Conference Details

Event Categories

Browse C5 Companies

C5 Group
www.C5groupinc.com

L'Institut Canadien
www.institutcanadien.com

American Conference Institute
www.americanconference.com

C5 (UK)
www.C5-online.com
CI : Privacy Law & Compliance : Agenda

The Canadian Institute's Forum on

Privacy Law & Compliance

Tuesday, September 20 to Wednesday, September 21, 2011
InterContinental Toronto Yorkville, Toronto, Ontario

DAY ONE | Tuesday, September 20, 2011

8:00 Registration Opens and Coffee Served

8:45 Opening Announcements from the Co-Chairs

Amanda Maltby
Chief Privacy Officer, Canada Post Corporation

Michael Power
Barrister & Solicitor and CAPAPA Board Member

8:55 Keynote Address from the Office of the Federal Privacy Commissioner

Robin Gould-Soil
Director PIPEDA Investigations
Office of the Privacy Commissioner of Canada
Cross-Canada Update Directly from the Provincial Privacy Offices

9:45 Alberta’s Recent Challenges in Access and Privacy

Marylin Mun
Assistant Commissioner
Office of the Information and Privacy Commissioner of Alberta

  • The view of the Office of the Alberta Information and Privacy Commissioner on the disclosure and recording of information for qualified intermediaries
  • There is increasing collaboration between public sector bodies and private sector agencies involving the sharing of personal information - which privacy laws apply?
  • The Missing Person Act — what information must be provided to the police?
  • Mandatory Breach Reporting — what has been the experience in Alberta to date?

10:35 Networking and Refreshment Break

10:50 Protection of Personal Information in the Private Sector – Quebec’s Position From Yesterday Until Today

Christiane Constant
Commissioner, Access to Information Commission of Québec

  • How the Commissioner’s Office wants you to protect personal information — during collection and destruction
  • Modifications brought to privacy legislation since 2006
    • Consent to collection
    • Security measures which have to be taken by an enterprise
    • Communication of personal information to a third party, without consent of the concerned person
  • An analysis of the Commission’s experience when interacting with the private sector
  • Recent decisions rendered in the private sector regarding personal information
  • Protecting children in the digital technology era — the Commission’s view
  • Chief concerns of the Commission regarding breach of confidentiality pertaining to personal information in the private sector

11:40 Privacy in Transition: A Perspective from the Newfoundland and Labrador Commissioner’s Office

Sean Murray
Assistant Commissioner
Office of the Information and Privacy Commissioner
of Newfoundland & Labrador

  • Public sector privacy law (ATIPPA) - in force since 2008:
    • An update on its effectiveness and operation
    • Successes and challenges
    • Noteworthy privacy issues that have arisen under ATIPPA
  • Personal Health Information Act (PHIA) was proclaimed on April 1st, 2011:
    • Key features
    • How prepared are custodians to comply with PHIA
    • An early assessment from the Commissioner’s Office as to how PHIA is working
    • Noteworthy issues which have arisen under PHIA
  • Looking ahead:
    • What can we expect as the ATIPPA and PHIA continue to mature?
    • What challenges lie ahead for the Office of the Information and Privacy Commissioner, as well as for the public and private bodies and custodians who are ultimately responsible for protecting our personal information?

12:30 Networking Luncheon for Delegates and Speakers

1:45 Managing Ongoing and Serious Privacy Concerns in Saskatchewan: Working with Health Records

Diane Aldridge
Director of Compliance, Office of the Information and Privacy
Commissioner of Saskatchewan

  • Challenges of working with health records (paper and electronic) including how some trustee organizations’ safeguards are falling short of the mark
    • Abandoned records and the problems identified with the curiosity of registered users of electronic health records
  • Abuse of health services number/card – how easily a provincially mandated health number can become a defacto provincial identifier for all kinds of purposes
  • Internet publication practices of some administrative tribunals
  • Extensive use and disclosure of PI involving shared databases
    • Consequences of outdated legislation and the need for clear accountability to the data subject
    • Figurative firewalls needed to protect the privacy of individuals
    • Data sharing agreements that may not be strong enough to adequately protect personal information/personal health information of individuals
    • When there is more than one player, who is responsible for breach notification?
  • Extensive secondary uses and disclosures of personal information
    • The difference between primary and secondary uses of information and why the distinction is important
    • Different forms of consent (opt-in, opt-out and deemed consent) and when each is appropriate
    • Should health regions share certain personal health information from individuals who receive treatment in an acute care hospital with health foundations without the prior express consent of the patients?
    • To what extent can the personal information obtained from applicants for student loans be used for unrelated government services?

2:35 Smart Grid Case Study: Building Privacy Assurance into Default Modes of Operation

Michelle Chibba
Director of Policy
Office of the Information and Privacy Commissioner of Ontario

While improvements to the electrical grid are necessary for the long-term reliability of electricity and environmental sustainability, unless Privacy by Design principles are incorporated at the outset, and by default, Smart Grid systems run the risk of unnecessarily collecting and disseminating large amounts of personally identifiable information. Privacy is essential to maintaining consumer confidence and trust. The Information and Privacy Commissioner of Ontario, Canada, has taken a global leadership position, in partnership with Smart Grid stakeholders including Hydro One, GE, IBM and Telvent, to ensure that consumers’ personal information is protected. This session will explain how the “Privacy by Design” approach will help utilities build privacy assurance into their default mode of operation.

3:25 Networking and Refreshment Break

3:40 New Brunswick’s New Access and Privacy Laws: The First Year in Review

Anne E. Bertrand, Q.C.
Commissioner, Office of the Access to Information and Privacy
Commissioner of New Brunswick

  • Establishing the Office of the Access to Information and Privacy Commissioner in New Brunswick: historical first
  • Provincial oversight body of Right to Information and Protection of Privacy Act and Personal Health Information Privacy and Access Act
  • Adopting user-friendly approaches in handling the general public’s concerns
  • Establishing guidelines and best practices to educate the public and private sectors on their obligations under the new legislation
  • Exploring New Brunswick’s experience with the new legislation

4:30 A Comprehensive Look at Changes to the BC Privacy Landscape

Sara Levine
Counsel, AllianceLex Law Corporation

  • Key BC cases of the past year
  • Personal Information Protection Act issues
    • Data breaches on the rise
    • Public education efforts, by the OIPC and others
  • Changes in the Freedom of Information and Protection of Privacy landscape in BC
    • Impact of increased sharing for “citizen-centric services” and government push for amendments to FIPPA
    • What will legislative reform look like?
    • Impact of government proactive release policies
  • Personal Health Information issues
    • E-health initiatives in BC
    • Why the amendments to existing health laws creates a de facto “health information privacy” regime

5:15 Co-Chairs Closing Remarks

DAY TWO | Wednesday, September 21, 2011:

8:30 Coffee Served

9:00 Opening Remarks from the Co-Chairs

9:15 Key Recent Legal Decisions and Trends in Privacy Law

Adam Kardash
Partner and Managing Director & Head of AccessPrivacyHB
Heenan Blaikie LLP

Receive a complete and up to the minute update of the latest trends, regulatory updates and recent decisions in privacy in this thorough session.

  • Emerging themes and trends in the privacy arena
  • Privacy regulatory update
    • Federal and provincial privacy regulatory authority findings and order
    • Key privacy regulatory authority guidelines and other releases
  • Need to know recent privacy case law

10:15 A Worldwide Update on Noteworthy Legal Privacy Developments that May Affect Canada

David Fraser
Partner, McInnes Cooper

  • Is general privacy law on the horizon in the United States?
  • Changes in government-to-government information sharing in data havens
  • Development in European regulation, including cross border transfers and data retention
  • Progress to harmonization among the APEC states
  • Global developments of significance to the privacy and compliance professional

11:15 Networking and Refreshment Break

11:30 Privacy Accountability: Shifting Expectations in Canada that You May Need to Meet Soon

Terry McQuay
President & Founder, Nymity

Can an organization demonstrate compliance? Not easily. Can an organization demonstrate an effective privacy program? Yes. Demonstrating accountability is increasingly becoming the new focus for the next generation of privacy laws from around the world and potentially the new privacy compliance frontier in Canada. In this session learn about the accountability shift around the world, the influence it has on Canada and how it could impact your organization.

12:15 Networking Luncheon for Delegates and Speakers

1:30 Practical Guidance on Drafting Secure Contracts when Outsourcing to Third Parties: Whose Terms Should Prevail?

Della Shea
Chief Privacy & Information Risk Officer, Symcor

Pamela Snively
Managing Director, AccessPrivacy, Heenan Blaikie Global

Steve Cimicata
General Counsel, Trapeze Group

Gain real world practical guidance for drafting the terms of a third party contract by watching the interaction between a Chief Compliance Officer, In House Counsel and an Expert Consultant while they attempt to negotiate the terms of an outsourcing agreement. Among other critical points, the interaction will highlight:

  • How to deal with competing perspectives when engaging with a third party provider, including cloud vendors
  • The process for coming up with the appropriate terms by deciding what to give up versus what you might gain
  • The tradeoffs that could be deal breakers: When you should walk away if the outsourcing party can’t provide what you need

2:45 Networking and Refreshment Break

3:00 Social Media and Privacy Law in Practice: Meshing Compliance Obligations with Business Reality

John P. Salloum
Lawyer – Privacy and Information Management and Marketing
& Advertising, Heenan Blaikie LLP

Sue-Anne Fox
Legal Counsel, Purolator Inc.

Marketers are increasingly turning to social media such as Facebook, Twitter, LinkedIn, and Four Square as part of their strategic marketing initiatives. These projects typically develop at lightning speed, and often require legal counsel and compliance professionals to identify and assess legal risks across a broad range of areas, including privacy. This session explores real-world examples - from the unique perspectives of both external and in-house counsel - of how these projects are implemented, the privacy risks and considerations associated with these campaigns, and practical strategies to mitigate the risks in this context.

4:00 Best Practices for Document Retention, Management and Destruction by Specific Industry: Focused Breakout Groups to Ensure that You Stay Compliant with Relevant Laws and are on Par with Your Peers

Privacy and compliance professionals need to be concerned with good data management. They must protect the information that their organization collects, keep it for as long as necessary and destroy it correctly. Nevertheless, the retention, management and destruction policies and practices related to an organization’s records are guided in large part by industry practice. Attend this session and take advantage of the unique opportunity to hear about regulatory rules and best practices for your specific industry.

Choose the industry breakout group that you would like to attend:

A) Financial

Group Leader:

Frances McManus
AVP, Global Compliance, Manulife Financial

B) Health Sector

Group Leader:

Elyse Sunshine
Partner, Gardiner Roberts LLP

C) Government and Public Sector

Group Leader:

Christopher Garrah
Partner, McMillan

D) Retail/Private Sector

Group Leader:

Fazila Nurani
President and Founder, PrivaTech Consulting
These interactive peer breakout sessions will cover:

  • The types of documents or records your peers are keeping and for how long they are keeping them
  • The documents or records that you should be keeping, but might not be
  • Whether your peers are scanning certain documents and, if they are, whether they keep the originals? Should they be?
  • The documents that might need to be kept secure and in a fireproof location
  • The documents or records your peers are outsourcing to be kept offsite
  • The information management vendors that your peers are relying on
  • The policies your peers have in place in order to stay compliant with privacy and other legislation and ensure that they are keeping the documents and records that they need to be
  • The methods being used by your peers to store electronic data and the timelines being used for keeping that data
  • The most favourable methods being used to securely dispose of records

5:00 Co-Chairs Closing Remarks