Wednesday, May 12, 2010
8:00 Registration Opens, Coffee Served
9:00 Announcements and Opening Remarks from the Co-Chair
David Fraser
Chair, Privacy Practice Group
McInnes Cooper, Halifax
9:10 Working with the New Generally Accepted Privacy Principles (GAPP)
Robin Gould-Soil
Chief Privacy Officer
TD Financial Group
- What are the elements of the new GAPP, adopted recently in Canada and the U.S.?
- What tools and controls do they offer for evaluating the effectiveness of your privacy program?
- policies
- training
- testing
- How does it fit into your existing program?
- What members of your team need to be aware of the GAPP?
10:00 Networking Refreshment Break
10:15 The Privacy Commissions: A Year in Review
David Elder
Elder Communications & Privacy Law, Ottawa
Frank Work, Q.C.
Information & Privacy Commissioner, Alberta
- Top privacy commissioner findings and court decisions of the past year
- An update on revival of the E-Commerce/anti-spam bill
- The status of PIPEDA review
- Will Ontario respond to the OHA’s invitation to expand access to information legislation to hospitals?
- how has it worked in other provinces?
- How has Alberta’s privacy enforcement stood up on judicial review?
- Quebec’s recent guideline on breach notification
- When will the new legislation in New Brunswick come into force?
- What’s happening in Manitoba?
11:15 Alberta’s PIPA Reform: What will it Mean to Alberta and the Rest of Canada?
Frank Work, Q.C.
Information & Privacy Commissioner
Alberta
- Mandatory breach notification
- what will the real effects be?
- Implications for organizations that outsource data
- What does “significant harm” mean?
- Complying with information destruction requirements
- What was excluded from the amending legislation?
12:15 Luncheon for Delegates and Speakers
1:30 The Police are Knocking at the Door. Now What?
David Fraser
Chair, Privacy Practice Group
McInnes Cooper, Halifax
- How to deal with requests from law enforcement for personal information
- What are your obligations?
- with a warrant
- without a warrant
- under PIPEDA
- Recent case law and legislative reforms
- Intelligence gathering vs. specific investigations
- Dealing with requests from CSIS for national-security investigations
- How to reduce the institutional burden of such requests
- Police investigations in the healthcare context
- how recent Alberta legislative initiatives may influence healthcare practices elsewhere
- documents vs. real evidence
- The consequences of getting it wrong
2:30 Networking Refreshment Break
2:45 Understanding Obligations for Employee Privacy
Dan Michaluk
Partner
Hicks Morley Hamilton Stewart Storie LLP
- Employee computer monitoring
- recent cases at the Ontario CA and US Supreme Court
- how private are “personal” folders on work computers?
- Social networking
- to what applications should employers allow access, and why or why not? Web mail? Facebook? Twitter? IM?
- use in disability claims
- applicability of privacy legislation to monitoring of the social networking activities of current or potential employees
- could the use of information gleaned from social-networking sites form the basis of a human rights complaint or grievance?
- What employees can and can’t say on profiles and blogs
- the employee duty of loyalty
- defamation
- deliberate or inadvertent leaking of confidential information
- inappropriate statements
- personal vs. company time
- Access requests to employee records
- Workplace surveillance
- Employee background checks
- the privacy risks involved in not doing them
- issues surrounding criminal background checks
- the risks of using internet information as a background check
- The blurring line between private and business
- employee smart phones: who owns the data?
- Developing and effectively communicating policies
- essential elements of a policy
- How much can you disclose to colleagues about the reasons for someone’s termination?
- Managing privacy for off-site workers
- integrating privacy protection into pandemic preparedness
3:45 Understanding the Significance of International Developments
Ariane Siegel
Partner
Aird & Berlis LLP
- New International Standards on the Protection of Personal Data and Privacy, also called ‘The Madrid Resolution’
- Transferring data from the EU to the US
- increased FTC enforcement of representations made under the Safe Harbor program
- use of Binding Corporate Rules
- New EU law requiring prior express consent to use cookies: what will it mean when enacted by 2011 in member countries?
- only countries with EU-based websites or any traffic passing through?
- only EU citizens?
- how do you get consent?
- do browser setting count as express consent?
- administrative consequences
- best practices for global companies and branch operations
- The US model privacy form, used in lieu of safe harbor
- The status of the proposed US Data Accountability and Trust Act (DATA)
- US restrictions on ADADs without prior express consent
- The US requirement to report US citizens with foreign accounts in Canada and deny service if they refuse
4:30 Conference Adjourns
Thursday, May 13, 2010
8:30 Coffee Served
9:00 Announcements and Remarks from the Co-Chair
Terry McQuay
President
Nymity Inc.
9:05 Improving Your Data Governance
Moderator and Speaker:
Pamela Snively
Managing Director
AccessPrivacyHB
Panelists:
Mimi Lepage
Chief Privacy Officer and General Counsel
Canadian Institute of Health Information
Wesley Ng
Partner
Stikeman Elliott LLP
- Why is governance vital to maintaining privacy?
- Is governance superseding consent as the cornerstone of privacy management?
- Structuring accountability
- Managing outsourced functions
- controlling data transmission
- anticipating future disclosure requirements
- protecting data no matter where it is located
- myth vs. reality
- outsourcing by subcontractors
- What healthcare organizations and private enterprise can learn from each other about data governance
- Records management
- Keeping data from walking out the door in a period of economic dislocation
- Increasing the status of privacy, security and data governance within the organization
- Building partnerships between privacy and IT departments
- why is an integrated, holistic approach necessary?
- how to achieve this crucial relationship
- The role of data stewards
- Maintaining controls during and following a merger
- Data retention and secure destruction
- Special considerations for umbrella organizations with more than one entity
- controls when conveying information from one site or entity to another
10:15 Networking Refreshment Break
10:30 Reconciling Privacy with Current Trends in Marketing
Kathleen Brown
Vice President, General Counsel
Omnicom Canada
Shelley Samel
Partner
Gowling Lafleur Henderson LLP
- An update on telemarketing and Do Not Call Lists
- managing customer expectations about internal and regulatory DNC lists
- an update on the initial fines levied
- Using social networking tools and contests as part of your marketing efforts
- choosing the right applications
- the role of the CPO
- mitigating risks
- Requirements under the proposed Electronic Commerce Protection Act, if revived and passed
- requirements for commercial emails
- data mining
- avoiding fines of up to $1 million
- Recent cases
- are business email addresses personal information?
- Privacy concerns in online marketing
- youth privacy
- U.S. and Quebec legislation
11:30 Enterprise Risks and Opportunities in Location-Based Services
Richard Pearse
Richard Pearse Technology Law
- What’s possible today, and what will be possible in the future?
- Monitoring mobile employees
- Consent and opt-in design
- Privacy and physical security
- Non-internet-based LBS
- Implications of the integration of social media and GPS
12:15 Networking Luncheon for Delegates and Speakers
1:30 Online Behavioural Advertising: Understanding the Privacy Implications
Michael A. Signorelli
Venable LLP, Washington DC
- How it works
- flash cookies and re-spawning
- US developments
- the FTC position: are legally binding guidelines coming?
- industry initiatives
- how successful has compliance proved?
- The status of the CMA’s self-regulatory guidelines
- Communicating your tracking to users
- alternatives to the privacy-policy route
- Opt-outs
2:15 The View Ahead: Emerging Technological Challenges
Moderator and Speaker:
Gail Magnuson
Director, Emerging Issues
Nymity Inc.
Panelists:
Wendy Gross
Partner
McCarthy Tétrault LLP
Tracy Ann Kosa
Privacy Impact Assessment Specialist
Enterprise Information Management Implementation & Business Services
Government of Ontario
- Cloud computing
- is it conceptually any different from outsourcing?
- pros and cons from a privacy perspective
- evaluating and qualifying providers and contracts
- protecting security audit rights
- can it make your own systems vulnerable?
- dealing with the jurisdictional issues arising from cross-border data flow
- data preservation and securing litigation holds
- ensuring data destruction where required by law or policy
- Wireless sensor networks
- smart meters: new privacy concerns for utilities
- tracking devices for an aging population
- Ubiquitous computing environments
- implications in health-care environments
- communication between network devices
3:15 Conference Concludes
Conference Details
