Privacy Law & Compliance

• Key updates and analysis on recent decisions and enforcement actions taken
  • Why certain enforcement actions were taken
  • What criteria were used when evaluating a violation
  • What should other privacy professionals take away from current enforcement actions
• Plan for tomorrow: what is currently worrying the provincial privacy offices, emerging issues and enforcement priorities
• Insight into the intersection between current privacy regulations and emerging technologies
• Guidance on cross-provincial privacy breaches
  • Who should you notify first?
  • Avoiding duplication
  • Processes and procedures for efficient and compliant
    breach notification
• Every privacy office has their own priorities and driving forces: best practices for developing privacy policies to ensure compliance across Canada

Don’t get caught scrambling: almost everyone has prepared for the CASL’s proclamation into force, but have you done everything you can? Attend this session and benchmark your preparedness with that of your colleagues. This is a unique opportunity to hear about the innovative steps others have taken to get their entire organization ready and gain an insider perspective on the legislation directly from Industry Canada.

• The key steps that businesses are taking to comply with the law and the finalized regulations
• Have you made the switch? Customer databases and customer relationship management systems designed to capture appropriate consents
• Important safeguards that you should have in place
• Understanding the Spam Reporting Centre’s role, and how to effectively deal with the CRTC, the Privacy Commissioner of Canada and the Competition Bureau post-proclamation
• Implementing a process to handle customer complaints regarding spam that organizations are bound to face
• What you need to tell your marketing and communications department to maintain compliance

Don’t get caught scrambling: almost everyone has prepared for the imminent release of the final regulations, but have you done everything you can? Attend this session and benchmark your preparedness with that of your colleagues. This is a unique opportunity to hear about the exciting things others have done to get their entire organization ready.

• Ensure you are as prepared as possible: Due diligence that has already been done by others
• Have you made the switch? The compliant way to maintain databases containing customer information and customer relationship management systems
• Important safeguards that you should already have in place

Avoid becoming a future legal or media target by learning to identify crucial privacy location-based services (LBS) do’s and don’ts.

• Explicit location-based services versus incidental location-based services: what are the differences and why it matters
• Due diligence that you must do: Key pieces of information you need to ascertain before using LBSs
• Avoid severe privacy violations: the dangers of collecting vast amounts of information without “using” it
• How to monitor and manage the intentional and unintentional data flows from LBS offerings
• How long are you allowed to retain geo-location data?
• Acceptable procedures for providing clear disclosures to consumers
• What is required to stay compliant after the product is released publicly
• Identifying additional privacy threats when efforts are directed at children and young adults

The tort of invasion of privacy is the first new tort to be recognized in over 40 years. Attend this session and hear directly from Jones v. Tsige plaintiff counsel about the massive repercussions of this decision and how it will affect you.

• Privacy as a growth industry for litigators
• Identifying the elements of the tort of invasion of privacy
• What facts would lead to a claim under this new tort?
  • How it differs from related torts
  • How to know which torts are appropriate for your case
• How to know which torts are appropriate for your case
  • Can a plaintiff elect between them?
  • Where are damages headed?
• 3 ways plaintiffs can maximize the loss under this tort
• 3 ways defendants can minimize the loss under this tort
• Important lessons learned from jurisdictions that have already recognized this tort: precedent from the U.S., B.C. and Newfoundland
• Critical new skills required: how to successfully prove causation
  and damages - beyond general damages
• Routine employment practices that may be affected: from routine locker searches to surveillance cameras in the workplace
• Superior crisis communications strategies: You can reduce
  or escalate the situation within the first 24 hours

“Big Data” is a general term used to describe the large amount of unstructured and semi-structured data a company creates. Some are talking about it becoming the key basis of competition, which will underpin new waves of productivity, growth and innovation. While others are focusing on the challenges as they pertain to social networking sites – and the volume of data being collected on every single person and how that data is becoming so large that it is a logistical challenge to manage and harvest with any meaning.

Attend this session and gain an understanding of the real concerns that go along with consumers blindly offering up their personal information and a healthy debate on whether, if at all, this type of data collection should be regulated.

• Is the collection of mass amounts of consumer data harming consumers or is it a valuable business asset?
• What practices pose a clear risk?
• Can the market be trusted to provide appropriate controls and educate their users?
• Strategies for providing online privacy protection for Canadians: is regulatory intervention required? In what form?
• Navigating the complex legal maze of protecting privacy given current legislation
• How should data professionals collect, access, and use data collected?
• What consumer consents should be required prior to gathering their information?

You’ve heard the negative aspects of cloud computing and the fear mongering, but you haven’t received the practical information required to effectively move to the cloud. Attend this well-balanced presentation, and acquire a complete and comprehensive guide to safely store your information with a third party host.

• What you need to know prior to outsourcing:
  • Databases containing customer information
  • Company emails
• Customer relationship management systems
• How to properly assess a vendor
• Drafting a model outsourcing contract to protect your rights
  • Negotiating useful privacy, security and risk related terms in your contract
  • A clear understanding of your privacy obligations versus that of your vendor
  • Protect yourself: key clauses that should appear in your outsourcing contract
• What you need to advise service providers within and outside of Canada
  • A checklist of the Canadian legal requirements to which they will be subject
• Why you need to know where your information is being stored
  • The legal implications if you are facing litigation and are required to provide the outsourced information
  • Impact of the U.S. Patriot Act
  • Should you inform your customers where their information is being stored?
• Risk mitigation strategies after your information has moved to the cloud
• Customer issues and recent litigation that have stemmed from cloud computing

• What constitutes a breach?
• Clarifying key terms: what are “significant harm” and “meaningful consent?”
• How do you assess the materiality of a breach?
• What should appear in a compliant breach notification policy?
• Who should you notify first?
  • The most effective steps for responding to a breach
  • Best practice procedures for breach notification
• Critical techniques for breach containment
• Key crisis communication strategies when faced with a privacy breach
• Lessons learned and key practice tips

• What you can and cannot validate about future employees: online versus regular background checks
• How to draft an enforceable social media policy
  • Best practices for informing your employees of repercussions for incorrect use of social media
  • Striking the important balance of managing “all online conduct” versus “all work-related conduct”
• What you are allowed to reprimand your employees for doing at work versus at home (on company issued devices versus personal devices)
• Key takeaways and trends from recent case law
  • Are the courts applying traditional employment concepts to the social media setting?

Lax controls in business processes and records management technology systems are the primary cause of loss of privacy related data. As such, it is imperative that you stay on top of all of the latest trends in records retention schedules, information management processes and security threats as they relate to your organization’s records. Attend this session and leave absolutely sure that your data storage and destruction practices are on par with your peers.

• Reducing the complexity and size of retention schedules
  • How detailed does your retention policy need to be today?
  • How the “big bucket classification system” can reduce your record categories and ensure company-wide compliance
• Managing the growth away from paper records management
• Capitalizing on opportunities: how others are effi ciently sharing stored information
• Impact of social media on records keeping
• Spending is set to rise on electronic document management (EDM) and email management solutions: which ones are worth the investment?
  • Capabilities and limitations of Sharepoint and others
  • How EDRMS Systems deliver security