Canada Privacy Symposium 2013

 

Use these links to jump to the topic you’re interested in:

KEYNOTE ADDRESSES

 

Looking back—and ahead—after a decade as Privacy Commissioner of Canada

Jennifer Stoddart, Privacy Commissioner of Canada

Presentation

EMERGING ISSUES AND TECHNOLOGIES

 

Data, Data Everywhere: Maintaining Compliance and Privacy in a Post-perimeter World

Tim Choi, Senior Director, Products, Watchdox

Thanks to mobility, file sharing and other irreversible trends, privacy officers now must contend with the fact that their organization’s private, sensitive data may end up anywhere, on any device. This poses a variety of challenges. For example, how does e-discovery work when a document is stored on an employee’s personal Dropbox account? Furthermore, how does an organization track what happens to a spreadsheet containing employee PII that gets downloaded to a mobile device? There are many technologies that purport to solve the problem. Join us to gain insight into how file sharing security, mobile device management, virtual desktops and other technologies can or cannot mitigate data loss and ensure compliance in a variety of real-world scenarios.

What you’ll take away:

  • An understanding of the challenges that mobility poses
  • An understanding of the challenges that file sharing poses
  • Instructive examples of how organizations have solved these privacy challenges

Presentation 1

Emerging Issues: Privacy vs. Freedom of Expression

David TS Fraser, Partner, McInnes Cooper, Author, Canadian Privacy Law Blog

Privacy and freedom of expression are increasingly colliding, and there is no evidence that the issue will soon subside. For example, the Supreme Court of Canada has just found that a young victim of cyber-bullying’s privacy interest overrides the rights of the media to report her name and information that would identify her. The Alberta Court of Appeal recently held that the province’s privacy legislation is unconstitutional to the extent that it purports to regulate expressive activity, such as filming replacement workers crossing a picket line. In other jurisdictions, media outlets and search engines are being caught in the middle of the debate over the “right to be forgotten.” Join us for what’s sure to be a lively discussion and debate regarding where privacy and freedom of expression overlap—and where they collide.

What you’ll take away:

  • An understanding of the current case law, based on appellate court jurisprudence
  • Identification of big-picture policy issues related to the interaction of important rights
  • A forecast on this emerging, global issue

Let’s Get Real: The Real Impacts of Big Data

Claudiu Popa, CIPP/US, President, Informatica Corporation

In this session, we will illustrate, using clear examples, what big data means for privacy protection, compliance and, ultimately, individuals. We’ll address the concerns over data aggregation from multiple legitimate sources, along with ways to design adequate controls to protect personal information by segregating it into siloed environments, logical and physical boundaries and policy enforcement. Real-world solutions are provided for what is rapidly becoming a standard way of distilling ever-more information from a universe of sources, including cloud-based services and a diverse array of mobile platforms.

What you’ll take away:

  • Security concepts of data aggregation
  • Privacy concepts of interjurisdictional data transfer
  • Technology concepts based on the use of diverse mobile devices

Presentation 1

Privacy and the Elderly: Risk Management for Financial Institutions

Timothy M. Banks, Partner, Fraser Milner Casgrain LLP, Chair, Advocacy Centre for the Elderly

Capacity and consent may become key issues or perceived issues when financial institutions are interacting with the elderly. Frequently, family members, neighbours, substitute decision-makers and attorneys for property may become involved in financial transactions. Financial institutions may also detect early warning signs of financial abuse or may be criticized for having failed to do so. Using case scenarios, we’ll explore the legal and practical privacy issues inherent to such cases.

What you’ll take away:

  • An understanding of how capacity assessment and consent under privacy legislation interact
  • Knowledge of the legal obligations with respect to the reporting of abuse and privacy restrictions on reports
  • Insight on how to fulfill privacy obligations when dealing with family and substitute decision-makers

Presentation 1

Ready, Set, Audit! Preparing Your Organization for CASL

Shaun Brown, Partner, nNovation LLP
Matt Vernhout, CIPP/C, Director, Client Support & ISP Relations, TC Media

Canada's Anti-Spam Legislation establishes complex new rules for anyone sending e-mail or other forms of electronic messaging, which is reinforced with significant penalties for non-compliance. Now that regulations under the legislation are nearly finalized, it is time for organizations to begin preparing by conducting audits of existing and future practices, identifying risks and developing compliance programs. Hear expert speakers provide valuable information based on firsthand experience in conducting compliance audits. You’ll gain two unique perspectives: that of a private practice lawyer who has assisted many clients in preparation for CASL, and that of a CASL compliance leader at TC Media, one of Canada's largest e-mail service providers. We’ll explore the practical steps in conducting an audit, addressing key compliance issues under CASL, working with partners and tips for ensuring overall success of a compliance program.

What you’ll take away:

  • Advice for conducting and managing a CASL compliance audit
  • Tips for identifying and addressing key risks under CASL
  • Insight on minimizing liability arising out of relationships with partners, service providers and clients

Presentation 1

The Secret to Secure Analytics in the Cloud

Khaled El Emam, CEO and Founder, Privacy Analytics, Inc.
John Weigelt, National Technology Officer, Microsoft Canada

There are often privacy and confidentiality concerns with putting sensitive personal information about employees or customers in the cloud, and the same concerns surround large-scale analytics in the cloud. Learn how secure analytics work, including examples of their application in the healthcare context. We’ll explore the processes involved in secure computation, including the use of homomorphic encryption. Example scenarios where secure computation in the cloud can be used include: a health researcher sharing data with the broader research community by posting the encrypted data online and still permitting analytics on that data; a financial services company that wants to take advantage of the elastic computing capacity in the cloud without having to trust the cloud provider with its sensitive data; and a wellness company collecting PI directly from consumers either online or through wearable devices, and then performing analytics on the data for benchmarking purposes, without knowing the exact values collected from the consumers. Join us for this overview of secure computation, how it protects privacy and confidentiality and its limitations, and hear some real-world examples of how it has been used in the healthcare sector. These examples include public health surveillance, the sharing of clinical research data and securely tracking individuals as they visit multiple care facilities.

What you’ll take away:

  • An overview of secure computation, how it protects privacy and confidentiality and its limitations
  • Real-world examples of how it has been used in the healthcare sector

Presentation 1

GOVERNANCE/RISK MANAGEMENT

 

Finding Clarity in the Cloud

John Wunderlich, CIPP/C, Privacist, John Wunderlich & Associates, Inc.
David Young
, Partner, McMillan LLP

Are you clear about your cloud usage? Many organizations struggle not only with whether to embrace outplacement of data and services to the cloud, but also with what to put out there. IT groups may want to take advantage of potential cost savings, but are these at odds with security and privacy concerns? Join us to explore a model that can be used as a basis for making policy decisions on what to float in your cloud based on sound privacy and security judgments. We’ll also discuss the legal aspects of such decisions that will influence not only the “what?” but also the “where?” The model presented will enable differential cloud facilities based on an organization’s compliance and risk criteria and may serve as the basis of a contract specification.

What you’ll take away:

  • A cloud compliance model for storage criteria policy decisions
  • Legal risk management and compliance control criteria for cloud storage
  • A template specification for privacy and security compliance in clouds

Presentation 1

Protecting the Packrat: How to Effectively Manage Data Retention Issues

Constantine Karbaliotis, CIPP/US, CIPP/C, CIPP/IT, Americas Privacy Leader, Mercer
Ellen Giblin, CIPP/US, CIPP/C, CIPP/G, Privacy Counsel, Ashcroft Law Firm

Most organizations keep too much data, much too long. We have become an information packrat society. And as a result, we have legislative responses that compel organizations to pay attention to the disposal part of the information lifecycle, including, arguably, the “right to be forgotten.” Join this compelling session to discuss the organizational and technical challenges of data retention and explore effective, privacy-friendly retention policies and tools.

What you’ll take away:

  • Organizational challenges in data retention
  • Examples of privacy-friendly retention policies and tools

Presentation 1

When It’s Time for Data to Die: A Framework for Disposing of Confidential Information

Des Fernando, Managing Director, Norgold InfoSec

Many breaches occur during the disposal phase, as organizations fail to install processes and procedures to dispose of confidential information securely. Join us to learn about building a framework for the secure disposal of confidential information, according to your organization’s security policies. You’ll explore key requirements, including classification, metrics and quantification, and much more.

What you’ll take away:

  • Insight on information lifecycle management
  • Tips for information classification according to your organization's requirement
  • An understanding of quantification and building scale for determining the level of confidentiality

Presentation 1

Why Reinvent the Wheel? How to Use ISO Auditing Techniques for Privacy Compliance

Sandra Smith-Frampton, CIPP/C, PIC SOS Consulting
Ben Snyman, President, eCompliance

Join us to discover how the application of ISO 19011:2011 can deliver evidence-based auditing for privacy compliance. Learn why is it important to engage the right people and the right lines of business, how to ask the right questions and how to deliver qualitative and quantitative audit results. You’ll gain insight on maturing your privacy program and demonstrating your organization’s ability to comply.

What you’ll take away:

  • An understanding of evidence-based auditing techniques
  • Insight on how qualitative and quantitative results will support regulators’ privacy program accountability requirements

Presentation 1

GOVERNMENT/PUBLIC SECTOR

 

How the Niagara Region Became a Leader on Breach Protocol: A Case Study

Else Khoury, Freedom of Information and Privacy Coordinator, Niagara Region
Matthew Trennum, Information and Privacy Analyst, Niagara Region

Niagara Region has an established privacy breach protocol, which it has relied on more and more frequently in recent years. Having implemented it as a corporate-wide policy, the protocol has become a tool for risk management, a policy to ensure regulatory compliance and a functional training aid. Join this interactive discussion on managing privacy breaches, the tools necessary to mitigate risk and institutional obligations following the containment of a privacy breach.

What you’ll take away:

  • An understanding of the importance of a privacy breach protocol
  • Tips for coporate policy management in a government setting
  • A better understanding of breach containment strategy

Presentation 1

Pushback 2013: New Models for Access and Privacy in Canada

Michael McEvoy, Assistant Commissioner, Policy and Technology, Office of the Information and Privacy Commissioner, British Columbia, Canada
Daniel Michaluk
, Hicks Morley LLP
Mandy Leigh Woodland
, Associate, Chair, CBA National Privacy & Access Law Section, Cox & Palmer

Is it worth it? That’s what courts and lawmakers across the country seem to be asking about privacy and freedom of information laws. Privacy protections exist to limit institutional power and protect individual rights. Freedom of information laws were designed to promote government openness, citizen engagement and democratic accountability. These are lofty ideals, but they come at a cost—in time, money and manpower. Resistance is growing: In British Columbia and Newfoundland, we’re seeing new statutes specifically limiting access or privacy rights. In Alberta and Ontario, the courts are limiting the scope of privacy legislation on constitutional or practical grounds. At the federal level, we’re seeing privacy taking a back seat to other values. Is the current retrenchment in Canadian access and privacy law a sensible response or an abuse of power? In this lively presentation and panel discussion, we’ll explore the answers to these questions as we review important legislative changes and key court decisions in both privacy and access law.

Presentation 1

Security Threat Risk Assessment: The Final Key Piece of the PIA Puzzle

Curtis Kore, Information Systems Security Analyst, British Columbia Lottery Corporation
Angela Swan, CIPP/C, CIPP/IT, Director, Information Systems Security, British Columbia Lottery Corporation

Learn how to incorporate a security threat risk assessment (STRA) into the process of developing a privacy impact assessment (PIA). Knowing where to incorporate security requirements during the PIA process and what questions to ask is critical to ensuring that risks are accurately identified and addressed prior to a PIA being signed-off on. You’ll learn the importance of integrating security and privacy processes to identify risks to personal information from numerous sources, including system failures, viruses, insider snooping, external attacks and outdated testing and quality assurance practices. An overview of the STRA process will be included, along with tips for identifying key areas of risk.

What you’ll take away:

  • An understanding of how to incorporate security reviews into existing privacy processes
  • Insight on the security threat risk assessment process
  • Key areas of risk that may not be obvious when reviewing a PIA

Presentation 1

What Are They Saying about Me? Citizens’ Concerns about Privacy and Online Reputation

Moderator: Chantal Bernier, Assistant Privacy Commissioner, Office of the Privacy Commissioner of Canada
Kevin Chan, Director, Policy and Research, Office of the Privacy Commissioner of Canada
Anne-Marie Hayden, Director General, Communications, Office of the Privacy Commissioner of Canada
Brent Homan, Director General, PIPEDA Investigations, Office of the Privacy Commissioner of Canada

An' everyone can say what they want to say
It never gets better, anyway
So why should I care 'bout a bad reputation anyway?
                                         Joan Jett, Bad Reputation

As increasing numbers of Canadians choose to share information about themselves and their friends across an increasing number of platforms, the issue of online reputation is finally on the radar for many Canadians. Hear an expert panel review recent OPC investigative findings relating to online reputation, OPC policy and research relating to best practices of organizations in this area; current public opinion research on Canadians’ concerns regarding their reputations online; and tools and resources designed to help Canadians avoid what Joan Jett warned us about.

What you’ll take away:

  • Online reputation is top of mind with Canadians
  • As the Internet rapidly evolves, information posted online can potentially be there permanently and is easily shared
  • Work in this area has led to the development of guidance for individuals and organizations

Presentation 1

HEALTHCARE

 

The Best of Both Worlds: When Innovation and Privacy Meet in the Age of Big Data

Martin Abrams, President, Centre for Information Policy Leadership (CIPL), Hunton & Williams LLP
Anick Fortin-Cousens, Program Director, Corporate Privacy & Data Protection Office & Privacy Officer, Growth Markets, IBM Corporation

Research has shown that data-driven organizations perform better. Thus it is not surprising that more and more organizations look to leverage the volume, velocity and variety of data that today's instrumented and interconnected world makes readily available to gain deep insights, including into their individual constituents. Yet gathering, merging and analyzing personal information from various sources, and putting that insight to use, present legal and ethical challenges. How can organizations make innovative yet responsible use of personal data within this context? This panel will touch on the basics of analytics, highlight some of its applications, including in the healthcare space, discuss the privacy challenges associated with it and good practices, and propose ways forward. You’ll gain extremely valuable insight as the leader at a global privacy think-tank and a privacy compliance and risk-management expert at a global analytics industry leader discuss and debate this timely issue.

What you’ll take away:

  • An understanding of the basics of big data analytics and associated benefits and risks
  • Good practices used to mitigate privacy risks and comply with privacy laws

Presentation 1

6 Essentials for Building a Culture of Privacy

Sandra Fletcher, CIPP/C, Senior Privacy Analyst, University Health Network

Many people confuse “privacy” with “secrecy.” Join this insightful session to learn how to foster a privacy-aware culture through openness and information control, not concealment. We’ll focus on six key areas: making privacy a priority, communication, education, PbD, making privacy accessible and accountability.

What you’ll take away:

  • Tips for building a person-centred privacy training plan
  • Guidance on training professionals—in a meaningful way—about how privacy is everyone's concern and right

Presentation 1

The Good, the Bad and the Not So Ugly: Social Media in Healthcare

Valita M. Fredland, CIPP/US, Associate General Counsel & Chief Privacy Officer, Indiana University Health, Inc.

Join us to examine the legal and privacy implications of social media use by healthcare providers. You’ll explore sample scenarios with legal and privacy analysis and an overview of relevant precedents. You’ll also learn real-life examples of how one large healthcare provider has begun to use social media to make connections.

What you’ll take away:

  • Identification of legal issues that may be implicated when healthcare providers use social media
  • An understanding of the privacy issues unique to the use of social media by healthcare providers
  • Encouragement to providers who are social-media reluctant to think about ways they might begin to engage

Presentation 1

It’s a Brave New World—Privacy in the Era of E-health

Natalie Comeau, CIPP/C, Senior Privacy Advisor, University Health Network
Manuela Di Re
, Associate Director of Legal Services & Senior Health Law Legal Counsel, Office of the Information and Privacy Commissioner, Ontario, Canada
Robin Gould-Soil
, Chief Privacy Officer, University Health Network

In the era of e-health, almost all medium- to large-sized health information custodians (HICs) have been approached at least once to share their data with other custodians through an electronic system. While most attention is given to the additional responsibilities placed on the health information network providers (HINPs) who create and support these systems, sending personal health information to or through a shared system poses different privacy risks to HICs, requiring HIC policies and procedures to evolve and change. In addition, you’ll learn some of the common risks posed to HICs, methods that can be used to fully assess your risk and how your privacy program will need adapt. You’ll leave with valuable lessons learned, helpful tips and tools.

What you’ll take away:

  • Insight on how privacy risks to your organization will change in the new environment
  • Guidance on adapting your privacy program to manage these new risks
  • Helpful tips and tools

Presentation 1

NETWORKING SESSIONS

 

Getting It Right: Accountability and Your Privacy Program

Elizabeth Denham, Information and Privacy Commissioner, Office of the Information and Privacy Commissioner of British Columbia
David Hughes, CIPP/C, Partner, Forward Law LLP

Join Commissioner Elizabeth Denham for an in-depth discussion of one of her favourite topics—accountability. Joining the commissioner is David Hughes, who will share his firsthand expertise on successfully implementing the accountability framework.

Presentation 1, Presentation 2

Making Privacy Impact Assessments Real

Howard Young, Privacy Program Director, IBM Corporation

Privacy by Design (PbD) provides an excellent roadmap for embedding privacy safeguards into your business applications and processes. When PbD and privacy impact assessments (PIAs) are combined, privacy officers have the tools to be proactive in managing privacy risk. Join us to look further at how PIAs can provide both a taillight and headlight view of privacy risk. We’ll cover the following topics: 1) a method for conducting assessments, 2) the design strategy to align the assessments to the business needs, 3) key PIA components for creating a privacy ecosystem, 4) approaches for leveraging PIA results to improve oversight and governance, 5) metrics to streamline operations and reduce costs and 6) the benefits of this implementation approach. This session is based upon lessons learned from deploying PIAs across the enterprise, and it will provide insights on not just the how and the what, but also on why the techniques described are important for managing an end-to-end process to reduce deployment and operational costs. The deployment approach we’ll explore uses baby steps to implement PIAs so that regardless of the size of your company, there are important takeaways.

What you’ll take away:

  • Why an end-to-end perspective is needed to maximize the full benefits of PIAs
  • How to minimize the costs of PIAs while maximizing the benefits
  • Using PIAs to transform your organizational privacy DNA and governance

Presentation 1

Notes from Alberta: The IPC on Data Breach Notification

Jill Clayton, Information and Privacy Commissioner of Alberta

With Alberta at the forefront of data breach notification in Canada, Commissioner Jill Clayton will be able to speak from experience on the effectiveness of the legislative requirements and offer insight on implementation while balancing the roles of regulator and collaborator with stakeholders.

A Q&A with the Commissioner: Big Data and Privacy Health Research

Ann Cavoukian, PhD, Commissioner, Office of the Information and Privacy Commissioner, Ontario, Canada

Commissioner Ann Cavoukian is passionate about big data and privacy health research. With a great deal to be discussed in this area, Cavoukian will provide an illuminating solo presentation. During a Q&A, you’ll have an opportunity to have her answer your toughest questions on this exciting topic.

Presentation 1

What’s on the Horizon? A 360° Discussion on Public-sector Privacy

Chantal Bernier, Assistant Privacy Commissioner, Office of the Privacy Commissioner of Canada
Mimi LePage
, Executive Director, Information and Privacy Policy Division, Treasury Board of Canada Secretariat

Assistant Privacy Commissioner Chantal Bernier is constantly looking towards the horizon to see what challenges and risks lie ahead when it comes to public-sector privacy issues. Join her in this interactive session, where she’ll tell you what privacy challenges are top of mind for her, and you can share your thoughts and leading privacy challenges.

What you’ll take away:

  • Better knowledge of major and emerging public-sector privacy issues
  • Networking with other privacy professionals working on public-sector issues

Presentation 1

REGULATORY/LEGAL UPDATES

 

Top Five Workplace Privacy Issues

Lyndsay A. Wasser, Partner, Employment & Labour Group, McMillan LLP

What are the top five workplace privacy issues typically facing employers today? Get the facts in this illuminating session, where we’ll use case studies to explore today’s key privacy concerns for employers, including employee privacy rights, background checks, employee monitoring, sharing of employee information with foreign affiliates and employee access to records.

What you’ll take away:

  • Legal considerations applicable to workplace privacy
  • Ability to better spot privacy issues in employment matters
  • Strategies for reducing risk

Handout 1, Presentation 1

Trendspotting: Privacy Litigation in 2013

Alex Cameron, Partner, Fasken Martineau DuMoulin LLP

Using case studies of a number of recent privacy-related claims, decisions and settlements out of court, we’ll offer an essential overview of current and evolving trends in privacy litigation in Canada. This session will cover (a) damage awards under data protection legislation and how to minimize or avoid them; (b) the current state of privacy-related class actions across Canada, including settlements; (c) privacy-related litigation claims under Quebec law; and (d) tort-related privacy claims under provincial statutory torts and at common law, including the evolution and consideration of the common law tort first recognized by the Ontario Court of Appeal in Jones v. Tsige in 2012. This session will also highlight the potential litigation impacts of legislative developments, including Canada’s Anti-Spam Legislation and breach notification in PIPEDA.

What you’ll take away:

  • Practical tips for avoiding, managing and mitigating risks of privacy-related litigation
  • Information about privacy litigation, which will help increase awareness and make the case for privacy protection at your organization
  • An up-to-date picture of the current trends and developments in the rapidly evolving area of privacy litigation

Presentation 1

Who’s Watching the Kids? OPC Perspectives on Youth Privacy

Jennifer Seligy, Counsel, Office of the Privacy Commissioner of Canada

Explore youth privacy issues from a legal perspective, including the challenges of protecting children in the online world and in the face of rapid technological change. We’ll also explore how OPC has addressed issues in investigations and court cases (for example, Nexopia litigation and Bragg).

What you’ll take away:

  • Insight on the challenges of using the law to address the special considerations surrounding youth privacy in the online world, and the fast-pace of technological change

Presentation 1

ADDITIONAL EXPERTISE

 

Best Practices in Privacy Education: Putting Control in the Hands of the Users

J. Trevor Hughes, CIPP, President & CEO, IAPP
Robert M. Sherman, Manager, Privacy and Public Policy, Facebook, Inc.

An issue that is at the heart of the privacy dialogue today, determining how to best explain privacy to your users can be extremely tricky. So, how do we engage and educate users, passing the torch of control over to them? Join this insightful discussion of the issues surrounding privacy education, including just-in-time notice and transparency, user control and recent trends and improvements in this area. We’ll also discuss key themes that CPOs should consider as their organizations evolve to become more social.

What you’ll take away:

  • The issues inherent to privacy education
  • Workable solutions for these challenges
  • Recent trends and developments in this area

Canada’s Response to the EU Privacy Regulation

Constantine Karbaliotis, CIPP/US, CIPP/C, CIPP/IT, CIPM, Americas Privacy Leader, Mercer

Canada has not been troubled to the extent the U.S. has in relation to the proposed EU regulation, but should we be more concerned than we are? Let’s discuss how the Canadian public and private sectors might be impacted by the regulation. We’ll explore whether our “adequate” status is at risk, whether we need to amend our privacy legislation to meet the heightened expectations and if our “subdivisions” are at risk, as well as the proposed regulation’s impact on the U.S. The regulation is challenging the U.S.’s willingness and ability to meet the new standards: Is this a problem for us, or an opportunity?

Presentation 1

CPO Network

Laura Davison, CIPP/US, CIPP/C, Chief Privacy Officer, Institute for Clinical Evaluative Sciences
Robin Gould-Soil, CIPP/C,
Chief Privacy Officer, University Health Network 
Della Shea, CIPP/C, Chief Privacy & Information Risk Officer, Symcor Inc.   

Nobody knows the challenges of being responsible for privacy like another privacy officer. If you’re a privacy officer, the CPO Network is just for you. Join us to hear from a cross-section of privacy leaders and connect with peers about common challenges and solutions.

The Ups and Downs of Being Wired Into Your Customers

Nyree Embiricos, Counsel, Amex Bank of Canada
Theo C. Ling, Partner, Baker & McKenzie LLP

Today’s organizations use numerous electronic and online methods and applications (such as OBA, electronic messages and mobile devices) to connect with customers. We’ll explore the many possibilities and drawbacks to using these tools to manage and deepen client relationships.

Handout 1, Presentation 1, Presentation 2

Top Cybersecurity Concerns that Every Privacy Professional Should Know

Samuel Roshan Abraham, CIPP/C, Director, Professional Services, Eosensa, Inc.

It’s safe to say that chief executives and IT security professionals don’t have a close working history. However, in the wake of such massive and highly publicized attacks on corporate giants like Google, Amazon, Citibank, JPMorgan and Lockheed Martin, today’s CEOs have realized that information security is an issue that is as much their area of concern as financial performance. In fact, the two are very closely aligned. The central issue in the fight to protect sensitive information and secure enterprises is that information owners are unprecedentedly challenged, and effective security requires more than disparate tactics. Join us as we discuss recent information breaches, the tactics used by cyber criminals to attack organizations and other trends and emerging threats to information security. To conclude this session, we will discuss the challenges to privacy faced by organizations implementing BYOD policies and what they should do to mitigate the associated risks.

What you’ll take away:

  • Insight on information breaches, the tactics used by cyber criminals, trends and emerging threats to information security.
  • The challenges surrounding BYOD policies, and tips for mitigating the associated risks.

The World in One: Developing and Implementing a Global Privacy/Data Protection Compliance Strategy

Christine A. Carron, Senior Partner, Norton Rose Canada
Pamela Jones Harbour, Fulbright & Jaworski LLP

As data protection and privacy legislation and regulatory requirements around the world continue to develop and evolve, new pressures are placed on multinational organizations and organizations with subsidiaries around the world to create, develop and implement globally consistent data protection/privacy policies and procedures. The globalization of data control systems, the evolution of cloud computing technology and increasing regulatory enforcement and litigation risk for data breaches have all highlighted the need to ensure privacy/data protection strategies are consistent and harmonized in all jurisdictions. This session will explore the emerging trends in global privacy management challenges and will provide practical solutions for addressing these emerging compliance issues. The speakers will offer perspectives from Canada, the U.S. and Europe, together with links to their directory providing basic information on privacy laws in countries throughout the world.

What you’ll take away:

  • Strategies and tools for implementing global privacy/data protection systems within your organization.

Presentation 1, Presentation 2