Master of Ceremonies Keith Baldrey, Global TV

Honourable Ben Stewart, Minister of Citizens' Services. Introduced by Kim Henderson, Deputy Minister, Citizens' Services. Introduced by Dave Nikolejsin, CIO, Government of BC

Mozelle Thompson, Independent Advisor Facebook former Commissioner to the US Federal Trade Commission

Social Technologies and the Information Transformation

A global rapid response to the catastrophic earthquake in Haiti; a populist revolution in Iran; and a historic election in America: What do they have in common? They each were transformed by social technologies that now give individuals more control over the timing and content of information than was even thought possible only two years ago. Although these technologies bear risks and opportunities, it is clear that they have permanently changed the online world as well as how we interact offline. My talk will begin the conference by looking at this transformation and how it challenges our traditional notions of privacy and security. We will also examine the opportunities these technologies present for the public and policy makers.

Panel A: The Risks and Opportunities of Social Media
(Theatre)

The overwhelming popularity of Facebook, youTube, and Twitter demonstrate how the public has embraced social technologies and incorporated them into their daily lives. While these tools can provide users with great public benefit, they also bear some risks. Our panel will discuss the opportunities and risks presented by Social Media - particularly with regard to information privacy and security. They will also be asked to brainstorm about how we might address these challenges while encouraging innovation.

Moderator: Mozelle Thompson, Independent Advisor Facebook former Commissioner to the US Federal Trade Commission

Speakers:

1. Chris Conley, Technology & Civil Liberties Fellow, American Civil Liberties Union
2. David Hume, Executive Director, Ministry of Citizens' Services, Province of British Columbia
3. Patrick Gray, Senior Security Strategist, Cisco Systems
4. David Kuo, Senior Manager, Accenture Technology Consulting - Security and IT Risk Practice

---

Panel B: State of the Privacy Nation - Tales from Private Sector Regulators
(Saanich)

What keeps private sector privacy regulators up at night these days? What privacy nightmares are they experiencing? Hear from the experts about privacy complaint patterns, key cases of the year and how they have been resolved. Also hear the latest on the privacy struggles pertaining to ID scanning, biometrics and how the group navigates around cross-jurisdictional privacy complaints, keeping momentum while avoiding stepping on each other's toes.

Moderator: Mary Carlson, Deputy Registrar of Lobbyists, Office of the Privacy Commissioner of British Columbia

Speakers:

1. Dan Caron, Legal Counsel, Office of the Privacy Commissioner of Canada
2. Catherine Tully, Executive Director, Office of the Information and Privacy Commissioner for British Columbia
3. Jill Clayton, Director, Personal Information Protection Act, Office of the Information and Privacy Commissioner, Alberta

---

Panel C: Biometrics - What Can We See Now?
(Salon C)

Biometric technologies are beginning to hit the mainstream, touted as ideal for enhancing identity authentication, access controls and fraud detection. Ironically, however, the same technologies that can enhance trust can also undermine it when deployed improperly. Biometric data are exceedingly personal data: unique and permanent identifiers that can serve as both usernames and passwords. As this personal data is collected, used, retained and shared across networked environments by more and more actors for more purposes, how will the security threats that undermine the reliability of biometric systems be overcome? Equally significant, how will individual privacy be assured? Specific privacy concerns include function creep, expanded surveillance, tracking, profiling and potential discrimination, data misuse, the negative personal impacts of false matches, non-matches, system errors, and failure, and of insufficient oversight, openness and accountability in biometric data systems, as well as the potential for collection and use of biometric data without individual knowledge, consent, or control. All of these privacy risks can undermine user confidence, which can lead to a lack of acceptance and trust in biometric systems. Is there a positive-sum way out? Come hear our panelists and find out!

Moderator: Ann Cavoukian, Ph.D, Information and Privacy Commissioner for Ontario

Speakers:

1. Mary Collins, International Biometric Group, New York
2. Robin Wakefield, Senior Security Analyst, Oracle Corporation
3. Winn Schwartau, President, Interpact, Author of "Information Warfare", "CyberShock" and "Time Based Security"
4. Sponsor

Ritchie Leslie, Director Western Canada, TELUS Security Solutions

Securing Government: A Canadian Perspective

TELUS, a Canadian leader in IT security research, has recently published the results of its 2009 national security study, co-developed and funded with the Rotman School of Management at the University of Toronto. Highlights of the 2009 Rotman-TELUS Joint Study on Canadian IT Security Practices will be presented.

Find out:

• How some organizations have been able to increase their security budget despite the challenging economic climate
• Why attacks on the public sector have increased and what top performers have done to manage this
• What security issues are driving investments in the public sector across Canada
• What is considered "good enough"

Ann Cavoukian, Ph.D, Information and Privacy Commissioner for Ontario

Privacy by Design: The Gold Standard - Let's Raise the Bar

In the future, we will need to adopt a different paradigm – legislation alone will no longer be sustainable as the sole model for ensuring the future of privacy. We must turn to positive-sum paradigms such as Privacy by Design: proactively embedding privacy into emerging technologies, accountable business practices and networked infrastructures that intersect with personally identifiable information. The Commissioner’s Privacy by Design was not developed as a theoretical construct. It was developed to introduce real change into everyday lives, always with the goal of advancing practical privacy. Dr. Cavoukian will explain how her vision of Privacy by Design and PETs Plus can help to transform your privacy problems into privacy solutions.

Panel A: Cloud Computing - the Current Forecast
(Theatre)

The Internet is no longer just a communications network. It has become a platform for computing - a vast interconnected virtual supercomputer. And we are its programmers and subjects. What decisions and choices can we collectively make to ensure that appropriate levels of privacy, security and trust are built into Cloud computing architectures and services? Questions about data security and accountability tend to dominate Cloud and "Web 2.0" discussions, and are important areas, but what about privacy? How can individuals maintain effective access and control over their personal data, held and processed by others in the Cloud? Are there opportunities to apply Privacy by Design principles? Come hear this panel of experts and find out!

Moderator: Ann Cavoukian, Ph.D, Information and Privacy Commissioner for Ontario

Speakers:

1. Brian Duckering, Senior Product Manager, End Point Virtualization, Symantec
2. Joel Weise, Information Systems Security Association - Chairman of the ISSA Journal Editorial Board
3. Tim Brown, Vice President and Chief Architect for Security Management, CA
4. Michael Legary, Founder and Chief Innovation Officer, Seccuris

---

Panel B: Navigating the Unchartered Waters of E-Health in Canada - A View from the CPO's Bridge
(Saanich)

The intentionally-provocative premise of this interactive panel is that Electronic Health Records pose a very grave challenge to the privacy interests of Canadians, because their proponents and funders are not adequately implementing privacy risks management strategies, including privacy and security policies and procedures; Chief Privacy Officers with adequate staff, resources, authority, and reporting relationships; on-line privacy training for all staff; Threat Risk Assessments; privacy breach management policies and procedures; on-line, real-time auditing of all information handling activities; and complaint handling procedures and policies.

Moderator: David Flaherty, Information Policy Consultant & Principal, David H. Flaherty Inc

Speakers:

1. Bobbylynn Stewart, Privacy Officer, Saskatoon Health Region
2. Miranda Paquette, Privacy Manager, MD Physicians Inc. Ottawa
3. Joe Alhadeff, Vice President, Global Public Policy, Oracle
4. Mimi LePage, General Counsel and Chief Privacy Officer, Canadian Institute for Health Information

---

Panel C: Knock, Knock - Verifying Identity Online for Services?
(Salon C)

Moderator: Frank Work, Information and Privacy Commissioner for Alberta

Speakers:

1. Dave Nikolejsin, CIO, Government of BC
2. Mark MacCarthy, Professor at Georgetown University (Faculty for RFID Consortium) former policy VP at VISA
3. Jules Cohen, Director, Trustworthy Computing, Microsoft

Master of Ceremonies Keith Baldrey, Global TV

Art Gilliland,Vice President of Product Management, Symantec

"Crime & Carelessness: Gaps that enable the theft of your most sensitive information"

"Information is power and money. Our professional lives revolve around building, inventing and working with more valuable information. How we protect and manage this information is core to the success of our economy, organizations, corporations and our personal lives. In this presentation we will explore how a criminal industry now larger than the international drug trade works to steal our information. Targeting areas of operational weakness, these organizations effectively steal more than $600 Billion of information every year. There are best practices to follow and we will discuss ways in which technology, process and education can greatly hinder what will continue to be an active attack on our most valuable resource: information."

Panel A: Mobile Life
(Theatre)

This panel will discuss the ramifications of mobility as it relates to work, play, education and collaboration. Tied into all of this are three aspects: 1. Awareness by both the user and the parent company, agency or university as it relates to security of the data and the individual user and how do we raise that level of awareness. 2. Marketing - how do we get our message across, tell our story - traditional aspects are falling by the wayside 3. How do we get ahead of this new wave of communicating with our peers, customers and others?

Moderator: Patrick Gray, Senior Security Strategist, Cisco Systems

Speakers:

1. Michael Brown, Director of Product Management, BlackBerry Security, RIM
2. Christian Richard, Chief Technology Officer, secureNFC
3. Frank Work, Information and Privacy Commissioner for Alberta

---

Panel B: Internet Profiling - Who is Following Your Cyber Footsteps?
(Salon C)

From the perspective of threat detection and surveillance, profiling raises a plethora of political, social, economic and technical conundra and disagreement. This panel will look at several of the policy issues that are raised when we examine protection of the individual, corporate and national interests. It will also address another aspect to internet profiling which is being carried out by the private sector for "Behavioral Marketing" purposes – what are the ramifications of internet profiling for targeted advertising?

Moderator: Winn Schwartau, President, Interpact, Inc., Author of "Information Warfare", "CyberShock", and "Time Based Security"

Speakers:

1. Peter Reid, Chief Privacy Officer, HP
2. Nicole Ozer, Technology and Civil Liberties Policy Director, American Civil Liberties Union
3. Constantine Karbaliotis, Information Privacy Lead, Symantec

Joe Alhadeff, Vice President, Global Public Policy, Oracle

Privacy and Security in Shared Services Environments

Today information is less tied to any particular physical jurisdiction and more services are being combined behind portals and other user interfaces. These "shared services solutions" may include elements of global sourcing, information sharing and consolidation in order to deliver new services, optimize resources and improve service levels. As we continue to develop new and beneficial business models that take advantage of these developments, we have to continue to understand how to promote and safeguard privacy and security. This session will focus on strategies of promoting privacy and security in these new services and technical solutions.

Jennifer Stoddart, Privacy Commissioner of Canada

The Future of Privacy Regulation

Jennifer Stoddart, now in her final year as Canada's Privacy Commissioner, will review major trends in privacy regulation over the past decade. Is the deployment of new and popular technologies such as social networking sites and street-level imaging driving a restructuring of global privacy regulation? What are the challenges, and where are we headed?

1. Sierra Systems - Speakers: Bill Young, Director, Strategic Technology & Corporate Projects, Ministry of Public Safety and Solicitor General and Christopher Litton, Director, Justice Practice, Sierra Systems

   Navigating the information sharing and identity management needs of clients in BC's Integrated Justice System

   Jurisdictions around the world are facing complex challenges as they try to introduce electronic information access and sharing solutions to meet the highly-sensitive service delivery needs of clients within the criminal justice system. In Canada, offenders travel through a justice system that can involve three levels of government (municipal, provincial, and federal) as well as other sector and service partners - all with differing needs, priorities, policies and legislation. There are increasing volumes of electronic information about and for clients as they move through police, crown, courts, and corrections. The need to share or allow authorized access to highly-sensitive information in this multi-stakeholder environment raises the bar on the need to ensure that this information is managed, protected and shared in a lawful, privacy protected and person-oriented manner.??BC is leading the way with projects including the BC Corrections Integrated Corrections Offender Network (ICON) project, and is working with the provincial identity management, biometric authentication, information access layers and inter-sector information sharing initiatives. The principal ICON Project Directors (BC Corrections and Sierra Systems) will discuss the challenges and solutions that are being proposed to address a common problem facing all jurisdictions across Canada.

2. Oracle - Speaker: Spiros Angelopoulos, Senior Sales Consultant, Oracle Everyone is talking about data governance. What is it and how can you achieve sound data governance? Securing and protecting data requires a holistic approach, taking into consideration the broad range of data threats. Organizations need to understand these threats and develop a comprehensive strategy security policy. Come see how to tackle the challenge of data governance head on. Don't let a data breach happen to you
3. Cisco - Speaker: Terry Singleton, Security Product Sales Specialist, Cisco

   Building a Pervasive Access Policy in a Borderless Network

   The heart of a borderless network is enabling anyone and anything to communicate at anytime and anywhere in the world, but communication is not just about enabling connectivity. A secure borderless network should enable the appropriate level of access: connecting the right user, the right device, at the right place, at the right time, to the right net work with the proper level of authorization. That’s the role of a pervasive access policy. Join Cisco to learn about innovations and technologies used to enable a pervasive access policy in today’s borderless networks.

4. Deloitte - Speaker: Simon Tang, National Leader, Canadian PCI Service Offerings, Deloitte.

   "PCI: Current industry trends and compliance approaches"

   Most organizations have been through the gap analysis stage on their way to becoming compliant with the Payment Card Industry Data Security Standard (PCI DSS). As they continue to identify and address gaps between their current security controls and PCI DSS, many are asking 'is compliance even achievable?'

   During this session, we will:

   - Discuss industry trends and what are some of the issues most organizations are facing
   - Discuss the prioritized approach to PCI DSS achieving compliance
   - Evaluate alternative solutions and technologies to achieve compliance by reducing the scope or eliminating the need for PCI
   - Facilitate discussion with respect to current practices employed by session attendees complying with the requirements

Panel A: Privacy and Smart Grids
(Salon A/B)

An overview of smart grids and some of the significant security and privacy implications, including: work underway in the US spearheaded by NIST to identify security and privacy risks and controls, the Google Power Meter technology, and issues in geospatial systems needed to manage crews, customer information systems, and load management systems, and the security controls needed to protect that information.

Lead Speaker: John Sabo, Director, Global Government Relations, CA, Inc. and President, International Security Trust and Privacy Alliance (ISTPA)

Speakers:

1. Betsy Masiello, Policy Analyst, Google
2. Martin Kyle, Principal, Sierra Systems
3. Gail Magnuson, International Privacy Consultant & President of Gail Magnuson LLC
4. Ed Minyard, Partner, Accenture Technology Consulting

---

Panel B: Enforcement and Oversight Under the Electronic Commerce Protection Act (ECPA)
(Salon C)

This panel will discuss the enforcement regime that will be established under the Electronic Commerce Protection Act, as proposed, with a focus on the role of the Office of the Privacy Commissioner of Canada.

Moderator: Shaun Brown, Counsel, Law Office of Kris Klein

Speakers:

1. Andre Leduc, Industry Canada
2. Carman Baggaley, Senior Strategic Policy Advisor, Office of the Privacy Commissioner of Canada

Michael Calce, "Mafiaboy", &
Craig Silverman, Author of the book Mafiaboy

After launching attacks that paralyzed the websites of Amazon, eBay, CNN and other major Internet properties in 2000, Michael Calce, aka "Mafiaboy" then 15 years-old, was apprehended after an investigation by the RCMP and FBI. Using his experience as a cautionary tale, Calce will address the audience along with Craig Silverman, author of "Mafiaboy".

Michael and Craig will examine past security issues: where we were, where we are and the current state of the industry, and will also take questions form the audience.

Kim Henderson, Deputy Minister, Citizens' Services