For session times and to view a complete conference schedule, visit the At-A-Glance.
Assessing IT Risks: What the Privacy Professional Needs to Know
Aron Feuer, CIPP/C, Vice President, Security & Privacy, Raymond Chabot Grant Thornton Consulting Inc.
Rikki Sorensen, Senior Consultant, Raymond Chabot Grant Thornton Consulting Inc.
IT security and information privacy programs are concerned with protecting confidential, personal or sensitive information. In these evolving fields, organizations often struggle to integrate elements that are common to both their security and privacy programs. This workshop will answer one question: How should the privacy professional leverage and integrate with an IT security program? The goal is simple: By establishing common objectives, integrating assessment methodologies and coordinating awareness training and risk management practices, organizations will improve both efficiency and assurance in privacy and security. In this workshop, we will address people, process and technology. We will discuss what to leverage (e.g., threat risk assessments, certification, compliance), and how to tweak security programs to address privacy needs at the same time. Using casing studies and real-world examples, we’ll explore overlaps and synergies of IT security and privacy impact assessments (PIAs); what makes a good threat and risk assessment; what can be leveraged from a threat and risk assessment report for privacy assessments; the value of integrating PIAs and threat and risk assessments; and how to kick-start an integrated privacy and security program.
What you’ll take away:
- Tips for tweaking security programs to address privacy needs
- Overlaps and synergies of IT security and privacy impact assessments (PIAs)
- How to kick-start an integrated privacy and security program
Janice Campbell, Risk Manager & Privacy Officer, SickKids
John Jager, CIPP/US, CIPP/C, CIPP/G, VP Research Services, NYMITY Inc.
In this practical workshop, we’ll introduce privacy to those new to the field. Learn the fundamentals of privacy law in Canada, understand the role of the privacy commissioners’ offices and explore the myriad of operational issues faced by organizations that collect, use and disclose customer and employee personal information. You’ll also learn the ins and outs of the creation, management and monitoring of an effective privacy program, and key elements of the privacy officer’s role within the organization. The workshop will provide an overall view of privacy applicable to all organizations and also address some unique privacy issues within the health and the public sectors.
What you’ll take away:
- Canadian privacy law fundamentals
- An understanding of the role of the privacy commissioners’ offices
- The basics of running an effective privacy program
- Key responsibilities of a privacy officer