Agenda

Health professionals who collect, store and share personal health information are often the de facto gate keepers of that information with regard to health research. How they understand their responsibilities can have a direct impact on their willingness to share this information with health researchers. This sessions reports on a study of health professionals as to their understanding of various privacy requirements, and how this can negatively affect health research.

Dr. Daryl Pullman
Professor of Medical Ethics
Faculty of Medecine
Memorial University

A request for review or complaint under the ATIPPA requires the public body to become engaged with the Office of the Information and Privacy Commissioner (OIPC). The first goal of the OIPC is always informal resolution, and this is how the majority of files are dealt with. However, the parameters of informal resolution are not always well understood, and sometimes opportunities are missed.

When a file cannot be settled informally, it moves to the formal investigation process, concluding with a Commissioner's Report. The goal of the OIPC is to issue a Report which clearly states the positions of the respective parties, then analyzes those positions in relation to the Applicant’s request and the responsive records. This analysis is undertaken within the context of the ATIPPA, as well as previous Reports issued by the OIPC and relevant jurisprudence from across the country.

This presentation will review both stages encountered by public bodies at the OIPC. First, it will explore the possibilities presented by the informal resolution process, including some tips and best practices when working with the OIPC to resolve matters informally. Second, it will discuss the key elements of a formal submission, outlining the type of information which should to be included in order to give your submission the best chance for success.

Sean Murray
Assistant Commissioner (A)
Office of the Information and Privacy Commissioner Newfoundland and Labrador

Margot Priddle
Director, Pharmacy Network Program
NL Centre for Health Information

The Government of Newfoundland and Labrador has passed the Personal Health Information Act, new legislation that address the protection of individuals' health information. This presentation will review some of the main aspects of the legislation and provide an overview of what sorts of changes persons working in the health and community services sector can expect once the Act is proclaimed in force.

Brian Bennett
Privacy and Security Consultant
Newfoundland and Labrador Centre for Health Information

Brian Bennett is a Privacy and Security Consultant with the Newfoundland and Labrador Centre for Health Information. In this capacity, Brian acts as the primary subject matter expert for the province of Newfoundland and Labrador regarding privacy and security matters related to the provincial health information network and the Pan-Canadian vision of an interoperable electronic health record (EHR). Brian assists provincial stakeholders by providing guidance, advice, and interpretation to EHR project teams at the regional and provincial levels relating to EHR privacy and security development, implementation, support and maintenance.

Prior to joining the Centre for Health Information, Brian worked as a consulting project manager with a software development firm in Toronto, ON and practiced law for several years in St. John's, NL.

Eric Lawton
Manager Information, Privacy and Technology Corporate Access and Privacy Office
City of Toronto

Eric Lawton currently serves voluntarily as the Director of Professional Certification for the non-profit Canadian Professional Association of Professional Access and Privacy Administrators (CAPAPA). His primary focus in CAPAPA is to establish certification and networking resources for access and privacy professionals across Canada. He is also leading CAPAPA's efforts to develop accreditation standards for educational institutions training programs and liaises with other professional bodies in related professions.

Eric's full-time job is Manager of Corporate Access and Privacy, City Clerk's Office, City of Toronto. Eric's unit conducts Privacy Impact Assessments and provides support and advice to City staff. He also does training on Privacy Impact Assessments and develops policy. Eric joined the City in September 2006.

For 16 years prior to that, Eric worked in the Government of Ontario in various roles, most recently as a senior policy advisor in the Ministry of Government Services's Corporate Access and Privacy Office.

Whether we are a government body, a quasi-judicial oversight agency or a private sector organization, we must treat complainants and applicants with fairness, impartiality and respect. This can be very challenging with difficult complainants. How do you manage individuals who file voluminous appeals and requests, send volumes of letters and e-mails, push to change the scope of the investigation, demand certain behaviour or actions or threaten lawsuits and other action if you don't comply? This presentation will explore "unreasonable conduct," how to recognize it, its affect on the organization and how to manage it. The presentation will include suggested communications strategies and tactical actions for dealing with unreasonable demands and persistence, threats and abuse and dissatisfaction and disappointment.

Sandy Hounsell
Senior Research and Outreach Advisor
Office of the Privacy Commissioner of Canada

Mr. Hounsell is the Senior Research and Outreach Advisor for the Office of the Privacy Commissioner of Canada. Prior to accepting this position in September of 2008, Mr. Hounsell was the Assistant Information and Privacy Commissioner for the Province of Newfoundland and Labrador. Prior to that, Mr. Hounsell was the Director of Access to Information and Protection of Privacy with the Provincial Department of Justice, and was responsible for creating and establishing the first comprehensive access and privacy regime for the Province.

Mr. Hounsell has a Bachelor of Applied Science degree from Ryerson Polytechnic University in Toronto, a Master of Business Administration degree from Memorial University of Newfoundland and is a Fellow of the School of Graduate Studies at Memorial University. In addition, Mr. Hounsell is an instructor with the Law Society of Newfoundland and Labrador Bar Admission Course and is a recipient of the 2001 Public Service Award of Excellence.

Across the country statutory regimes for citizens to access information in the records of governments is a common practice. In 1981 the Government of Newfoundland and Labrador proclaimed the Freedom of Information Act, becoming one of the first provinces in Canada to officially adopt such legislation. Since this time the province has evolved this legislation to include privacy provisions to protect the collection, use and disclosure of an individual's personal information, now known as our Access to Information and Protection of Privacy Act (ATIPPA).

The spirit and intent of any access and privacy legislation is to build public trust in our governments, and agencies, and the role of information management (IM) is a core piece of that puzzle. A successful IM strategy will increase compliance with access and privacy procedures in any organization. Information Management plays a prominent role in organizations and in the business world at large, mainly because information is money, and any unauthorized disclosure of that information can cause any organization to suffer. Due to its particular nature, IM crosses the boundaries of many different disciplines since the subjects involved in handling and using information varies. One thing is clear; there is a change happening with the role of Information Management Professionals and one core difference is now they must collaborate alongside with access and privacy experts. As a team they must ensure information is kept secure and protected as required by both federal and or provincial legislation. Good records management practices can increase public confidence in organizations/governments while also allowing those bodies to mitigate their risks of potential information breaches.

Renée Pendergast
IT Instructor
College of the North Atlantic
Prince Phillip Drive Campus

Renee Pendergast is an Information Technology Instructor at the College of the North Atlantic, Prince Phillip Drive Campus

Previous to her position at the College, Renee had been employed with the Provincial Government for the last 10 years. Her background is Computer Science, and Information Management. She began her career as an instructor at the College of the North Atlantic, in the Computer Science Faculty. In 2004, she took a position with the Department of Justice at the Royal Newfoundland Constabulary, as their Manager of Information Services. She recently left the RNC to move to the ATIPP office as Manager/Facilitator of Training.

What exactly is a "privacy enhancing technology"? Encryption, Authentication, VPN, SSL … we throw these terms around when we talk about privacy, but what exactly do these terms mean, and what exactly do these things do? And aren't some of these technologies about security?

In this session, we take a closer look at privacy enhancing technologies to understand how, where, and why these technologies operate. We'll demonstrate how they protect privacy as well as any limitations they might have. Attendees will gain a better understanding of these technologies, enabling them to engage in privacy debate and planning within their own organizations.

Steven Pomroy
Director, Development
Camouflage Software Inc.

Steven Pomroy is the Director of Development at Camouflage Software, Inc., a Newfoundland and Labrador based software company specializing in data masking. As Director of Development, Steven oversees the ongoing development of privacy software used by Fortune 500 companies throughout North America. Previously, Steven led a variety of PeopleSoft integration projects throughout Canada and the U.S. while working with Plato Group, an IT company specializing in ERP consulting.

Steven holds a Bachelor of Commerce (Hon.) degree with a concentration in information systems management.

This presentation will examine the solicitor and client privilege exception to the disclosure of records as set out in section 21 of the Access to Information and Protection of Privacy Act. There will be a discussion of the two separate privileges covered by this exception: legal advice privilege and litigation privilege. Included will be a consideration of the criteria that must be met in order for each of these two privileges to be relied on by a public body to deny access to records. Also there will be an exploration of the following:

• To whom do the privileges belong – the solicitor, the client?
• Can the privilege be waived by the solicitor, by the client?
• What specific information in a record is covered by the two privileges?
• Can either of the privileges be claimed if there is no solicitor involved?
• Do the privileges apply where the solicitor involved is in-house counsel employed by the public body?
• When does each of the privileges come to an end?

Dan Peyton
Senior Investigator
Office of the Information and Privacy Commissioner Newfoundland and Labrador

Dan Peyton is the Senior Investigator with the Office of the Information and Privacy Commissioner. Prior to joining the Commissioner's Office he was an Investigator with the Human Rights Commission. Dan has been a member of the Law Society of Newfoundland since 1985 and has practiced law in a number of capacities; as a lawyer in private practice, as a Crown Attorney with the provincial Department of Justice, and has a Staff Solicitor with the Newfoundland and Labrador Legal Aid Commission. In addition, Dan spent five years teaching law courses at a post-secondary college.

Access to information laws have a long history in Newfoundland and Labrador, with interest in government transparency and accountability waxing and waning over the years. The laws are clear in their intent, but the spirit in which those laws are implemented is key to their effectiveness. The introduction of ATIPPA in 2005 brought with it hope for a new era of openness. But recent trends show reasons for concern.

Rob Antle
Journalist and Author
The Telegram

Rob Antle has worked as a journalist for more than 15 years. He has been a reporter at The Telegram in St. John's since 2001, and is the newspaper's access to information co-ordinator. He files, or oversees the filing, of more than 100 requests in an average year. Rob focuses mainly on coverage of politics, the economy and provincial affairs.

Graham Letto
Mayor
Town of Labrador City
President, Municipalities Newfoundland and Labrador

Work and life demands often require us to work beyond our usual 8:30 to 4:30 in our usual office. We cannot forget the obligation to protect the confidential and personal information we are using. This presentation will cover best practices for transporting confidential and personal information. With particular attention to working at home from an educator's perspective, we'll look at options for accessing and using information outside the office, data encryption and safe use of mobile computing devices.

Donna Leonard
Access and Privacy Coordinator
College of the North Atlantic

Donna Leonard is the Access and Privacy Coordinator with College of the North Atlantic. As an administrator of Access to Information and Protection of Privacy Legislation Donna has gained significant experience in access and privacy matters. Donna has spoken to many different interest groups with respect to the impact of Access and Privacy principles in their work lives. Donna knows that awareness and understanding are key to balancing privacy compliance with a culture of openness.