Agenda

Privacy legislation has increased the accountability of public bodies for the protection of our client's personal information and there is a corresponding expectation in the public that their personal information will be kept confidential. Like other public bodies across the country, the Workplace Health, Safety and Compensation Commission of Newfoundland and Labrador has introduced initiatives on every front to meet the requirements imposed by privacy legislation. An area of potential risk for public bodies lies in reliance upon third party service providers for services such as disability management and return to work. In this interactive session, the NL Workplace Health, Safety and Compensation Commission will review its experience with a major privacy breach by one of its service providers, the challenges and lessons learned.

Ann Martin
General Counsel & Corporate Secretary
Workplace Health, Safety and Compensation Commission of Newfoundland and Labrador

Ann Martin serves as General Counsel and Corporate Secretary to the Workplace Health, Safety and Compensation Commission (the Commission). Ms. Martin served as Legal Counsel for eight years before being appointed General Counsel and Corporate Secretary in May 2006.

Ms. Martin acts as the Commission’s ATIPP coordinator under provincial privacy legislation - Access to Information and Protection of Privacy and sits on the Provincial Steering Committee for implementation of the Personal Health Information Act.

Ms. Martin holds a Bachelor of Arts, Honours (1986) from Memorial University of Newfoundland and Labrador and a Bachelor of Laws (1990) from McGill University. Ms. Martin is a member of the Law Society of Newfoundland and Labrador since 1991 and currently sits on the Law Society Education Committee.

For many years, within information technology we have defined and implemented security to protect access to various electronic information more accessible by various parties. Our past experiences has allowed us to redefine our approach when looking at authentication, authorization and audit. The industry has evolved and various standards have emerged, Technology vendors develop solution to enable organization achieve Single Sign On to their systems. After years of experimentation, implementation and spending, many organizations still struggle on dealing with this problem. Even though technologies exist and have matured, the question is are we really taking the right approach to solving the problem. Is a new approach the way to start solving our long term goal of allowing an employee, a customer, a citizen to access our services in a secure way but transparently.

Rob Wilson
Senior Principal Consultant
CA Inc.

Rob Wilson has worked in the field of information technology for 14 years. He specializes in Identity and Access Management technologies, and is a trusted advisor for numerous Canadian Government, Financial, Telecommunication, and Retail organizations. In previous positions at the Ontario Government and CIBC, Rob was responsible for architecting and implementing security and infrastructure solutions.

Rob holds a Bachelor of Technology from Memorial University of Newfoundland, and a Master of Science in Information Technology from the University of Liverpool focusing on cloud-based identity systems.

Privacy risks and data breaches have grown to become a significant liability for 21st century businesses, governments and consumers. More and more governments and corporations are forcing citizens to enter personal information online; and they¹re making vast amounts of personal information available online, despite the significant risk to privacy and the warnings of Commissioners, practitioners, and industry experts.

Although regulatory requirements and economic pressures increase the responsibility to protect information assets, reduce risk, and control losses, the fundamental reliance on digital data and international data flows has increased the risk of encountering cyberliability.

This session will explore current issues and future trends in cyberliability including: * The major cyber liability risks and repercussions * International cyber crimes and crises * How technology increases data risks * Global trends in regulatory requirements that affect data protection * Future trends in wireless and advanced technologies and their impact on existing privacy and security paradigms. * Strategies to protect against cybercrime pitfalls

Sharon Polsky
President
AMINA Consulting Corp.

Sharon Polsky is President of AMINA Consulting Corp. and has specialized in data protection and information risk management for more than 25 years. Since 2007, she has served as the elected National Chair of the Canadian Association of Professional Access and Privacy Administrators (CAPAPA), and as the Editor in Chief of The Winston Report, the only authoritative journal devoted to the access and privacy profession in Canada. Sharon is a frequent speaker and lecturer in the areas of data privacy, information security, cyber-liability, and the privacy implications of RFID and other emerging technologies. Ms. Polsky has spoken before the Canadian Senate Standing Committee on Legal and Constitutional Affairs on the privacy implications of proposed federal legislation; and she was invited to submit recommendations to the Information Commissioner of Canada addressing the modernization of federal privacy and access laws. Ms. Polsky has been an adjunct instructor at SAIT Polytechnic and the University of Calgary, and for Insurance Institutes across Canada since 2001. She was a key contributor to the Canadian Professional Insurance Broker national certification program. She was also instrumental in developing the Canadian National Competency Standards and the Professional Certification Program for Information Access and Privacy Professionals in Canada.

The demand on public health care dollars continues to drive research that leads to more efficient and effective delivery of health care. This research places increasing pressures on health care facilities and health information organizations to release personal health information for research purposes. But if releasing information for research is not a core competency, how do you know what questions to ask?

Over the last decade, the Newfoundland and Labrador Centre for Health Information has established a protocol for releasing information for research purposes. In this presentation, the audience will gain experience on the following.

• What organizational structures can be put in place to process research requests for personal health information?
• What questions need to be asked of researcher in order to ensure that personal privacy is protected?
• And, how to evaluate the answers to the questions, given that the answers are never black and white.

David Morgan
Privacy Officer-Secondary Uses
NL Centre for Health Information

David Morgan is the Privacy Officer-Secondary Uses at the Newfoundland and Labrador Centre for Health Information. As a Privacy Officer, David provides general privacy guidance on all Centre activities, including large initiatives such as the launch of the NL Pharmacy Network. In addition to his responsibilities as a Privacy Officer, David oversees the Centre’s efforts around secondary uses of health information for research and policy development. Prior to joining the Centre, David worked as a corporate researcher in his role as Director, Privacy Research at Camouflage Software Inc., a St. John’s based information privacy software company.

David has a Ph.D. in Computing Science from University of Alberta and holds Certified Information Privacy Professional designations from the International Association of Privacy Professionals (IAPP). As a privacy professional, David currently serves on the Publication Advisory Board of the IAPP, and is a member of the Canadian Institute for Health Information/Canada Health Infoway Health System Use Knowledge Exchange.

There is no disputing the incredible popularity of social networking. Many millions of people consider it a very effective way to keep in touch with friends and family and to share information about themselves. Unfortunately, the vast amounts of information that we openly share is often used for purposes that were never intended and, in many cases, can have an adverse effect on our personal and professional lives. In addition, the personal information that we share online can end up in the hands of people who you would not likely consider a “friend.” It is important, therefore, that we take steps to protect our personal information, particularly during our online social interactions. This presentation will explore social networking and its relationship to issues such as online advertising, online scams, identity theft and online predators. Through a number of examples, the presentation will show how providing too much personal information through social networking activity can lead to embarrassment, loss of career opportunities, disciplinary action and even danger.

Sandy Hounsell
Senior Research and Outreach Advisor
Office of the Privacy Commissioner of Canada

Mr. Hounsell is the Senior Research and Outreach Advisor for the Office of the Privacy Commissioner of Canada. Prior to accepting this position in September of 2008, Mr. Hounsell was the Assistant Information and Privacy Commissioner for the Province of Newfoundland and Labrador. Prior to that, Mr. Hounsell was the Director of Access to Information and Protection of Privacy with the Provincial Department of Justice, and was responsible for creating and establishing the first comprehensive access and privacy regime for the Province.

Mr. Hounsell has a Bachelor of Applied Science degree from Ryerson Polytechnic University in Toronto, a Master of Business Administration degree from Memorial University of Newfoundland and is a Fellow of the School of Graduate Studies at Memorial University. In addition, Mr. Hounsell is an instructor with the Law Society of Newfoundland and Labrador Bar Admission Course and is a recipient of the 2001 Public Service Award of Excellence.

Join this informal round table discussion, facilitated by the City of Toronto's Rob Candy, where you can network with colleagues from other communities in the Province, and have some of your unique questions answered. Find out what other communities like yours are doing to meet the needs of their constituents and councilors. You will also be able to ask questions and share ideas with Rob, who's got 15 years experience in the municipal Access and Privacy field, with one of the world's largest cities.

Rob Candy
Manager Training and Compliance - Corporate Access and Privacy
Corporate Access and Privacy Office
City of Toronto

Rob Candy is the Manager Training and Compliance - Corporate Access and Privacy for the City of Toronto's Corporate Access and Privacy Office. His training workshops for the City of Toronto and other municipal and provincial governments and agencies are consistently rated very high.

How does the Access to Information and Protection of Privacy Act differ from access and privacy legislation in other provinces? What lessons have we learned since ATIPPA came into force five years ago? This roundtable invites delegates to discuss their experience administering ATIPPA and using ATIPPA. Facilitator Rosemary Smith will lead the roundtable discussion, drawing on her experiences administering access and privacy at Memorial University.

Rosemary Smith
Information Access and Privacy Protection Coordinator
Memorial University

Rosemary Smith is the Information Access and Privacy Protection Coordinator for Memorial University of Newfoundland. Prior to joining Memorial in 2004, Ms. Smith served as manager in the Department of Justice ATIPP Office. She is responsible for policy, guidelines and best practices in access and privacy at Memorial University, including managing ATIPP requests, and delivering education and training to administrative and academic offices at the university's three campuses. Ms. Smith serves on several university committees, the provincial PHIA Steering Committee and PHIA Regulations and Research working groups, as well the Provincial Education Protection of Privacy Committee. Rosemary graduated from the University of Alberta's Information Access and Privacy Protection program in 2004.

Discover what the future holds: digital media, social media, electronic evidence, generational workforce changes, etc. Joins us and see how all of these elements merge to challenge today's privacy ideologies and engage in a discussion on whether or not privacy and access to information exists currently, as well as in the future. How has Face Book and Google changed the face of privacy as we know it? What does this mean to your organization? Has the lines between public and private life blurred completely to a point of disappearing? Do younger generations care about privacy? Mr. Benay has travelled the world engaging industry leaders in shaping key information management policies and currently works for the world's leading enterprise content management organization in engaging public sector leaders across Canada in establishing tomorrow’s information management foundations.

Alex Benay
Director - Customer Enablement
Open Text Corporation

Alex has close to 10 years of experience in the information management domain, ranging from policy and program management to solutions development and implementation. Having spent the first eight years of his career in the Canadian Federal Government in such organizations as Library and Archives Canada, Natural Resources Canada, and the Canadian International Development Agency as Director IM. Alex is now responsible for ECM developments in the Government of Canada as well as the provincial governments of Québec and the Maritimes.

The Personal Health Information Act in Newfoundland and Labrador will soon be proclaimed and regional Health Authorities are challenged to fulfill their obligations under the Act. While a proactive approach to prevention efforts is ideal, appropriate responses to unanticipated privacy breaches require planning and consultation.

This presentation will outline a Regional Health Authority's experiences with privacy breaches in health care, with emphasis on prevention efforts.

• Review privacy breach definition, key steps in handling
• Relevant legislation
• Case examples

Marian Crowley
Director of Access & Privacy
Eastern Health

Marian Crowley is the Director of Access & Privacy for Eastern Health. Her department oversees Access to Information and Protection of Privacy matters for the regional health authority, and facilitation of investigations by the Citizens' Representative and Child & Youth Advocate. She sits on the Provincial Steering Committee and the Policy and Standards working group for implementation of the Personal Health Information Act

She holds a Master's degree in Nursing, and recently completed the Information Access and Protection of Privacy (IAPP) Certificate Program at the University of Alberta.

For many years, within information technology we have defined and implemented security to protect access to electronic information and the location where it is located. Content monitoring, filtering and data loss prevention techniques and technologies are now at the forefront at securing your data.

Our past experiences has allowed us to redefine our approach when looking at Data Access Security and the Policies behind it.

The regulatory environment is changing. Find out what organizations, as well as the public and private sector need to consider to best protect themselves from data leaks. Are inspection techniques, classification just catch phrases? Is Data at rest, or Data in motion a concern for your organization? Are you vulnerable for a data loss?

Rob Wilson
Senior Principal Consultant
CA Inc.

Rob Wilson has worked in the field of information technology for 14 years. He specializes in Identity and Access Management technologies, and is a trusted advisor for numerous Canadian Government, Financial, Telecommunication, and Retail organizations. In previous positions at the Ontario Government and CIBC, Rob was responsible for architecting and implementing security and infrastructure solutions.

Rob holds a Bachelor of Technology from Memorial University of Newfoundland, and a Master of Science in Information Technology from the University of Liverpool focusing on cloud-based identity systems.

There are a variety of technologies, tools and programs available to organizations to help overcome their access and privacy challenges. This session will outline a few different solutions, both local and national, that can easily be made available you. Take advantage of an opportunity to ask the questions you've always wanted to ask of a few vendors in the ATIP Community.

• Kevin Fleming will provide an overview of Data Masking Best Practices: A four phase approach to evaluating and implementing a Data Masking solution.
• Kevin Duggan will present an overview of Camouflage Software’s technologies that support the Data Masking Best Practice approach.
• Angela Power will provide an overview of the Privacy Centre of Excellence, Bell Canada's service offerings, including the Bell Privacy Manager software used for privacy analysis, training and reporting.

Kevin Fleming
CEO & President
Plato Consulting Inc.

Kevin is the President and a founding principal of Plato. Plato's focus includes privacy enhancing software, as well as information privacy, healthcare and human resource IT consulting, with a client base throughout North America. Kevin holds Bachelor and Masters Degrees in Business Administration, supplemented by almost 20 years experience in IT, business development, and strategic planning. Prior to forming Plato in 1997, he spent upwards of 10 years in the telecommunications and information technology sector.

Kevin brings over 20 years of leadership and entrepreneurial experience to the management team.

Prior to starting Plato Group, Kevin held a variety of human resource management positions in the telecommunications and information technology industry, from technical software development and business process reengineering through to project management. In addition to being one of the four owners and founding principal of the company, Kevin leads the executive team to define and achieve Camouflage’s organization objectives.

Kevin Duggan holds an Honours Bachelor of Commerce Degree and a Masters Degree in Business Administration from Memorial University of Newfoundland.

The Office of the Information and Privacy Commissioner has recently been involved in three cases in the Supreme Court of Newfoundland and Labrador, Trial Division. This session will provide a discussion of the decisions rendered by the Supreme Court in these three cases, which dealt with the following issues:

• The jurisdiction of the Commissioner's Office to review records where a public body claims that those records are covered by section 5 of the Access to Information and Protection of Privacy Act
• The production of records by a public body to the Commissioner's Office where the public body claims that the records are subject to solicitor and client privilege
• The court's interpretation of a number of sections of the Access to Information and Protection of Privacy Act.

Dan Peyton
Senior Investigator
Office of the Information and Privacy Commissioner Newfoundland and Labrador

Dan Peyton is the Senior Investigator with the Office of the Information and Privacy Commissioner. Prior to joining the Commissioner's Office he was an Investigator with the Human Rights Commission. Dan has been a member of the Law Society of Newfoundland since 1985 and has practiced law in a number of capacities; as a lawyer in private practice, as a Crown Attorney with the provincial Department of Justice, and has a Staff Solicitor with the Newfoundland and Labrador Legal Aid Commission. In addition, Dan spent five years teaching law courses at a post-secondary college.

Ontario's Personal Health Information Protection Act came into effect over 5 years ago, and has since been the topic of much debate and organizational reactionary measures in the province. With similar legislation on its way in Newfoundland and Labrador, there are lessons to be learned. This session will provide attendees with practical information about the following: * Lessons learned on implementing PHIPA within Ontario so as to provide advice on the many challenges that one might foresee within NL given the upcoming proclamation of PHIA * Conducting Privacy Impact Assessment’s and overall privacy management in an era where PIA guidelines for many organizations, such as the Government of Canada is changing * Privacy management tools, with a specific discussion of these tools as they have been implemented within both health and non-health sectors

Angela Power
Senior Privacy Consultant
Privacy Centre of Excellence
Bell Canada

Carol Appathurai
Senior Privacy Consultant
Bell Canada

Carol Appathurai has many years of experience at senior levels in the Ontario government. As Director of the Strategic Policy Branch, she led the development of the Personal Health Information Protection Act, 2004 (PHIPA) and the provincial review of the Act in 2007. She has extensive experience working with stakeholders, providers, government and the public to identify and address privacy-related issues in health care. She has been a member of several federal, provincial, territorial Working Groups addressing cross-jurisdictional privacy issues in the implementation of the electronic health record. As a member of the Bell Privacy Centre of Excellence, she has provided privacy advice to the Public Health Agency of Canada, Children's Hospital of Eastern Ontario and the Hospital for Sick Children.

The world of ATIP has evolved over the last few years, to the point where access to information and privacy issues are now the subject matter of professional development, and post-secondary education. Join Renee Pendergast from the College of the North Atlantic, and Sharon Polsky of CAPAPA, as they outline a few different options of what's available to you to further develop your skills and learning.

Renée Pendergast
IT Instructor
College of the North Atlantic
Prince Phillip Drive Campus

Renee Pendergast is an Information Technology Instructor at the College of the North Atlantic, Prince Phillip Drive Campus

Previous to her position at the College, Renee had been employed with the Provincial Government for the last 10 years. Her background is Computer Science, and Information Management. She began her career as an instructor at the College of the North Atlantic, in the Computer Science Faculty. In 2004, she took a position with the Department of Justice at the Royal Newfoundland Constabulary, as their Manager of Information Services. She recently left the RNC to move to the ATIPP office as Manager/Facilitator of Training.

The focus is on plotting out a map to maximize your public bodies’ compliance with the ATIPP Legislation, with a focus on the protection of clients privacy. It will cover topics such as reviewing collection processes, consent forms, information sharing agreements, authorizing routine disclosures, initiating privacy impact assessments and identifying and responding to privacy breaches

Blaine Edwards
Senior Privacy Analyst
Office of the ATIPP Coordinator
NL Department of Justice