The International Association of Privacy Professionals (IAPP) will be offering privacy certification examinations in advance of the Reboot conference on February 2, 2008. Candidates have the option to take the Certification Foundation exam (required for all first-time candidates seeking any of our certifications) and one module exam of their choice: CIPP, CIPP/G, CIPP/C or CIPP/IT.

The Certified Information Privacy Professional/Canada (CIPP/C) launched in 2006 as the IAPP's first national data protection certification. The CIPP/C certification assesses understanding and application of Canadian information privacy laws, principles and practices at the federal, provincial and territorial levels. For more information about the CIPP/C and the IAPP's other certification programs, as well as course outlines and training materials, please visit the "Certify" section of the IAPP Web site at www.privacyassociation.org.

To register for the exam, visit the IAPP Community Portal https://community.privacyassociation.org/eWeb/
DynamicPage.aspx?WebCode=LoginRequired&Site=iapp. IAPP membership is a requirement for certification; you must be an IAPP member in order to register for any of the exams.

The Executive Women's Forum (EWF--Western Region) invites you to their meeting to be held in conjunction with the Government of British Columbia's 10th annual Privacy and Security Conference. Please join members of the EWF on February 2nd at 8:30 a.m. in the Sidney room for networking opportunities and to learn more about the Executive Women's Forum.

Founded in 2002, The Executive Women's Forum is a community of the nation's most influential female executives in the Information Security, Privacy and Risk Management industries. The EWF provides a trusted community for discussing best practices, sharing ideas, and building relationships for like minded women in the fields of information security, risk management, privacy, governance, information technology, compliance and IT audit.

The EWF community is a global network of intelligent, powerful and influential women who have "been there and done that" and are willing to share their challenges and successes to empower other members to achieve excellence in their careers and their organizations. Members represent Fortune 100 to 1000 companies and provide critical and relevant knowledge on issues that impact every organization.

The Executive Women's Forum is committed to helping you grow and strengthen your business and personal networks. EWF gives you the opportunity to develop relationships across the globe and across industries as well as government and educational institutions. The strength of this diverse group of experts allows you to bring more value to the table both within and outside of your company.

A. Privacy and Access Workshop (Salon C)
A thorough understanding of the Freedom of Information and Protection of Privacy Act is essential for the proper administration of FOIPP Act programs. This full day workshop is designed to give general practitioners involved in administering the FOIPP Act a deeper understanding of the legislation that governs their programs. The workshop will cover the FOIPP Act's requirements for protecting personal information, including collection, use, disclosure, accuracy, and disposition of personal information, and the FOIPP Act's requirements governing the right of access, including how to properly apply exceptions to disclosure through severing. Attendees can expect to leave this workshop with a better understanding of the underlying principles of transparency and privacy and how to properly balance these fundamental concepts".

Presenters:

• Jeannette Van Den Bulk, Senior Legislative Policy Analyst, LCS
• Jason Eamer-Goult, Senior Manager, Knowledge and Information Services, LCS
• Joanne Gardiner, Senior Legislative Policy Analyst, LCS
• Kash Basi, Senior Legislative Policy Analyst, LCS

A(1). Sun Microsystems Workshop (Colwood)

OpenSSO Federation Lab

OpenSSO (http://www.opensso.org) provides access management by allowing the implementation of authentication, policy-based authorization, federation, SSO, and web services security from a single, unified framework. The core application is delivered as a simple web archive (WAR) that can be easily deployed in a supported web container.

In this hands on lab, you will learn how to install and configure OpenSSO and create your first "Fedlet". A Fedlet is a streamlined Service Provider implementation of SAMLv2 single sign-on (SSO) protocols. Fedlets are designed as a light weight federation solution used by Service Providers when a full-featured federation solution is not required, and when the primary goals are to achieve single sign-on with an Identity Provider while also retrieving some user attributes from the Identity Provider.

Participants are asked to bring their own laptops. At the conclusion of the lab, you will have a complete OpenSSO environment running on your laptop inside a VirtualBox (http://www.virtualbox.org) image.

The lab requirements are as follows:

• Laptop running Windows (XP, Vista), Linux or Mac OS X (intel)
• 2 GB of RAM (minimum)
• 5 GB of available disk space
• 1.8 GHz or faster Intel/AMD cpu (dual core preferred)

Lab Modules:

• Module 1: Installation and Configuration of VirtualBox
• Module 2: OpenSSO installation and configuration - overview
• Module 3: Fedlets
• Module 4 (time permitting): SAML federation. Join two instances of OpenSSO together in a SAML federation.

Presenters:

• Paul Bryan, Senior Software Engineer, OpenSSO Project, Sun Microsystems
• Warren Strange, Senior Software Architect, Sun Microsystems

If you have any questions regarding the lab or laptop requirements please contact [email protected]. If you wish to participate but do not have a laptop please let us know. We will have a limited number of workstations available. Space in the lab is limited - please register early.

D. Oracle Workshop (Oak Bay)

In an effort to assist the Departments in tackling major security initiatives such as the protection of Personally Identifiable Information (PII) data, Oracle will be hosting a free Maximum Security Architecture Workshop. Please take this opportunity to learn how you can meet security mandates using Oracle's out-of-box security solutions.

Topics to be discussed will include:

• Comprehensive Data Protection
• Comprehensive Identity & Access Management
• Comprehensive Controls Enforcement

Presenter: Derick Cassidy, CISSP-ISSAP, Master Principal Solution Specialist, Oracle

B. Security Workshop: Social Escapes - Where do your kids webscape to? (Theatre)
The web today offers our children endless opportunities for virtual social contact, keeping kids tied to their keyboards, game consoles and other electronic devices, rather than their park playground. Unfortunately, the web playground is populated with unsavoury characters and other threats that can have significant negative impacts which far exceed the dangers of the park playground. In this workshop, we will explore the social networking opportunities that exist and discuss the pros and cons involved as they relate to the iGeneration. From YouTube to Facebook to chat rooms, this workshop promises to invoke some exciting discussions and reveal information which will enlighten and guide both children and parents.

Presenter:

• Bruce Cowper, Chief Security Advisor, Microsoft
• Julie Fast, Saanich Police Department
• Winn Schwartau, President, Interpact, Inc., Author of "Information Warfare", "CyberShock", "Time Based Security" and "Internet and Computer Ethics for Kids".

C. Adobe Workshop: Security and Collaboration: Can we have both? (Oak Bay)
At times it seems that the objectives around securing and collaboration information are diametrically opposed. Government agencies are challenged with the need to greater collaborate, while at the same time meeting requirements around the security and privacy of information. This session will explore the conflicting challenges agencies are facing and discuss whether it is possible for customers to achieve both.

Presenter: Mark James, Business Development Manager, Adobe Systems Incorporated

E. The MITRE Corporation with the Information and Privacy Commissioner's Office of Ontario (Saanich)

Moderator: Ann Cavoukian, Ph.D, Information and Privacy Commissioner for Ontario, Author of "The Privacy Payoff"

Presenters:

• Dr. Stuart S. Shapiro, Lead Information Security Scientist, MITRE Corporation
• Ken Anderson, Assistant Information and Privacy Commissioner of Ontario
• Charmaine Lowe, Director, Information Architecture Standards, Ministry of Labour and Citizens' Services, Province of British Columbia
• Joseph H. Alhadeff, Vice President for Global Public Policy and Chief Privacy Officer, Oracle
• Khaled El Emam, Ph.D, Canada Research Chair in Electronic Health Information, CHEO Research Institute and the University of Ottawa

This session is intended to explore the area of ePETs, which are aimed at supporting privacy within large organizations that must appropriately handle and safeguard large amounts of personally identifiable information (PII) throughout the information life cycle. The dominant focus of traditional PET research and development has been tools to enable data subjects to protect their personal privacy, typically by preventing the collection of PII. There is a growing need, though, for tools that can help data stewards responsibly manage the PII in their possession in accordance with Fair Information Practices.

F. Accenture Workshop (Colwood)

Security in the Mist: Dispelling the Fog around Cloud
Computing in the Cloud is something many organizations are intrigued by, but few know how to determine if it's the right solution for their enterprise. While it offers some compelling economics, it can also expose the organization to more risk. Questions about privacy, compliance and accountability are just some of the topics within the risk ecosystem that need to be considered and addressed when choosing a Cloud vendor. Whether or not you decide to utilize cloud computing, it is highly likely that many of your customers, supply chain providers and partners will. The risk will need to be accounted for and managed even if you do not use this resource directly.

Workshop participants will walk away from this session with a working knowledge of Cloud, its impact on Security and pragmatic tools to both assess the service itself and choose the right solution for your organization. You'll also understand how to manage your extended network of partners and stakeholders who may already be in cloud. Participants will use a case study to examine the risks and rewards of Cloud, and will have an opportunity to share and learn from one another in an open discussion.

Presenter: Eric Ashdown, Senior Director, Accenture Security Strategy and Risk Management Group

G. Privacy, Security and the 2010 Olympics (View Royal)

In February 2010, Canada will host the Winter Olympic Games in Vancouver, British Columbia. These Games constitute a unique event from a privacy perspective, in that they serve to focus our attention on the range of technological and institutional pressures that come together at this one time, producing extraordinary security challenges but also significant pressures on personal privacy and other civil liberties. Experts from academia, civil society, the private sector, and government at the workshop will discuss the privacy and security implications associated with hosting the Vancouver 2010 Winter Olympic Games.

Speakers will address the extent to which public and private officials involved in security and critical infrastructure protection have taken privacy protection into account. Academic experts and civil society groups will also address the historical institutional legacies of the new security and surveillance apparatus being deployed in Canada, and locally in Vancouver and Whistler, on the privacy rights of citizens.

Participation in this workshop is by invitation only, however organizers will consider admission to the workshop on a case-by-case basis. Please contact Adam Molnar at [email protected] to indicate interest in participating in the workshop, or if you have any other questions.

Introduction: Jennifer Stoddart, Privacy Commissioner of Canada

Panel One: Security, Privacy and Mega-Events Vancouver 2010
Moderator: Chantal Bernier, Assistant Privacy Commissioner (Privacy Act), Office of the Privacy Commissioner of Canada

Speakers:

1. David Loukidelis, Information and Privacy Commissioner for British Columbia
2. Michael Vonn, Policy Director, British Columbia Civil Liberties Association
3. Claire de Grasse, Western Manager, Security Professional Services, Bell Canada

Panel Two: Critical Infrastructure Protection and the Legacies of Mega-Events
Moderator: Dr. Colin Bennett, Department of Political Science, University of Victoria

Speakers:

1. Dr. Kevin Haggerty, Department of Sociology, University of Alberta
2. Dr. Christopher Shaw, University of British Columbia
3. Dr. Harry Hiller, Department of Sociology, University of Calgary

Closing remarks with Dr. Colin Bennett

When Dr. Ann Cavoukian first coined the term "Privacy by Design" in the 1990s, she envisioned that technology could be enlisted in the protection of privacy, not only its encroachment. She believed that privacy was far more likely to be protected if it was embedded into technology - built directly into its architecture. Dr. Cavoukian is now extending Privacy-Enhancing Technologies (PETs) to "PETS Plus" by combining it with a positive-sum (not zero-sum) paradigm, enabling both privacy and whatever functionality a technology was designed to perform. Hear Dr. Cavoukian explain how PETs Plus can actually be transformative in nature - transforming your privacy problems into privacy solutions.

1. Stewart Baker, Assistant Secretary for Policy, Department of Homeland Security

   Counterterrorism and Data Protection -- Lessons from Europe
   The United States and the European Union have waged highly publicized battles over the data protection standards that apply to data gathered by the United States in its counterterrorism campaign. These battles have ended in agreements, and now the two parties are contemplating a broader entente on the issue. What the the lessons, risks, and opportunities for Canada?

2. Alan Lefort, Director, Product Management TELUS Security Solutions

   The Drivers of Security Performance Lessons Learned from the Rotman-TELUS Study on Canadian IT Security Practices
   Few Canadian organizations feel they have security well in hand. Alan Lefort will delve into the Rotman-TELUS study data to highlight the security initiatives and behaviours that distinguish Canada's top performing security organizations from the rest.

Panel A: Cloud Computing - Privacy and Security, is there a Silver Lining?

Cloud computing is shifting tasks - and the handling of personal information - away from our personal computers and onto the Internet. From word processing and spreadsheets, to photos and image editing, to our communications, large scale data storage, and entire operating systems - these services are increasingly available anytime, anywhere. But are individuals paying for greater access and convenience with their privacy?

Once this information is located in one or more databases out there "in the clouds", it may be accessed and used in ways that individuals never envisioned or intended, and with little oversight. Governments can dip into this treasure trove with a subpoena; companies can mine this information to build profiles, deliver targeted advertising, and share with others. And with the lengthy data retention periods and ineffective deletion procedures of many companies, users may find it very difficult to remove their data once it is uploaded. This session will explore the opportunities and risks posed by personal computing in the clouds.

Moderator: Ann Cavoukian, Ph.D., Information and Privacy Commissioner for Ontario, Author of "The Privacy Payoff"
Speakers:

1. Nicole A. Ozer, Technology and Civil Liberties Policy Director, ACLU of Northern California
2. Joseph H. Alhadeff, Vice President for Global Public Policy and Chief Privacy Officer, Oracle
3. Anthony Nadalin, Distinguished Engineer and Chief Security Architect, IBM Software Group

Panel B: Deep Packet Inspection - Under the Magnifying Glass

Deep Packet Inspection, or DPI, is a next-generation technology that is capable of inspecting every byte of every packet that passes through the DPI device - packet headers, types of applications, and actual packet content. As a technological solution, DPI is a fundamental tool for network managers - it enables network security and network access control. It also offers a possible tool for authorities or organizations that wish to monitor or restrict particular traffic or content, enabling as it does lawful access compliance, quality of service and DRM enforcement.

If we expand our perspective to incorporate the challenges posed by the renewed copyright legislation, lawful access, behavioral targeting, traffic shaping and the monitoring of civilian communications under the auspices of the national security imperative, then DPI is a technology that can fundamentally alter how Canadians are able to access and profit from information available online. This session will examine some of the fundamental issues raised by the use of DPI technology, including those of accountability, transparency, and democratic control and oversight.

Moderator: Bruce Phillips, Former Privacy Commissioner of Canada
Speakers:

1. Steven Johnston, Senior Security and Technology Advisor, Office of the Privacy Commissioner of Canada
2. Suzanne Morin, Assistant General Counsel, Bell Regulatory Affairs
3. Bruce Cowper, Chief Security Advisor, Microsoft

Panel C: Fusion Centres - What Happens When it All Comes Together?

Fusion centers are a rapidly emerging public-private Information Sharing Environment being built to help manage critical infrastructure and terrorism risks, but privacy policies and controls need attention. These centres are bringing together information and intelligence from public, classified and sensitive but unclassified sources.

This session will provide an overview of how the various pieces of this growing information sharing fabric fit together, describe privacy issues associated with this growing information sharing model, and discuss mechanisms used (or in some cases badly needed) by government and industry to identify and manage the privacy risks associated with the use of personal information for critical infrastructure protection.

Moderator: John Sabo, CISSP, Director, Global Government Relations, CA
Speakers:

1. Deputy Directeur General Steven Chabot, President, Canadian Association of Chiefs of Police
2. Greg Gardner, Vice President, Public Sector Strategy and Business, Oracle

With personal information being collected, shared, analyzed, transferred and stored at an absolutely astonishing rate, we face a daunting list of privacy challenges. Jennifer Stoddart, Privacy Commissioner of Canada, offers her thoughts on where we should be focusing our attention as we search for solutions to protect privacy in the 21st Century.

Luncheon Address: Peter Evans, CTO, IBM Internet Security Systems (Crystal Ballroom)

Security for Uncertain Times - The Security industry is experiencing a "Perfect Storm". Intersecting issues of evolving threats, compliance mandates, business innovation, global economic trends, and emerging web 2.0 vehicles threaten to put enterprises and governments at further risk, while limiting their ability to innovate. Various estimates show an 80% rise in the numbers of organizations that have been compromised. As sophisticated crime organizations surreptitiously siphon off data, they are rapidly outpacing the advance of today's security offerings. This presentation and discussion will provide insights into the next generation of threats, Managed Exploit providers, and alternative approaches and strategies to address the new security mandate of the sustainable organization.

Sun Microsystems Luncheon - Warren Strange, Senior Identity Architect, Sun Microsystems (Colwood) (limited seating)

Privacy Lunch (Oak Bay)

Security Lunch (Esquimalt)

"Changing Information Security for Turbulent Times"
The world has changed and information is now the lifeblood of modern business, government and the global economy. Information is undoubtedly the most powerful and precious asset for any organization. At the same time, unprecedented challenges are looming ahead and information security professionals are facing turbulent times. The economic downturn is stripping budgets and resources - forcing security teams to protect with less, but business demands around information security are only growing. There is also the most advanced threat environment launching targeted attacks at all types of information for financial gain.

In these challenging times - always look for the silver lining. How can information security professionals adopt a new way of thinking and come out ahead? This session will examine how information security professionals can seize this opportunity and evolve into stronger organizations that can better support the business and the needs of customers, employees, partners, and other stakeholders.

1. Sun Microsystems - Edward Moffat, Desktop Solutions Architect (Colwood I&II)

   The Economic Impact of a Smart and Secure Desktop Computing Strategy Synopsis - Why should security cost more? Do you want to learn how to make your desktop environment more secure while reducing your costs? Do you want to know how you can proactively plan your desktop refresh cycle? Do you wonder if there is an alternative to managing PC and application set-up, maintenance, upgrades and removals? With over 31,000 desktops Sun has won numerous awards for both securing its infrastructure and having so many of its employees working off site (generally from home), securely. This session will illustrate, with real life examples, how a smart desktop computing strategy can provide organizations with centralized control over data, applications and desktops, which result in improved security and cost benefits. You will experience first hand the concept of having your work follow you through a live demonstration of "hot desking" and the ever fascinating Sun Ray Thin Client technology.

2. Symantec - Stefano Tianardi, CISSP,Technical Compliance Specialist PCI and Compliance (Saanich I&II)

   As the number and complexity of risks and regulations continue to grow in an environment where silent and precision attacks are crafted every day, Symantec's provides market leading technology that will enable your organisation to identify and monitor assets for compliance against your internal standards as well as external regulatory requirements. This session will discuss the capabilities delivered as part Symantec's new Control Compliance Suite. We will cover automation possibilities regarding: entitlement, standards, asset risk, and process among others, in order to help you gain a better understanding of how Control Compliance Suite can help automate the assessment and improvement of controls in turn helping ensure adequate protection of your organisation's most important assets. The capabilities will be discussed within the context of the PCI (Payment Card Industry) requirements, specifically how automation can help reduce cost while helping to improve effectiveness of controls.

3. TELUS - Ben Sapiro, National Practice Manager, Secure Applications & Systems, TELUS Security Solutions and Travis Kay, Sr. Security Consultant, TELUS Security Solutions (Oak Bay)

   Ten Lessons Learned from IAM Implementations - Every Identity and Access Management project have unique challenges, but regardless of the technology solution or the implementation model, there are a few repeating challenges that occur across many IAM implementations. This session will explore these common challenges and explore potential solutions.

4. EDS - Peter Reid, Chief Privacy Officer, EDS (Esquimalt)

   The public and private sectors, as well as consumers, are all entwined in an intricate web of competing interests that require delicate management of individuals' personal information. While many Privacy Officers come from a legal background, Peter brings a wealth of technology knowledge and international experience to his position within HP/EDS.

   In this breakout, Peter will be discussing:

   • How other jurisdictions are focusing on privacy issues?
   • What are consumers' expectations on those who manage their personal information?
   • What enforcement is being carried out in the privacy arena?
   • What impact are rapidly evolving technologies having on the privacy arena?
   • What steps must organizations take to better manage and protect personal information?
5. CA - Kalvin Falconar, Sr., Security Solution Strategist, CA (Salon C)

   Privileges and Entitlements - Policy management for access rights is a daunting task, and setting the right balance is a new art form. In the CA session we will explore modern tools and processes that allow us to properly analyze and maintain access rights across the organization.

6. RIM - Michael Brown, Director of Product Management, BlackBerry Security, RIM (View Royal)

   The Security Behind BlackBerry - This session provides an in-depth discussion of the philosophy behind how the BlackBerry Enterprise Solution protects your corporate information from attack. Discover the rationale behind the end-to-end security model and understand the advantages and implementation of the various built-in handheld security features.

7. IBM - Peter Evans, CTO, IBM Internet Security Systems (Theatre)

   Securing Cloud Computing and Other Virtual Environments - Cloud Computing, Virtualization and SaaS solutions are all the rage, promising to deliver business flexibility and responsiveness to enterprise operations. The benefits are well documented. However, 60% of respondents to surveys reply that they are slowing investment in Cloud Computing until the security risks are addressed. Cloud Computing and alternative IT services procurement models introduce new security and privacy concerns and will cause the enterprise to rethink their security and compliance strategies. This presentation will focus on the risks, and the approaches to managing the risks.

Panel A: The Chief Privacy Officer: High Expectations and Realities
The appointment of a Chief Privacy Officer, with appropriate support and resources, is widely perceived as an essential tool of privacy risk management for public and private sector organizations in North America. While there are major success stories to date, there are also serious issues of lack of resourcing, inadequate reporting relationships in the hierarchy of any organization, cooptation, and incompetence.

This interactive panel will consist entirely of questions and answers among the panelists about their own experiences as CPOs or with CPOs, with pointed interventions from the floor by a group of Chief Privacy Officers, past and present, who will be in attendance in the front row.

Moderator: David Flaherty, Information Policy Consultant & Principal, David H. Flaherty Inc
Speakers:

1. Dr. Alan Westin, Professor Emeritus, Columbia University, Principal, Privacy Consulting Group
2. Richard Purcell, CEO Corporate Privacy Group
3. Michelle Fineran Dennedy, Chief Data Strategy and Privacy Officer, Sun Microsystems
4. Peter Reid, Chief Privacy Officer, EDS
5. Mimi Lepage, Chief Privacy Officer and General Counsel, CIHI

Panel B: Web 2.0/3.0 - The Pros and Cons of the New Network

Web 2.0 has blurred the line between producers and consumers of content and has helped to increase the active participation of many users by transforming the web into a massive collaboration space. The emergence of cloud computing is changing the paradigm between the personal computer and the Web, with the PC or PDA becoming an appliance that accesses virtual applications and data located anywhere on the Web. While Web 2.0 is still evolving, Web 3.0 is appearing bringing with it technologies that have the power to significantly change the way the Internet is used. This new "semantic web" is based on a cognitive decision-making process that emulates they way human beings think and will be able to combine data from multiple sources, adding broader meaning and creating a "net new" knowledge.

These new technologies will bring the potential to significantly and radically improve the capability to deliver services in the enterprise and public sector. With this kind of paradigm shift come greater security and privacy challenges. Data sharing, and the trust that enables it, will become dynamic and the parties involved may not necessarily be known to each other; their data sharing and privacy policies may be different, sometimes even contradicting. This session will explore how we will deal with the challenges of this emerging technology as we strive to take advantage of its capabilities.

Moderator: Drew McArthur, Privacy and Compliance Consultant, The McArthur Consulting Group
Speakers:

1. Avner Levin, Ted Rogers School of Management
2. Ratko Spasojevic, Senior Security Consultant, TELUS Security Solutions
3. Carole Nap, President, TradeStrat Inc

A. PriceWaterhouseCoopers - Hein Gerber, Director - IT Advisory Services, PricewaterhouseCoopers LLP

Social Networking - The business opportunities, risks and mitigations to consider

The growing phenomenon known as social networking is leaving many business leaders questioning the merits, the value, and the inherent risks this technology holds for their organizations. The uptake of social networking and the growing use of these websites, with or without corporate permission (or knowledge), are hard to ignore. With corporate information and intellectual property available on social networking sites, there are growing concerns about issues such as information loss and data privacy.

In his presentation Hein Gerber will provide you with a high-level understanding and appreciation of the broader application of this technology, and arm you with the knowledge you need to mitigate the risks your corporation might face as you embrace this phenomenon. Hein will make use of animating content and real-life examples to demonstrate the power, the impacts and the risks corporations might face as the use of this technology continues to grow.

B. Eugene Oscapella, Barrister and Solicitor, Ottawa, Canada

Terrorism and Drugs: The Perfect Privacy Storm

Before the "war on terror" of the early 21st Century, there was widespread tolerance for intrusions under the criminal law in the name of winning the "war on drugs." These privacy intrusions associated with the war on drugs have served as a template for intrusions in terrorism matters. In addition, the rhetoric about the allegedly symbiotic relationship between drugs and terrorism ("If you use illegal drugs, you are financing terrorism") is being used to justify even greater levels of surveillance in both areas. This presentation will discuss how, with both drugs and terrorism, the legal and policy approaches have resulted in ever-increasing levels of "exceptional" surveillance in these areas, and how the "exceptional" surveillance will almost certainly become "normalized" in other relationships between the state and citizens. This presentation looks critically at the parallel privacy consequences of adopting a law enforcement/security approach to both terrorism and drugs.

1. Winn Schwartau, President, Interpact, Inc., Author of "Information Warfare", "CyberShock", "Time Based Security" and "Internet and Computer Ethics for Kids" (Salon AB)

   A Call for an Electronic Bill of Rights

   Political leadership need to realize that as a result of creeping indifference, fear and loathing, today, "In Cyberspace you are guilty until proven innocent." Our collective digital faces are rubbed into that unfortunate truism every day as decisions that affect each of our lives are made without our consent or knowledge. As individuals we are known by our Digital Essence embodied as bits and bytes distributed amongst 500,000 + anonymous data bases over which we no have access or recourse to amend, edit or correct. Our personal details are leaked and breached due to poor security practices and corporate risk analysis that sees little reason to protect the individual from abuse. For $100, I hired my cyber-PI neighbor to assemble the medical, financial, legal records and whatever else he could find on a local TV news reporter (with his consent.) The results? 17 pounds of records, 14.5" high. I went to the Internet and, using my VISA card, paid for on-line research in the hopes of further violating my victim’s privacy. When all was said and done, I spent less than $1,000 and knew more about the TV personality than he knew about himself; including spousal abuse. This is wrong. Morally and ethically, this is wrong. The 200 year old American concept of public records did not envision Intel, Microsoft or the Internet. The Constitution did not envision the records of 300 million Americans being sold on a CD for $29.95. The EU and Canada have initiated far bolder privacy regulations, causing occasional angst between global business regions with different rules, compliances, laws, regulations and ethics. In Russia I was told by a leader, "Everything is for sale. You Westerners don’t know it, but the privacy game is over." The solution is a simple, yet bold one, requiring political strength, vision and the love of one’s constituency more than oneself. The answer is the establishment of Electronic Bill of Rights, which takes into account the realities of modern technology, and overarching legislative wisdom. This session will set the groundwork for a politically sensitive, yet increasingly necessary global view to privacy in the Age of the Internet.

2. Professor Colin Bennett, Department of Political Science, University of Victoria
   "What Makes a Privacy Advocate?" (Theatre)

Panel A: CIO Panel Session - Identity Management - What's broken in the online world?
While the real world uses and depends on defacto universal identity documents like drivers license and passport, the online world, whether at work or at home, continues with local solutions for identity management. What we take for granted regarding how we use our identities in the real world, like buying wine at the corner store or opening an account at a bank, has no similar capability on the Internet. The panel will discuss limitations of local approaches to identity management and potential solutions and improvements in security and privacy that might be achieved in an online world.

Moderator: Dave Nikolejsin, CIO Province of British Columbia
Speakers:

1. Gerry Matte, CIO, Saanich Municipality
2. Dave Hansen, Corporate Senior Vice President & General Manager, CA Security Management Group
3. Catherine Claiter, Chief Information Officer, Information Management/Information Technology, Vancouver Island Health Authority

Panel B: Laptops Blackberries & Borders
Heightened security concerns at airports worldwide, has led to increased focus on the data contained on laptop computers and other electronic devices. This puts at risk organizations' goals of securing data, which includes confidential and personal information. What can organizations do? This session will explore the reasons behinds these searches, and a combination of strategies and tactics that organizations can take to reduce the potential for data loss.

Lead Speaker: Constantine Karbaliotis, Information Privacy Lead, Symantec Corporation
Speakers:

1. Michael Brown, Director of Product Management, BlackBerry Security, RIM
2. William Leichter, Director, Product Marketing, Websense
3. Kellman Meghu, Security Manager, Checkpoint Canada

Panel C: Data Leakage - Causes, Costs and Avoiding Catastrophes
Although companies are responding to data breaches more effectively, consumers seem to be less forgiving when their personal information is compromised. The bigger problem, however, remains the persistent underlying issue of data security. The easiest way for companies to avoid the costs associated with a data breach is to avoid a breach in the first place; however, incidents of data loss or leakage seem to be on the rise, as are the costs associated with such incidents. This session will present common data loss and leakage scenarios, explore the underlying causes of these incidents, review the costs associated with such data loss and leakage, and compare and contrast some of the solutions currently being used to address the problem.

Moderator: Frank Work, Privacy Commissioner of Alberta
Speakers:

1. Dr. Victoria Lemeiux, University of British Columbia
2. Dean Turner, Director, Symantec Global Intelligence Network, Symantec Corporation
3. Eric T. Ashdown, Senior Executive, Accenture Global Security Strategy & Risk Management
4. Mike Gurski, Director, Bell Privacy Centre of Excellence and Privacy Strategist for Bell Canada

"Where Angels Fear to Tread -- Privacy in the Brave New World of Data Sharing
The new mantras of citizen-centred service delivery and cost-efficient program delivery are driving changes in how governments everywhere disclose and use their citizens' personal information. We frequently hear that privacy is a barrier to sharing personal information, that information is trapped in silos that need to be removed. Calls for data liberation, for exploitation of personal information as a government asset, are growing in volume and governments are listening. Better information sharing practices have promise, but at what costs? Because privacy remains a foundational principle in our democracy, this speech examines the limits to data sharing, as well as how accountability, transparency, access, accuracy and other longstanding privacy principles can and must meet new challenges raised by the drive for information sharing."

Luncheon Address: Joseph H. Alhadeff, Vice President for Global Public Policy and Chief Privacy Officer, Oracle (Crystal Ballroom)

Juniper Networks Luncheon: John Dathan, Director, Enterprise Sales (limited seating) (Colwood)

Privacy Lunch (Oak Bay)

Security Lunch (Esquimalt)

1. Adobe - Mark James, Business Development Manager, Adobe Systems Incorporated (Esquimalt)

   This session will provide a case study of how Ontario law enforcement agencies are leveraging Adobe Acrobat to both meet Privacy requirement and improve collaboration for major case investigation.

2. Oracle - Derick Cassidy, CISSP-ISSAP, Master Principal Solution Specialist, Oracle (Theatre)

   "Protecting Patient Privacy" - Protecting patient data is one of the foremost responsibilities and challenges facing health care providers today. Legislation mandates that our personal information remains secure and private. Many health-care related organizations are now integrating specific goals related to patient data privacy into their overall organization performance objectives. In some cases this even includes holding executives accountable to the success of these objectives.

   To address these and other concerns, we will be discussing:

   • Comprehensive Patient Data Protection
   • Comprehensive Identity & Access Management
   • Comprehensive Controls Enforcement
3. Accenture - Andy Truscott, Director, Accenture Canada Security Practice (Saanich)

   Wake Up and Smell the Coffee! Technology Trends that are Shaping the Security Agenda

4. Bell - Mike Gurski, Director, Bell Privacy Centre of Excellence and Privacy Strategist for Bell Canada, Ed Rebane, B. Eng, M.ENG, CISSP, ECC, Senior Security and Privacy Advisor, Bell ICT Security Solutions (Colwood I&II)

   Privacy & Security, Linkages and Balance....the Bell advantage.

   In order to realize a trusted system, you need to understand and implement the relationship effectively between both privacy and security. How do they interact with one another, what are their linkages and how do you balance the two? Bell will introduce you to our new web based tools in this regard and provide you with ideas on how to achieve the ultimate goal....trust. After all, if you don't trust something, you will not use it.

5. Sierra Systems - Terry Tarle, Senior VP, Commercial Industry Vertical, Sierra Systems (Sidney)

   "Identity and Access Management within a large Oil and Gas Transportation Pipeline Company - the Business Benefits of Gaining Control Over Identity Information"

   The Company (confidential) operates the longest crude oil and liquids pipeline system in the world. As an international energy company operating in multiple regulatory jurisdictions, they utilize a federated governance model, a daunting challenge given the over 6,200 employees that must be managed. Not surprisingly, they face a problem common to many large and distributed organizations - inefficiencies and lack of control with on-boarding and off-boarding processes prove costly and increase security risks. To solve this, the company has launched an initiative to gain control over identity management and provisioning across all departments and locations in order to realize operational efficiencies, decrease security risks and improve regulatory compliance. Please join us for this informational session to learn how this company is addressing identity issues and understand the key drivers and success factors that are critical to the success of their identity initiative. Sierra Systems is providing a full range of management consulting, change management, integration and implementation services to the company, in order to help them be successful and realize the full business benefits.

6. Microsoft - Bruce Cowper, Chief Security Advisor, Microsoft Canada (Oak Bay)

   Future Privacy Implications with Technology - If your personal information is breached online, is this a Security issue or one of Privacy? In the ever changing world of technology there are a number of key trends and challenges that are already shaping this question. Some of these trends come in the form of the convergence of Privacy and Security in the eyes of consumers. Others appear in the convergence of the technologies themselves. In this session we will discuss many of these factors, the risks and trends associated with them and take a glimpse at some of the technologies available now that are both a product of these changes, but also drivers towards the innovations of tomorrow.

7. Pacific Coast Information Systems - Vaclav Vincalek, President, Pacific Coast Information Systems Ltd. (View Royal)

   "States of Denial: Overcoming Management Myths To Improve IT Security"

   This session will explore how three organizations overcame security challenges that resulted in part from not questioning management myths.
   Management Myth #1: "Our organization's IT staff on its own should be in charge of devising our network security processes". We'll examine the case of a private company whose IT staff's objectives were not in line with the business needs of their company. We'll also look at the solution PCIS was able to provide in the process of delivering a Network Security Assessment, in the face of institutional resistance.
   Management Myth #2: "We outsource our website services, so we outsource our security liability." A large non-profit agency contacted PCIS soon after their website and database was breached by hackers. We'll look at lessons the agency learned about the true nature of liability and the consequences of a security breach as PCIS helped their organization get back online.
   Management Myth #3: "Our IT people are taking care of security. That's their first priority." We'll look at the situation of a government agency whose IT staff were too busy with essential incident support and troubleshooting to make sure the basics of security, such as password management and software patching, were deployed effectively. We'll show some of the practical priority steps PCIS was able to help them deploy to improve the security of their organization.

Panel A: Privacy and the 2010 Olympics

In February 2010, Canada will host the Winter Olympic Games in Vancouver, British Columbia. These Games constitute a unique event from a privacy perspective, in that they serve to focus our attention on the range of technological and institutional pressures that come together at this one time, producing extraordinary security challenges but also significant pressures on personal privacy and other civil liberties. This panel will bring together experts from academia, civil society, and government to discuss the privacy and security implications associated with hosting the Vancouver 2010 Winter Olympic Games. What security measures are being contemplated for the Games? What is their likely impact on privacy? To what extent have government officials involved in 2010 security taken privacy protection into account? What will be the legacy of the new security and surveillance apparatus being deployed as a result of the Games - in Canada, and locally in Vancouver and Whistler - on the privacy rights of citizens?

Moderator: Chantal Bernier, Assistant Privacy Commissioner (Privacy Act), Office of the Privacy Commissioner of Canada
Speakers:

1. Professor Colin Bennett, Department of Political Science, University of Victoria
2. Micheal Vonn, Policy Director, British Columbia Civil Liberties Association
3. David Loukidelis, Information and Privacy Commissioner for British Columbia

Panel B: Network Forensics - Who is Watching You?
Technology in the workplace can be both a blessing and a curse. This topic will explore some of the key challenges facing employers as they address new technologies in the workplace and the use, or misuse, of these technologies by their employees. When a security or privacy breach has occurred, investigators with specialized knowledge and skills are needed. Find out how forensic investigators secure critical digital evidence that may provide the only clues to identify the perpetrators and the methods used. Special measures should be taken when conducting a forensic investigation if the information might become evidence in a court of law. Forensic investigators must ensure that the evidence has been accurately collected and that there is a clear chain of custody from the scene of the crime to the investigator, and ultimately to the court if need be.

Moderator: Winn Schwartau, President, Interpact, Inc., Author of "Information Warfare", "CyberShock", "Time Based Security" and "Internet and Computer Ethics for Kids".
Speakers:

1. Richard DeBruyne, Senior Manager, IT Security and Forensics Practice, Grant Thornton
2. Francis Graf, Founder, Forensic Data Recovery (FDR)
3. Michael Legary, Founder, Seccuris

Panel C: Cell Phone and PDA Security - A Wake Up Call
Each past year malware and other threats to cell phones and PDAs have turned out to be only a minor concern. However, malware continues to grow steadily and recent trends indicate that a tipping point is approaching that will raise the stakes for protecting these devices. Organizations, if not already doing so, need to begin to turn their attention to the security of cell phones and PDAs. This session will provide provide an overview of the growing security threats and steps that organizations can take to make informed information technology security decisions.

Moderator: Michael Brown, Director of Product Management, BlackBerry Security, RIM
Speakers:

1. Wayne Jansen, Computer Scientist, National Institute of Standards and Technology
2. Mathew Tasalloti, Regional Director, Mobile Workforce Solutions, TELUS
3. Derek Manky, Cyber Security & Threat Researcher, Fortinet

In the United States major software companies have created online services that enable individuals to post and manage their own health records. Can these companies protect personal health records, avoiding the recent plague of data breaches and losses? Will advertising and health partnerships lower the promised privacy protections? And should individuals really be in control of their own health data - could secrets and out-of-date information cause more harm than good?

In Canada, federal and provincial governments are working to establish electronic health records. What is the difference between the two models and why does it matter to you?

Listen and respond to the latest developments in this important field from the largest and most influential businesses in Web 2.0 services as they explain their online applications, back-end systems, and business models for Personal Health Records management.

Hosted by Richard Purcell, CEO Corporate Privacy Group

• George Scriban, Health Solutions Group, Microsoft Corporation
• Brian Huseman, Manager, Global Public Policy, Intel Corporation
• Dr. Alan Westin, Professor Emeritus, Columbia University, Principal, Privacy Consulting Group
• Maya A. Bernstein, Senior Advisor, Privacy Policy, U.S. Dept of Health and Human Services
• Ken Anderson, Assistant Information and Privacy Commissioner of Ontario
• Lorrainne Dixon, Privacy Officer, Sun Microsystems