making principles that can help you and the people of your organization stay secure.

This interactive session brings theory and practice together for a collaborative experience that answers the question: “How can people go from being the weakest link to the strongest protection for your organization?”

Thursday, February 6, 2020


Registration & Networking Lounge Open

8:15am - 8:20am Carson Hall (Salon ABC)

Call to Conference & Video - Master of Ceremonies

8:20am - 8:30am Carson Hall (Salon ABC)

Territorial Acknowledgement & Opening Remarks

8:30am - 8:45am Carson Hall (Salon ABC)

Welcome Remarks

8:45am - 9:25am Carson Hall (Salon ABC)

Keynote Address: Global Trends in Digital Privacy: 2020 and Beyond

As digital innovation makes the world ever-smaller, UK Information Commissioner Elizabeth Denham gives her perspective on the global trends in data protection and privacy.

Elizabeth will reflect on the big cases her UK office have looked at, and reflect on their international influence from her perspective as chair of her global regulatory community.

She will also reflect on the impact of growing regulation around data protection and privacy, both from her current position, and as former Information and Privacy Commissioner for British Columbia.

Elizabeth will also discuss her recently launched children’s code, which received international headlines as it set out standards that online services should meet to protect children’s privacy.

9:25am - 10:00am Carson Hall (Salon ABC) Presentation Files Shira Rubinoff

Keynote Address: How to Effectively Keep Your Organization Cyber-Secure in an Ever-Changing Digital World

Presentation Files Shira Rubinoff

10:00am - 10:15am Upper & Lower Foyers

Morning Break

10:15am - 10:45am Salon A Presentation Files Sander Vinberg

Concurrent Keynote Address by F5 Networks: 2019 Data Breaches: Stuffed Creds, Jacked Forms, and Itinerant Goalposts

Analysis of 2019 public breach disclosures shows that, as in 2018, access attacks and formjacking remain the most successful tactics for data exfiltration. The close correlation between targets’ industries, and predominant attack techniques, indicate that these trends are driven more by shifts in web architectures, with defenses struggling to keep up, than by attacker creativity. Come learn what you need-to-know to defend your applications in 2020.

Presentation Files Sander Vinberg

10:15am - 10:45am Salon B Presentation Files Kevvie Fowler

Concurrent Keynote Address by Deloitte: Transforming Security Programs to Improve Resilience

Today’s cyber threat landscape continues to evolve. Attacks are more dynamic, targeted and complex than ever before. Public expectations for security and privacy have skyrocketed, as have related regulatory, and legislative requirements. Organizations, both the public and private sector, face a “perfect storm” of risk and defensible incident response is the critical last line of protection against the damaging reputational, operational and financial impacts of a breach. This talk will cover the latest cyber threats as well as the defensible measures you can take to protect your organization.

Presentation Files Kevvie Fowler

10:15am - 10:45am Theatre Presentation Files Ray Boisvert

Concurrent Keynote Address by IBM: The Indivisibility of Privacy and Security: Protecting the Person, Enabling Business and Empowering Society

With a new decade comes change, be it aspirational or tangible. Events involving turmoil in global capitals, State-level conflict leading to a tragic number of Canadian casualties, and incessant reports of cyber breaches, have likely shaken our collective sense of positive anticipation. Certainly, these should give us cause to consider the critical questions of what defines Human Security in the decade ahead. From pundits and the political class, to policy makers and advocates, a concurrence is likely emerging on the indivisibility of privacy and security. Arguments over lawful access to digitized evidence that is encrypted on personal devices skews the debate. The focus should be on how a properly conceptualized security framework will benefit all estates. This talk will highlight the positive aspects of how an ethical and open-technology strategy will help ensure that the three core rudiments of a democratic nation, be it the individual, society and the economy, can succeed and prosper.

Presentation Files Ray Boisvert

10:50am - 12:05pm Salon A

Concurrent Panel Session - Panel A: Artificial Intelligence (AI) Is Changing the World, Are We Ready for It?

Two-thirds of global businesses said AI technologies are important for their success. 70% of Canadian businesses have not even begun their AI planning. Canada’s early adopters are struggling to scale their pilots. AI promises efficiency and savings, as well as opportunities to eliminate repetitive tasks, reduce human error, and increase productivity. Business and policy leaders across Canada will engage to claim a leadership position in AI.

AI has the potential to be the catalyst for an era of unprecedented innovation, progress, and prosperity. Yet Canadians do not understand AI or see how its benefits outweigh the risks. Major concerns about AI’s impact on privacy, security, bias, consumer protection and more – and Canadians are looking to business and government leaders to provide answers and solutions to those questions. Left unaddressed, this lack of trust could have a serious impact on Canada’s future prosperity.

10:50am - 12:05pm Salon B Presentation Files Big Data Panel

Concurrent Panel Session - Panel B: Big Data DNA Data Storage -Bioethics, Personalized Medicine and Genomics

The rise of DNA data has experts concerned about protecting consumer's personal privacy and how policy makers should think about DNA in the future. We have protected genetic information individually rather than using general privacy laws. Genetic data can have multiple uses.

Presentation Files Big Data Panel

10:50am - 12:05pm Theatre

Concurrent Panel Session - Panel C: Regulating Content on the Internet

The British Government will outline how internet regulations will reduce “online harms” encompassing any company that allow people to share or discover user-generated content or interact with each other online. Terrorist material, child abuse, trolling and disinformation are included in the regulations. Is the door open on censorship of the internet?

Moderating content on the internet has been a losing game of whack-a-mole. Tech platforms are responsible for both copyright and terrorist abuse related material. Taking down objectionable content ignores the question of how it got there.

Britain’s approach is to require companies to design their services in a way that makes is harder for bad content to spread. Impose statutory “duty of care” and companies must take reasonable steps to keep their uses safe and tackle illegal and harmful activities on their service. The government will set up a new regulator whose mandate will be to publish guidelines for companies, oversee complaints, encourage co-operation between firms and issuing fines as well as other harsher penalties such as blocking websites or holding senior managers responsible. Maintaining national security and protecting the vulnerable must be balanced against individual’s liability.

10:50am - 12:05pm Salon C

Concurrent Panel Session - Panel D: "Legitimacy by Design" in Community Safety and Well Being: Designing a Better Experience for Everyone

As practitioners in the human services sector continue to explore and embrace comprehensive approaches to harm, victimization, crime and disorder through community safety and well-being approaches, they often encounter challenges, particularly in the domain of information sharing with other human services agencies.

In this highly interactive discussion our moderator and panelists will lead a group discussion among attendees, on the idea of reframing the challenge of delivering a better experience of the human services system, especially for the most vulnerable and marginalized from a "Privacy by Design" framework, to a "Legitimacy by Design" framework in which privacy still remains an important consideration, but a consideration that is balanced by the opportunities that information sharing offers, especially the opportunity to provide a better experience to those whom human services agencies collectively serve.

12:05pm - 1:20pm Carson Hall (Salon ABC)

Luncheon Keynote Address: The National Security and Intelligence Review Agency - Six Months In

12:05pm - 1:20pm Crystal Ballroom

Networking Luncheon

1:20pm - 1:55pm Carson Hall (Salon ABC)

Keynote Address by OneTrust: All About the CCPA: A 5-Step Guide to Complying With California's Consumer Privacy Act

With the clock ticking down until the California Consumer Privacy Act (CCPA) comes into effect on Jan. 1, 2020, many companies are struggling to understand the sweeping new privacy law, its impact on the business, and how to manage compliance across a matrix of global privacy laws. While there are still amendments to be settled before 2020, there are several few key ways to get ready for the CCPA’s privacy governance and consumer rights requirements. In this session, we’ll outline what this new law means for your business, detail what changes to expect to see before it’s put into effect, and lay out a 5-step guide to demonstrating on-going compliance the CCPA. We’ll also share findings from research conducted with the International Association of Privacy Professionals (IAPP) on how ready (or not) businesses are for the CCPA, what factors are driving compliance and how the GDPR fits into CCPA readiness.

2:05pm - 2:35pm Salon A Presentation Files Bill Griffin

Applied Session by OneTrust: Compliance Checklist: Third-Party Risk for ISO 27001, GDPR, CCPA, and NIST

Standards and frameworks like ISO 27001, GDPR, CCPA and NIST include requirements for managing third-party relationships. To meet these obligations, organizations should build a defensible third-party risk management program. And with increasing scrutiny on third-party relationships, businesses are turning to automation for critical compliance tasks throughout the third-party risk management lifecycle, from due diligence and third-party selection to ongoing monitoring, oversight, and accountability. In this session we’ll breakdown the major considerations for these standards and frameworks as well as best practices to demonstrate compliance.​

Presentation Files Bill Griffin

2:05pm - 2:35pm Salon B Presentation Files Josh Burgess

Applied Session by CrowdStrike: Combatting the Evolution of Cyber Crime

This brief will cover CrowdStrike’s latest and most recent intelligence trends pertaining to criminal cyber threat actors and their associated tactics, techniques, & procedures (TTPs). Topics covered will include:
• An assessment of the most capable criminal threat actors.
• Content on the evolution of ransomware.
• A review of how criminal groups are successfully breaching commercial and government organizations

Presentation Files Josh Burgess

2:05pm - 2:35pm Salon C Presentation Files Hussain Virani

Applied Session by IBM: Privacy Implications Post-Cybersecurity Breach: Presenting a Point-Of-View Into the Privacy Impact That Occurs After a Cybersecurity Incident Occurs

With the rise of cybersecurity incidents across all sectors, the specter of privacy implications involving Personally Identifiable Data (PII) is now a concern that can no longer be overlooked. In this session we will review the privacy impact during and after cybersecurity incident. We will discuss best practices for ensuring that PII is properly governed and protected to avoid post-breach regulatory concerns. In particular, a point-of-view will be provided of a typical breach and how human error continues to be the leading cause of incidents.

Presentation Files Hussain Virani

2:05pm - 2:35pm Theatre Presentation Files Imraan Bashir

Applied Session: The Government of Canada’s Journey to Public Cloud

Cloud computing has introduced a fundamental shift in the way information system services are delivered and the Government of Canada (GC) has established a strategy that will position itself to leverage this alternative service delivery model. Cloud adoption will ensure that the GC can continue to sustain service excellence during a period of increased demand by Canadians for online services and timely access to information. Learn how the GC has navigated the cloud, busting myths along the way, applying a risk-based and pragmatic approach.

Presentation Files Imraan Bashir

2:05pm - 2:35pm Saanich Room

Applied Session by SentinelOne: What Happens When Privacy and Malware Trends Converge? Welcome to “Privacy Warfare”

Trends in both Privacy and Malware are converging. While the advertising industry has realized the power of targeted omni-channel marketing, cyber criminals have embarked on a similar journey towards targeted attacks on both organizations and individuals. Data science has propelled us towards a new era in which our identity is no longer just the static markers we are born with. Instead it is a meta-collection of data points that describe how we move through time and space, and what our decisions, preferences and movements are likely to be. When it is possible to re-identify data after it has been anonymized and track our behaviours in both the physical and cyber realms, we arrive at a point of no return: all static data that identifies us has been or will be stolen and collected and combined, and so all related meta-data from now on will be tied to our true identity. This opens the door to a new era in which criminals and nation states will soon be able to target victims uniquely. Like their commercial counterparts, they will have the ability to accomplish this at scale, with the same algorithmically-enhanced efficacy, and with 100% confidence in the identities they are targeting. Looking further out, criminals may find new ways to extort us as organizations and individuals…by modifying (vs. stealing) our privacy data. The only thing worse than a doctor losing access to a patient record due to a ransomware attack, is one whom has access to the record but cannot trust the accuracy of the information. Welcome to the era, then, of Privacy Warfare.

2:05pm - 2:35pm Oak Bay I Room Presentation Files Dave Klein

Applied Session by Guardicore: Defending Against Nation State Attacks & Ransomware

Cyber Threats are Rising, But We are Getting Smarter and Capable of Defending Ourselves
Nation state & ransomware attacks continue to climb. While both have become more sophisticated with time, so have we. In this session, Dave Klein will share real world attack examples to provide insights into the murky world of nation state actors who have become especially proficient in finding ways to create more havoc and damage and commit espionage. He will discuss the interesting sophistication of ransomware attacks, many of which utilize state actor created tool kits to land and expand. While nation state attacks have become more brazen with attribution becoming more difficult; and while ransomware poses a real challenge, especially to local governments and to hospital healthcare sectors, we have also grown in our capabilities to defend against them. The steps aren’t difficult and are easy to implement. Those who are vigilant can greatly limit the blast radius and effect of these attacks easily.

Key takeaways:
-How nation states attacks are increasing and how they try to obfuscate their origins through proxy actors and false-flag capabilities
-How ransomware attacks have increased and how they are getting through
-Prescriptive steps to thwart off or at worse easily recover from such attacks

Presentation Files Dave Klein

2:05pm - 2:35pm Oak Bay II Room

Applied Session: Privacy and the Public Health-Scape: Lessons Learned From the Trenches

Public health is more than hand washing campaigns and promoting condom use -- it is at the forefront of big health data analysis, and is leading the way in healthcare data integration to address significant issues impacting British Columbia, from the current opioid overdose crisis to chronic disease. Achieving success in these areas is increasingly tied to robust data governance and stewardship frameworks, breaking down data silos and ultimately supporting broader access to data itself. What remains critical in all of this is privacy: a key facet underpinning data partnerships and data acquisition, and a central component to the BCCDC’s “trust management” model. This presentation will shed light on the role of privacy in today’s public health landscape, provide key lessons learned from on-the-ground operations, and identify some of the emerging challenges in an increasingly data-driven health space.

2:05pm - 2:35pm Sidney Room

Applied Session by Replica Analytics: Accelerating AI With Synthetic Data

Data synthesis is a method for generating non-personal information that has the same statistical properties as real data. The basic concept is that a model is built to characterize the original data, and then synthetic data is generated from that model. Recent advances in statistical machine learning and deep learning mean that these models can capture many of the subtle characteristics of the original data, resulting in high utility data. However, if the synthesis model is overfit to the original data then the same values are replicated, and we may potentially have a privacy problem. Therefore, data synthesis is a balance between data utility and data privacy.

In addition to enabling access to data for AI and machine learning projects (which is becoming an increasingly challenging problem), common use cases for synthetic data include technology evaluation, open data, competitions and challenges, and software testing.

This presentation will provide a broad overview of data synthesis, focusing on structured data. We will examine methods to generate synthetic data, how to evaluate data utility, how to evaluate identity disclosure risks with synthetic data, and the results of a legal analysis to assess how various privacy regulations treat synthetic data (namely the GDPR, CCPA, and HIPAA). Healthcare examples will be used where relevant to illustrate the key points, although the basic principles and methods apply to other types of data.

2:05pm - 2:35pm Esquimalt Room

Applied Sesion by Proofpoint: The Human Side of Cybersecurity: Can Your Users Be Trusted?

The roadmap of your IT environment is full of twists, turns, roadblocks, and potholes. Those with access are navigating a perilous journey -- often without explicit security awareness training to help identify warning signs along the way. With most threats trying to induce people to act emotionally, your users can become your greatest risk, clicking on malicious links that enable malware or expose confidential information. Join us for this session as we discuss best practices for adopting a people-centered, risk reduction approach to security awareness training that can transform your users from risky to ready navigators.

2:35pm - 2:50pm Upper & Lower Foyers

Afternoon Break

2:50pm- 4:05pm Salon A Presentation Files Bryce Schroeder

Concurrent Panel Session - Panel A: Expanded Scope: A Review of National Security and Intelligence Activities in Canada

The National Security and Intelligence Review Agency (NSIRA) is an independent and external review body which reports to Parliament. NSIRA has a comprehensive mandate to review any Government of Canada national security and intelligence activity to ensure that they are lawful, reasonable and necessary. NSIRA also investigates public complaints regarding national security agencies and activities. Created under an omnibus national-security bill that added to the powers of the security and intelligence community in several important ways, the NSIRA was provided with a broad mandate to review those powers. NSIRA is not alone in this area, and its work is complemented by that of the National Security and Intelligence Committee of Parliamentarians and the Office of the Privacy Commissioner of Canada, among others. Has the bill given federal agencies power to collect and share too much information on Canadians? How will the review bodies use their review powers to be the eyes and ears of Canadians and give them more confidence in our Federal National Security community in the future?

Presentation Files Bryce Schroeder

2:50pm- 4:05pm Salon B Presentation Files Andrew Adams

Concurrent Panel Session - Panel B: The State of Biometrics and Facial Recognition: An Update on Legislation, the Science, and Privacy Concerns

Biometric uses are expanding rapidly, showing up in payments, healthcare, borders and travel, law enforcement, employment, and many other use cases. With the expanded uses, privacy and data protection concerns regarding biometrics are also increasing, attracting the attention of legislators and the public.

In Europe, the GDPR now regulates biometrics in the commercial sector. In the US, biometrics laws in Illinois and other states have created new consumer rights and in some cases, new liabilities for companies. Data breach statutes in multiple states have been and are being amended to include biometrics as a new category requiring specific notification. In past six months, three states and several cities in the US have passed either moratoriums or bans on facial recognition, with pending bans in two states.

This expert panel provides an update on the state of biometrics to ground the discussion, and lays out the core use cases in actual practice that are the subject of the most concern and legislation. Panelists will discuss key regulations and precedential enforcement actions and litigation in the EU, US, and Canada. Finally, this panel will discuss existing and potential legislative frameworks and other models available to address trust and biometric risks.

Presentation Files Andrew Adams

2:50pm- 4:05pm Theatre

Concurrent Panel Session - Panel C: Does Canada Need a National Data Strategy?

Globalization and rapid technological development have fundamentally shifted the basic drivers of economic growth from the knowledge-based economy driven by intellectual property to the data-driven economy driven by data. The most valuable companies in the world are data companies. This new economy presents new challenges but also opportunities for Canadian businesses, individuals and policy-makers.

Canada’s data strategy to ensure that Canadians own the data they produce, and that governments and businesses are well-positioned to use it to grow our economy, protect privacy, promote the public interest and assert our sovereignty.

2:50pm- 4:05pm Salon C Presentation Files IoT Panel - All Speakers

Concurrent Panel Session - Panel D: Internet of Things- Chips with Everything- Will IoT Do for Information What Electricity Did for Energy?

A revolution estimated that by 2035 the world will have a “trillion” connected computers built into to everything we do as a consumer in the new digital world. In the long term the most conspicuous effects of the IOT will be in how the world works. The second phase of the internet that will carry business models that dominate the internet all conquering platform monopolies or date driven approaches that critics and privacy advocates call “surveillance capitalism” IOT promises huge benefits and will mature in an age that has become skeptical about where a connected, computerized future will be but will have to earn the trust of its users for a successful future. The panel will discuss ownership, data, surveillance, competition and a playground for hackers in this new connected world.

Presentation Files IoT Panel - All Speakers

4:15pm - 4:50pm Carson Hall (Salon ABC)

Closing Keynote Address by AWS: Strengthen Your Organization’s Security and Privacy Using the AWS Cloud

Security is job zero at AWS. All AWS customers benefit from a data center and network architecture built to satisfy the requirements of the most security-sensitive organizations. In this session, AWS Senior Solution Architect and security specialist, Ryan Jaeger, will discuss the four common challenges that CISOs and their security teams struggle with, and why Cybersecurity is becoming a driving force behind commercial cloud adoption. We will also share best practices and learnings from our customers on additional security measures organizations should explore to meet regulatory and compliance requirements to safeguard their environment.

4:50pm - 5:00pm Carson Hall (Salon ABC)

Day 1 Closing Remarks

5:00pm - 5:45pm Upper Foyer

Networking Reception

Reception open to all delegates

Friday, February 7, 2020


Registration & Networking Lounge Open

8:15am - 8:20am Carson Hall (Salon ABC)

Administrative Announcements - Master of Ceremonies

8:20am - 9:00am Carson Hall (Salon ABC) Presentation Files Michael McEvoy

Keynote Address: The Trust Crisis: Why Privacy Reform Is So Critical to Democracy

Presentation Files Michael McEvoy

9:00am - 9:40am Carson Hall (Salon ABC) Presentation Files Debbie Gamble

Keynote Address: Trust: The Currency of the Digital Future

If data is the new oil, then trust is indeed the currency of the future. While technology has enabled exponential opportunities to share and exchange information, it has also led to instances where information has been misused, resulting in an erosion of trust. This presentation will highlight how we develop a framework for innovation in a future where trust is paramount by rooting ourselves in principles including irrefutability, authenticity, inclusivity and relevance for consumers.

Presentation Files Debbie Gamble

9:40am - 10:10am Carson Hall (Salon ABC) Presentation Files John Weigelt

Keynote Address by Microsoft: Accelerating Responsible Innovation

While reports from superclusters and startup hubs capture our imagination with cool innovations, mainstream organizations in Canada seem content to maintain the status quo. With Canada finishing 35th in the world for ICT adoption, often investing pennies on the dollar when compared to its peers there is clearly work to be done to accelerate digital transformation across the Canadian economy. Instead of being inhibitors of progress, trust and confidence are catalysts for innovation when they are integrated into the innovation cycle. John will explore how organizations can accelerate their digital transformation and identify some of the principles, processes and tools for responsible innovation.

Presentation Files John Weigelt

10:10am - 10:25am Upper & Lower Foyers

Morning Break

10:25am - 10:55am Salon A Presentation Files John Wunderlich

Concurrent Keynote Address: Data: Are We Subjects to Be Processed?

Notwithstanding the fact that General Data Protection Regulation (GDPR) in the EU is generally regarded as the most stringent or advanced data protection or privacy law currently in effect, is this kind of regulation fit for purpose in the 21st century? It still minimizes each person's digital autonomy through a notice and consent system designed to cede control. Do Fair Information Practice based legislation first developed at the dawn of the computer era make sense today? Do regulations originally built for large organization mainframe computers running batch jobs in glorious isolation make sense for a data ecology with hundreds or thousands of systems are part of online systems? If privacy is about digital autonomy, what does it say that the GDPR has created a taxonomy based around "Data Subjects", "Data Controllers" and "Data Processors". This talk will explore the business, legal, technical and social implications of putting the person in the centre of their own data. This means moving to a regime that empowers individual digital autonomy, moving processing to the person instead of submitting data to algorithms, and making the us the controller of our own data.

Presentation Files John Wunderlich

10:25am - 10:55am Salon B Presentation Files Pam Snively

Concurrent Keynote Address by TELUS: Building Trust Through Response AI

It is now common wisdom that the transformative potential of augmented or artificial intelligence (AI) for innovation can also raise new questions and ethical considerations: how can organizations enable their business to deploy this technology responsibly? “Responsible AI” is an approach which considers the impact of the use of AI on stakeholders and incorporates fairness, transparency and explainability into the process. TELUS’ approach to responsible AI is grounded in a commitment to Customers First and the TELUS Trust Model which promotes the use of data in a way that builds trust with customers by demonstrably addressing privacy, security and ethical risks. This session will discuss the evolution of the traditional Privacy Impact Assessment to the considerations for Data & Algorithm Impact Assessments by building upon a foundation of engagement with all stakeholders.

Presentation Files Pam Snively

10:25am - 10:55am Theatre Presentation Files Ken McPherson

Concurrent Keynote Address by RSA: Business Driven Risk Management in a Digital World

In today’s complex and digital environment business leaders and CEO’s are required to anticipate and proactively mitigate risks before they occur. Yet the ever-increasing business essential Digital Transformation projects have tempted many organizations to circumvent their GRC/IRM program and rush into projects without a clear picture of the new risks they are taking on, or without the controls needed to manage those risks. Business leaders and CEOs can set their companies up for sustained growth and the benefits of Digital Transformation while keeping risk in check by quantifying the risk and prioritizing investments via business-driven decisions. Organizations that maintain a strong Integrated risk program for managing non-financial and compliance risk, whilst having the ability to present those business-driven decisions in dashboards and KPI reports to all stake holders will achieve desired outcomes promised by digital transformation. This session will focus on:

-What is Business driven digital risk management?
-What are the types of risks involved in digital transformation projects?
-What value does communicating the business translation layer bring?
-What are the key ways to effectively communicate digital risk?
-Keys to success in implementing a successful digital risk management program

Presentation Files Ken McPherson

11:00am - 12:15pm Salon A

Concurrent Panel Session - Panel A: Voter Analytics and Micro-Targeting: Reflections on the 2019 Federal Election

The use of personal data in contemporary elections is now a matter of global importance and controversy. There are a range of issues: the appropriate use of voter analytics; the democratic responsibilities of powerful social media platforms; the accountability and transparency for targeted political ads; cyberthreats to the integrity of electoral procedures; and the spread of misinformation and “fake news” through malicious actors and automated bots.

This panel involves representatives from some major companies that were employed by political parties and candidates to discuss these pressing issues, and to reflect on the lessons of the 2019 federal election campaign.

What is the appropriate role for data analytics in modern democratic elections? Did micro-targeting occur in 2019, and was it effective? Was there evidence of malicious interference? What was the experience of the new ad transparency rules? And what should be the privacy rules for political parties and candidates?

11:00am - 12:15pm Salon B

Concurrent Panel Session - Panel B: Smart Cities: The New Modernization Strategy Banking on “Your Data”

The future modernization plans for cities to develop policies and the general digital transformation is on everyone’s agenda. Leveraging smart technology and innovation to engage residents and solve some of our city’s most pressing issues is at stake. A well-connected, sustainable city where people work live and thrive in the new digital future is at stake.

The goal to transform cities into a modern, global city at the leading edge of innovation and technology with the creation of labs to test new tech in real-life, solve local innovation challenges and to bridge the gap between those that have access to technology and those who don’t is the plan.

Digital hubs to provide networking, connections to services, training, and tools in the mobile workplace, connected parks, free WiFi and main streets. Inter-modal transportation options bikes, cars, electronic vehicles, and automated traffic management systems are the benefits.

Portals that connect the digital ecosystem with access to services and information and open data, GIS, and other smart city technology will be central to the success of smart cities?

So what is the cost? Your data and your privacy, are we ready to address these challenges?

11:00am - 12:15pm Theatre

Concurrent Panel Session - Panel C: Trusted Data - How Innovation Is Promoting Data Sharing and AI

Governments seeking to foster growth in their digital economies need to be more active in encouraging safe data sharing between organizations. Tolerating the sharing of data and stepping in only where security breaches occur is no longer enough. Sharing data across different organizations enables the whole ecosystem to grow and can be a unique source of competitive advantage. But businesses need guidelines and support in how to do this effectively. Concerns with data sharing: how to formulate an overall data-sharing strategy, legal and regulatory considerations, technical and organizational considerations, and the actual operationalizing of data sharing.

11:00am - 12:15pm Salon C Presentation Files Digital Defenders Panel

Concurrent Panel Session - Panel D: Digital Defenders: Empowering Girls to Explore Cybersecurity

Gary Perkins will engage Diamond Isinger, Provincial Commissioner of the Girl Guides of Canada in BC, and a youth spokesperson from GGC, about the brand-new Digital Defenders cybersecurity program. Join us to explore its influence on girls and young women, learn why girls and young women should be exposed to cybersecurity from a young age, and actions you can take. We will look to encourage parents and caregivers in the audience to encourage their girls to explore study and career opportunities in STEM because we all want to set girls up for success, and we will aim to activate industry leaders to lend their expertise as subject matter experts to support girl empowerment and equip today's youth with digital skills. Hearing the story of a Girl Guide who is exploring the Guiding program and STEM opportunities will inform our thinking about everything from informal work to barriers or successes she may have experienced.

Presentation Files Digital Defenders Panel

12:15pm - 1:30pm Caron Hall (Salon ABC) Presentation Files Humair Ahmed

Luncheon Keynote Address: Women in the Workplace: the Barriers, the Challenges and the Disconnect

2019 has been a banner year for women in the workplace. With movements like #metoo, He for She; and books like Moment of Lift, there has been a lot of talk and discussion about women empowerment and advancement.

While many studies reveal that the state of women in the workplace is headed in the right direction, there are topics no one is talking about. In her talk, Humaira will share real stories of women, the barriers they face and more importantly, how we can influence real change that not only attracts and retains top female talent, but helps increase innovation that leads to better business outcomes.

Presentation Files Humair Ahmed

12:15pm - 1:30pm Crystal Ballroom

Networking Luncheon

1:40pm - 2:10pm Salon A

Applied Session: Deepfakes: What Can We Trust?

A deepfake is a video made portraying a person that is computer generated. They can be manipulated to say anything and interact with others. In the more malicious cases, celebrities have been targeted and inserted into adult films. They are getting more convincing and will soon be indiscernible from authentic video.

Deepfakes are currently a novelty and an amusement that is approaching a quality where widespread deceit could easily happen. It is estimated that in early 2020, the technology will be available for general users to perform a deepfake. When this happens, a user would be able to insert an image and apply it to someone in a video. We have already seen this with an app called Zao in China that will add the app user into a short clip of a movie. Knowing who to trust in the coming age will be hard when so called fake news can be delivered by trusted personas.

There are technologies to detect and prevent deepfakes. There are traces of tampering left when deepfake algorithms run. While this can be detected, it will only help in forensics. There will be very few methods that will be accessible to the public.

In this applied session, we will look at different examples of deepfakes and what is being done to detect them. It is possible to animate someone from a picture. Machine Learning (ML) can restore clarity to a blurry picture, then overlay that onto a video. With as little as 5 seconds of audio, a voice can be recreated and say anything that the manipulator desires. If a few of these technologies are combined, even a target with limited social exposure could be easily faked.

DeepFakes and Faceswapping has ethical issues. There are those in the AI community that are fighting to ensure that a zero-tolerance approach to the inappropriate use of these technologies. Should these technologies be open? They haven’t caused much harm.

1:40pm - 2:10pm Salon B Presentation Files Aaron Koning

Applied Session by Varonis: Attackers Prey on Uncertainty: How to Fail at Threat Detection

It takes a lot of visibility and context to detect and respond to sophisticated threats. Attackers usually target data, where enterprises have the least visibility and most uncertainty. In this session, we’ll explore new, sophisticated threats from inside and out, demonstrate how easy it is for adversaries to bypass traditional controls, and present a methodology to better protect data at scale, improve threat detection, and reduce uncertainty

Presentation Files Aaron Koning

1:40pm - 2:10pm Salon C

Applied Session by Splunk: Pull Up Your SOCs!

We all know how breaches happen. So why do they keep happening? Join Chris Vernon from Splunk for an engaging look at Security Operations Centres. Often there is gap between expectations of what implementing a SOC can do versus reality. We will discuss an evolutionary approach to security monitoring, to get the most out of your SOC.

1:40pm - 2:10pm Theatre Presentation Files Tanya Janca

Applied Session: Why Can't We Make Secure Software?

A lot is expected of software developers these days; they are expected to be experts in everything despite very little training. Throw in the IT security team (often with little-to-no knowledge of how to build software) telling developers what to do and how to do it, and the situation becomes strained. This silo-filled, tension-laced situation, coupled with short deadlines and pressure from management, often leads to stress, anxiety and less-than-ideal reactions from developers and security people alike.

This talk will explain how job insecurities can be brought out by IT leadership decisions, and how this can lead to real-life vulnerabilities in software. This is not a talk about “feelings”, this is a talk about creating programs, governance and policies that ensure security throughout the entire SDLC.

No more laying blame and pointing fingers, it’s time to put our egos aside and focus on building high-quality software that is secure. The cause and effect of insecurities and other behavioural influencers, as well as several detailed and specific solutions will be presented that can be implemented at your own place of work, immediately. No more ambiguity or uncertainty from now on, only crystal-clear expectations.

Presentation Files Tanya Janca

1:40pm - 2:10pm Saanich Room

Applied Session: “Mind the Gap” – Future-Proofing Your Privacy Program

Artificial Intelligence, Big Data, Internet of Things and other data and technology developments and trends are timely and relevant. Building in privacy by design and privacy by default are important; but will not enable you to anticipate every risk or prevent every privacy incident. And implementation of these strategies and technologies will only amplify your potential points of privacy failure.

The effectiveness of your holistic privacy program is still of paramount importance: if an incident is never identified or reported, if it gets lost in the gap, then you cannot effectively manage your risk. How can you future-proof your privacy program so it can be effective regardless of new data and technology trends and cyber risks?

This session will help you identify how to effectively future-proof your privacy program, with interactive discussion on the following topics:
- How to define the “gap”
- War stories demonstrating the gap (i.e., example incidents that aren’t covered by the media)
- How to identify and address the drivers of the gap in your organization
- Core elements of a holistic, integrated and effective Privacy Program
- Practical tips on future-proofing your privacy program by minimizing your gap and potential points of failure

1:40pm - 2:10pm Oak Bay Room Presentation Files Don Devenney

Applied Session: Enhancing Your Cybersecurity Culture With a Cybersecurity Ambassador Program

More and more the human factor is being recognized as a key component of an overall cybersecurity strategy. Technology alone will not solve our cybersecurity issues - we have to ensure that our people are aware and taking the appropriate action when confronted with phishing, social engineering, etc. Traditional cybersecurity awareness training - watch the videos, click the complete box - while part of baseline training, will fall short of expectations. What's needed is a change in the organization's culture; good cybersecurity practices need to be viewed as a valued component of that culture. "Champions" or " Ambassador" programs are an effective way of creating and maintaining this culture change.

In this session Don will review the Security Awareness Maturity Model and why culture is an important part of a cybersecurity awareness program. He will then discuss the concept of an Ambassador program and how it can influence organizational culture. Finally, Don will get into the practical side of implementing and running an Ambassador program based on his experiences at Royal Roads University.

Presentation Files Don Devenney

1:40pm - 2:10pm Esquimalt Room Presentation Files John Zimmermann

Applied Session: Implementing COBIT process governance at the BC Social Sector: A Case Study

Process binds people with machines, delivering business value such as information security. Join John Zimmermann, security architect for the BC Government Social Sector, to learn lessons they experienced while rolling out a governance framework to track the effectiveness of their information management processes. From inception to delivery, you’ll discover the challenges and opportunities encountered while adopting COBIT 5 as an ongoing transformational vehicle for their organization.

Presentation Files John Zimmermann

1:40pm - 2:10pm Sidney Room

Applied Session: Privacy and Security of Electronic Records: Some Ethical Considerations

The duty to ensure the privacy and security of a person’s records are considered key aspects of the ethical framework that structure the development and use of electronic records. This presentation examines the ethical grounding of such a claim and outlines its limitations. In particular, it considers the ethical implications of technological developments, resource parameters and the equal and competing rights of others in light of the Principle of Equality and the Principle of Impossibility.

2:10pm - 2:25pm Upper & Lower Foyers

Afternoon Break

2:25pm - 3:40pm Salon A Presentation Files Indigenous Data Governance Panel

Concurrent Panel Session - Panel A: Indigenous Data Governance

Explore the principles of Indigenous Data Governance with this expert panel. Learn how First Nations and Metis self-determination is reinforced through upholding First Nations and Metis data governance principles at each stage of data creation – collection, analysis and dissemination. Consider ownership, control of and access to indigenous data.

During this session we’ll also discuss individualistic and communal notions of privacy. Learn how protection of community interests is upheld in First Nations and Metis communities and the importance of cultural privacy.

Join us for this crucial discussion on indigenous data and information sovereignty.

Presentation Files Indigenous Data Governance Panel

2:25pm - 3:40pm Salon B Presentation Files Lorene Novakowski

Concurrent Panel Session - Panel B: Digital Assistants: Alexa Can Handle Patient Information - What Does That Mean for Privacy?

Voice enabled devices will allow customers to access personalized medical information, like medical diagnoses, pharmaceutical prescriptions and software that reads medical records. In the future customers will book medical appointments, access hospital post-discharge instructions and check on prescription delivery. The area of health records is famously contentious though a push to digitize medical records leads to fragmented paper trails filled with gaps. Doctors are frustrated with with the entire process and various software systems for health records lead to burnout. Health privacy laws ensures that health information can only be shared between patients and those in the healthcare system like doctors and hospitals. Can these new devices remain privacy compliant as we transform the $3.5 Trillion health system.

Presentation Files Lorene Novakowski

2:25pm - 3:40pm Theatre Presentation Files Cloud Panel

Concurrent Panel Session - Panel C: Public Cloud Computing: Is the Future of Privacy in the Cloud?

Gartner defines public cloud computing as a style of computing where scalable and elastic IT-enabled capabilities are provided as a service to external customers using Internet technologies—i.e., public cloud computing uses cloud computing technologies to support customers that are external to the provider’s organization. Using public cloud services generates the types of economies of scale and sharing of resources that can reduce costs and increase choices of technologies. From a government organization’s perspective, using public cloud services implies that any organization (in any industry sector and jurisdiction) can use the same services (e.g., infrastructure, platform or software), without guarantees about where data would be located and stored.

Presentation Files Cloud Panel

2:25pm - 3:40pm Salon C Presentation Files Privacy Law Panel

Concurrent Panel Session - Panel D: So, Canada Needs New Privacy Law Fit for 2030 – What Does That Truly Mean?

Both major political parties had campaigns that signaled it is time for a new privacy law in Canada. We can all agree that the law should protect individuals right to privacy and facilitate Canada’s digital future. But what does that actually mean when one puts pen to paper. This panel will begin the process of filling in the blanks.

Presentation Files Privacy Law Panel

3:50pm - 4:30pm Carson Hall (Salon ABC) Presentation Files Dan Pontefract

Closing Keynote Address: Bringing Thinking and Technology Into Focus

Many of us have begun to reward speed over quality, distractedness over focus, and the negative effects are mounting. Technology was supposed to save our thinking; perhaps it’s doing the exact opposite.

Due to several alarming and rising factors including busyness, time mismanagement and distractedness, employees and leaders alike are struggling to cope. We all need a more reflective and responsive thinking mindset in order to take back control of our working lives. Better thinking is dependent on how open we are to new ideas, how evidence-based our decision-making can be, but mapped against how capable we remain to get things done. Technology can help, but we need to come to grips with its current effectiveness.

What to do? Dan suggests the introduction and use of Open Thinking, the continuous cycle of three key categories: Creative Thinking, Critical Thinking and Applied Thinking. When we use technology for “thinking good,” we’ll be much better off. Ultimately we need a return to balance between the key components of productive thought: Dream. Decide. Do. Repeat. The Pavlovian bell of mobile phone vibrations is no way to think in the year 2020.

• Recognize the effects poor thinking is having on both individuals and organizations.
• Understand the difference between reflection and action – being made aware of indifferent, inflexible and indecisive thinking attributes and how they affect our daily lives.
• Assess how technology can be used for positive Open Thinking, and how it inhibits it.
• Distinguish the traits that make up Creative, Critical and Applied Thinking—the hallmarks of Open Thinking—and learn ways in which to bring them into your daily habits.

Presentation Files Dan Pontefract

4:30pm - 4:45pm Carson Hall (Salon ABC)

Closing Remarks & Announcements

Title Sponsor

Platinum Sponsors

Gold Sponsors

VIP Reception & Dinner Sponsors

Conference Sponsors & Exhibitors

Event Partners

Hotel & Travel

Fairmont Empress Hotel Room Block

If you need to make accommodation arrangements, the Fairmont Empress is offering a special conference rate of $185/night for Corporate reservations and $159/night for Government reservations. Please note that this room block ends January 14, 2020.

Please contact the hotel directly at (250) 384-8111 to book a room or book online using the following links:

Government Reservations –
Corporate Reservations –

Fairmont Empress
721 Government Street
Victoria, BC
V8W 1W5

It has been brought to our attention that individuals are contacting sponsors and speakers, citing the Reboot Privacy & Security Conference, to offer hotel reservation services. To be clear, these individuals are not in any way affiliated to our conference, and are not authorised to use the Reboot Communications name. No one should contact you directly to book your hotel room or to offer you a special discounted rate. If you receive one of these calls, it is a scam. They are not affiliated with Reboot Communications or the Privacy & Security Conference. Thank you to those who have alerted us to this matter. To book your room in a safe manner please follow the information on this page only.

YYJ Airport Shuttle Discount

If you are needing transportation from the Victoria International Airport to Downtown Victoria/Empress Hotel why not consider using the YYJ Airport Shuttle.

When booking the shuttle online or over the phone please use the promo code REBOOT20. This will give you 20% off tickets.

For more information please visit their website at or call them at 1-855-351-4995.

Harbour Air Seaplanes Discount

Flying in from Vancouver or Seattle for the conference? Arrive in style in Victoria’s Inner Harbour with Harbour Air. Subject to availability, attendees will receive a 20% discount on their goFlex and goGold fares for confirmed travel to/from Victoria between February 3 and 9, 2020. Please note that all rates are subject to tax and fees. This offer cannot be combined with any other offers or promotions or be paid by Airbucks or TurboBucks and cannot be applied to private charters.

In order to receive this special discounted rate, attendees can contact the Reservation Department directly by phone at 1.800.665.0212, by e-mail at or online at and quote the coupon code ‘P&SC02-20’. Also be advised that you will need to present a copy of your conference registration upon check-in.

All schedules and location information can be accessed through their website at

Call for Speakers

Please note that the call for speakers closed September 27, 2019.

The Advisory Board for the 21st Annual Privacy and Security Conference is pleased to announce that the Call for Speakers is now closed.

Subject matter experts working within the privacy and information security communities are invited to submit papers on their area of expertise. Of particular interest are briefs on cutting-edge subjects and themes suitable for presentation in either a panel session, applied session, workshop or keynote address. Presented by the Province of British Columbia’s, Ministry of Citizens’ Services, this three-day conference draws an international audience focused on policy, programs, law, research and technologies aimed at the protection of privacy and security.

Date: February 5-7th, 2020
Location: The Victoria Conference Centre, Victoria, British Columbia

2020 Conference Suggested Topics (not exhaustive):

  • Advanced Robotics
  • Artificial Intelligence
  • Augmented & Virtual Reality
  • Big Data Analytics
  • Biohacking
  • Blockchain
  • Cloud Computing
  • Crypto Currency
  • Cyber Security
  • Dark Web
  • Data Encryption
  • ePrivacy Regulation
  • Ethics
  • GDPR
  • Genetic Privacy & Precision Medicine
  • Healthcare Privacy & Security
  • Internet of Things
  • Mobile Privacy & Security
  • Open Data
  • Politics and Privacy Regulation
  • Quantum Computing
  • Ransomware
  • Sensor Cities
  • Social Media in Elections
  • Voice First Technology


All entries must be received by midnight of September 27th, 2019. Invited speakers will be notified by October 31st, 2019.


Submissions will be accepted electronically using the form below.

Presentation Types:

  • Issue papers: An executive or management briefing on a prominent issue or aspect of information privacy or security.
  • Case studies: Descriptions of a specific information privacy or security situation or incident, or research results. Names of organizations can be kept anonymous to maintain confidentiality if necessary.
  • Research: Results or developments in cutting edge research on new information privacy and security technologies.
  • Sociological/ Philosophical perspective: A candid and/or introspective look at the impacts of new technological developments on privacy, security, social consciousness, or social functioning.

Have Questions or Need More Information?