Sharing New Perspectives: Open Government & Privacy Enabled Service Delivery in the 21st Century

Ontario’s Municipal Access & Privacy legislation is divided into two main sections: Access & Privacy. In this session you will learn the main concepts of Ontario’s access schemes, including the exemptions, definitions and their importance. This session will greatly benefit newcomers to the legislation.

Mary Macdonald
Senior Policy Adviser
Office of the Chief Information & Privacy Officer of Ontario
Ministry of Government Services

Ontario’s Access & Privacy legislation is divided into two main sections: Access & Privacy. In this session you will learn the main concepts of Ontario’s access schemes, including the exemptions, definitions and their importance. This session will greatly benefit newcomers to the legislation.

Steven Groeneveld
Counsel
Ministry of Government Services

Sandra Ferguson
FOI Coordinator
Ministry of the Environment

Examine recent decisions of the Office of the Information and Privacy Commissioner/Ontario and the Courts to find out about new interpretations and significant clarifications or restatements of the law. Familiarity with the legislation is needed for this in-depth look at new developments.

John Higgins
Senior Adjudicator & Manager of Adjudication
Office of the Information and Privacy Commissioner, Ontario

Rosalyn Principe-Price
Counsel
Ministry of Government Services

The sudden awareness of eDiscovery and the impact of not having properly managed e-records is increasing the demand for electronic records management programs. As organizations rely on their electronic records more and more, e-discovery is becoming a major concern and the Sedona Canada Principles are shaping the way lawyers and judges view e-records. This session will look at the Sedona Canada Principles and discuss how they can be used to support electronic records programs. It will also look at how the new US Federal Rules of Civil Procedure have impacted eRecords and RIM professionals.

Christine Ardern
President
The Information Management Specialist

Disclosures of personal information in compelling circumstances are frequently difficult decisions to make for Institutions. How much more difficult when the situation is one of crisis or emergency with little time for deliberation? The IPC has provided guidance but in many situtations it is not easy to apply broad direction in giving practical advice for specific circumstances.

What kind of emergency situations present problems? What are the issues surrounding emergency disclosures? How can an institution get out ahead of these issues? What advice can other institutions offer you? If you deal with the conflicting pressures of emergency PI disclosures, you will not want to miss this session!

Moderator: Mary O'Donoghue
Senior Counsel
Office of the Information and Privacy Commissioner, Ontario

Brenda Whiteside
Associate Vice President, Student Affairs
University of Guelph

Allison Godfrey
MFIPPA Coordinator
Toronto Community Housing

Dr. Marion Lyver
University Health Network

Municipal institutions handle personal information in many of the services they deliver. This session is oriented to FOIP coordinators and others who are new to the world of privacy protection and covers the basic principles and operation of MFIPPA's framework for handling personal information. Privacy requirements will be described with practical examples from the municipal perspective. You will hear some tips and suggestions for implementing privacy supportive practices in your institutions and have the opportunity to direct questions to an experienced municipal privacy practitioner.

Geoff Bell
FOI & Privacy Coordinator
Regional Municipality of Waterloo

Ontario’s Access & Privacy legislation should play an important role in determining how an institution operates on a daily basis. Learn how privacy is defined, what the legislation says about privacy and how this should be applied to your institutions day-to-day activities. This session will appeal to people who are new to the law and who will be applying privacy principles in their FIPPA organization.

Jamie Forrest
Manager, FOIP Office
Ministry of Transportation

Janet Dadufalza
Senior Policy Adviser
Ministry of Transportation

This session, given by the IPC’s Senior Adjudicator, will help you put your best foot forward when providing representations in access-to-information appeals. Best practices at the request stage, a well organized and thorough representation, a thoughtful approach to sharing issues, and the avoidance of common errors can all enhance your chances of success. We will cover all this, and conclude with practical tips for a winning representation.

John Higgins
Senior Adjudicator & Manager of Adjudication
Office of the Information and Privacy Commissioner, Ontario

Government is increasingly partnering with private-sector organizations to meet their obligations to the public. This session examines the access and privacy challenges that arise when government entities employ the services of private-sector entities. Issues to be discussed include custody and control of records, handling of third party information, transparency in procurement, and contracting best practices.

Wendy Lawrence
Counsel
Ministry of Economic Development and Trade

Elaine Holt
Counsel
City of Toronto

Ontario Shared Services (OSS) has come a long way in promoting and protecting privacy. An important role of OSS Privacy Support is to maintain a strong privacy culture by among other things reviewing the processes of all OSS business lines that handle private and sensitive information. Our presentation will demonstrate (though a case study of one of our privacy reviews), how the process and results of privacy reviews greatly enhance an organization's privacy culture. We will provide information on and demonstrate:

• The OSS Privacy review/audit process
• Getting 'senior' management buy in
• Getting 'line' management buy in
• Using the the On-line Privacy Practices Validation Tool - some lessons learned
• How to validate and interpret the results of a review
• Using the results to adapt your internal communications and training strategies

David Jackson
Privacy Advisor, Privacy Support
Ontario Shared Services

Valentina Stankovic
Privacy Advisor, Privacy Support
Ontario Shared Services

Learn what a PIA is, what it isn't, and why it can help you identify and address privacy issues. Discuss the major stages involved in conducting a privacy impact assessment, and customize your own table of contents (and learn how to justify it) from a variety of methods and options. Walk away understanding the process and the document, and how to make them work together for you and your organization.

Tracy Kosa
Privacy Impact Assessment (PIA) Specialist
Office of the Chief Information and Privacy Officer of Ontario
Ministry of Government Services

When the chain of command stops at a "committee" similar to a school board/city council or is multi-faceted like that of a university or college, establishing a privacy management program can be quite challenging. With multiple and often differing opinions, varying levels of enthusiasm (or lack there of), and seemingly conflicting agendas a simple Privacy Impact Assessment can be like climbing an unsurmountable mountain. This session is dedicated to examining this context, the various challenges it presents and finally some tools that are being developed/employed to help ease this process. Join your colleagues in this interactive session for a spirited discussion and start climbing your "Privacy Management Program" mountain.

Chris Graves
Information & Privacy Coordinator
University of Western Ontario

Eric Lawton
Manager Information, Privacy and Technology Corporate Access and Privacy Office
City of Toronto

Russ Coles
Senior Manager, Computer Applications
York Region District Schoolboard

Interact with a panel of legal experts as they examine some of the most significant access to information decisions of the Office of the Information and Privacy Commissioner/Ontario and the courts, and their impact on the interpretation of key provisions of Ontario's Freedom of Information and Protection of Privacy Act and Municipal Freedom of Information and Protection of Privacy Act.

Steven Groeneveld
Counsel
Ministry of Government Services

Shirley Senoff
Legal Counsel
Office of the Information and Privacy Commissioner, Ontario

What are privacy-enhancing technologies (PETs), how do they work, and why are they important for public-sector organizations today? PETs express the principles of fair information practices directly into information systems by minimizing personal data, strengthening data security, and enhancing user participation. PETs build confidence and trust in information systems without compromising functionality, and are an essential component in the privacy and regulatory toolkit.

This panel session will examine a special class of PETs used for identification and authentication of people in both online and offline contexts. Two internationally-renowned experts will present their innovative and privacy-enhanced solutions for using (a) biometrics and (b) digital credentials to identify, authenticate, and authorize individuals safely, reliably -and privately. They will also discuss current stages of development of their technologies, share design and deployment lessons learned to date, and respond to questions in the audience in this interactive panel session.

Moderator: Fred Carter
Senior Policy & Information Technology Adviser
Office of the Information and Privacy Commissioner, Ontario

Dr. Alex Stoianov
Biometric Specialist
Office of the Information and Privacy Commissioner, Ontario

Dr. Stefan Brands
Principal Architect, Identity & Security Division
Microsoft Canada

This session examines recent developments in law enforcement with respect to the management of information and the handling of personal information. The session will discuss the Regulatory Modernization Act, 2007 and new rules surrounding information sharing in law enforcement. Recent court decisions with respect to the collection of personal information, compilation of information in databases, and the law enforcement exemption will also be reviewed.

Don Fawcett
Senior Counsel
Ministry of Government Services

Iram Khan
Counsel
Ministry of Labour

Take this primer to learn about processing and managing access requests, including fees, voluminous records, third parties, request file organization, and request tracking. Newcomers to this topic will benefit from this session.

Rafael Eskenazi
Director, Access and Privacy Office
University of Toronto

Section 17 of PHIPA authorizes health information custodians to permit their agents to collect, use, disclose, retain or dispose of personal health information on the custodian's behalf, based on certain conditions. This general authority allows custodians to use various third parties to help them perform any number of tasks that involve access to and, more broadly, the management of personal health information in one way or another. However, aside from section 17, PHIPA is silent as to what restrictions, limitations, and safeguards custodians should impose on their agents when they let them deal with personal health information for which the custodian is ultimately responsible under PHIPA. The need for such restrictions and safeguards, and the need to monitor agents' compliance with them, is evident from the Orders the IPC has issued under PHIPA. Almost all the Orders deal with the mismanagement of personal health information by agents.

The purpose of this session is to provide technical guidance and practical tips on the following:

• recognizing when third parties who operate outside the custodian's facility are acting as agents;
• reducing the privacy risks posed by "rogue" agents;
• drafting provisions that should be included in PHIPA Agent Agreements;
• monitoring your agents' use of personal health information
• providing your agent with privacy protocol to follow in the event that a breach occurs on the agent's watch

We will rely on real life examples of successful and unsuccessful custodian-agent relationship, and may discuss relevant IPC Orders, if time permits.

Lise Hendlisz
Legal Counsel
Legal Services Branch
Ministry of Health and Long Term Care

Jane Speakman
Solicitor
City of Toronto

You often handle sensitive and personal information as a daily part of your job. You’re aware that policies and legislation such as the Freedom of Information and Protection of Privacy Act (FIPPA and MFIPPA), provide a positive obligation for you to safeguard that information from unauthorized disclosure – but how?

How much protection is too much? How much protection is too little? These are important questions because if you apply too much protection, you’ll increase costs unnecessarily. If you apply too little protection, you may increase the risk of exposure.

The objective of this presentation is to provide you with some guidelines to help you identify sensitive and personal information and the criteria to help you classify and safeguard it dependably, consistently and appropriately.

Lynette Craig
Policy Adviser
Office ofthe Chief Information and Privacy Officer of Ontario
Ministry of Government Services

This presentation will focus on the Personnel and Contractor Security Screening Programs which have been implemented in the Ontario provincial government and how they protect government information assets, including the key foundation documents that government produces and the key identity information that the government collects.

The programs are designed to help the government meet its obligations under the Freedom of Information and Protection of Privacy Act (FIPPA) and its obligations to Ontarians who depend on the services that the government provides.

The presentation will provide an overview of the security screening programs, the threat risk assessment process which is used to determine when security screening is required, and the controls that are in place in the programs to ensure that information collected to perform security screening is also protected. The presentation will demonstrate the relationship between the risk analysis related to the screening programs and the Information Security and Privacy Classification (ISPC) program. The presentation will also explore the balance that the screening programs have struck between information protection and collection in security screening.

Malcolm Smeaton
Director
Emergency Management and Security Branch
Ministry of Government Services

The information management and privacy landscape in the education sector has changed: emerging approaches to electronic management, such as data warehousing and central data bases have the potential to erode staff and students’ privacy rights. School boards and authorities are struggling to understand how information and privacy legislation affects their management of educational data. The Privacy and Information Management (PIM) taskforce is a joint MiSA (Managing Information for Student Achievement) and OASBO (Ontario Association of School Business Officials) initiative. Over the past year the PIM taskforce has developed a toolkit of standards and guidelines for school board/authorities to aid in the development of an information management culture that respects privacy, mitigates risk and enhances public trust and confidence with respect to privacy.

The toolkit includes:

• Privacy impact assessment tools
• Privacy and security standards and guidelines
• Information management strategies and infrastructure recommendations
• Training and professional development strategies for school board staff

In this session, we will highlight how school board teams from across the province may utilize the PIM Toolkit to guide their information access and protection of personal privacy practices.

Gina Coish
Freedom of Information/Records Management Officer
The Simcoe County District School Board

Erica van Roosmalen, PhD
Chief Research & Development Officer
Halton Catholic District School Board

Russ Coles
Senior Manager, Computer Applications
York Region District Schoolboard

This session will describe dealing at arms length with third party carriers. It is intended to be highly interactive including scenarios and soliciting suggestions from the audience on how best to manage the sharing of personal student information with bus consortia, operators and drivers. We will hear the views from both the MFIPPA and the Transportation worlds. The message is to identify the best practices needed to protect the privacy of students while engaging with external working partners.

John Shanks
CIO
Upper Grand District School Board

Nancy Massie
Information Asset Services
York Region District Schoolboard

This session will focus on practical methods and examples of introducing privacy into a municipal institution, ie. privacy training, privacy breach and complaint investigation, compliance reviews and audits, and privacy consultations.

Rob Candy
Manager Training & Compliance - Corporate Access & Privacy
City of Toronto

John Searle
Senior Policy Analyst - Corporate Access & Privacy
City of Toronto

This presentation will review the 2004 Ontario Court of Appeal decision in D.P. v. Wagg and outline the mechanisms put in place by the Ministry of the Attorney General and municipal police services to review and screen requests for access by civil litigants to Crown briefs and police records created during the course of criminal proceedings. The presentation will also cover the various types of requests for police and Crown records for use in civil actions, proceedings before administrative tribunals, and child protection proceedings. A panel discussion and a question and answer session will follow.

Pat Seaton
Freedom of Information Analyst
Peel Regional Police &
Chair, Freedom of Information Police Network

Shama Ansari
Counsel, Crown Law Office - Civil
Ministry of the Attorney General

Ken Kelertas
Counsel
Halton Regional Police

As citizens continue to place demands on government for convenient, efficient, and fast access to services, governments have modernized their approach to service delivery to meet this demand. This session examines recent developments in Ontario to modernize service delivery, with an emphasis on the service delivery model seen in ServiceOntario. In particular, the session discusses the interaction of modern service delivery models with privacy legislation, and approaches to protect the privacy of personal information.

Don Fawcett
Senior Counsel
Ministry of Government Services

Peter Hope-Tindall
Head of Privacy
ServiceOntario

You're working in the access & privacy field and considering your next move. Are you searching for ideas and opportunities that could take your career to the next level? This interactive session will describe some of the roles available to people with access and privacy experience, discuss the skills you've acquired along the way, and suggest some areas to develop in order to break into related fields and professions. We will provide you with our first-hand experience and career paths, and challenge you to share your own experiences with others in the session.

Dave Douglas
Policy Adviser
Office of the Chief Information & Privacy Officer of Ontario
Ministry of Government Services

Roxana Baciu
FOI and Records Management Coordinator
Ministry of Energy and Infrastructure

Janet Geisberger
Director, Corporate Services
Office of the Information and Privacy Commissioner, Ontario

Eric Lawton
Manager Information, Privacy and Technology Corporate Access and Privacy Office
City of Toronto

Donna Currie
FOI Coordinator, Special Projects Adviser
Ministry of the Environment