Privacy and data protection is the number one issue businesses and governments around the world are facing. Personal privacy is at the forefront of information sharing and social media requirements. For the past 21 years, the Privacy and Security Conference has been the number one conference on the issues of privacy and security globally.
This year’s conference will be a digital-first experience on our customized virtual platform with an immersive look and feel that will engage our delegates from start to finish. We will deliver our virtual conference from a professional studio with a full production team and made for TV quality presentations.
The conference will offer a platform for over 1000 security and privacy professionals to discuss important issues. It provides essential education, training and opportunities for CPD credits for individuals who are responsible for the transformation of the public and private sector into the new digital economy.
Reasons to Attend
- Timely, motivational presentations from leading industry experts
- Learn about current trends, issues and actions
- Valuable CPD credits to maintain a variety of qualifications essential for your career
- Unparalleled networking opportunities
- Informative and compelling panel sessions
- Get immediate answers and solutions to issues current in your organization
|Early Bird Virtual Registration by December 31, 2020||Regular Virtual Registration after December 31, 2020|
|Public Sector||$275.00 CAD (plus GST)||$350.00 CAD (plus GST)|
|Private Sector||$275.00 CAD (plus GST)||$350.00 CAD (plus GST)|
Registration Fees Include
- All keynotes, panel sessions and applied sessions
- Access to virtual exhibition booths
- Conference materials
- Access to virtual platform
- On-line access to presentations post-event
Stay connected and engaged in the conversation leading up to and during the conference by following along on Twitter. Use the event hashtag to follow others who are already posting, and include it in your tweets to add to the existing discussions. The hashtags for this year’s conference are #PrivSecYYJ and #PSV21 and our twitter handle is @PrivSecYYJ. We would appreciate you sharing your voice with our other followers.
THURSDAY, February 4, 2021
8:25 – 8:40am PST •
Welcome Remarks: How B.C. and Canada Can Lead the Way in Data and Privacy
Digital transformation was growing in all sectors before March 2020. Ten months into a global pandemic, it has become a critical element of success for every organization, of every size and in every sector. Our world is digital, which means how we collect, protect, share, leverage and use data is now a crucial part of business and society like never before.
The Canada's Digital Technology Supercluster has been accelerating digital transformation by working with organizations across all sectors and sizes to create digital solutions to some of society’s and industry’s biggest challenges. We see and have been helping organizations effectively use their data and manage Canada’s privacy landscape. We see the positive and negative impacts of privacy public policy, regulation and clarity on industry and Canada’s competitiveness. We also see the potential for Canada’s economic recovery and future prosperity that comes from a strong and coordinated public policy approach to data management and privacy. We also know the impact on industry and society from the lack of a harmonized approach to privacy across Canada. The current mix of legislation is complex and confounding. Yet, there is a way for Canada to be a global leader in this critical area and provide a distinct advantage to our economy and Canadians. More than ever, we need a modernized, flexible, resilient, clear and practical approach to privacy and handling data, one that protects the rights and interests of individuals, organizations and government, and there is a path to that.
8:40 – 9:20am PST •
Keynote Address: A Great Leap Forward …. For the Abuse of Power
Digital technologies and surveillance capitalism have given rise to a new machine-based civilization that is increasingly linked to a growing number of social and political maladies. Accountability is weak and exploitation is endemic. Drawing from themes of my new book RESET: Reclaiming the Internet for Civil Society, in my keynote I will outline the mostly unregulated surveillance industry, innovations in remote-control technologies, superpower policing practices, dark PR firms, and highly profitable hack-for-hire services. I will end my talk with an urgent plea for applications of new restraint measures, from the local to the global.
9:25 – 9:55am PST •
Concurrent Keynote Address by TELUS: 3 Things to Think About When Implementing a Zero Trust Architecture
Join Marc Kneppers as he shares some insights from the TELUS Cyber Defence Centre and provides guidance on three areas to focus on when developing and improving a Zero Trust architecture.
It is difficult to modernize our current systems to tackle today’s security challenges without focusing on user and endpoint authentication. Additionally, we can’t forget about the need to monitor and improve our systems as we react to an evolving threat landscape.
9:25 – 9:55am PST •
Concurrent Keynote Address by Zscaler
9:55 – 10:10am PST • Virtual Exhibition Hall
Morning Break & Virtual Exhibitor Booths
10:10 - 10:45am PST •
Keynote Address: Privacy Reform for a Technological Future
How can governments protect the privacy of individuals in a rapidly evolving world of technological change? Algorithmic decision making, biometric collection, the ubiquitous monetisation of personal information and the monopolistic power of Big Tech companies are presenting significant challenges for governments. New Zealand Privacy Commissioner John Edwards will discuss privacy law reform in New Zealand and how this is part of a rising tide of privacy regulation internationally, and how governments and regulators need greater cooperation and more effective laws to meet these challenges.
10:50am – 12:05pm PST •
Concurrent Panel A: Next Generation Privacy Data Protection Law; Canada Breaks Glass with Replacement for PIPEDA
The new federal legislation is premised on regulating the impacts of digital technologies rather than regulating their purpose. A form of post-hoc governance in which regulators will be responsible for putting the horse back in the stable after it has left the barn. The proposed legislation rules governing the use of personal data can be simplified through de-identification of personal information. Data controllers and big tech can use our data without asking for our consent if the data has been de-identified. Re-identification is easy to do so this is problematic and very difficult to regulate.
The legislation provides significant leeway to avoid requiring consent to use personal data while providing products and services to customers. Firms can continue to collect and use our date for target advertising on the fuel of the digital economy. Would opt-out be better which enables anyone who does not want to share their data collected and used beforehand? Rights based approach depends on access to courts or tribunals, which is highly unequal, fails to address the very real digital issue which is “big tech”. The legislation proposes to enable us to withdraw our consent to the use of the data although subject to the reasonable terms of the contract. What these reasonable terms entail will be the real issue. This will leave the onus on individuals with added expectations that we understand the complexities involved but does not enable us to simply avoid all those terms and conditions agreements we sign daily. Would it be better to remove data collections almost entirely from these agreements?
The legislation aims to ensure transparency in automated decision-making including individuals’ rights to an explanation and information on how the personal data for AI systems are collected which confronts the EU’s GDPR. Companies developing AI technologies depend on trade secrets to protect valuable assets and transparency is of little use if there is no way to ensue companies stop collecting our data.
The legislation seeks to strengthen regulatory oversight introducing new financial penalties by the Privacy Commissioner. The legislation allows firms to engage in wholesale societal experiments until someone complains. Would a system that allows AI developers submit their plans to regulators before they initiate development create FDA for AI?
10:50am – 12:05pm PST •
Concurrent Panel B: Digital Identity and Data Driven Intelligence
The Ministry of Citizens’ Services plays an integral role in the multi-channel delivery of services to British Columbia’s citizens, businesses and government. The ministry prides itself on innovation, value and service excellence.
The Service BC division of Citizens’ Services is government’s chief provider of services to citizens and businesses.
Since the start of the COVID-19 pandemic, Service BC has responded with innovative and strategic ways to support BC residents during this unprecedented time.
The executive panel will share some of the highlights of how Service BC embraced, pivoted and then responded to the COVID-19 pandemic.
Topics to include – how Service BC pivoted to respond to the needs of citizens and business during COVID-19 using digital identity and data driven intelligence to launch multiple services (ie: returning travelers program, Send Video, appointment booking) that helped support public health measures.
12:05 – 1:05pm PST • Virtual Exhibition Hall
Lunch Break & Virtual Exhibitor Booths
1:05 – 1:40pm PST •
Keynote Address by IBM: Build Customer-Friendly User Privacy and Consent Management into Your Multi-Cloud Applications
Learn how to build a better user experience for both first time and returning customers, while ensuring you meet the wide variety of data privacy regulations around the globe. In this session, you'll see first-hand how to incorporate progressive trust into your digital experience, to build trust with your customers.
1:45 – 2:15pm PST •
Applied Session by Microsoft
1:45 – 2:15pm PST •
1:45 – 2:15pm PST •
Applied Session by Cisco: Security Debt, Running with Scissors
Security debt, defined by Dave Lewis, Global Advisory CISO, Duo Security at Cisco, as “the accumulation of the patches missed, the risks accepted, and the configurations misapplied,” is a serious and common problem for many organizations, especially with the move to cloud computing and rise of IoT. Part of the problem is that, while organizations might accept the risks they encounter, they often neglect to review them or make a plan for the future, and that risk is compounded when patches are passed from person-to-person through staff changes and/or employee churn. However, it doesn’t have to be this way - to track and address security debt, organizations must develop and implement defined, repeatable processes. They should look to strategies like the zero-trust model, trust but verify, sanitation of inputs and outputs, and of course, make sure to execute patches instead of pushing it onto the next person.
• Security debt occurs when patches are pushed aside, and risks are accepted but not addressed
• The longer organizations wait to address risks, the harder it is to address them
• To eliminate debt, organizations should create defined and repeatable processes with plans for action
2:15 – 2:45pm PST • Virtual Exhibition Hall
Afternoon Break & Virtual Exhibitor Booths
2:45 – 4:00pm PST •
Concurrent Panel A: COVID-19: Data Driven Healthcare: More Laws Less Security and Privacy-Should Companies and Government Collect Health Information Out of Thin Air?
Experts in big data, population health and related areas agree that our ability to respond to COVID-19 is impaired by our lack of knowledge about who has the virus, who doesn’t and who is no longer susceptible. That data gap has led to the virtual shut down of the country in order to protect the most vulnerable; multiple efforts are now under way across Canada to close it. Here the need for privacy and safe curation of biological material such as swabs, blood samples and other specimens present additional challenges to those who would like to ramp up public testing beyond health clinics and shed more light on how the virus is spreading. New technologies and a greater awareness of public health after the pandemic could also fundamentally change our conception of health privacy, making it less about keeping information private than controlling how it is used.
2:45 – 4:00pm PST •
Concurrent Panel B: Data De-Identification: Is Dynamic Data Security the “Default Technology”
De-identified information appears to be the new category of personal information that would remain within the scope of privacy law. De-identified information can be used by any organization internally for research and development purposes. It can be disclosed to government institutions, health care and post- secondary institutions or other entities prescribed in regulation for social beneficial purposes. Information is personal if there is a serious possibility that an individual could be identified. Personal information becomes de-identified if there are no “reasonable foreseeable circumstances” in which a person could be identified. Personal information that is de-identified should not be personal information according to our current understanding of personal information interpreted by the law.
As de-identification practices vary and standards are difficult to find in wide-spread use, organizations must stay up-to-date with the most extensive privacy, security, and third-party risk research, and implement service offerings that create certainty in this area of compliance and give organizations the tools they need to make the right decisions when building their privacy program.
4:05 – 4:35pm PST •
Keynote Address by Microsoft: Fireside Chat on Privacy and Data Protection
Join Microsoft’s Chief Privacy Officer, Julie Brill, and Ontario Privacy Commissioner, Patricia Kosseim, for an engaging conversation on privacy learnings from the pandemic, the prospective for privacy laws in the US and Canada and its influence on the global stage while looking ahead to what the future will hold for privacy. Through their leadership in privacy and regulatory affairs, they will share their perspectives on how individuals view the protection of their personal information, how organizations set their strategic priorities, and the development of regional privacy laws and its impact globally.
FRIDAY, February 5, 2021
9:40 – 10:10am PST •
Concurent Keynote Address by Tanium: Continuous Hygiene With Zero Infrastructure
Digitization has driven an explosion in the number of assets companies have to manage and secure. Every IT executive is faced with the problem of maintaining visibility and control of those assets. COVID has broken down the cubicle walls in the workplace and created an overnight distributed IT workforce and distributed all of those assets outside of the corporate firewall. Those IT organizations that are still using pre-COVID tactics and technologies are struggling to find, manage, and secure their assets and data, especially with employees working from home. While some teams struggle, there’s a vanguard of innovative IT organizations that are not only securing their assets and data, but also tearing down the walls of their data centers, focusing on continuous IT health and hygiene, and doing it with zero infrastructure. Find out how these companies are navigating the new business problem topology that COVID has introduced.
9:40 – 10:10am PST •
Concurrent Keynote Address by ServiceNow: Business Continuity, Privacy, and Operational Resiliency - Innovation and Adoption During a Pandemic
During uncertain times, you want to ensure you’re building resilience for your critical business operations and protecting your organization’s compliance. Preparing now can help your organization mitigate risks and recover faster from disruptive events.
Join us as we discuss the lessons learned from COVID-19 and how your organization can help improve its business continuity, crisis response, and return-to-work strategies. Using real-world examples, we’ll explore how you can:
• Assess and prioritize your most critical business processes.
• Anticipate dependencies, likely risks, and potential impacts to security, compliance, and business performance.
• Build your business continuity and disaster recovery programs, so you’re empowered for a faster, more efficient recovery.
• Operationalize processes across domains and silos to enable governance, executive visibility, and decision-making.
9:40 – 10:10am PST •
Concurrent Keynote Address by Fortinet: The Immediate vs Long-Term Impact of COVID-19 on Networking and Cybersecurity - A Canadian C-Level Perspective
Fortinet, in collaboration with SINC and Richard Stiennon of the Analyst Syndicate, recently commissioned a survey of 100 senior Canadian IT executives from across the public and private sectors. The survey was conducted to determine the impact of COVID-19 on the technology deployments of businesses in Canada as work from home, combined with an unprecedented economic downturn, swept the World.
Join Jim Richberg, Fortinet’s Field CISO, as he examines the survey results and provides valuable insight into the current and future strategies that have evolved to meet the challenges presented by the pandemic. Attendees will be provided with a complimentary copy of the report generated from the survey responses.
10:10 – 10:40am PST • Virtual Exhibition Hall
Morning Break / Virtual Exhibitor Booths
10:40 – 11:10am PST •
Keynote Address by AWS
11:15am – 12:30pm PST •
Concurrent Panel A: Could Patient Privacy Drive Innovation in Health IT?
Healthcare is one of the top industries for data breaches because of the nature of the data they collect, process, and share, as well as the services they provide. This makes healthcare an attractive target for cybercriminals and means employee errors when handling data are often more severe. So, it seems almost inevitable that data breach claims reached into the multi-millions in 2019; Inevitable, but no longer acceptable. Increased awareness of data breaches from patients will create pressure on healthcare organizations to protect their data and comply with legislation. This can only happen effectively if healthcare looks to the right technology to ensure patient data is secure.
11:15am – 12:30pm PST •
Concurrent Panel B: COVID-19: The Case for Digital ID Cards – The New Digital Citizen
Some might argue that the pandemic has strengthened the case for digital ID cards. They could make it quicker and easier for us to access government services but also could make pandemic track-and-trace systems more effective. For example, if health data were linked to work data, governments might more quickly spot clusters of COVID cases.
What about privacy and security? Can privacy be protected by existing data-protection laws and updated security safeguards, such as two-factor authentication? How could we guard against ID cards being required for other purposes, such as law enforcement?
In addition, creating a digital ID system is complex and expensive. Can digital ID systems be introduced gradually building on existing platforms? What about public trust? If they are reasonably safe, and add convenience for interacting with governments, will citizens sign up for them?
12:30 – 1:30pm PST • Virtual Exhibition Hall
Lunch Break / Virtual Exhibitor Booths
1:30 – 2:00pm PST •
Applied Session by Tanium: Zero Trust - The Future of Security
Government agencies and educational institutions continue to grow beyond the traditional on-premise architecture. Employees are increasingly working from home and are no longer sitting within a protected network. Additionally, traditional enterprise networks focus on applying their protections at their network boundaries while internal protections are often ignored. This has led to organizations opening themselves up to more risk because it has become increasingly difficult to properly manage and secure access to organizational data.
Zero Trust is a security framework and set of principles that asserts there is no implicit trust based on a user’s physical or network location. Access to sensitive data, assets, applications, and services is provided based on least privilege access, only when required, and user and device verification or authentication must occur before a connection is established. Access is determined by a user’s credentials and a device’s state, regardless of the user’s network location. Zero Trust supports an ever-increasingly distributed network, where more and more users are working from home, coffee shops, trains, and via VPNs. With an ever-expanding attack surface, we should assume the corporate network is no longer a trusted border. As such, it’s safe to assume, under Zero Trust, the “network” no longer exists. A user and device are authenticated (who they are) and authorized (what can be accessed), before they are granted access.
The beauty and complexity of Zero Trust stem from its flexibility. Zero Trust will look different at every organization, which means there isn’t a “silver bullet” solution to implementation. However, there are common ways organizations need to think about Zero Trust. This talk will discuss the fundamentals, where to get started, and strategies for effectively implementing a Zero Trust architecture.
1:30 – 2:00pm PST •
Applied Session by ServiceNow: Why Taking a Risk Based Approach to Cyber Resilience is Required in Todays Changing Landscape
COVID-19 is exponentially changing and propelling organizations into new business models – where digital transformation of further business processes, employees increasingly working remotely and increased cyber threats are forcing CISO’s and security leaders to mature their cyber and security programs quickly.
Karl Klaessig will discuss how taking a more mature and programmatic approach to a cyber risk management program will align IT with the business and as a result:
• Gain leadership trust and buy-in for security programs
• Give the board confidence that we are prepared for a security event and we can prevent or minimize the impact
• Effectively communicate the business impact of the cyber risk management program to non-technical leadership
• Prioritize which vulnerabilities pose the greatest threat to the business and how to prioritize and plan for remediation
• Demonstrate the return on investment that a mature cyber risk management program delivers to the organization
1:30 – 2:00pm PST •
Applied Session by Fortinet: Modernizing Security with AI to Protect ALL of Your Endpoints
Advanced attacks can take just minutes, if not seconds, to compromise the endpoints. As the bad guys are now using AI to develop new malware and other attack vectors, security products must evolve as well by integrating the use of AI to automate threat hunting and incident response. In this session Dr. Kevin Mahoney will explore:
• The evolution of EDR to XDR
• Using deep learning to detect zero-day threats
• The importance of security ecosystem integration and automation
1:30 – 2:00pm PST •
Applied Session by Tripwire: Boom, Bang, and Breach—What Military Combat Operations and Security Strategy Teach Us About Cybersecurity
Join Maurice Uenuma as he draws on his own experiences as a combat veteran and special operations-trained Marine to explore lessons learned for cybersecurity. In the chaotic world of digital threats, data insecurity, and privacy invasion, there are fundamental concepts—from strategic planning to operational best practices to human factors—which make the difference between surviving an incident and suffering a devastating breach. Our trust and confidence in digitized critical infrastructure depends on getting this right. So we must look beyond technical capabilities and product features for the right approach.
Maurice will cover:
• Facing the unseen enemy
• Dealing with chaos and complexity
• Excellence in the essentials
• Building and maintaining trust in people and systems
From faraway battlegrounds to Canadian data centers, these principles are essential for success.
2:00 – 2:30pm PST • Virtual Exhibition Hall
Afternoon Break / Virtual Exhibitor Booths
2:30 – 3:45pm PST •
Concurrent Panel A: COVID-19 and the Acceleration of Artificial Intelligence
As healthcare systems around the world grapple with COVID-19, technological innovation and ingenuity are being harnessed at an unparalleled pace. Artificial Intelligence (AI) and Machine Learning (ML) are playing key roles in better understanding and addressing COVID-19 including scaling communications, tracking the virus, and accelerating research and treatments. The panel will present how they have employed AI/ ML technologies to address this global crisis and discuss their challenges, successes and the potential for lasting benefits these technologies can deliver to patients moving forward.
2:30 – 3:45pm PST •
Concurrent Panel B: Workplace Transformation: Working Life Has Entered a New Era
COVID has accelerated and in some cases mandated that organizations and government work from home. The shift may rival workplace transformations in the 19th and 20th centuries. The rapid shift to work at home enabled preconditions. Broadband services allow for document downloads and videoconferencing and remote work seems both normal and acceptable. Major challenges lie ahead. Are we prepared to provide the security and privacy in the work at home environment?
Organizations of all sizes, from all industries, rely heavily on cloud computing to operate. The massive shift to remote work during the covid-19 pandemic has only increased this reliance. In fact, a sector built around fables of industry "disruption" has enabled many to maintain constancy, connection, and business continuity–and afford some enterprises new opportunities.
How can advances in computing power, networking, AI and devices help businesses, governments, and citizens thrive in a world that has been disrupted?
3:50 – 4:30pm PST •
Closing Keynote Address: Now More Than Ever: The Hacker Revolution meets the Pandemic
A quarter-century ago, I began addressing the impacts of the hacker revolution on the human inside the machine - how it would transform our lives, our thinking, our work, our identities. I was describing the "digital revolution" as a transformational engine, not as an academic exercise, but as genuine paradigm change. I was called "crazy" and "insane" but it all came to be as I described: hackers created the frames in which others lived, inside the bigger picture, without even knowing it. Insanity, like wisdom, is apparently contextual.
The pandemic is creating another paradigm change which asks that we apply real hacker methodologies to new realities. Context matters, and the context IS the content of our lives. Hackers have the tools to identify the fragments of a disintegrating society and use them to model new structures. Hackers have internalized procedures, assumptions, and working models to piece together parts of complex systems to create new wholes, to break down to break through. Hackers once again are thought leaders for a brave new world.
4:30 – 4:45pm PST •
Closing Remarks & Announcements
Victoria Privacy & Security Conference is proudly sponsored by the following companies.
If you would like to sponsor this event, please download the Sponsorship Brochure for more information.
Conference Sponsors & Exhibitors
Call for Speakers
Please note that the call for speakers closed November 30, 2020.
The Advisory Board for the Victoria Privacy and Security Conference 2021 is pleased to announce that the Call for Speakers is now closed.
Subject matter experts working within the privacy and information security communities are invited to submit papers on their area of expertise. Of particular interest are briefs on cutting-edge subjects and themes suitable for presentation in either a panel session or keynote address. This two-day conference draws an international audience focused on policy, programs, law, research and technologies aimed at the protection of privacy and security.
Date: February 4-5th, 2021
Location: The Victoria Conference Centre, Victoria, British Columbia
2021 Conference Suggested Topics (not exhaustive):
- Artificial Intelligence & Machine Learning
- Biometrics, Facial Recognition & Surveillance
- Cloud Computing
- Cyber Security
- Data Driven Healthcare Innovation in the Time of COVID
- Digital Currency
- Digital Identity Strategy
- Edge Computing: The Office of the Future
- GDPR Lessons Learned
- National Digital Strategy
- National Security Strategy
- Next Generation Privacy Legislation
- Smart Cities
- Women and Minorities: Opportunities and Challenges in the New Digital Economy
All entries must be received by midnight of November 30, 2020. Invited speakers will be notified by December 15, 2020.
Submissions will be accepted electronically using the form below.
- Issue papers: An executive or management briefing on a prominent issue or aspect of information privacy or security.
- Case studies: Descriptions of a specific information privacy or security situation or incident, or research results. Names of organizations can be kept anonymous to maintain confidentiality if necessary.
- Research: Results or developments in cutting edge research on new information privacy and security technologies.
- Sociological/ Philosophical perspective: A candid and/or introspective look at the impacts of new technological developments on privacy, security, social consciousness, or social functioning.
Have Questions or Need More Information?
- For conference content, themes and agenda questions, please contact: email@example.com
- For venue and conference administration questions, please contact: Reboot Communications Ltd. at 1-250-388-6060, or firstname.lastname@example.org
- For sponsorship questions, please contact Reboot Communications Ltd. at 1-250-388-6060 or email@example.com
- Submissions will only be accepted electronically