Reboot Communications Limited HOME Reboot Communications: 'Delivering end-to-end conference management solutions.'
General Info Agenda Sponsors Info Speaker

13th Annual Privacy and Security Conference
Keeping Pace with the Digital Revolution

February 16 & 17, 2012
Pre-conference workshops February 15th

Victoria Conference Centre
Victoria, BC, Canada

Notional Agenda

* = invited

Wednesday, February 15, 2012

Pre-Conference Privacy and Security Workshops

Please note: Workshop information will be updated as it is received. You do not need to pre-register. Workshops will be seated on a first come, first serve basis.

9:00 – 12:00

Morning Workshops

9:00 – 12:00

McAfee presents;
Protecting Against Sophisticated Security Threats that Target Below the Operating System

Advanced Persistent Threats (APTs) and stealth hacking techniques unfortunately are commonplace in today’s IT threat landscape. These sophisticated threats entrench themselves below the operating systems of IT assets - easily bypassing and not visible to traditional anti-virus, anti-malware security solutions. Hear from security experts on why the risks associated with these types of threats are real and need to be addressed as part of your overall security program. Come see a live demonstration of McAfee and Intel’s hardware-assisted DeepSAFE technology and how it detects and blocks these advanced, hidden threats such as stealth rootkits and APTs in real-time.

Edward Metcalf, Director, Product and Solution Marketing, McAfee, Inc.
John Skinner, Director, Secure Enterprise and Cloud, Intel Americas
Norm Chan, Sales Systems Engineer, McAfee, Inc.

9:00 – 12:00
Oak Bay II

Ethics presents;
Ethics and Privacy

Many lawyers and privacy officers tend to think of “ethics” as a code of conduct and “privacy” as a set of best practices that accord with legislative standards. This pre-conference workshop, conducted by Ian Kerr, Canada Research Chair in Ethics, Law & Technology, offers a broader understanding of ethics and privacy through a consideration of various theories of privacy and the ethical values that underlie them. Learning objectives for participants of this workshop include:

  • distinguishing between intrinsic and instrumental approaches to privacy
  • comprehending several key privacy theories
  • identifying different privacy approaches in the implementation of particular privacy laws or policies
  • understanding the ethical theory underlying the various approaches to privacy
  • contemplating the ethical implications of adopting particular approaches to privacy

Ian Kerr, Canada Research Chair in Ethics, Law & Technology, Faculty of Law, University of Ottawa

9:00 – 12:00
Oak Bay I

Office of the Chief Information Officer presents;
Information Incidents and Privacy Breaches – Process, policies and prevention opportunities through lessons Learned

This workshop will provide an overview of the new Information Incident Process and Practices of the BC Government including training overview, incident handling, assessing harm and notification practices and prevention through lessons learned. Participants will be given case studies and will participate in interactive activities covering these areas.

Wendy Taylor, Director, Privacy Investigations, Office of the Chief Information Officer, Ministry of Labour, Citizens' Services and Open Government
Margaret Patton, Director, Security Investigations and Forensics, Office of the Chief Information Officer, Ministry of Labour, Citizens' Services and Open Government
Ken Mclean, Sr. Privacy Investigator, Privacy Investigations, Office of the Chief Information Officer, Ministry of Labour, Citizens' Services and Open Government

9:00 – 12:00

CA Technologies presents;

Click here for more information.

Privacy in the Workplace: Who’s Privacy are we really concerned with?
(Privacy of emails, monitoring of employees)

Let’s talk about a Privacy Survival guide. Is what you do really private; and should it be? Is the guide for the employee or for the employer or both? Every day employees dole out information about themselves, where they work, using work related hardware. Sometimes deliberately and sometimes not. Come find out some of the industry best practices about the different types of information that is commonly protected, and the methods used dealing with topics like Code of Conduct, Ethics, Internal Policies etc..

Learn about policy management, legalities, regulatory requirements, implementation and other topics and how they affect you.

  • Discover how to create a Privacy model around email and data flow
  • Learn about some of the components of a policy driven infrastructure
  • Map the key stakeholders and learn how to sell them on the value of Privacy in the Workplace
  • Identify key business drivers and value to the organization
  • Build an ROI case while learning from real-life examples
  • Prioritize tasks for execution
  • Learn about new technologies that can help accelerate success

Bring your Own Device: Where do we draw the line?)

Over 75% of the organizations allow employees to bring their own devices to work and school. Do you have your favourite mobile device to get your job(s) done from day to day. Are they appropriate? Are they secure? Are they integrated into your day to day work like or do they only do part of the job you need to them to do.

There are benefits and challenges that can both save and costs 1000’s of dollars for employers to manage and integrate. Is it worth it?

If you’re either one of the many that is tethered to a mobile device from one of the popular brands that is flying off store shelves today or an IT person or employer that needs to manage the those devices in your environment, come hear what concerns and challenges others are hearing.

10 years ago when you came to work you knew what tools were there for you to do your job. Maybe a personal laptop, desktop or a new fancy Blackberry but is that still the case?

  • Discover how to create a organizations are dealing with the BYOD epidemic.
  • Learn about concern points for integration and management from your peers.
  • Map the key stakeholders to see who benefits, who gets the burden and who picks up the tab.
  • Identify key business drivers and value to the organization…or is there one?
  • Build an ROI case while learning from real-life examples if this is the right path for you.
  • Prioritize tasks for execution
  • Learn about new technologies that can help accelerate success for the new technology wave that we are all in the middle of today.

Speaker Biography

Denny Prvu – Sr. Principal Security Consultant – CA Technologies

Denny has spent the last 15 years guiding private and public sector organizations to deliver secure, privacy-enabled business transformational projects. The past 7 years have been focused on not only the privacy and security of users and their identities but also the privacy concerns around them. As an active member of the Kantara, eGov, ICAM and numerous other panels and working groups he leads organizations and their directions in the realms of privacy and security. With a rapidly changing landscape, in 2008 Denny began the quest for protecting users in the mobile and cloud realms and implementing secure technologies for their email and day to day activities in an device agnostic world.

Denny Prvu, Sr. Principal Security Consultant – CA Technologies

9:00 – 12:00

Oracle presents;
Oracle Database Security Solutions: Complete Information Security

The amount of digital data within organizations is growing at unprecedented rates, as is the value of that data and the challenges of safeguarding it. Yet most IT security programs fail to address database security—specifically, insecure applications, protecting data at rest, and restricting access to data by privileged users.

So how can you protect your mission-critical information? Avoid risky third-party solutions? Defend against security breaches and compliance violations? And resist costly new infrastructure investments?

Join us at this half-day seminar, Oracle Database Security Solutions: Complete Information Security, to find out. Learn how Oracle Database Security solutions help you:

  • Transparently encrypt application data without application changes
  • Prevent privileged database users and administrators from accessing data
  • Use native database auditing to monitor and report on database activity
  • Prevent external threats like SQL injection attacks from reaching your databases
  • Mask production data for secure usage in non-production environments

Spiros Angelopoulos, Oracle Enterprise Architect, Oracle Public Sector

9:00 – 12:00

Sierra Systems presents;
Near Field Communications on Mobile Devices in support of Identity and Access Management

As Near Field Communications (NFC) penetrates the mobile device market, the opportunities to provide two factor mechanisms for authentication and storage of identity credentials increases dramatically in a compelling way. This workshop will review the typical business requirements for identity and access management, the technologies available for secure storage of identity credentials on mobile devices and their use through NFC, and the policy hurdles around the introduction of mobile devices as an authentication factor. This workshop will arm you with additional information to plan strategies for NFC-based identity credential management and demonstrate some of the technologies involved in this exciting space.

Martin Kyle, CISSP, CSSLP, GISP, Principal Sierra Systems
Dmitry Barinov, Chief Security Officer, SecureKey Technologies Inc.

9:00 – 3:00pm

IAPP CIPP/C Training

Click Here for information and registration

1:00 – 4:00

Afternoon workshops

9:00 – 3:00pm

IAPP CIPP/C Training

Click Here for information and registration

1:00 – 4:00

HP Presents;
Social Media & the Public Sector - Unlocking the value from within

Social media has been touted as a “game changer”, revolutionizing the way people interact with each other, with the companies they buy from, and with their governments. Every day citizens interact through the web, in person and on the phone - and with each other on social media. Over the last decade, we have learned how to channel and mine data from each one of these channels independently - often missing the big picture. As time has progressed, the method in which citizens have engaged also has changed. Replacing "rows and columns" forms of data are more human-friendly forms of electronic communications: email, recorded phone calls, Internet videos, Twitter, social media sites and blogs.

The power and influence of these types of data cannot be ignored - just ask a famous Airline about how they dealt with guitars.

Also locked within this data is a wealth of information for the government and private sector's operations. Knowing sentiment of the constituency, or providing easy access to private industry partners can help to stimulate economic activity. Data is collected in multiple silos, of which the collation of the data can border on intrusion. Business and government need to be vigilant in privacy and security while also having the tools to proactively sweep for these breaks. By understanding the meaning of data across multiple channels, only then privacy issues can be identified and proactively managed.

Brian McGlynn, VP Global Accounts, Autonomy, an HP Company

1:00 – 4:00

Adobe Systems Inc. presents;
From Transactions to Relationships: Real-world Solutions for Securing the Citizen Experience

Privacy and data protection are typically at the core of government service delivery strategies. For organizations striving to “capitalize on an interoperable ecosystem of data-level security”, it’s an added bonus to also strengthen customer relationships and streamline process efficiency at the same time… if they do it right.

Attend this workshop to dive into actual use cases that demonstrate how innovative public sector security practices have helped to deliver optimal user experiences and measurable results in service delivery.

Michael B. Jackson, Director, Public Sector Solutions and Strategy, Adobe Systems, Incorporated
Jasmin Charbonneau, Sr. Solutions Consultant, Adobe Systems, Incorporated

1:00 – 4:00
Oak Bay I

Office of the Chief Information Officer presents;
BC’s Freedom of Information and Protection of Privacy Act (FOIPP Act)

This workshop will explore the recent amendments to BC’s Freedom of Information and Protection of Privacy Act (FOIPP Act), including new provisions which enable public bodies to leverage technology, take advantage of social media, and better deliver services.

The workshop will also provide the ABC’s of the Privacy Impact Assessment (PIA) process, including a walkthrough of the new legislative requirements for public bodies. As well, there will be an introduction to the updated PIA template and new “Corporate PIAs” on certain social media such as Facebook, Youtube and Flickr.

If you are interested in learning more about BC’s FOIPP Act amendments, how they impact the work you do, and the tools available to help you, this session is for you.

Charmaine Lowe, Executive Director, Knowledge and Information Services Branch, Office of the Chief Information Officer, Province of B.C
Jeannette Van Den Bulk, Manager, Legislation and Strategic Privacy Initiatives, Knowledge and Information Services Branch, Office of the Chief Information Officer, Province of B.C
Eileen Carlson, Privacy and Access Analyst, Knowledge and Information Services Branch, Office of the Chief Information Officer, Province of B.C

1:00 – 4:00

SafeNet presents;
User Authentication on Premise and in the Cloud

Multi-factor authentication solutions today are not typically a one-size-fits-all. Traditional solutions in the market have been centered for years around the hardware One-Time-Password (OTP) token for remote access authentication. A modern IT infrastructure that enables increased collaboration with business partners and customers, and the move into the cloud, are fuelling an increased need for advanced authentication mechanisms that are easy to adapt to an evolving IT infrastructure and address the ever changing needs of users and use-cases. Different authentication use-cases and diverse user preferences call for a mix-and-match approach – matching the token technology (i.e. OTP or PKI) and the token form-factor (i.e. software, hardware, hybrid) to the use-case (i.e. smart card logon and on premise access, remote access VPN, web portal, digital signing, etc.) and the user preference. This session will explore this subject and examine some of the scenarios, approaches and solutions available today.

Tsion Gonen, Chief Strategy Officer, SafeNet

1:00 – 4:00
Oak Bay II

IAO Information Access Operations, Ministry of Labour, Citizens’ Services and Open Government presents:
Information Access Operations (IAO) – The evolution of public records

This workshop is being presented by IAO, and will provide an overview of how public records have evolved with the digital pace. As leaders of FOI and Records Management services on behalf of the province, IAO provides guidance to public body clients in fulfilling their obligations under the Freedom of Information and Protection of Privacy Act (FOIPPA); the Document Disposal Act (DDA); and, the Core Policy and Procedures Manual (CPPM) Chapter 12. This workshop will take a look back at records and how records have evolved over the past decades, and citizens’ access to these records. Participants will be involved in an interactive discussion with activities involving records management and access to information.

Tim O’Connor, Information Privacy Analyst, Information Access Operations (IAO) – Ministry of Labour, Citizens’ Services and Open Government
Elizabeth Vander Beesen, Director, Staff Administration - Information Access Operations – Ministry of Labour, Citizens’ Services and Open Government

1:00 – 4:00

Grant Thornton LLP presents;
Ensuring Effective Security: Rise to the Challenge

Implementing effective security practices remains an elusive goal for many organizations. While focusing on existing threats and incidents addresses management concerns, it may leave an organization ill prepared to respond to new challenges. Likewise, in quieter times, management may question the purpose of IT/security and how effective it is at reducing risks. Meanwhile, end users and business process owners are demanding seamless security solutions at the lowest cost. Those tasked with managing security may wonder how to address the many directions they are pulled in.

Joost Houwen, CISSP, CISA | Western Practice Leader, IT Security, Grant Thornton LLP
Geordie Cree, Chief Information Security Officer, Inventure Solutions Inc., a Vancity Company

Thursday, February 16, 2012
7:30 – 8:30


8:30 – 8:40
Salon AB

Call to Conference

MC: Keith Baldrey, Chief Political Reporter, Global BC

8:40 – 8:50
Salon AB

Welcome Presentation/Opening Remarks

Honourable Dr. Margaret MacDiarmid, Minister of Labour, Citizens’ Services and Open Government

8:50 – 9:35
Salon AB

Session 1 – Keynote Speaker

Cory Doctorow, Science fiction novelist, blogger and technology activist. Co-editor of weblog Boing Boing (, and contributor to The Guardian, the New York Times, Publishers Weekly, and Wired

Internet giants will tell you that they're participating in a "privacy bargain" where consumers trade privacy for services. But it's a funny sort of bargain that involves Internet users giving up everything, with no ability to dicker --- not even the ability to see what they're giving up and to whom. What if we gave Internet users the power to decline an offer? What if we changed the analytics shooting war so that the users were armed, too?

9:40 – 10:15

Session 2 – Concurrent Keynote Speakers

Ian Kerr, Canada Research Chair in Ethics, Law & Technology at the University of Ottawa
(Salon AB)

The Repo Men Reductio Body EULAs, Privacy and Security of the Person
Recent medical advances allow us to transcend biological limitations through the implantation of microchips, digital body parts and artificial organs. However, surprisingly little thought has been given to the ethical and legal aspects of their design and use. In this keynote address, Ian Kerr, Canada Research Chair in Ethics, Law and Technology, examines current ethical and regulatory approaches that govern medical devices and argues that the existing paradigm of mass-market consumer goods is not particularly well suited for the health sector. His primary concern is that individuals are increasingly called upon to sign complex contractual documents that diminish privacy and autonomy not only as users of mass market consumer goods but, now, as medical patients. Drawing on lessons learned in the field of privacy and information technology law, he suggests that special considerations are required in the healthcare context to ensure that patient autonomy and privacy are adequately protected in an era where our bodies are becoming inextricably tethered by devices and software owned by health care providers in partnership with industry.

Valerie Steeves, Associate Professor, Department of Criminology, Faculty of Social Sciences, University of Ottawa

Young Canadians in a Wired World: Kids’ and Parents’ Perspectives on Privacy and Technology
This presentation provides an overview of focus group interviews with children aged 11-17 and parents of children aged 11-17 that were conducted in 2011 to gain insight into young people’s experiences with online privacy. Key findings include: the social rules young people have developed around visibility (e.g. creeping, lurking, hacking, borrowing, and exposing); young people’s experiences of and reactions to the constant online monitoring they are subjected to by parents, teachers, peers, and “strangers”; young people’s reaction to privacy education campaigns that stress danger; and the difficult choices parents make regarding privacy and invasion in order to be “good” parents.

10:15 – 10:35
Upper & Lower Foyers

Morning Break

10:35 – 11:50

Session 3 – Concurrent Panel Sessions

Panel A: Identity Management – Better Service for the Digital Citizen
(Salon AB)

Identity management is becoming more important in electronic transaction and also regarded as a solution to reduce security concerns in the cyberspace. There are high profile identity management projects underway and they are more of business transformation than of technology. The Federal, Provincial and Territorial governments of Canada have developed the pan-Canadian identity management strategy that addresses privacy, security and trust issues on cyberspace. The goal of the pan-Canadian identity management strategy is to deliver better services to citizens. An example of showcasing the benefits of the right implementation of identity management is payment transactions on cyberspace. The Payment Systems Review Roundtable has been building a prototype of a next generation eCommerce model with a new governance model and payment ecosystem. The model also demonstrates a simplistic notion of fraud detection and reduction. This model is a good example for a better and more secure service delivery for citizens.

Moderator: Dave Nikolejsin, CIO, Province of British Columbia


  1. Pierre Boucher, Deputy CIO, Government of Canada
  2. Michael Geraats, Sr. Security Strategist – CA Technologies
  3. John Weigelt, National Technology Officer, Microsoft Canada

Panel B: Sensitive Data: The Electronic Health Record

Moderator: David Flaherty, former Privacy Commissioner of British Columbia


  1. Mimi Lepage, Executive Director, Information & Privacy Policy Chief Information Officer Branch, Treasury Board of Canada Secretariat
  2. Khaled El Emam, Canada Research Chair in Electronic Health Information, University of Ottawa
  3. Marc Smith, Senior Information Management Specialist, SAS
  4. Lorraine Dixon, Senior Manager/Privacy Officer, Oracle Canada
  5. Leroy Brower, Assistant Commissioner for Policy and Adjudication, Office of the Information and Privacy Commissioner, Province of British Columbia

Panel C: Clouds on the Horizon – the Road Ahead
(Salon C)

Moderator: Ian Kerr, Canada Research Chair in Ethics, Law & Technology at the University of Ottawa


  1. Raimund Genes, Chief Technology Officer, Trend Micro
  2. Joost Houwen, CISSP, CISA | Western Practice Leader, IT Security, Grant Thornton LLP
  3. Evan Jennings, Product Manager, Cloud Computing, Bell Business Markets
  4. Derek Manky, Sr. Security Strategist, Fortinet
11:55 – 1:15

Keynote Luncheon Address
(Salon AB)

Ken Haertling, Chief Security Officer, TELUS

The Impact of Disruptive Technologies on Data Protection

In 2011, the industry witnessed an unprecedented year of security incidents and privacy breaches. In 2012, organizations are faced with the further proliferation of mobile devices/tablets and initiation of bring your own device (BYOD) policies. This will lead to the further co-mingling of personal and private data on joint-use devices. Meanwhile, with the addition of these devices and the erosion of the traditional network security perimeter, the enterprise network is no longer as trusted as it once was. Organizations cannot ignore other disruptors such as off-shoring, cloud computing, and virtualization that may further expose sensitive data. Ken will explore popular coping strategies and discuss which, if any, are likely to succeed.

Keynote Luncheon Address

David Elder, Stikeman Elliott LLP & Special Digital Privacy Counsel to the Canadian Marketing Association

Interest Based Advertising: Privacy, Priorities and Proportionality

New online applications and technologies continue to raise privacy concerns for many, most recently in such areas as interest-based advertising, social networking and mobile applications. While increased concern about privacy is understandable in an environment characterized by constant innovation and growth, research shows that much of this concern is based on uncertainty and misinformation. Industry is increasingly responding to these concerns through greater choice and transparency; however, there continue to be calls globally for increased regulation of online advertising. Moving forward, it is imperative that any Canadian regulatory responses be based on fact, and pursue a targeted, principle-based approach that will both protect privacy and nurture the digital economy, without sacrificing one for the other.

1:15 – 1:55
Salon AB

Session 5 - Keynote Speaker

Richard Thieme, Author, Media Commentator and Speaker

"Living in a Glass House when Everyone Has Stones"

Identity-shift is well under way. When the context of our lives changes, all of the contents are jumbled, including who we think we are and meta-national structures. We can’t help thinking inside paradigms that emerged from prior technologies but we also can’t help acting as new paradigms demand. The end of secrecy and the end of privacy are two sides of the same coin. Hackers appoint themselves as a Fifth Estate, while security and intelligence professionals tell themselves a story that filters out as much reality as it allows in. But reality won’t go away, and protocols, policies, and legalities lag behind. Add “biohacking” to the mix and the weird turn pro, pros feel weird, and ... what can we do to stay in the game?

2:00 – 2:30

Session 6 - Business Breakouts

Greg Belanger, Security Specialist, Symantec; Jacob Yoo, Security Specialist, Symantec
(Salon AB)

Encryption -- The Critical First Step to Data Loss Prevention
With the prevalence of data breaches and loss, it is has become critical for organizations to add additional layers of protection for sensitive data. Encryption is a good tactical approach towards securing data, but forethought is needed so as not to create a hindrance to an overall data loss prevention strategy. In this session, we will be discussing the importance of encryption and DLP working synergistically to provide comprehensive data protection.

Denny Prvu, Sr. Principal Security Consultant – CA Technologies

Virtualization: Using Technology Innovation to do More with Less.
Infrastructure management, deployment and processes have been hugely impacted by virtualization in 2011 and will continue to be affected in the future. This innovation allows organizations to be ready for ‘virtually’ the unknown by always having a machine ready. With innovation comes the security concerns for priviledged users, system security and management and CA would like to share some of industry and customer experiences around virtualization and its adoption.

Yim Y. Chan, Global Privacy and Data Protection Executive, IBM Corporation, Chief Privacy Officer, IBM Canada &
Howard Young, Privacy Program Manager, Executive Consultant, IBM Canada

A privacy pro-active blueprint for the enterprise.
A Case study is shared for how an enterprise can become a pro-active organization as it relates to handling and safeguarding PI. It describes IBM's journey from policy to practice and the transformative story of how IBM embedded privacy into the organization. Strategy considerations and a roadmap for fostering a privacy smart enterprise will be covered.

Steven Gottwals, Group Product Manager, Adobe Systems Inc.
(Salon C)

Hundreds of millions of people around the world rely on Adobe Reader to view, interact and share PDF documents. Unfortunately, this ubiquity makes our software a persistent target of attacks by those with malicious intent. In this speech, you’ll learn about some of the challenges involved with securing a massively distributed install base, the prevalent attack vectors, the mitigation tactics and the lessons learned.

Raimund Genes, Chief Technology Officer, Trend Micro
(Oak Bay I)

Trend Micro and VMware allow you to fully capitalize on the game-changing benefits of virtualization and cloud computing. Our innovative, complementary solutions include the first and only agentless antivirus solution for virtualized desktops and datacenters, and a breakthrough key management and encryption solution for both public and private clouds.

Norm Chan, Sales Systems Engineer, McAfee, Inc.

Database Security
For many organizations, data is their lifeblood. Any loss, interruption, or security breach means disaster. Join McAfee to hear about the many ways we can help you protect your business-critical data from both internal and external threats, without impacting performance or availability. Learn how to your safeguard your data center and your databases and how to protect your corporate intellectual property from improper exposure to the public, competitors, or on social media sites.

Michael Argast, Director, Western Canada, TELUS Security Solutions

The impact of mobility, social networking, data breaches and intelligent analysis on privacy and organizational security
In a whirlwind 30-minute session, Michael will cover a wide ranging set of topics and talk about their impact on privacy, security and risk management. He will provide practical, straight forward advice on how to orient your organization’s policies and security investments to ensure privacy needs are met, while balancing open access, security and fiscal considerations. Topics covered will include bring your own device strategies, flexible workstyles, social networking, data breaches, change in threat profiles and more. This session targets those interested in privacy and security from a business or operational perspective.

Mark Troester, Global Product Consultant, IT/CIO Solutions, SAS
(Oak Bay II)

Big Data: Challenge or Opportunity?
Governments are moving to drive citizen participation and engage directly with their constituents through additional government services and improved access to government data. Governments are looking for technology innovations to foster a better relationship with their citizens and to provide online service offerings. At the same time, the onslaught of big data provides both a challenge and an opportunity. Government agencies struggle to manage the ever growing volume, variety and velocity of data. But if they overcome this challenge, and couple the management of big data along with leveraging effective analytics, governments can realize significant benefits. Big data can be used to discover economic and operational advantages. Big data can be used to better understand how citizens are responding to government programs and services. Big data can be used to improve public safety.

In this session, we will define what big data is, what impact big data has on business and government, and we’ll look at big data opportunities and challenges. The discussion will include an introduction to the security ramifications of big data.

Derek Manky, Sr. Security Strategist, Fortinet

2:30 – 2:55
Upper & Lower Foyers

Afternoon Break

2:55 – 4:10

Session 7 – Concurrent Sessions

Panel A: Mobile Privacy and Security – The Perfect Storm
(Salon AB)

Moderator: Jill Clayton, Information & Privacy Commissioner, Province of Alberta


  1. Chris Conley, Technology and Civil Liberties Fellow, ACLU of Northern California
  2. Alex Manea, Security Product Manager. Global Security Group, Research In Motion
  3. Norm Chan, Sales Systems Engineer, McAfee, Inc.
  4. Stewart Cawthray, Chief Security Architect, IBM Global Technology Services

Panel B: Behavioural Geo Targeting and On-Line Advertising “Every Move You Make…”

Moderator: Suzanne Morin, Assistant General Counsel, Privacy, RIM


  1. Noah Lang,
  2. David Elder, Stikeman Elliott LLP & Special Digital Privacy Counsel to the Canadian Marketing Association
  3. Martin Kyle, CSSP, CSSLP, GISP, Principal Sierra Systems
  4. Shawn Cruise, Director, Public Sector Canada, Adobe

Panel C: International Privacy Frameworks – Meeting New Challenges
(Salon C)

The OECD Guidelines have been remarkably influential in shaping privacy frameworks around the world. However, the three decades since their release have brought significant changes to the environment in which privacy principles must operate, both in terms of the benefits of responsible uses of personal data and the challenges of protecting privacy effectively. There still remains a lack of uniformity in privacy legislation across the world, with different approaches in different countries. This presentation will offer an overview of the key issues being examined by the OECD such as the role of the individual in privacy protection, the implications of cloud computing and the key role of technical and security safeguards. As well, this presentation will look at how data protection authorities from across the globe are coordinating efforts, whether through multilateral discussions or agreements relating to the sharing of information. Learn from the experts; the Chair of the OECD Working Party responsible for the review of the guidelines, and a lawyer from the Office of the Privacy Commissioner of Canada, as to how policy-makers and privacy experts are working together to ensure the continued relevance of the OECD Guidelines and to help ensure a more uniform approach to protecting privacy at the international level.”

Moderator: Drew McArthur, Privacy and Compliance Consultant


  1. Jane Hamilton, Senior Policy Advisor, Industry Canada
  2. Daniel Caron, Legal Advisor, Office of the Privacy Commissioner
  3. Deloitte, speaker tbc
4:15 – 5:00

Session 8 – Concurrent Keynote Speakers

Trevor Hughes, President and CEO, International Association of Privacy Professionals
(Salon AB)

20 in 2012: The Top Privacy Issues to Watch
Privacy has long been an important part of any information protection program; however, new potential laws and shifts in the landscape are creating new challenges and business imperatives for privacy, security, IT and legal professionals. Organizations and companies are under more pressure than ever to develop and explain strong privacy practices. From calls for a ”Do Not Track” tool to requiring concepts of Privacy by Design and new potential new data breach notification rules, there are many new priorities to consider. J. Trevor Hughes, president and CEO of the world’s largest association of privacy professionals, will cover the top privacy policy and technical developments to watch in the coming year.

Michael B. Jackson, Director, Public Sector Solutions and Strategy, Adobe Systems, Incorporated

Securing Citizen Experiences through a Digital Government
Conditioned by secure retail interactions online, today's connected citizens expect modern and intuitive government experiences as well – across multiple channels, from any device.

Administrators are expected to manage these digital user experiences, proactively addressing process bottlenecks and security breaches while measuring effectiveness. Program managers, seeking to build personalized relationships with citizens, will automate enrollment workflows and accurately process atypical applications with minimal disruption - all with a focus on results.

Through the interconnected experiences of key stakeholders, and by examining relevant public sector case studies, this session will explore the opportunities and challenges of building cost-effective solutions that satisfy the needs of citizens, exceed their expectations, and ensure consistent, secure interactions for all.

Friday, February 17, 2012
8:15 – 8:20
Salon AB

Administrative Announcements

MC: Keith Baldrey, Chief Political Reporter, Global BC

8:20 – 9:10
Salon AB

Session 9 – Keynote Speaker

Daniel J. Solove, Professor of Law, George Washington University Law School
and Paul Schwartz, Professor of Law at the University of California, Berkeley School of Law.

Personally identifiable information (PII) is one of the most central concepts in information privacy regulation. The scope of privacy laws typically turns on whether PII is involved. The basic assumption behind the applicable laws is that if PII is not involved, then there can be no privacy harm. At the same time, there is no uniform definition of PII in information privacy law. Moreover, computer science has shown that the very concept of PII can be highly malleable. Because PII defines the scope of so much privacy regulation, the concept of PII must be rethought. Professors Paul Schwartz (Berkeley Law School) and Daniel Solove (George Washington University Law School) will argue that PII cannot be abandoned; the concept is essential as a way to define regulatory boundaries. Instead, they will propose a new conception of PII, one that will be far more effective than current approaches.

9:10 – 9:50
Salon AB

Session 10 – Keynote Speaker

Cheri F. McGuire, Vice President, Global Government Affairs & Cybersecurity Policy, Symantec Corporation

Know Your Enemy: Understanding the Threat Landscape, Challenges, and Best Practices

Sensitive information under attack from a wide variety of sources, including well-meaning insiders, organized crime rings, nation states and advanced persistent threats (APT’s). Private and Public Sector are facing a changing information technology landscape that sees more information stored on smart phones, tablets and cloud services. Tiffany Jones will discuss the current global threat landscape, identify key security challenges apply critical best practices and solutions to protect your environment.

9:50 – 10:10
Upper Foyer

Morning Break

Book Signing:
“Nothing to Hide” and “Understanding Privacy” by Daniel Solove
“Privacy Law Fundamentals” by Daniel Solove & Paul Schwartz

10:10 – 10:40

Session 11 – Concurrent Keynote Speakers

Eddie Schwartz, Chief Security Officer, RSA
(Salon AB)

A State of Dynamic Risk: Containment and Victory in a World of APTs
The cyber world is heating up, from Cybercriminals and Hacktivists to Nation States and arms brokers in a world Advanced Persistent Threats (APTs). The hype and speculation and fear are high, but the answer lies in some old principles revisited. Manage the unmanageable, know the enemy and build the right structures to survive and even thrive in a new state of “dynamic risk.” This is about a solid defense doctrine, operationalization and ultimately about familiar management principles applied in new ways.

Session Objectives: Provide education on this topic for security professionals; frame the issues and the players through the introduction and opening remarks; frame a “modernized” defense doctrine and principles; make recommendations; seek actionable solutions that can be implemented today.

Joe Alhadeff, Vice President for Global Public Policy, Chief Privacy Officer, Oracle Corporation

The Elements of a Data Governance Program: People, Practices, Policies and Technology
This keynote will focus on the evolving needs of organizational governance and accountability. Governance and accountability are multifaceted concepts that must be applied in ways that are accessible to the individual, credible at the level of the organization and extensible across the ecosystem. The elements of such a program are based in organizational policies and processes, the technology that supports them and people that oversee and implement them. Today’s accountability and governance program must be developed collaboratively across disciplines to assure that each element supports and underpins the other. Where technology may have limitations to secure data beyond the transaction; policies, processes and contracts may supplement. Technology may support policies and processes through identity management, rights allocation, audit and other tools. When all of these elements function together the whole is greater than the sum of its parts. As part of this keynote we will also consider trends in Canadian law and practice as well as specific applications of technology in identity and privilege management.

10:45 – 12:00

Session 12 – Concurrent Panel Sessions

Panel A: Facial Recognition - Citizen Journalism & Privacy
(Salon AB)

This panel will examine the latest developments in facial recognition technology (FRT) and its application in British Columbia. The panel will also consider the issues raised by this technology, including its implications for privacy and the growth of citizen journalism in new media.

Moderator: Elizabeth Denham, Privacy and Information Commissioner of British


  1. Karl Martin, President & CEO, Bionym Inc.
  2. Jamie Graham, Chief Constable, Victoria Police Department
  3. Peter Chow-White, Assistant Professor, School of Communication, Simon Fraser University
  4. Deloitte, speaker tbc

Panel B: Cyber Security

Privacy and security are truly symbiotic, yet because each has its own focus and proponents, there is often contention. This esteemed panel of experts will work towards ending some of that conflict. We will begin with a simple question: What are the top 3 things that security experts can offer the privacy sector that have not yet been adopted or integrated? Why are they so important and how can they benefit the goals of privacy professionals? In a PowerPoint free setting, this issues-oriented panel is designed to be highly interactive, encouraging audience questions and spirited debate so attendees come away with new insights and approaches.

Moderator: Winn Schwartau, President, Interpact Inc. Author of Information Warfare, Cyber Shock, Time Based Security & Internet & Computer Ethics for Kids


  1. John Engels, Group Product Manager, Enterprise Mobility Group, Symantec
  2. Robert Dick, Director General, National Cyber Security Directorate
  3. Steve Hutchens, Director, Global Government Industry, HP
  4. Paul Laurent, Public Sector Director of Cybersecurity Strategy, Oracle Canada
  5. Eddie Schwartz, Chief Security Officer, RSA

Panel C: Lawful Access; With Great Power comes Great Responsibility
(Salon C)

Moderator: Daniel J. Solove, Professor of Law, George Washington University Law School


  1. Micheal Vonn, Director, BC Civil Liberties Association
  2. Warren Lemcke, Deputy Chief Constable, Vancouver Police Department
  3. Stephen G. Serrao, Director of Product Management, Memex Solutions, SAS Institute
12:00 – 1:15

Luncheon Keynote Address
(Salon AB)

Elizabeth Denham, Privacy and Information Commissioner of British Columbia

Privacy, accountability and the digital revolution
Just as the computer revolutionized how we work and the internet revolutionized how we connect with people, we must revolutionize the way we think about privacy in today’s digitized world.

Join B.C.’s Information and Privacy Commissioner Elizabeth Denham for an engaging discussion about how we fuse privacy with technology as the digital revolution unfolds, including case examples and practical tools to help organizations demonstrate their compliance with B.C.’s privacy laws.

Luncheon Keynote Address

Willie Wong, Enterprise Services, Security, BCRS and Networking, IBM Canada

CyberRisk: An Executive Business Perspective
Organizations want to maximize the use of technologies like Social Media, Mobility and Cloud while managing the business and security risks that can threaten their business operations and competitive advantage.

Please join IBM for a eye opening Non-Technical informative business presentation on understanding the true risks and how to build a strategic framework for managing business risk that helps you reach business goals with confidence and efficiency.

1:15 – 1:45
Salon AB

Session 13 - Keynote Speaker

Dale McFee, President, Canadian Association of Chiefs of Police

1:50 – 2:20

Session 14 – Business Breakouts

Andrew Hughes, CISM CISSP, Consulting Director, Sierra Systems
(Oak Bay I)

The safe keeping of one’s identity is key to the merger of our online and real world daily interactions. Shopping, banking, credit, voting, social networks, the cloud, government services, and new services that await invention depend largely on the fact that you are really you. If a seller or service provider never encounters the physical you they must be willing to accept, and trust, the electronic tokens that claim to be you. There are many institutions competing to become the predominant internet identity provider: telecommunications companies, banks, Facebook, PayPal, and of course, Government. The race is on to build internet-scale, trusted identity services.

Sierra Systems has delivered identity management solutions, strategic direction and policy to Canadian Public Sector organizations. We see common patterns of success in many initiatives and emerging trends as more organizations make the shift to participate in the online identity ecosystem. Come and hear our perspective on patterns, trends, and what works in identity solutions for the Public Sector.

Spiros Angelopoulos, Oracle Enterprise Architect, Oracle Public Sector
(Salon C)

Elevating IT Security to the Cloud and Consolidation
The trend toward consolidation, be it through private or public cloud, further increases the need to understand transitional challenges on IT departments, CIOs and CTOs. Please join Spiros Angelopoulos from Oracle to learn how you can mitigate some of the associated risks by using security controls with a solid foundation of Identity and Access Management (IAM) and Data Security strategies. SaskTel’s IAM Cloud service, available in western Canada, will also be highlighted. Brian Baird, CTO, Sasktel IAM Centre of Excellence, will join Spiros for this session.

Tarlok Birdi, Senior Manager, Enterprise Risk, Deloitte

Privacy and Data Security Monitoring: Tales from the Global Front
Recent high profile targeted attacks resulting in millions of records being exposed have organization re-evaluating their current approach to privacy compliance and security monitoring. This session will present lessons learned from the global stage on key trends and effective solutions implemented.

Brian Reed, Global Identity Management guru, Hewlett-Packard
(Salon AB)

Who’s Afraid of the Big Bad Wolf? Designing and Implementing Secure ID Management Systems: Country Experiences
Discussion showcasing successful national initiatives using federated and secure identity management solutions and the challenges faced by governments, specifically in the health care sector, to implement these solutions and achieve substantial results and benefits for their citizens. Policy considerations for implementation, privacy issues in data usage/ownership, conditions that can foster an environment for successful deployment of identity solutions will be discussed.

Dave Iverson, M.Sc,EnCE,CFE,CISSP | Senior Manager, Grant Thornton LLP

eDiscovery: What you Need to Know
Come out for an informative discussion on electronic document discovery, commonly referred to as eDiscovery. This session will focus on the steps and procedures involved with eDiscovery, as well as providing practical advice for individuals who find themselves involved with the eDiscovery process. The session will cover some of the common pitfalls that can happen to the eDiscovery team, and will make recommendations for ways to avoid falling in to those traps. With more and more information being stored in electronic format, the role of eDiscovery in security and document management will continue to be of importance.


Kevin Harris, Account Technology Strategist for Government, Western Canada, Microsoft

Security and Identity
Come and explore some of the changes coming to Active Directory. We will be discussing how Active Directory changes can be used to Enhance Authorization, help with Compliance and Data Leakage, and Improve File Management.

(Oak Bay II)

Brian Murata, Account Manager – BC, RSA, The Security Division of EMC

Anatomy of an Attack - which documents the attack on RSA - the techniques used, what to watch for, what systems to harden and test, what visibility is required and how to prepare for a response and recovery plan.

2:20 – 2:40
Upper & Lower Foyers


2:40 – 3:55

Session 15 – Concurrent Sessions

Panel A: Clouding of the Issues – What challenges and obstacles are we overcoming today?
(Salon AB)

Moderator: Joost Houwen, CISSP, CISA | Western Practice Leader, IT Security, Grant Thornton LLP


  1. Tanya Forsheit, CIPP, Partner, INFORMATIONLAWGROUP
  2. Safenet, speaker tbc
  3. Paul Pinkney, Director of Security Programs, Symantec
  4. Fiaaz Walji, Canadian Country Manager, Websense
  5. Ronnie Scott, Data Center and Cloud Systems Architect, Cisco Systems Canada

Panel B: Your License Plate as a Tracking Device

Moderator: Jill Clayton, Information & Privacy Commissioner, Province of Alberta


  1. Christopher Parsons, University of Victoria
  2. Jay Loder, Manager of Privacy, ICBC
  3. Vancouver Police Department, speaker tbc
  4. Sponsor

Panel C: Navigating Internet Privacy
(Salon C)

Shifts in the modern Internet landscape are creating new challenges and business imperatives for security, IT and legal professionals. Join our panel of experts as they examine the legal, regulatory and public policy initiatives that are impacting online businesses, Internet usage and Internet security today, and tackle the most pressing questions in today's marketplace, including: prospects for new privacy legislation; the potential impact on how companies operate and design products; conflicts that may arise with the development of cloud computing; legal jurisdiction over international data flows in "the cloud?"; the progress of online tracking and advertising; the impact of increasing calls for Privacy by Design from policymakers and organizations; and the rise of rise of class action lawsuits in the privacy sphere.

Justin Weiss, Senior Director, International Privacy and Policy, Yahoo and
Trevor Hughes, President and CEO, IAPP

4:00 – 4:40
Salon AB

Session 16 – Closing Keynote Speaker

Steve Simske, HP Fellow, Global leaders, Hewlett-Packard Labs, Secure Document Lifecycle; Member, World Economic Forum Global Agenda Council on Illicit Trade, Chief Inventor, NASA

Who am I and where have I been?
These are perhaps the two most crucial concerns for identity. Authentication (who I am) and tracking (where I am) impact—and are impacted by—the current state of privacy and security. On the one hand, there are many different ways to track an individual—on-line activity, mobile phone GPS, retail activity, public surveillance, etc.—all of which may benefit specific security needs. On the other hand, there is the reduction in privacy associated with authenticating (non-reputable identification) the person. Tracking is not authentication; for example, what if someone is borrowing/stealing your mobile phone? Also, people may opt out of specific monitoring activities. On the other hand, what about the (perhaps inadvertent) losses of privacy due to narcissism and convenience—for example, Facebook and GPS services, respectively? In this keynote, the tradeoff between privacy and security needs will be discussed in the context of the rapidly changing nature of what identity really means now and in the years to come. Solutions to some of these challenges will be outlined, including the adoption of supply chain, analytics and dynamic biometric approaches to afford varying degrees of anonymity in the continuum between privacy and security.

Salon AB

Closing Remarks

Kim Henderson, Deputy Minister, Citizens’ Services and Open Government

Reboot Communications Ltd. reserves the right to make changes or amendments to the program and speakers, or to cancel sessions if enrollment criteria are not met, or when conditions beyond its control prevail. Please note that all sessions are filled on a first come, first seated basis. All recording devices and cameras are prohibited.