1. Privacy Workshop: Privacy Impact Assessment - A Risk Management Tool? (FULL)

A Privacy Impact Assessment (PIA) is an analytical process conducted on a proposed or existing program or technology to determine its impact on individual privacy. The purpose of a PIA is to find ways to mitigate or avoid adverse privacy effects while striving to achieve legitimate business goals. A PIA is a risk management tool that can save both private organizations and public bodies unnecessary costs and negative public perception.

This session will explore the privacy concepts that should be addressed in a PIA and some of the practical benefits flowing from working through the assessment process. Concepts to be covered include examining when a PIA needs to be completed, acceptable processes and formats, what constitutes personal information and the general principles associated with legitimate collection, use and disclosure of personal information.

Presenters:

• Charmaine Lowe, Manager, Privacy, Access and Strategic Policy, Information Policy and Privacy Branch, Strategic Planning and Policy, Office of the Chief Information Officer, Ministry of Labour and Citizens' Services
• Jason Eamer-Goult, A/Senior Policy and Legislative Analyst, Strategic Planning and Policy, Office of the Chief Information Officer, Ministry of Labour and Citizens' Services

2. Security Workshop: Incident Response and Forensics: Looking Inside a Hacked Box

Workshop Description:

What should you do in the event of a security breach? How would you handle all the delicate issues during the incident in order to preserve evidence? This workshop will discuss best practices in incidence response and forensic investigation. In a live demo format, we will walk through a complete sequence of events that are typically experienced in the real world:

attack -> penetrate -> hide -> live response -> forensic investigation

We will first act as an attacker and penetrate an unpatched system; we will install a hacker's toolkit and use common techniques to erase our traces in order to avoid detection. We will then switch to the role of an incident responder, demonstrating investigation techniques used to construct pieces of evidence together.

Presenters:

• Yiman Jiang, M.Sc, CISSP, MCSE, Founder and Principal Consultant, Sumus Technology
• James Crooks, BScCS CISSP CISA I.S.A., Manager, Advisory Security Practice, PricewaterhouseCoopers

3. Security Workshop: A Mock Disaster Tabletop Exercise

A highly interactive advanced tabletop exercise will be provided by the Province of BC and Bell Canada. This mock disaster is based on real life disaster scenarios and sets the stage for you to develop an economical, appropriate and realistic crisis management plan for your company. The theme of the exercise is focused on a cyber event. The exercises take advantage of situations from around the world so that participants can benefit from the currency and immediacy of the crisis. As a workshop participant, you will play one of two roles: either a company representative tasked with managing this major disaster, or a simulator who will represent "all that could happen in the world" to the crisis management group. Either way, this is an exercise you won't forget! Participants of this workshop will walk out with an incredible experience and a complete exercise knowledge base to share with their company. Sign up early; as this session will fill up fast!

Presenters:

• Susan Bedwell, CPP Manager, Security Response Planning Information Security, Office of the Chief Information Officer Ministry of Labour and Citizens' Services
• Lloyd M. Ellam, Director, Crisis Management and Innovation BCE Security Solutions/BSSI (Bell Security Solutions Inc.) Executive Consultant; Homeland Security Canadian Advanced Technology Association
• Frank Teruzoli, Senior Risk Analysis Consultant and Practitioner San Francisco, California
• Dr. Mark Braverman PhD, Senior Human Continuity Specialist Bethesda, Maryland

PANEL A: Privacy & Security Breaches: A Duty to Inform?
Commentator: David Loukidelis, Information and Privacy Commissioner for British Columbia
Speakers:

1. Yim Chan, Chief Privacy Officer and Chief Information Officer, IBM
2. Terry McQuay, President, Nymity Inc.
3. Kirk Brown, CTO - Global Identity Practice, Sun Microsystems

PANEL B: Spyware, Viruses and Malware: How Secure Are You?
Commentator: Wes Ames, Associate Technical Fellow Infrastructure Security Specialist, Boeing
Speakers:

1. Ryan Purita, Totally Connected Security
2. David Cole, Director Security Product Markets, Symantec
3. Brian O'Higgins, Chief Technology Officer, Third Brigade

PANEL C: Corporate Privacy Policies: What Staff Need to Know
Commentator: Richard Purcell, CEO, Corporate Privacy Group, Chairman of TRUSTe and Member of Homeland Security Privacy Advisory Committee
Speakers

1. Karina Guy, Senior Manager, Enterprise Risk, Deloitte Touche LLP
2. Frank Work, Information and Privacy Commissioner of Alberta
3. Ken Williams, VP and Area Manager for Technical Services Division, CA

Luncheon - Privacy Discussion - Colwood

1. IBM Canada - Michael Martin, Consultant and Digital Media Architect, "Emerging Digital Video Surveillance and Privacy - The Escalating Conflict?" - Colwood I&II
2. Microsoft Canada - Linda Criddle, Child and Personal Safety Network, Microsoft - Saanich I&II
3. Sun Microsystems - Kirk Brown, CTO - Global Identity Practice, Sun Microsystems - Sidney
4. Oracle Corporation - Don Clewley, Security Specialist, "Strategies and Solutions in implementing ID and Access Management" - Oak Bay
5. CA - Ken Williams, VP and Area Manager, Technical Services Division, CA - Esquimalt
6. Adobe Systems - Mark James, Business Development Manager - View Royal
7. Symantec - Steve Duncan, Enterprise Account Manager and Greg Belanger, Systems Engineer - Integrated Security and Incident Management - Salon C

PANEL A: Managing Digital Records: Capturing the Past, Protecting the Future
Commentator: Dr. Luciana Duranti, Professor, School of Library, Archival and Information Studies, University of British Columbia; Project Director, InterPARES
Speakers:

1. Adam Jansen, Digital Archivist, Washington Secretary of State
2. Sue Kessler, Director, Information Management Branch, Alberta Government Services
3. Mark James, Business Development Manager, Adobe

PANEL B: National Identity Cards: The Privacy-Security Balance
Commentator: David Flaherty, Privacy and Information Consultant, former Information and Privacy Commissioner for BC
Speakers:

1. Dr. Roger Clarke, Professor, Computer Science, Australian National University; Principal, Xamax Consultancy Pty. Ltd.; Director, Australian Privacy Foundation
2. Michael Power Partner/Chief Privacy Officer, Gowling, Lafleur, Henderson Barristers & Solicitors, Patent & Trade Mark Agents
3. Joe Alhadeff, Vice President, Global Public Policy, Oracle Corporation

PANEL C: Wireless Security: Waves of the Future
Commentator: Dr. Anthony Townsend, Research Director, Institute for the Future, founder, NYCwireless
Speakers

1. John MacKillican, Chief Information Officer, RCMP
2. Brian Phillips, Bell Security Solutions
3. Patrick Gray, Senior Security Advisor, Cisco

Reception (Sponsor: by EDS Security)

PANEL A: Privacy and Security in the Face of Disaster
Commentator: Jason Gratl, President, BCCLA
Speakers:

1. Ian MacKay, Vice President, Law and Strategy, CATSA
2. Andy Jones, Information Security Forum
3. Evan O'Regan,Director, Secure Electronic Communications, Siemens

PANEL B: Forensics: Data Trails and Detection
Commentator: Linda Criddle, Child and Personal Safety Network, Microsoft
Speakers:

1. Jonathan Clark, President, FTS UK
2. Micheal Vonn, Policy Director, BCCLA
3. David Stewart, Forensic & Dispute Services, Deloitte & Touche, LLP

PANEL C: Borders, Boundaries and Biometrics: How Much Information is Enough?
Commentator: Ralf Bendrath, Research Fellow, University of Bremen, Germany
Speakers:

1. Peter Reid, Portfolio Manager, EDS Security
2. Raj Nanavati, Partner, International Biometrics Group
3. Nicole Ozer, Civil Liberties and Technology Policy Director, ACLU

Luncheon - Privacy Discussion - Colwood

PANEL A: International Case Study: Privacy and Security in East Asia
Commentator: Dr. Alan F. Westin
Speakers:

1. Dr. Anthony Townsend, Research Director, Institute for the Future, founder, NYCwireless
2. Dr. Jeffery Barlow, Director, Berglund Centre for Internet Studies, Matsushita Chair of Asian Studies, Pacific University
3. Dr. Colin Bennett, Professor of Political Science, UVic

PANEL B: Identity Management: Privacy-Enhancing Technologies versus Privacy- Invasive Technologies
Commentator: Dr. Roger Clarke, Professor, Computer Science, Australian National University; Principal, Xamax Consultancy Pty. Ltd.; Director, Australian Privacy Foundation
Speakers:

1. Dick Hardt, CEO, Sxip Identity
2. Curtis Blais, National Practice Manager, Security Consulting, TELUS
3. Roy Leahy, President and CEO, Whitenoise Laboratories Inc.

PANEL C: Privacy and Security of E-Commerce
Commentator: Peter Ferguson, Director, Industry Canada E-Commerce Policy
Speakers:

1. Peter Reid, Portfolio Manager, EDS Security
2. Kristine Robidoux, President, ComplianceWorks
3. Michael D'Sa, Manager of Data Security and Investigations, VISA Canada

1. Deloitte and Touche LLP - Donald E. Sheehy, CA-CISA, Senior Manager, Enterprise Risk, Privacy is A Business Issue - Esquimalt
2. TELUS - Ratko Spasojevic, Senior Security Consultant - Theatre
3. EDS Canada - Mark Bernard, EDS Advanced Solutions Privacy & Security Compliance Office, and
   Mary Carlson, Director of the Office of the Information and Privacy Commissioner for the Province of British Columbia - Saanich
4. Cisco Systems - Colwood I&II
5. Bell Security Solutions Inc. - Peter-Mark Bennett, Sales Director, Western Region - Sidney
6. Adobe - Mark James, Business Development Manager - Oak Bay

Privacy and Security in the Ubiquitous City: Is the U-City Your Kind of City?
Moderator: Keith Baldrey
Panelists:
Municipal/Research - Dr. Penny Gurstein, Professor in the School of Community and Regional Planning and a Faculty Research Associate at the Centre for Settlements, University of British Columbia
Police - Chief Jack Ewatski, President, Canadian Association of Chiefs of Police
Academic - Dr. Anthony Townsend, Research Director, Institute for the Future, founder, NYCwireless
Corporate - John Weigelt, National Technology Officer, Microsoft Canada
Public Advocacy - Micheal Vonn, Policy Director, B.C. Civil Liberties Association