Use these links to jump to the topic you’re interested in:

Cloud Computing Privacy by Design
Governance Regulatory and Legal Updates
Healthcare Social Media
Information Security
Additional Expertise


Keynote Address


Privacy Enabling Innovation

John Weigelt, National Technology Officer, Microsoft Canada


Cloud Computing


Adopting Cloud Apps? How to Ensure Data Privacy and Compliance 

In this uncertain economy, the benefits of cloud computing are significant: the economies of scale, the potential cost savings, fast deployment and easy scalability. So, what's holding up adoption beyond inertia? According to the Goldman Sachs Equity Research Report of 2011, 70% of the CIOs surveyed express major concerns about data privacy in the cloud. Specific concerns include data privacy and breach notification, loss of governance, regulatory compliance and data sovereignty. How should organizations manage these challenges while leveraging the proven benefits of cloud computing? Find out as an expert on privacy in the cloud sheds light on this complex issue, exploring new threats that can impact your PII and PHI data in the cloud, how migrating to the cloud impacts regulatory and compliance requirements, case studies on secure cloud adoption by large Canadian institutions and emerging best practices on retaining complete control over sensitive data in the cloud.

Varun Badhwar, Vice President, Product Management, CipherCloud

Presentation 1


Cloud Computing and the Patriot Act: A Red Herring? 

Cloud computing is revolutionizing the information technology industry by providing cost savings, flexibility and innovation. But many Canadian companies are concerned that use of cloud computing services may cause them to violate Canadian privacy laws, particularly because of potential non-Canadian government access to data stored in the cloud. Join our expert panel as they address persistent Canadian myths regarding cloud computing and privacy, discuss how cloud computing services can be used in compliance with Canadian privacy laws and the real impact of the Patriot Act, and provide tips to use during RFP cycles and contractual negotiations.

Lindsey Finch, CIPP/US, Senior Global Privacy Counsel,
David T.S. Fraser
, Partner, McInnes Cooper, Halifax

Presentation 1


Managing Privacy Risks in a Compliance by Design Program 

Learn how Dell incorporated the identified risks relating to its cloud services offerings into its Compliance by Design Program as the company’s executive director of global compliance and privacy reviews their Compliance by Design Program and discusses key compliance risks, in particular privacy. You’ll hear firsthand how the multifunctional cloud team and the compliance team worked together to incorporate the key risk areas into the program, and you’ll gain insights on key challenges they faced, such as international data transfer consdierations.

Dale E. Skivington, Executive Director of Global Compliance and Chief Privacy Officer, Dell

Presentation 1




Canada’s New Privacy Management Framework 

Explore how the new Canadian Privacy Management Framework impacts your organization as it defines accountability expectations. Find out what you’ll be expected to demonstrate should your organization be subject to an investigation or audit, or should your organization voluntarily report to a commissioner’s office. This framework, which serves as a roadmap to be shared with senior management, raises the bar for privacy management in Canada and clearly redefines privacy compliance to include a set of management processes that require ongoing documentation and metrics.

Elizabeth Denham, Information and Privacy Commissioner, Office of the Information and Privacy Commissioner for British Columbia
Robin Gould-Soil, CIPP/C
, Former Director PIPEDA, Office of the Privacy Commissioner of Canada
Terry McQuay, CIPP/US, CIPP/C, CIPP/E, CIPP/G, President, Nymity Inc.

Presentation 1, Presentation 2, Handout 1, Handout 2


Meaningful Privacy Governance without Consent? The Viability of the Statutory Consent Requirement

The consent requirement is a core feature of the Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial private sector privacy legislation. Yet, in this age of increasingly ubiquitous and disparate personal information flows, multi-stakeholder information networks and platforms and Big Data, the application of the current statutory consent requirement is becoming increasingly impractical. The concept of “informed consent” is also proving to be challenging for advancing biobank and related scientific research. The legal and practical challenges associated with the consent requirement will form an important part of the policy discussion in the forthcoming second round of the mandated review of PIPEDA. You won’t want to miss this interactive session, where you’ll get a brief overview of the legal, policy and practical challenges raised by privacy observers, and then you’ll be invited to participate in a moderated discussion among other attendees. Questions for discussion include the following: To what extent is the current statutory consent model workable and viable in our rapidly changing personal information environment? What changes (if any) could be made to the model to help appropriately balance the reasonable expectations of individuals and the practical realities of business? Is it possible to have meaningful privacy governance without consent? If so, how do we accomplish this in way that satisfies the range of stakeholder interests in the privacy arena?

Adam Kardash, Partner, Privacy and Information Management, Heenan Blaikie LLP


A Privacy Proactive Blueprint for the Enterprise*

Today’s organizations are focused on how PI is handled and safeguarded, but often the knowledge gained is not fully leveraged and developed into actionable information used to improve business processes. In this session, IBM insiders will use a case study to illustrate how IBM got proactive and transitioned from policy to practice, embedding privacy into the organization. You’ll gain perspective on how you can help your organization unlock and disseminate privacy best practice processes and insights to facilitate a greater understanding of operational factors; leverage operational privacy insights into cross-team actions to improve overall productivity; provide efficient methods for communications that result in improved business interactions; and create a privacy community for more effective communication of privacy insights and sharing. You’ll walk out of the session with strategy considerations and a roadmap for fostering a privacy-smart enterprise.

Yim Chan, CIPP/C, Privacy and Data Protection Executive, IBM Corporation; Chief Privacy Officer, IBM Canada
Howard Young
, Program Manager, IBM Canada

*This session is part of the featured Privacy by Design program track.

Presentation 1




Managing Consent in eHealth Environments 

As privacy professionals, we all understand the principle of consent: seek knowledgeable consent from individuals for the collection, use and disclosure of their personal information, except where inappropriate. The principle is simple to understand, but how does it translate to complex information systems, particularly those in healthcare, where information regularly flows using implied consent or with no consent? Gain insight into the business considerations associated with consent management in eHealth, how consent management fits into the blueprint for Canadian electronic health records (EHRs) and how EHR consent management can be leveraged, extended or reshaped to fit the broader eHealth environment.

David Morgan, CIPP/US, CIPP/C, Privacy Manager, Newfoundland and Labrador Centre for Health Information

Presentation 1


Organizational Privacy Transformation: From Critical Issues to Award-winning Success 

Three years ago, privacy was a critical issue at the global Ontario Telemedicine Network (OTN). In 2011, OTN won the IAPP-HP Innovation Award after performing a strategic overhaul of the organization’s privacy practices. Find out how the OTN privacy team approached the task of transforming an entire organization, from the board of trustees to the front-line staff, including successes, challenges and insights, directly from the CPO. You’ll learn how OTN has embedded Privacy by Design principles into the organization. Hear how the the CPO identified a lasting and additional value of the transformation: knowing how to mitigate future risks through their entirely new approach involving privacy in all aspects of service, project development and delivery. You’ll also gain insights on the development of the “new normal privacy” at OTN, including engagement and involvement in the project management lifecycle, developing a threshold privacy assessment and more!

Norine Primeau-Menzies, CIPP/C, Vice President, Customer Services and Chief Privacy Officer, Ontario Telemedicine Network

Presentation 1


Privacy in Healthcare: A Healthy Outlook on a Critical Topic 

The healthcare sector is subject to increased pressure to utilize technology and electronic health records while under attack from threats to privacy and medical identity theft. A balance needs to be stricken between regulations, electronic handling of patient data and records and information security. Increased patient awareness of their privacy rights and the privacy obligations of their information caretakers is adding a new dimension to the challenge, and regulators are on the side of privacy. At a time when obsolete technology is lagging behind in security and privacy protection mechanisms must be updated or replaced with appropriate safeguards to serve the current threat environment, it’s essential to stay abreast of the latest developments in this area. Join us to explore opportunities to implement the Privacy by ReDesign (PbRD) framework in the healthcare field. In Dr.Cavoukian’s own words, “Reviving the system in a new, privacy-protective way is the ultimate goal!”

Amalia Steiu, CIPP/IT, Enterprise Risk Advisor, Informatica Corporation

Presentation 1


Information Security


Consumerization of IT and Risks to Privacy 

IT departments are facing an increasing demand for use of personal devices to access corporate data and infrastructure, but what are the privacy risks? What is the obligation of the organization as a steward of its customers’ data? And how should organizations approach policy to assist employees as they utilize such technologies? Find out the answers to these timely questions and more in this enlightening session.

Constantine Karbaliotis, CIPP/US, CIPP/C, CIPP/IT, Americas Privacy Officer, Mercer

Presentation 1


Security 101 for Privacy Practitioners 

Because there is no privacy without security, most privacy practitioners find themselves working closely with their security counterparts. But how do security practitioners work, what are the main concepts they use and what are the advantages and disadvantages of these concepts? Why do they say yes to some things and no to others? In non-technical terms, a privacy and security leader will help demystify security, clearly defining what it is and what it’s not. You’ll get up to speed on the fundamental security concepts and principles to help you better understand security and the challenges faced by your organization’s security team.

Gilles Fourchet, CIPP/IT, Information Privacy & Security Specialist, Ministry of Community and Social Services

Presentation 1


User-centric Mobile Security, by Design*

The computer has gone mobile, becoming smarter, ubiquitous and more intensely personal along the way. Like Swiss Army knives, portable computing devices offer feature-rich versatility and functionality for users and companies alike, but is there a security trade-off? Personal devices are vulnerable to a wide range of information security threats arising from hidden rootkits; poor physical design and user interfaces; privacy-invasive default settings; rogue applications; malware and viruses; inadequate device encryption; connectivity and access controls; and external tracking, surveillance and interception capabilities. Join us to find out how device and application designers, employers and users can apply Privacy by Design principles in a robust way to the security challenges of mobile computing.

Fred Carter, Senior Policy and Technology Advisor, Office of the Information and Privacy Commissioner of Ontario
Bill Wilson
, Chief Privacy Technologist, Office of the Privacy Commissioner of Canada
Brian Neill, Manager, Platform Security, Research in Motion Ltd.

*This session is part of the featured Privacy by Design program track. 


Who’s Afraid of the Patriot Act? Separating Fact from Fiction

The Patriot Act and related U.S. information security and anti-terrorism laws continue to generate concern and objection among Canadian companies, DPAs and their counsel. While the Patriot Act allows certain U.S. federal government access to information, the myths and fears of these rules frequently consist of hyperbole and misinformation. This session will outline the scope of the law, proper concerns and how to address these in practice.

Peter McLaughlin, CIPP/US, Senior Counsel, Foley & Lardner LLP




Communicating about Privacy: Generating Awareness and Encouraging Compliance

Federal, provincial and territorial commissioners’ offices have a number of different and varying powers and tools at their disposal to ensure that organizations follow privacy law— from investigations and audits to orders and taking issues to court. But the power of publicity and of public persuasion should not be underestimated. Information and Privacy Commissioner of British Columbia Elizabeth Denham and Director General of Communications of the Office of the Privacy Commissioner of Canada Anne-Marie Hayden will lead a discussion about some of the pluses, possibilities and even pitfalls of communicating about privacy. They’ll also show off some of the innovative tools and strategies their offices have recently launched to promote awareness and compliance.

Anne-Marie Hayden, Director General, Communications, Office of the Privacy Commissioner of Canada
Elizabeth Denham, Information and Privacy Commissioner, Office of the Information and Privacy Commissioner for British Columbia


Emerging Privacy Risks in the Public Sector: Sharing Experiences

In her role as assistant privacy commissioner of Canada, Chantal Bernier has a unique vantage point on investigations, incident reports, audits, PIA reviews and legislative proposals. As such, her privacy radar is populated with public-sector issues that have already hit the front page, or are just about to. Join us as Bernier discusses what’s on her radar and invites you to share what’s on yours, based on your experience as a fellow privacy professional.

Chantal Bernier, Assistant Privacy Commissioner of Canada, Office of the Privacy Commissioner of Canada


The Future of the Privacy Profession

The IAPP celebrated its 10-year anniversary in 2010, and in March 2012, announced its membership had reached an astonishing 10,000—the privacy profession has come a long way in a very short time! Along the way, the skills and tools that make privacy professionals successful have evolved as use of technology, regulation and government data collection has grown dramatically. Come to this special networking session to discuss where the privacy profession is headed in the next decade and what privacy professionals can start doing now to continue being successful in the future. Don't miss this opportunity to learn how to position yourself for personal growth and greater impact.

Yim Chan, CIPP/C, Privacy and Data Protection Executive, IBM Corporation, Chief Privacy Officer, IBM Canada
Jeff Green, CIPP/C, Vice President Global Compliance & Chief Privacy Officer, Royal Bank of Canada


Paving the Way for Bring Your Own Device

Allowing employees to use smartphones and other mobile devices that they clearly prefer and are familiar with may improve efficiency. However, intermingled information—personal and professional—on electronic devices can be very difficult to untangle. Commissioner Clayton will address the privacy and access questions all organizations should think about before implementing bring your own device (BYOD), including custody and control of personal information, security measures, dealing with access requests and employee terminations.

Jill Clayton, Information and Privacy Commissioner, Alberta, Canada


Privacy by Design


Privacy by Design in Law, Policy and Practice*

Join our expert panel to discuss how data protection commissioners, governments and businesses have been putting Privacy by Design (PbD) into law, policy and practice in line with the International Data Protection Commissioners’ PbD resolution passed in Jerusalem in October 2010. You’ll learn more about the significance of the October 2010 resolution, what PbD is, what its benefits are and who is implementing it and how. You’ll also hear about lessons learned to date and gain insight on real-life experiences of moving an organization beyond mere regulatory compliance toward leveraging the PbD advantage.

David Goodis, Director of Legal Services and General Counsel, Office of the Information and Priavcy Commissioner of Ontario
Stephen McCammon
, Legal Counsel, Office of the Information and Privacy Commissioner of Ontario

*This session is part of the featured Privacy by Design program track. 

Presentation 1


Privacy by ReDesign: Seven Critical Steps to Follow*

Don’t miss this enlightening session, which will review the Privacy by ReDesign (PbRD) framework introduced by Commissioner Ann Cavoukian and Claudiu Popa. Popa, co-author of the Privacy by ReDesign implementation guide, will unveil compliance mapping, a simple approach to defining deliverables and five other tools and techniques to minimize operational risk and ensure project success.

Estella Cohen, Issues Manager, Office of the Information and Privacy Commissioner, Ontario, Canada
Claudiu Popa, CIPP/US, President, Informatica Corporation

*This session is part of the featured Privacy by Design program track.

Additional featured Privacy by Design sessions are included under other topics in our program. They are:
A Privacy Proactive Blueprint for the Enterprise
User-centric Mobile Security, by Design

Presentation 1


Regulatory and Legal Updates


Getting Caught Up: Recent Developments in the World of Privacy

Get a look at some of the recent decisions from the courts, including provincial superior courts, the Federal Court and the Supreme Court of Canada, as well as from privacy commissioners across the country. Explore hot topics and developments of 2010 and 2011, hear analysis on what the decisions mean for your organization and get tips on what compliance initiatives may be required as a result.

Barbara A. McIsaac, Counsel, Borden Ladner Gervais

Presentation 1


The New Face of Privacy in the Courts: Damages, Class Actions and Tort Claims

In addition to the usual regulatory investigations and commissioner orders that can be associated with violations of privacy, privacy professionals and organizations managing privacy-related risks need to have a clear understanding of how privacy claims can give rise to damage awards, class action litigation and tort claims, particularly in respect of data breaches. Canadian courts have shown an increasing willingness to protect privacy interests, particularly through damage awards and class action litigation. Canada’s anti-spam legislation contains a private right of action that is expected to further encourage such recourse to the courts. Using case studies of a number of recent privacy-related claims and decisions, this session provides an essential overview of the new face of privacy in Canadian courts.

Alex Cameron, Associate, Fasken Martineau DuMoulin LLP

Presentation 1


The Privacy Dimensions of Canada's Anti-spam Legislation (CASL)

Join us for a discussion of the effects of spam on Canadian consumers and businesses. Using statistics, we’ll explore the negative impact of spam on personal privacy, particularly in a Canadian context. Find out what legal privacy and other protections were available to victims of spam prior to CASL, PIPEDA amendments under CASL and how these amendments changed privacy protections for Canadians. You’ll also hear about new powers granted to the privacy commissioner under CASL and learn additional privacy dimensions to Canada’s anti-spam regime going forward.

Michael De Santis, Legal Counsel, Office of the Privacy Commissioner of Canada
Andre LeDuc
, Manager, National Anti-spam Coordinating Body, Industry Canada

Presentation 1


Social Media


Freedom of Information and Social Media: Benefits and Challenges for the Canadian Public Sector

Government organizations at all levels are struggling with increased citizen expectations around access to information and the protection of privacy. Formal access to information requests under Canadian legislation and routine customer requests for information can expend a great deal of resources through searching, acquiring, preparing and releasing efforts. As part of an overarching open government and access to information framework, social media can play a key role in enabling citizen engagement, reducing costs associated with responding to repetitious requests for information and enhancing government transparency and accountability. The challenge for many public sector organizations, however, is how to effectively employ these beneficial new media tools while still maintaining appropriate legal and governance controls. Bringing a broad range of experience in the social media landscape, Canadian public sector privacy and the access to information framework, the speakers will discuss the strengths and weaknesses of social media in the context of open government and freedom of information, including addressing issues with privacy, accuracy, identity management and information governance.

Alyssa Daku, CIPP/C, Manager of Corporate Information Governance, City of Regina
Philippe Leclerc
, Interactive Communications Manager, City of Regina

Presentation 1


Social and Mobile and Clouds, Oh My! The Emerging Challenges of Globalizing Technology

New and emerging technology continues to alter the privacy landscape. Information, advertising and entertainment programming are converging, and distinctions between employees, consumers, buyers, sellers, advertisers, bloggers and sponsors are blurring. In this dynamically evolving ecosystem, if content is king, then geo-targeted, segmented behavioural consumer data is queen. Today, advertisers, agencies and broadcast media vie for metrics, valuations and geo-targeted, real-time consumer data with technology companies, wireless carriers and cloud providers. When individual, geo-targeted, behavioural data is collected, shared and used for advertising and promotions in social networks, wireless interactions and cloud-based computing, privacy takes on new and evolving meanings. Law and regulation struggle to keep up, or even to make sense. Explore the emerging legal and regulatory issues that make headlines daily and are likely to continue to evolve.

Joe Rosenbaum, Partner, Reed Smith LLP


Social Media and Privacy at Work: Five Things You Need to Know

Growing numbers of organizations around the world are embracing social media in their workplaces. In addition to the many benefits they offer, the use of social media sites can raise important privacy issues. Join us to find out the five key points that employers must know about social media and privacy in the workplace. The primary focus will be on pitfalls and aspects of social media in the workplace from an employment law context. Using actual case law, this timely and practical session will identify the challenges, help you understand the risks and offer guidelines on preparing for and managing issues if they arise.

Caitlin Lemiski, Policy Analyst, Office of the Information and Privacy Commissioner for British Columbia
Andrea York
, Blake, Cassels & Graydon LLP

Presentation 1


Toward a New Privacy Economy

With the advancement of mobile and location-based services, our online social experiences have risen to an unprecedented level of personalization, enabled by ubiquitous information sharing. While consumers see value in sharing data in exchange for services, they remain wary about how that data is used. Staying anonymous for them isn’t the solution—transparency is the key to winning their trust…and an eight-page consent form delivered in a mobile app doesn’t cut it. We have spotted a trend on the fringes: businesses competing on privacy. The recognition of transparency, control and ownership as “privacy pillars” is taking hold. Overall, this will give rise to a privacy-centred economy that balances individual rights to privacy with business interests and economic considerations. Join us in this session to explore the role of privacy as a business enabler in this emerging online marketplace, and find out how your organization can position itself to better achieve compliance and trust.

Rafae Bhatti, CIPP/US, Manager, Cyber Security R&D, Accenture Technology Labs
Ryan LaSalle
, Senior Director Cyber Security R&D, Accenture Technology Labs

Presentation 1, Handout 1


Additional Expertise


Information Governance in a Corporate Compliance World

Information governance refers to a holistic approach to managing business information by implementing processes, roles, controls and metrics that treat information as a valuable resource. A legally compliant global records and information management program is the foundation that enables a business to capitalize on the benefits of an increasingly information-driven world and to more effectively pursue other corporate compliance initiatives. Join us for a detailed look into information governance, including how data is changing the way businesses are organized and run, compliance risks and guidance on overcoming the challenges of creating a global records and information management program.

Theo Ling, Partner, Baker & McKenzie LLP

Presentation 1


Protecting Youth Privacy: It Takes a Village

Get an inside look into how different functions within the Office of the Privacy Commissioner of Canada come together to address the issue of youth privacy. Join the in–house experts who oversee research, technology analysis, policy and investigations to learn about the behind–the–scenes activities that culminate in the office’s groundbreaking work in this area.

Moderator: Chantal Bernier, Assistant Privacy Commissioner of Canada, Office of the Privacy Commissioner of Canada
Kevin Chan
, Director Policy and Research, Legal Services, Policy and Research Branch, Office of the Privacy Commissioner of Canada
Anne-Marie Hayden
, Director General, Communications, Office of the Privacy Commissioner of Canada
Brent Homan
, Director General, PIPEDA Investigations Branch, Office of the Privacy Commissioner of Canada
Bill Wilson
, Chief Privacy Technologist, Technology Analysis Branch, Office of the Privacy Commissioner of Canada

Presentation 1