21st Annual Privacy and Security Conference Privacy & Security: Bringing Digital Into Focus Feb.5-7, 2020, Victoria, BC

General Information

Privacy and data protection is the number one issue businesses around the world are facing. Personal privacy is at the forefront of information sharing and social media requirements. For the past 20 years, the Privacy and Security Conference has been the number one conference on the issues of privacy and security globally.

Presented by the Offices of the CIO and Corporate Information and Records Management, Ministry of Citizens’ Services, Province of British Columbia, this three-day conference attracts over 1100 delegates and 100 international subject matter experts. It provides essential education, training and opportunities for CPD credits for individuals who are responsible for the transformation of the public and private sector into the new digital economy.

Reasons to Attend

  • Timely, motivational presentations from leading industry experts
  • Learn about current trends, issues and actions
  • Valuable CPD credits to maintain a variety of qualifications essential for your career
  • Unparalled networking opportunities
  • Informative 3-hour pre-conference educational sessions and many interesting panel sessions
  • Get immediate answers and solutions to issues current in your organization


Conference Rates*

Early Bird registration by December 13, 2019 Regular registration after December 13, 2019
Public Sector $750.00 CAD (plus GST) $925.00 CAD (plus GST)
Private Sector $850.00 CAD (plus GST) $1,250.00 CAD (plus GST)

*We are pleased to offer our Alumni program, providing a special rate to past attendees. Delegates who have attended this conference before will receive the special public sector price of $675 or private sector price of $795 when they register on or before September 27, 2019. Please contact us for the promo code if you did not receive it by email.

Registration Fees Include

  • 2 plated lunches
  • All coffee breaks
  • All keynotes, plenaries, panel sessions and applied sessions
  • Pre-conference educational sessions
  • Access to networking lounges
  • Networking reception Thursday evening
  • Conference notebook
  • Conference materials
  • On-line access to presentations post-event

Social Media

Stay connected and engaged in the conversation leading up to and during the conference by following along on Twitter. Use the event hashtag to follow others who are already posting, and include it in your tweets to add to the existing discussions. The hashtag for this year’s conference is #PrivSecYYJ and our twitter handle is @Reboot_Comm. We would appreciate you sharing your voice with our other followers.

Victoria Conference Centre

There’s nowhere in the world like Victoria. It’s small yet sophisticated; a technology leader and an historic capital city; a vibrant business community yet surrounded by nature. At its heart is the Victoria Conference Centre – an exceptional experience for delegates and world-class support for planners.

Victoria Conference Centre
720 Douglas Street
Victoria, BC
V8W 3M7

Keynote Speakers

Humaira Ahmed

Founder & CEO, Locelle

Elizabeth Denham

Information Commissioner, UK Information Commissioner’s Office

Michael McEvoy

Information and Privacy Commissioner for British Columbia

Dan Pontefract

Founder and CEO, The Pontefract Group

Murray Rankin

Chair, National Security and Intelligence Review Agency

Shira Rubinoff

President, Prime Tech Partners

John Wunderlich

Chief Privacy Officer, JLINC Labs; Board Member, MyData Global


Ciaran Aiken

Lead, Privacy, Access and Governance, BC Centre for Disease Control

Lynn Barr-Telford

Assistant Chief Statistician, Statistics Canada

Dr. Danièle Behn Smith

Aboriginal Health Physician Advisor, Office of the Provincial Health Officer

Dr. Colin J. Bennett

Professor, Department of Political Science, University of Victoria

Chantal Bernier

Of Counsel, Dentons Canada LLP; Former Interim Privacy Commissioner of Canada

Jaimie Boyd

Chief Digital Officer, Province of BC

Stacy Clarke

Inspector, Toronto Police Service

Jill Clayton

Information and Privacy Commissioner of Alberta

Dr. Andrew Clement

Member, Waterfront Toronto Digital Strategy Advisory Board; Professor Emeritus, University of Toronto

Elizabeth Denham

Information Commissioner, UK Information Commissioner’s Office

Don Devenney

Senior IT Security and Risk Specialist, Royal Roads

Dr. Khaled El Emam

Founder, Replica Analytics; Professor, Faculty of Medicine, University of Ottawa

Dr. Robert Fraser

President and CEO, Molecular You

Bob Gordon

Executive Director, Canadian Cyber Threat Exchange (CCTX)

Layth Holubeshen

Security Analyst, Ministry of Citizens’ Services, Province of BC

Wendy Hurlburt

President and CEO, LifeSciences BC

Tanya Janca

CEO, Security Sidekick

Dr. Yann Joly

Research Director, Centre of Genomics and Policy, McGill

Dan Jones

Inspector, Edmonton Police Service

Dr. Eike-Henner Kluge

Professor, University of Victoria

Dr. Alena Kottova

Sessional Professor, University of Victoria, Faculty of Engineering; Vancouver Island University, Department of Computing Science

Lorraine Krugel

Director and Consultant, KRC Insights

Dr. Tracey Lauriault

Assistant Professor of Critical Media and Big Data, Carleton University

Dr. Victoria Lemieux

Chief Information Security Officer, Molecular You; Cluster Lead, Blockchain@UBC

Christian Leuprecht

Class of 1965 Professor in Leadership, Royal Military College and Queen’s University

Dr. Holly Longstaff

Research Privacy Advisor, Provincial Health Services Authority

Kyle Loree

Director, Business Systems and Solutions, Consumer Protection BC

Steve Lowry

Executive Director, AInBC

Dr. Florian Martin-Bariteau

Assistant Professor and Director, Centre for Law, Technology and Society, University of Ottawa

Dr. Kimberlyn McGrail

Scientific Director, Population Data BC; Professor, UBC School of Population and Public Health

Brenda McPhail

Director, Privacy, Technology & Surveillance Project, Canadian Civil Liberties Association

Sue Paish

CEO, Canada’s Digital Technology Supercluster

Gary Perkins

Executive Director, Chief Information Security Officer, Ministry of Citizens' Services, Province of BC

Murray Rankin

Chair, National Security and Intelligence Review Agency

Matt Reed

Executive Director, Privacy, Compliance and Training Branch, Ministry of Citizens' Services, Province of BC

Dan Ruch

Partner, Ruch & Associates

Dr. Teresa Scassa

Canada Research Chair in Information Law and Policy, University of Ottawa

Scott Scheferman

Principal Security Technologist, SentinelOne

Jeff Silvester

Co-Founder & Chief Operating Officer, AggregateIQ

Shawn Slack

Director of Information Technology and Chief Information Officer, City of Mississauga

Jennifer Stoddart

Strategic Advisor, Fasken; Former Privacy Commissioner of Canada

Micheal Vonn

Chief Executive Officer, PHS Community Services Society

Howard Waldner

Adjunct Professor, School of Population and Public Health, UBC

Mitch Wexler

Principal, Politrain Consulting

Todd Wilson

Product Director, Enterprise DevOps, BC Developers’ Exchange, OCIO, Province of BC

John Wunderlich

Chief Privacy Officer, JLINC Labs; Board Member, MyData Global

Dr. Dale Zabriskie

Evangelist, Security Awareness Training, Proofpoint

John Zimmermann

Senior Security Architect, Ministry of Social Development and Poverty Reduction, Province of BC
Print Agenda

*Invited Speaker

Wednesday, February 5, 2020


Registration Desk Opens

9:00am - 12:00pm Theatre

BC Ministry of Citizens’ Services – Information Security Branch presents: BC’s forecast: Clouds on the Horizon

Join some engaging discussions with Government’s Proctor of Privacy, Matt Reed and the Defender of Data, Gary Perkins. Recent amendments to FOIPPA have changed the playing field for public bodies in BC wanting to adopt cloud. Gary and Matt will discuss the impacts to the public sector with respect to cloud usage; where new cloud opportunities lay; how to ensure that your shiny new cloud is secure; and where to expect this space to move in the next few years.

Bring your questions to this interactive session and get some answers from the experts.

Outcomes of this exciting workshop:
• Greater understanding of FOIPPA, and its recent amendments
• Cloud implementation comfort
• An understanding of how to approach security in cloud-based solutions
• The role companies and individuals play in creating a secure future
• The role companies and individuals play in protection

9:00am - 12:00pm Colwood Room

The Ethics of Research Privacy Workshop

This session will explore an approach to privacy grounded in applied ethics principles and concepts. Attendees will have the opportunity to work through a series of real-life case studies in the research domain guided by ethics tools. The goal of this session is to empower attendees to use “all things considered” holistic judgements concerning privacy.

9:00am - 12:00pm Sidney Room

BC Ministry of Citizens’ Services – Information Security Branch presents: DevSecOps – The New Zero Trust Security Model for BC Government Applications

Are you wanting to know how you can make your application secure - right from the start – and then for every line of code? Find out how the Developers Exchange has designed a zero-trust environment, integrating leading edge security tools into the BC Government’s Openshift Platform. We will have demonstrations of live pilot ministry applications using the new security environment. Bring your toughest questions and concerns and the team will work through them with you.

1:00pm - 4:00pm Oak Bay Room

BC Ministry of Citizens’ Services – Information Security Branch presents: How to be a Ministry Information Security Officer (MISO)

The role of a Ministry Information Security Officer is key to a successful security program and empowering that MISO with clear role definition ensures success. But what does it mean to be a MISO? This workshop will walk through the roles and responsibilities of this type of position and provide tips on how to establish a security culture within your organization.

This workshop is useful for those currently in the role who want to sharpen their skills or those who aspire to be future MISOs and want to learn more about the role. We’ll offer some practical tips along with insight into how MISOs fit into an organization’s overall security program.

This session will address topics such as:
• What is a security program?
• SOARs, security breaches, training and contracts
• Program measurements
• Influencing a positive security environment

Join us for an informative discussion on this critical security position to any organization.

1:00pm - 4:00pm Sidney Room

BC Ministry of Citizens’ Services – Information Security Branch presents: Cybersecurity Awareness: The need of changing the culture to match living in digital world

This seminar provides an opportunity to explore in depth the difficulties of cybersecurity awareness programs. Recognizing that the weakest link of cybersecurity is the individual’s digital habits and behaviors we will look at some of the cultural attitudes that stay in the way of adopting new cybersecurity-aware habits. Through a number of practical activities and games we will address the practical ethics issues related to cybersecurity. We will test several game based decision-making techniques and guides that can be immediately implemented in your work place. Understanding the boundaries of privacy and anonymity helps us navigate and manage the risks we are exposed to from malicious players. In bringing theory and practice together for discussion, the audience will learn about real life experiences and key factors for achieving successful transition to a culture of ethically responsible digital citizen.

After attending this workshop, participants will be able to:
• Understand the digital landscape and the role individuals play in creating secure future.
• Realize that many of the problems in respect of secure digital future are related to the culture of unexplored ethical decision-making process.
• Use a practical and simple guide for ethical decision-making.
• Know what to expect from malicious players and recognize when targeted.
• Identify how and why an individual’s security may be in danger of being compromised.
• Understand the essential difference between privacy and anonymity.
• Plan for managing personal digital footprint and adjust behavior respecting the realities of cyber-connected world.
• Understand the different professional perspectives on cybersecurity training.
• Use new methods in delivering cybersecurity awareness programs.
• See in action a variety of methods to improve the quality of cybersecurity training in their organizations.

Thursday, February 6, 2020


Registration & Networking Lounge Open

8:15am - 8:20am Carson Hall (Salon ABC)

Call to Conference - Master of Ceremonies

8:20am - 8:30am Carson Hall (Salon ABC)

Territorial Acknowledgement

8:30am - 8:45am Carson Hall (Salon ABC)

Welcome Remarks

8:45am - 9:25am Carson Hall (Salon ABC)

Keynote Address

9:25am - 10:00am Carson Hall (Salon ABC)

Keynote Address

10:00am - 10:15am Upper & Lower Foyers

Morning Break

10:15am - 10:45am Salon A

Concurrent Keynote Address by F5 Networks

10:15am - 10:45am Salon B

Concurrent Keynote Address

10:15am - 10:45am Theatre

Concurrent Keynote Address

10:50am - 12:05pm Salon A

Concurrent Panel Session - Panel A: Artificial Intelligence (AI) is Changing the World, Are We Ready for It?

Two-thirds of global businesses said AI technologies are important for their success. 70% of Canadian businesses have not even begun their AI planning. Canada’s early adopters are struggling to scale their pilots. AI promises efficiency and savings, as well as opportunities to eliminate repetitive tasks, reduce human error, and increase productivity. Business and policy leaders across Canada will engage to claim a leadership position in AI.

AI has the potential to be the catalyst for an era of unprecedented innovation, progress, and prosperity. Yet Canadians do not understand AI or see how its benefits outweigh the risks. Major concerns about AI’s impact on privacy, security, bias, consumer protection and more – and Canadians are looking to business and government leaders to provide answers and solutions to those questions. Left unaddressed, this lack of trust could have a serious impact on Canada’s future prosperity.

10:50am - 12:05pm Salon B

Concurrent Panel Session - Panel B: Big Data DNA Data Storage -Bioethics, Personalized Medicine and Genomics

The rise of DNA data has experts concerned about protecting consumers personal privacy and how policy makers should think about DNA in the future. We have protected genetic information individually rather than using general privacy laws Genetic data can have multiple uses.

10:50am - 12:05pm Theatre

Concurrent Panel Session - Panel C: Regulating Content on the Internet

The British Government will outline how internet regulations will reduce “online harms” encompassing any company that allow people to share or discover user-generated content or interact with each other online. Terrorist material, child abuse, trolling and disinformation are included in the regulations. Is the door open on censorship of the internet?

Moderating content on the internet has been a losing game of whack-a-mole. Tech platforms are responsible for both copyright and terrorist, abuse related material. Taking down objectionable content ignores the question of how it got there.

Britain’s approach is to require companies to design their services in a way that makes is harder for bad content to spread. Impose statutory “duty of care” and companies must take reasonable steps to keep their uses safe and tackle illegal and harmful activities on their service. The government will set up a new regulator whose mandate will be to publish guidelines for companies, oversee complaints, encourage co-operation between firms and issuing fines as well as other harsher penalties such as blocking websites or holding senior managers responsible. Maintaining national security and protecting the vulnerable must be balanced against individual’s liability.

10:50am - 12:05pm Salon C

Concurrent Panel Session - Panel D: "Legitimacy by Design" in Community Safety and Well Being: Designing a Better Experience for Everyone

As practitioners in the human services sector continue to explore and embrace comprehensive approaches to harm, victimization, crime and disorder through community safety and well-being approaches, they often encounter challenges, particularly in the domain of information sharing with other human services agencies.

In this highly interactive discussion our moderator and panelists will lead a group discussion among attendees, on the idea of reframing the challenge of delivering a better experience of the human services system, especially for the most vulnerable and marginalized from a "Privacy by Design" framework, to a "Legitimacy by Design" framework in which privacy still remains an important consideration, but a consideration that is balanced by the opportunities that information sharing offers, especially the opportunity to provide a better experience to those whom human services agencies collectively serve.

12:05pm - 1:20pm Carson Hall (Salon ABC)

Luncheon Keynote Address

12:05pm - 1:20pm Crystal Ballroom

Networking Luncheon

1:20pm - 1:55pm Carson Hall (Salon ABC)

Keynote Address - Title Sponsor

2:05pm - 2:35pm Salon A

Applied Session by OneTrust

2:05pm - 2:35pm Theatre

Applied Session by Replica Analytics: Accelerating AI with Synthetic Data

Data synthesis is a method for generating non-personal information that has the same statistical properties as real data. The basic concept is that a model is built to characterize the original data, and then synthetic data is generated from that model. Recent advances in statistical machine learning and deep learning mean that these models can capture many of the subtle characteristics of the original data, resulting in high utility data. However, if the synthesis model is overfit to the original data then the same values are replicated, and we may potentially have a privacy problem. Therefore, data synthesis is a balance between data utility and data privacy.

In addition to enabling access to data for AI and machine learning projects (which is becoming an increasingly challenging problem), common use cases for synthetic data include technology evaluation, open data, competitions and challenges, and software testing.

This presentation will provide a broad overview of data synthesis, focusing on structured data. We will examine methods to generate synthetic data, how to evaluate data utility, how to evaluate identity disclosure risks with synthetic data, and the results of a legal analysis to assess how various privacy regulations treat synthetic data (namely the GDPR, CCPA, and HIPAA). Healthcare examples will be used where relevant to illustrate the key points, although the basic principles and methods apply to other types of data.

2:05pm - 2:35pm Oak Bay II Room

Applied Session: Privacy and the Public Health-Scape: Lessons Learned from the Trenches

Public health is more than hand washing campaigns and promoting condom use -- it is at the forefront of big health data analysis, and is leading the way in healthcare data integration to address significant issues impacting British Columbia, from the current opioid overdose crisis to chronic disease. Achieving success in these areas is increasingly tied to robust data governance and stewardship frameworks, breaking down data silos and ultimately supporting broader access to data itself. What remains critical in all of this is privacy: a key facet underpinning data partnerships and data acquisition, and a central component to the BCCDC’s “trust management” model. This presentation will shed light on the role of privacy in today’s public health landscape, provide key lessons learned from on-the-ground operations, and identify some of the emerging challenges in an increasingly data-driven health space.

2:05pm - 2:35pm Saanich Room

Applied Session: Why Can't We Make Secure Software?

A lot is expected of software developers these days; they are expected to be experts in everything despite very little training. Throw in the IT security team (often with little-to-no knowledge of how to build software) telling developers what to do and how to do it, and the situation becomes strained. This silo-filled, tension-laced situation, coupled with short deadlines and pressure from management, often leads to stress, anxiety and less-than-ideal reactions from developers and security people alike.

This talk will explain how job insecurities can be brought out by IT leadership decisions, and how this can lead to real-life vulnerabilities in software. This is not a talk about “feelings”, this is a talk about creating programs, governance and policies that ensure security throughout the entire SDLC.

No more laying blame and pointing fingers, it’s time to put our egos aside and focus on building high-quality software that is secure. The cause and effect of insecurities and other behavioral influencers, as well as several detailed and specific solutions will be presented that can be implemented at your own place of work, immediately. No more ambiguity or uncertainty from now on, only crystal-clear expectations.

2:05pm - 2:35pm Oak Bay I Room

Applied Session by Guardicore

2:05pm - 2:35pm Oak Bay II Room

Privacy and the Public Health-Scape: Lessons Learned from the Trenches

Public health is more than hand washing campaigns and promoting condom use -- it is at the forefront of big health data analysis, and is leading the way in healthcare data integration to address significant issues impacting British Columbia, from the current opioid overdose crisis to chronic disease. Achieving success in these areas is increasingly tied to robust data governance and stewardship frameworks, breaking down data silos and ultimately supporting broader access to data itself. What remains critical in all of this is privacy: a key facet underpinning data partnerships and data acquisition, and a central component to the BCCDC’s “trust management” model. This presentation will shed light on the role of privacy in today’s public health landscape, provide key lessons learned from on-the-ground operations, and identify some of the emerging challenges in an increasingly data-driven health space.

2:05pm - 2:35pm Esquimalt Room

Applied Sesion by Proofpoint: The Human Side of Cybersecurity: Can Your Users Be Trusted?

The roadmap of your IT environment is full of twists, turns, roadblocks, and potholes. Those with access are navigating a perilous journey -- often without explicit security awareness training to help identify warning signs along the way. With most threats trying to induce people to act emotionally, your users can become your greatest risk, clicking on malicious links that enable malware or expose confidential information. Join us for this session as we discuss best practices for adopting a people-centered, risk reduction approach to security awareness training that can transform your users from risky to ready navigators.

2:05pm - 2:35pm Sidney Room

Applied Session by SentinelOne

2:35pm - 2:50pm Upper & Lower Foyers

Afternoon Break

2:50pm- 4:05pm Salon A

Concurrent Panel Session - Panel A: Federal Oversight: Protecting the Security of Canadians and Safeguarding Their Rights

The National Security and Intelligence Review Agency is the watchdog for overseeing national-security activities. Created under an omnibus national-security bill it will oversee the government’s security decisions while ensuring that authorities don’t infringe on the rights and freedoms of Canadians. Protecting the security of Canadians and safeguarding their rights are equally important parts of the agency’s mandate. Advising the Government on the extent to which (federal) agencies are properly and reasonably using the powers that have been granted. Has the bill given federal agencies power to collect and share too much information on Canadians? How will the agencies use its new powers to be the eyes and ears of Canadians and give them more confidence in our Federal agencies related to security in the future?

2:50pm- 4:05pm Salon B

Concurrent Panel Session - Panel B: Facial Recognition & Biometrics

2:50pm- 4:05pm Salon C

Concurrent Panel Session - Panel C: Does Canada Need a National Data Strategy?

Globalization and rapid technological development have fundamentally shifted the basic drivers of economic growth from the knowledge-based economy driven by intellectual property to the data-driven economy driven by data. The most valuable companies in the world are data companies. This new economy presents new challenges but also opportunities for Canadian businesses, individuals and policy-makers.

Canada’s data strategy to ensure that Canadians own the data they produce, and that governments and businesses are well-positioned to use it to grow our economy, protect privacy, promote the public interest and assert our sovereignty.

2:50pm- 4:05pm Theatre

Concurrent Panel Session - Panel D: Internet of Things- Chips with Everything- Will IoT do for information what electricity did for energy?

A revolution estimated that by 2035 the world will have a “trillion” connected computers built into to everything we do as a consumer in the new digital world. In the long term the most conspicuous effects of the IOT will be in how the world works. The second phase of the internet that will carry business models that dominate the internet all conquering platform monopolies or date driven approaches that critics and privacy advocates call “surveillance capitalism” IOT promises huge benefits and will mature in an age that has become skeptical about where a connected, computerized future will be but will have to earn the trust of its users for a successful future. The panel will discuss ownership, data, surveillance, competition and a playground for hackers in this new connected world.

4:15pm - 4:55pm Carson Hall (Salon ABC)

Keynote Address: Data: Are We Subjects to be Processed?

Notwithstanding the fact that General Data Protection Regulation (GDPR) in the EU is generally regarded as the most stringent or advanced data protection or privacy law currently in effect, is this kind of regulation fit for purpose in the 21st century? It still minimizes each person's digital autonomy through a notice and consent system designed to cede control. Do Fair Information Practice based legislation first developed at the dawn of the computer era make sense today? Do regulations originally built for large organization mainframe computers running batch jobs in glorious isolation make sense for a data ecology with hundreds or thousands of systems are part of online systems? If privacy is about digital autonomy, what does it say that the GDPR has created a taxonomy based around "Data Subjects", "Data Controllers" and "Data Processors". This talk will explore the business, legal, technical and social implications of putting the person in the centre of their own data. This means moving to a regime that empowers individual digital autonomy, moving processing to the person instead of submitting data to algorithms, and making the us the controller of our own data.

4:55pm - 5:00pm Carson Hall (Salon ABC)

Day 1 Closing Remarks

5:00pm - 5:45pm Upper Foyer

Networking Reception

Reception open to all delegates

Friday, February 7, 2020


Registration & Networking Lounge Open

8:15am - 8:20am Carson Hall (Salon ABC)

Administrative Announcements - Master of Ceremonies

8:20am - 9:00am Carson Hall (Salon ABC)

Keynote Address

9:00am - 9:40am Carson Hall (Salon ABC)

Keynote Address

9:40am - 10:10am Carson Hall (Salon ABC)

Keynote Address

10:10am - 10:25am Upper & Lower Foyers

Morning Break

10:25am - 10:55am Salon A

Concurrent Keynote Address

10:25am - 10:55am Salon B

Concurrent Keynote Address

10:25am - 10:55am Theatre

Concurrent Keynote Address

11:00am - 12:15pm Salon A

Concurrent Panel Session - Panel A: Voter Analytics and Micro-Targeting: Reflections on the 2019 Federal Election

The use of personal data in contemporary elections is now a matter of global importance and controversy. There are a range of issues: the appropriate use of voter analytics; the democratic responsibilities of powerful social media platforms; the accountability and transparency for targeted political ads; cyberthreats to the integrity of electoral procedures; and the spread of misinformation and “fake news” through malicious actors and automated bots.

This panel involves representatives from some major companies that were employed by political parties and candidates to discuss these pressing issues, and to reflect on the lessons of the 2019 federal election campaign.

What is the appropriate role for data analytics in modern democratic elections? Did micro-targeting occur in 2019, and was it effective? Was there evidence of malicious interference? What was the experience of the new ad transparency rules? And what should be the privacy rules for political parties and candidates?

11:00am - 12:15pm Salon B

Concurrent Panel Session - Panel B: Smart Cities: The New Modernization Strategy Banking on “Your Data”

The future modernization plans for cities to develop policies and the general digital transformation is on everyone’s agenda. Leveraging smart technology and innovation to engage residents and solve some of our city’s most pressing issues is at stake. A well-connected, sustainable city where people work live and thrive in the new digital future is at stake.

The goal to transform cities into a modern, global city at the leading edge of innovation and technology with the creation of labs to test new tech in real-life, solve local innovation challenges and to bridge the gap between those that have access to technology and those who don’t is the plan.

Digital hubs to provide networking, connections to services, training, and tools in the mobile workplace, connected parks, free WiFi and main streets. Inter-modal transportation options bikes, cars, electronic vehicles, and automated traffic management systems are the benefits.

Portals that connect the digital ecosystem with access to services and information and open data, GIS, and other smart city technology will be central to the success of smart cities?

So what is the cost? Your data and your privacy, are we ready to address these challenges?

11:00am - 12:15pm Theatre

Concurrent Panel Session - Panel C: Trusted Data - How Innovation is Promoting Data Sharing and AI

Governments seeking to foster growth in their digital economies need to be more active in encouraging safe data sharing between organizations. Tolerating the sharing of data and stepping in only where security breaches occur is no longer enough. Sharing data across different organizations enables the whole ecosystem to grow and can be a unique source of competitive advantage. But businesses need guidelines and support in how to do this effectively. Concerns with data sharing: how to formulate an overall data-sharing strategy, legal and regulatory considerations, technical and organizational considerations, and the actual operationalizing of data sharing.

11:00am - 12:15pm Salon C

Concurrent Panel Session - Panel D: TBA

12:15pm - 1:30pm Caron Hall (Salon ABC)

Luncheon Keynote Address: Women in the Workplace: the Barriers, the Challenges and the Disconnect

2019 has been a banner year for women in the workplace. With movements like #metoo, He for She; and books like Moment of Lift, there has been a lot of talk and discussion about women empowerment and advancement.

While many studies reveal that the state of women in the workplace is headed in the right direction, there are topics no one is talking about. In her talk, Humaira will share real stories of women, the barriers they face and more importantly, how we can influence real change that not only attracts and retains top female talent, but helps increase innovation that leads to better business outcomes.

12:15pm - 1:30pm Crystal Ballroom

Networking Luncheon

1:40pm - 2:10pm Salon C

Applied Session: Implementing COBIT process governance at the BC Social Sector: A Case Study

Process binds people with machines, delivering business value such as information security. Join John Zimmermann, security architect for the BC Government Social Sector, to learn lessons they experienced while rolling out a governance framework to track the effectiveness of their information management processes. From inception to delivery, you’ll discover the challenges and opportunities encountered while adopting COBIT 5 as an ongoing transformational vehicle for their organization.

1:40pm - 2:10pm Saanich Room

Applied Session: “Mind the Gap” – Future-Proofing your Privacy Program

Artificial Intelligence, Big Data, Internet of Things and other data and technology developments and trends are timely and relevant. Building in privacy by design and privacy by default are important; but will not enable you to anticipate every risk or prevent every privacy incident. And implementation of these strategies and technologies will only amplify your potential points of privacy failure.

The effectiveness of your holistic privacy program is still of paramount importance: if an incident is never identified or reported, if it gets lost in the gap, then you cannot effectively manage your risk. How can you future-proof your privacy program so it can be effective regardless of new data and technology trends and cyber risks?

This session will help you identify how to effectively future-proof your privacy program, with interactive discussion on the following topics:
- How to define the “gap”
- War stories demonstrating the gap (i.e., example incidents that aren’t covered by the media)
- How to identify and address the drivers of the gap in your organization
- Core elements of a holistic, integrated and effective Privacy Program
- Practical tips on future-proofing your privacy program by minimizing your gap and potential points of failure

1:40pm - 2:10pm Oak Bay 1 Room

Applied Session: Deepfakes: What Can We Trust?

A deepfake is a video made portraying a person that is computer generated. They can be manipulated to say anything and interact with others. In the more malicious cases, celebrities have been targeted and inserted into adult films. They are getting more convincing and will soon be indiscernible from authentic video.

Deepfakes are currently a novelty and an amusement that is approaching a quality where widespread deceit could easily happen. It is estimated that in early 2020, the technology will be available for general users to perform a deepfake. When this happens, a user would be able to insert an image and apply it to someone in a video. We have already seen this with an app called Zao in China that will add the app user into a short clip of a movie. Knowing who to trust in the coming age will be hard when so called fake news can be delivered by trusted personas.

There are technologies to detect and prevent deepfakes. There are traces of tampering left when deepfake algorithms run. While this can be detected, it will only help in forensics. There will be very few methods that will be accessible to the public.

In this applied session, we will look at different examples of deepfakes and what is being done to detect them. It is possible to animate someone from a picture. Machine Learning (ML) can restore clarity to a blurry picture, then overlay that onto a video. With as little as 5 seconds of audio, a voice can be recreated and say anything that the manipulator desires. If a few of these technologies are combined, even a target with limited social exposure could be easily faked.

DeepFakes and Faceswapping has ethical issues. There are those in the AI community that are fighting to ensure that a zero-tolerance approach to the inappropriate use of these technologies. Should these technologies be open? They haven’t caused much harm.

1:40pm - 2:10pm Oak Bay II Room

Applied Session: Enhancing Your Cybersecurity Culture with a Cybersecurity Ambassador Program

More and more the human factor is being recognised as a key component of an overall cybersecurity strategy. Technology alone will not solve our cybersecurity issues - we have to ensure that our people are aware and taking the appropriate action when confronted with phishing, social engineering, etc. Traditional cybersecurity awareness training - watch the videos, click the complete box - while part of baseline training, will fall short of expectations. What's needed is a change in the organisation's culture; good cybersecurity practices need to be viewed as a valued component of that culture. "Champions" or " Ambassador" programs are an effective way of creating and maintaining this culture change.

In this session Don will review the Security Awareness Maturity Model and why culture is an important part of a cybersecurity awareness program. He will then discuss the concept of an Ambassador program and how it can influence organisational culture. Finally, Don will get into the practical side of implementing and running an Ambassador program based on his experiences at Royal Roads University.

1:40pm - 2:10pm Esquimalt Room

Applied Session: Privacy and Security of Electronic Records: Some Ethical Considerations

The duty to ensure the privacy and security of a person’s records are considered key aspects of the ethical framework that structure the development and use of electronic records. This presentation examines the ethical grounding of such a claim and outlines its limitations. In particular, it considers the ethical implications of technological developments, resource parameters and the equal and competing rights of others in light of the Principle of Equality and the Principle of Impossibility.

2:10pm - 2:25pm Upper & Lower Foyers

Afternoon Break

2:25pm - 3:40pm Salon A

Concurrent Panel Session - Panel A: Indigenous Data Governance

2:25pm - 3:40pm Salon B

Concurrent Panel Session - Panel B: Digital Assistance: Alexa Can Handle Patient Information - What Does That Mean for Privacy?

Voice enabled devices will allow customers to access personalized medical information, like medical diagnoses, pharmaceutical prescriptions and software that reads medical records. In the future customers will book medical appointments, access hospital post-discharge instructions and check on prescription delivery. The area of health records is famously contentious though a push to digitize medical records leads to fragmented paper trails filled with gaps. Doctors are frustrated with with the entire process and various software systems for health records lead to burnout. Health privacy laws ensures that health information can only be shared between patients and those in the healthcare system like doctors and hospitals. Can these new devices remain privacy compliant as we transform the $3.5 Trillion health system.

2:25pm - 3:40pm Theatre

Concurrent Panel Session - Panel C: Public Cloud Computing: Is the Future of Privacy in the Cloud?

Gartner defines public cloud computing as a style of computing where scalable and elastic IT-enabled capabilities are provided as a service to external customers using Internet technologies—i.e., public cloud computing uses cloud computing technologies to support customers that are external to the provider’s organization. Using public cloud services generates the types of economies of scale and sharing of resources that can reduce costs and increase choices of technologies. From a government organization’s perspective, using public cloud services implies that any organization (in any industry sector and jurisdiction) can use the same services (e.g., infrastructure, platform or software), without guarantees about where data would be located and stored.

2:25pm - 3:40pm Salon C

Concurrent Panel Session - Panel D: So Canada Needs New Privacy Law Fit for 2030 – What Does That Truly Mean?

Both major political parties had campaigns that signaled it is time for a new privacy law in Canada. We can all agree that the law should project individuals right to privacy and facilitate Canada’s digital future. But what does that actually mean when one puts pen to paper. This panel will begin the process of filling in the blanks.

3:50pm - 4:30pm Carson Hall (Salon ABC)

Closing Keynote Address: Bringing Thinking and Technology Into Focus

Many of us have begun to reward speed over quality, distractedness over focus, and the negative effects are mounting. Technology was supposed to save our thinking; perhaps it’s doing the exact opposite.

Due to several alarming and rising factors including busyness, time mismanagement and distractedness, employees and leaders alike are struggling to cope. We all need a more reflective and responsive thinking mindset in order to take back control of our working lives. Better thinking is dependent on how open we are to new ideas, how evidence-based our decision-making can be, but mapped against how capable we remain to get things done. Technology can help, but we need to come to grips with its current effectiveness.

What to do? Dan suggests the introduction and use of Open Thinking, the continuous cycle of three key categories: Creative Thinking, Critical Thinking and Applied Thinking. When we use technology for “thinking good,” we’ll be much better off. Ultimately we need a return to balance between the key components of productive thought: Dream. Decide. Do. Repeat. The Pavlovian bell of mobile phone vibrations is no way to think in the year 2020.

• Recognize the effects poor thinking is having on both individuals and organizations.
• Understand the difference between reflection and action – being made aware of indifferent, inflexible and indecisive thinking attributes and how they affect our daily lives.
• Assess how technology can be used for positive Open Thinking, and how it inhibits it.
• Distinguish the traits that make up Creative, Critical and Applied Thinking—the hallmarks of Open Thinking—and learn ways in which to bring them into your daily habits.

4:30pm - 4:45pm Carson Hall (Salon ABC)

Closing Remarks & Announcements

Hotel & Travel

Fairmont Empress Hotel Room Block

If you need to make accommodation arrangements, the Fairmont Empress is offering a special conference rate of $185/night for Corporate reservations and $159/night for Government reservations. Please note that this room block ends January 10, 2020.

Please contact the hotel directly at (250) 384-8111 to book a room or book online using the following links:

Government Reservations – https://book.passkey.com/go/psgovt2020
Corporate Reservations – https://book.passkey.com/go/privacyandsecurityconference

Fairmont Empress
721 Government Street
Victoria, BC
V8W 1W5


It has been brought to our attention that individuals are contacting sponsors and speakers, citing the Reboot Privacy & Security Conference, to offer hotel reservation services. To be clear, these individuals are not in any way affiliated to our conference, and are not authorised to use the Reboot Communications name. No one should contact you directly to book your hotel room or to offer you a special discounted rate. If you receive one of these calls, it is a scam. They are not affiliated with Reboot Communications or the Privacy & Security Conference. Thank you to those who have alerted us to this matter. To book your room in a safe manner please follow the information on this page only.

YYJ Airport Shuttle Discount

If you are needing transportation from the Victoria International Airport to Downtown Victoria/Empress Hotel why not consider using the YYJ Airport Shuttle.

When booking the shuttle online or over the phone please use the promo code REBOOT20. This will give you 20% off tickets.

For more information please visit their website at www.yyjairportshuttle.com or call them at 1-855-351-4995.

Harbour Air Seaplanes Discount

Flying in from Vancouver or Seattle for the conference? Arrive in style in Victoria’s Inner Harbour with Harbour Air. Subject to availability, attendees will receive a 20% discount on their goFlex and goGold fares for confirmed travel to/from Victoria between February 3 and 9, 2020. Please note that all rates are subject to tax and fees. This offer cannot be combined with any other offers or promotions or be paid by Airbucks or TurboBucks and cannot be applied to private charters.

In order to receive this special discounted rate, attendees can contact the Reservation Department directly by phone at 1.800.665.0212, by e-mail at reservation@harbourair.com or online at www.harbourair.com and quote the coupon code ‘P&SC02-20’. Also be advised that you will need to present a copy of your conference registration upon check-in.

All schedules and location information can be accessed through their website at www.harbourair.com.

Call for Speakers

Please note that the call for speakers closed September 27, 2019.

The Advisory Board for the 21st Annual Privacy and Security Conference is pleased to announce that the Call for Speakers is now closed.

Subject matter experts working within the privacy and information security communities are invited to submit papers on their area of expertise. Of particular interest are briefs on cutting-edge subjects and themes suitable for presentation in either a panel session, applied session, workshop or keynote address. Presented by the Province of British Columbia’s, Ministry of Citizens’ Services, this three-day conference draws an international audience focused on policy, programs, law, research and technologies aimed at the protection of privacy and security.

Date: February 5-7th, 2020
Location: The Victoria Conference Centre, Victoria, British Columbia

2020 Conference Suggested Topics (not exhaustive):

  • Advanced Robotics
  • Artificial Intelligence
  • Augmented & Virtual Reality
  • Big Data Analytics
  • Biohacking
  • Blockchain
  • Cloud Computing
  • Crypto Currency
  • Cyber Security
  • Dark Web
  • Data Encryption
  • ePrivacy Regulation
  • Ethics
  • GDPR
  • Genetic Privacy & Precision Medicine
  • Healthcare Privacy & Security
  • Internet of Things
  • Mobile Privacy & Security
  • Open Data
  • Politics and Privacy Regulation
  • Quantum Computing
  • Ransomware
  • Sensor Cities
  • Social Media in Elections
  • Voice First Technology


All entries must be received by midnight of September 27th, 2019. Invited speakers will be notified by October 31st, 2019.


Submissions will be accepted electronically using the form below.

Presentation Types:

  • Issue papers: An executive or management briefing on a prominent issue or aspect of information privacy or security.
  • Case studies: Descriptions of a specific information privacy or security situation or incident, or research results. Names of organizations can be kept anonymous to maintain confidentiality if necessary.
  • Research: Results or developments in cutting edge research on new information privacy and security technologies.
  • Sociological/ Philosophical perspective: A candid and/or introspective look at the impacts of new technological developments on privacy, security, social consciousness, or social functioning.

Have Questions or Need More Information?