PIPA Conference 2007:
An Educational Forum for
Businesses & Non-Profits

Employers have both the right and the obligation to ensure their employees are fit to perform the tasks of their jobs and to ensure that those tasks are done in a manner that ensures the health and safety of others in the workplace. However, the employer's rights are not open-ended. Employers must act in a reasonable manner that takes the privacy and dignity interests of an employee into consideration. In addition, an employer wanting to verify or manage the medical leave of an employee must be cognizant of the legislative protections afforded to medical information.

Chairperson
Errol Nadeau
Manager, Investigation & Mediation
Office of the Information & Privacy Commissioner of British Columbia

Errol Nadeau is a Manager of Investigations and Mediation with the British Columbia Information and Privacy Commission. He earned his LLB and MBA degrees from the University of British Columbia and worked in labour relations for ten years after graduating. He also has many years experience in complaint investigation and resolution with the Office of the Ombudsman for British Columbia.

Lorene A. Novakowski, LLB, is a Partner with the Employment, Labour and Human Rights Practice Group of the Vancouver Office of Fasken Martineau DuMoulin LLP. Lorene is also the Regional Chair of the Privacy and Information Practice Group, and is a member of the Fasken Martineau National Privacy and Information Practice Group. She advises clients in the federal and the provincial sectors, with respect to private sector privacy compliance, particularly with respect to employment, and also advises public sector organizations and private sector organization in outsourcing arrangements with the public sector as to their privacy obligations under the public sector legislation in British Columbia. She has spoken regularly on various aspects of privacy law and, in particular, has provided numerous training sessions for human resources professionals on their obligations under the Personal Information Protection Act. She has also written articles on privacy and information protection, given interviews on the subject, and co-authored the 2004, 2005, 2006 and 2007 editions of the Personal Information Protection Act - BC and Alberta: Quick Reference. Lorene has the credential of Certified Information Privacy Professional/Canada, effective October 2006.

Jan Nighswander's career began in production accounting in Alberta's oil and gas industry. She ultimately found her niche in Human Resources and since that time has gained extensive experience in corporate human resources management in both the oil and gas sector and most recently in private health care. Jan has also spent several years providing organizations with HR consulting support in strategic program development, transition management and leadership development. In her current role as Vice President, Human Resources for LifeMark Health, a Canadian-owned integrated health care company, Jan has been responsible for ensuring compliance with all levels of Privacy legislation concerning both internal HR management and the delivery of services to LifeMark's customers as it relates to the handling of personal health information.

Bruce Gowans is Assistant Vice President, Compliance and Industry Relations for Manulife Financial. In this role, he is responsible for Privacy handling within the Group Benefits business unit of Manulife Financial's Canadian Division. Bruce has over 30 years experience in the employee benefits business including senior roles in underwriting, administration and claims management. Bruce is currently the Chair of the Group Privacy Committee of the Canadian Life and Health Insurance Association.

According to a study by the Consumer Council of Canada, protection of personal information is currently the second most important issue to consumers. Organizations do not "own" the personal information they collect. They are custodians of that information and as such, must treat it with the utmost care. Privacy laws require organizations to take all reasonable steps to protect personal information from unauthorized access, collection, use, disclosure, copying, modification or disposal or similar risks. Protecting personal information involves more than a password on a laptop. It involves paying attention to physical security, educating and training staff, monitoring access, and deploying appropriate levels of technical security to ensure confidentiality. Learn to diagnose the health of your security arrangements, identify gaps and fill your security holes.

Chairperson
David Loukidelis
Information & Privacy Commissioner of British Columbia

David Loukidelis is in his second six-year term as Information and Privacy Commissioner for British Columbia. An independent officer of the Legislature, he oversees compliance with British Columbia's Freedom of Information and Protection of Privacy Act, Personal Information Protection Act and Lobbyists Registration Act. David's experience in access and privacy issues goes back to 1990. Since becoming Commissioner in 1999, he has written hundreds of access to information appeal decisions, privacy complaint decisions, investigation reports, discussion papers and policy materials. David has participated in the Asia Pacific Economic Cooperation organization's work on international privacy standards and has been a member of several Canadian privacy advisory bodies in the area of health research. His university teaching experience includes teaching access to information and privacy law at the University of Victoria.

David Corry is a partner at Gowlings in Calgary whose practice focuses in management labour and employment law. He has been actively involved in privacy issues as part of his practice and has handled several cases involving privacy before the Alberta Labour Relations Board, labour arbitrators and both the Federal and the Alberta Privacy Commissioner. David has also advised a number of clients on privacy compliance and has conducted privacy impact assessments. As part of a Canadian Bar Association committee, David was on an advisory team that provided comments on Alberta's PIPA during the drafting stages. David also teaches part-time at the University of Calgary law school.

Elizabeth Denham is currently the Director Research, Analysis & Stakeholder Relations for the Office of the Privacy Commissioner of Canada, a role she assumed on June 1/2007. Previous to her current position she was Director, Private Sector, in the Office of the Information and Privacy Commissioner/Alberta since Sept 2003. She began her privacy career in 1997 when she was appointed as the first Privacy Officer for the Calgary Health Region. From 2000 to 2003 she practiced as a privacy consultant, assisting over 45 companies and government organizations with their privacy and information management programs. Elizabeth is an active member of the privacy community and served as a member of the Research Ethics Board of the University of Calgary for two years. She has a Master's Degree from the School of Library, Archival and Information Studies from the University of British Columbia.

Bob Johnson is the executive director of the National Association for Information Destruction-Canada (NAID-Canada). Mr. Johnson has provided testimony and presentations on information disposal issues to policy makers across Canada. He is often called to speak and write on the need for the secure destruction of discarded information.

The term "privacy" is not defined in any privacy legislation. Instead, the term "privacy" is represented by ten internationally recognized privacy principles, called "fair information practices". These same ten principles are the bedrock of all meaningful privacy laws around the world. In this session, learn the history of privacy laws and become familiar with privacy terminology.

Chairperson
Cory Martinson
Portfolio Officer
Office of the Information & Privacy Commissioner of British Columbia

Cory Martinson is a Portfolio Officer with the B.C. Office of the Information & Privacy Commissioner. He is responsible for mediating access and privacy appeals and providing access and privacy advice to public and private organizations. Previous to that, Cory worked for Citizenship and Immigration Canada from 1999 until 2004 as an Immigration Officer enforcing the Immigration and Refugee Protection Act. He has also worked as a Conservation Officer for the BC Ministry of Environment. He has a diploma in Resource Management Officer Technology and is currently completing his final courses for his Bachelor’s degree in history.

Preeti Adhopia is an Investigator for the Alberta Office of the Information & Privacy Commissioner (OIPC). In this role she is responsible for investigating and mediating complaints about businesses' compliance with the province's privacy legislation. Prior to coming to the OIPC, Preeti was the Public Complaint Director for the Calgary Police Commission, providing civilian oversight to investigations into police misconduct and ensuring investigative compliance with the Police Act. She has also worked as a Strategic Crime Analyst, and a Tactical Analyst assisting police in 'Major Crimes' investigations and conducting crime research. She is a Certified Intelligence Analyst and has a Master's degree in Criminology from the University of Toronto.

Jim Burrows has been with the B.C. Office of the Information & Privacy Commissioner as a Portfolio Officer since March, 2003. Previous to that, Jim worked for the City of Victoria from 1990 until 2001 in various capacities including managing the Information Systems Division as well as Information and Privacy Coordinator and City Archivist. Jim received a Masters of Archival Studies from the University of British Columbia.

Mandatory, random or job-specific drug and alcohol testing is seen by many employers as an effective tool for reducing accidents in the workplace, reducing property damage and lowering compensation claims. Critics regard alcohol and drug testing as a serious invasion of employee privacy and a violation of human rights. Labour arbitrators, privacy commissioners and human rights adjudicators have overlapping jurisdiction in this area. Find out from the experts how to manoeuvre through the maze of standards in the area of drug and alcohol testing.

Chairperson
Jill Clayton
Senior Portfolio Officer
Office of the Information & Privacy Commissioner of Alberta

As a privacy consultant for a number of years, Jill assisted organizations in health care, oil and gas, telecommunications, non-profit, and other sectors with their privacy compliance implementation activities, including compliance audits, policy development, privacy impact assessments, and training and awareness. Jill now works for the Office of the Information and Privacy Commissioner of Alberta, with the team responsible for regulating private sector organizations' compliance with the Personal Information Protection Act (PIPA). She is currently Acting Director - Private Sector.

Nitya Iyer, a partner in the Vancouver office of Heenan Blaikie, specializes in human rights, Charter law, and administrative law. She has law degrees from the University of Toronto and Harvard University. Nitya has been a member of both the UBC Law Faculty and the BC Human Rights Tribunal. She was appointed to study the merits of pay equity legislation for BC's private sector and in 2004, Nitya was appointed the first Equal Pay Commissioner of the Northwest Territories.

Yvon Seveny is a partner with the law firm Blair Chahley Seveny LLP, representing unions in labour law matters. He has acted on behalf of clients in grievance arbitrations, the Alberta and Canada Labour Relations Boards, Court of Queen's bench and Court of Appeals. Prior to attending law school, Mr.Seveny held various positions with the Canadian Union of Postal Worker's in Toronto and Hamilton. He received a Bachelor of Law from the University of Alberta, and a Master of Law from Osgoode Hall Law School, where he was awarded the Mary Jane Mossman Graduate Scholarship in Feminist Legal Studies. Mr.Seveny was legal counsel to the Alberta Labour Relations Board prior to the establishment of his current partnership.

Privacy breaches are front and centre in the public eye. During this last year, TJX experienced a breach of more than 45 million credit card and debit card holders and CIBC lost a tape containing personal information on 470,000 account holders. Privacy breaches affect not only the person whose information has been leaked, but the reputation of the organization that failed to protect it in the first place. Is your organization prepared for a breach of privacy? Do you know the steps to take to investigate and address the matter from a technical human resources and public relations perspective? Hear from the experts how to properly investigate a privacy breach and how to assess whether or not to notify data subjects in the even of a breach.

Chairperson
Frank Work, Q.C.
Information & Privacy Commissioner of Alberta

Alberta's second Information and Privacy Commissioner appointed in 2002. Mr. Work was born in Calgary, received his Bachelors Degree in Political Science and Masters Degree in Environmental Design from the University of Calgary and obtained a law degree in 1981 from McGill University. He practiced corporate commercial law in Calgary, worked for the Attorney General of Bermuda, and was seconded to the United Nations Environmental Program. After returning to Canada in 1987, Mr. Work took a contract position with the World Bank and was assigned to the country of Mauritius. From 1991 to 1996 Mr. Work worked as Parliamentary Counsel to the Legislative Assembly of Alberta, and General Counsel to the Ethics Commissioner of Alberta. In 1996 Mr. Work began his career at the Office of the Information and Privacy Commissioner as General Counsel and Assistant Commissioner. Mr. Work was appointed to a five-year term as Information and Privacy Commissioner in May 2002.

Catherine Tully is a Manager of Investigations and Mediation with the Office of the Information and Privacy Commissioner of British Columbia. In that capacity she is responsible for supervising and conducting investigations and mediations and for providing advice on issues relating to the Freedom of Information and Protection of Privacy Act. For six years prior to joining the staff at the Office of the Information and Privacy Commissioner, Catherine was the Director of Information, Privacy and Records Management for the Ministry of Attorney General and the Ministry of Public Safety and Solicitor General. Catherine began her legal career in the Ontario Legal Clinic System as a staff lawyer specializing in workers' compensation law. Catherine received her B.Sc., B.A. and LL.B. from the University of Ottawa and her LL.M. in international human rights law from Dalhousie University.

Martin Abrams is Executive Director of the Center for Information Policy Leadership at Hunton & Williams LLP, a path finding global privacy and information security think tank located in Washington, D.C. Mr. Abrams brings nearly thirty years' experience as a policy innovator to the Center where he pursues practical solutions to privacy and security problems. Mr. Abrams originated the multi-layered privacy notices that have been adopted by international data protection commissioners, the European community, leading companies and various government agencies and are expected to be adopted by APEC and OECD.

Drew McArthur is Vice President - Corporate Affairs and Compliance Officer for TELUS.
With over 30 years experience in the telecommunications industry, Drew has been involved in many aspects of the business, including operations, customer service and marketing. Drew led the team that prepared TELUS for compliance with Canada's private sector privacy legislation (PIPEDA), and is the individual at TELUS accountable for its ongoing management of customer and employee personal information. As an active promoter of privacy awareness, he is the founder of the B.C. Privacy Professionals Networking Forum, a privacy officer networking group, and is a founding member and executive member of the Canadian Council of Chief Privacy Officers, in association with the Conference Board of Canada. Drew is also on the Canadian advisory board of the International Association of Privacy Professionals (IAPP). Drew also acts as a spokesperson for TELUS in regional and national media on a variety of issues.

Ready or not, you've been given responsibility for leading your organization's privacy program. You know the principles, but are unsure of how to put them into action; you've read the legislation, but could use some practical guidance. The panel assembled for this session will share their diverse--perhaps even conflicting--views on some of the key decisions you need to make: whether you need an external audit; how to develop a meaningful privacy policy; what privacy training can (and can't) do; and why compliance that isn't tracked, isn't really compliance.

Chairperson
Kim Kreutzer-Work
Senior Policy Analyst
Access and Privacy Branch, Government of Alberta

Kim is a senior policy analyst with the Access, Privacy and Security Branch of Service Alberta, the Ministry responsible for Alberta's Personal Information Protection Act. Kim was closely involved in the development of the Act and has worked on several PIPA resources for private-sector organizations. Kim is part of the technical team supporting the MLA committee currently reviewing the Act. Kim holds a law degree from the University of Calgary.

Suzanne Polkosnik received her law degree from York University, Osgoode Hall Law School and practiced law for a number of years in Edmonton in the areas of employment, privacy and administrative law. Suzanne joined EPCOR Utilities Inc. in January, 2006 as the Chief Compliance Officer. In that role, she provides oversight and day-to-day management of the corporation's ethics system, regulatory compliance, CSOx sustainment activities, and privacy obligations. Suzanne is the corporation's Chief Privacy Officer. EPCOR is a large Edmonton based power and water utility company with operations in Alberta, B.C., Ontario and throughout the U.S..

James is an Associate Counsel in the Vancouver Office of Lang Michener LLP, where he Co-Chairs the Franchise & Distribution Group. James practices in the areas of franchise and distribution law, privacy and technology and intellectual property law. He has been ranked as a "Leading Lawyer" in Canada by the legal publication, LEXPERT, for the last four years, and was named one of the Best Lawyers in Canada for 2008. His clients are concentrated in the technology services, franchising and retail sectors, and range from start-ups to major international corporations. James is an active volunteer, and is the Secretary-Treasurer of the Canadian Bar Association (BC), a former Member of the Executive Committee of the Vancouver Bar Association, a former Legal Advisor and a current Member of the Canadian Franchise Association Pacific Region Council, and Member of the Canadian Franchise Association Franchise Service Supplier Council. He is also a former Member of the Board of Governors of the Southern Alberta Institute of Technology and the University of Alberta Senate. James regularly writes and lectures in primary practice areas. He has Chaired the two most recent Continuing Legal Education courses on Privacy and was Chair of the Continuing Legal Education course on Franchising. James was called to the British Columbia Bar in 1996.

Dirk Trojan advises private and public sector clients on information management and privacy compliance as a member of Cenera's Privacy and Information Strategy practice. His work in this area is built on a decade of experience in general management consulting, as well as management and consulting roles in corporate IT. Dirk has spoken to health information professionals on the future of privacy impact assessments and delivers seminars on topics such as the strategic relationship between records management, privacy and information security. Often working from an assessment of existing information security, privacy or records management program, Dirk assists organizations to develop practical and effective responses to the double-barrelled challenge of achieving regulatory compliance while improving operational performance. Clients faced with privacy complaints or information breeches appreciate Dirk's ability to engage opposing parties in productive dialogue, thanks to his formal conflict resolution training and experience as a Roster Mediator with the Alberta Civil Court.

Employee surveillance takes many forms, including email monitoring, computer monitoring, GPS tracking, video surveillance, and taping phone conversations. Studies indicate that many employers rely on one or more such devices to monitor employees. Some employers believe that employees forfeit all their privacy rights with respect to phone calls, emails, computer files and movements during normal working hours. However, adjudicative bodies have confirmed that employees do have a legitimate expectation of privacy in the workplace, and that this right cannot be summarily denied by the indiscriminate use of surveillance technology. What are the parameters defining acceptable workplace surveillance?

Chairperson
Kris Klein
Litigation Counsel
Office of the Privacy Commissioner of Canada

Kris Klein practices exclusively in the area of privacy law for the Privacy Commissioner of Canada. Mr. Klein previously practiced with a national law firm and the Federal Department of Justice. He teaches the Privacy Law course at Ottawa University's Law School and he has written extensively on this subject, including co-authoring "Bill C-6: A New Privacy Paradigm," and "Power Privacy Legislation Makes Businesses Accountable." Mr. Klein's experience in both the private and public sectors provides a particularly insightful and practical analysis found in his texts: "The Law of Privacy in Canada" and "Privacy in Employment: Control of Personal Information in the Workplace."

Murray Rankin, Q.C. is a partner in the firm of Heenan Blaikie, LLP and works out of its Victoria office. He was a Professor of Law at the University of Victoria for over a decade, and was educated at Queen's University, University of Toronto and Harvard Law School. He completed his Masters of Law thesis at Harvard Law School in the field of information law. In 1983, he worked at the Organization of Economic Cooperation and Development in Paris in the Directorate of Science Technology and Industry on Transborder Information Flows and subsequently wrote about this in several publications. He served with Dr. David Flaherty as consultant to the House of Commons committee that conducted the review of the Access to Information and Privacy Acts in 1987, then in 1992 was appointed Special Advisor to the Attorney General of British Columbia, responsible for the policy formation and drafting of BC's Freedom of Information and Protection of Privacy Act. Most recently, he was co-author of PIPEDA: An Annotated Guide, published by Irwin Law in 2000 and has lectured and written articles on privacy topics involving the new PIPEDA and advised a number of clients in the public and private sectors concerning this legislation and its provincial counterparts.

Richard S. Rosenberg is a Professor Emeritus in the Department of Computer Science, at the University of British Columbia. His research interests are in the social impact of computers and in Artificial Intelligence (AI). His work in the social impact of computers includes such areas of concern as privacy, freedom of expression, intellectual property rights, universal access, work and education. He has written many papers on free speech, ethics, and privacy issues, has appeared before Federal parliamentary and provincial legislative committees, and made presentations before the U.S. National Research Council. His most recent book is The Social Impact of Computers, 3rd Edition, San Diego, CA: Elsevier Academic Press, 2004. He is also a Vice-president of Electric Frontier Canada, on the Board of the BC Civil Liberties Association, and president of the BC Freedom of Information and Privacy Association.

Joyce Mitchell is a partner with Fasken Martineau DuMoulin, LLP, a national law firm. She practices exclusively in the Labour, Employment and Human Rights areas acting primarily on the management side. Joyce is called to the Bars of both Alberta and British Columbia and she transferred from the Vancouver office a few years ago to establish the Labour and Employment department in Calgary. Joyce has a very broad based practice and regularly provides advice to employers in all areas touching on the employment law relationship. Her practice includes defence of wrongful dismissal claims, representation of employers before administrative tribunals including human rights tribunals and labour relations boards, policy and employment agreement drafting, and negotiation of severance packages. Joyce also provides management and employee training on employment and human rights issues, as well as conducting harassment investigations. Joyce practices extensively in the privacy area, providing advice to companies with respect to privacy compliance and policy drafting. Joyce graduated from Simon Fraser University in 1989 with a Bachelor of Arts Degree. In 1991, she received a Bachelor of Laws Degree from the University of Victoria. She was called to the Bar in British Columbia in 1992 and to the Bar in Alberta in 2004.

Privacy is more than having sworn an oath of confidentiality and is much more than publishing a privacy policy. An organization is responsible for the ways in which employees handle customer personal information. A culture of privacy is necessary to ensure that the behaviour of your employees aligns with your privacy processes and policies. How do you cultivate a climate of privacy awareness in your organization? A confidentiality agreement does not compare to a proactive strategy of training, education and awareness. Hear from international experts on how to market privacy inside your organization and leverage this awareness to enhance consumer confidence.

Chairperson
David Flaherty
President
David H. Flaherty Inc.

David Flaherty is a specialist in the management of privacy and information policy issues. He served a six-year, non-renewable term as the first Information and Privacy Commissioner for the Province of British Columbia (1993-99). He wrote 320 Orders under the Freedom of Information and Protection of Privacy Act. He also pioneered the development of site visits to public bodies (hospitals in particular) as a form of privacy auditing. Flaherty began his involvement with privacy issues as an assistant to Alan F. Westin at Columbia University in 1964. Flaherty is an Honours graduate of McGill University (1962) and has an MA and Ph.D. from Columbia University. His teaching career from 1965 to 1993 included Princeton University, the University of Virginia, and the University of Western Ontario, where he was professor of history and law from 1972 to 1999 and is now professor emeritus. He has held fellowships and scholarships at Harvard, Oxford, Stanford, and Georgetown Universities. In 1992-93 Flaherty was a Fellow of the Woodrow Wilson International Center for Scholars in Washington, DC and a Canada-US. Fulbright Scholar in Law. Flaherty was an adjunct professor in political science at the University of Victoria from 1999 to 2006.

Paul Chadwick, journalist and lawyer, was the first Privacy Commissioner for the State of Victoria, Australia (2001-06). He pioneered use by journalists of Australia's freedom of information laws in the 1980s, co-founded the non-profit Communications Law Centre and ran it for eight years in Melbournein the 1990s, served on inquiries into media law and self-regulation issues,wrote books on FoI and media ownership, received the 1997 Walkley Award for most outstanding contribution to journalism, and is currently the inaugural Director Editorial Policies at the Australian Broadcasting Corporation, the national public broadcaster. He appears at the conference in a personal capacity and not as a representative of the ABC.

Marie Shroff was appointed to the independent statutory position of Privacy Commissioner of New Zealand in late 2003. Her responsibilities include independent comment on significant personal information policies and issues, providing opinions on privacy complaints made against government and business, monitoring government data matching and promoting good personal information handling practices in New Zealand. From 1987 to 2003 Marie Shroff held the position of Secretary of the Cabinet and Clerk of the Executive Council. As Secretary/Clerk she was responsible for the operation of Cabinet, the Executive Council, and Government House, and for related constitutional advice. Throughout her 16 years as Secretary of the Cabinet she undertook and implemented major reforms of policy and practices in these areas of responsibility.

Is your organization planning changes to its marketing strategy, information technology or introducing new products or services that change the way you collect, use or disclose personal information? Learn to assess the privacy risks of proposed technology, products or services by conducting a Privacy Impact Assessment (PIA). The goal of a privacy impact assessment is to assess the impacts a proposed course of action may have on the privacy of customers and employees. A PIA will help you, amongst other things, to analyze the sources and sensitivity of data, to map data flows, to assess controls on collection, use and disclosure and to identify privacy risks, and to establish a basis for any mitigation steps that can be taken.

Chairperson
Linda Sasaki
Portfolio Officer
Office of the Information & Privacy Commissioner of Alberta

Linda is a Portfolio Officer with the Office of the Information and Privacy Commissioner of Alberta where she is responsible for investigating and mediating matters under review, or relating to complaints about organizations' compliance with Alberta's Personal Information Protection Act. With over 18 years experience in Alberta's public service, Linda has been involved in many aspects of government, including Board development work with not-for-profit organizations, facilitating community development projects and investigating and mediating human rights complaints.

Karina Guy is a Partner with Deloitte & Touche LLP and the national service line leader for Privacy and Data Protection in Canada. She has over 12 years of specialized consulting experience in Information Risk Management, IT Governance, Data Protection, Privacy and Security. She has assisted many clients with the design and implementation of privacy and security programs, in addition to selecting and implementing privacy enhancing technologies such as identity management. Specific industry focus includes private-sector, government and healthcare, where Karina has been working with clients to define standards, manage risk and implement privacy controls. She has conducted numerous privacy impact assessments on programs and complex information systems for organizations across Canada; this knowledge is complimented by expertise in formal privacy audit using the Canadian Institute of Chartered Accountant's Generally Accepted Privacy Principles (GAPP). She has also designed privacy architectures and frameworks for clients in alignment with existing IT governance processes. Karina holds a Masters degree from the School of Library, Archival and Information Studies at the University of British Columbia, is a Certified Information Systems Security Professional (CISSP), a Certified Information Systems Auditor (CISA) and a Certified Information Privacy Professional (CIPP/C).

Sharon has been involved in all aspects of privacy and access in BC since 1993 including developing legislation, responding to access requests, mediating disputes and conducting investigations. Currently, she is responsible for managing the corporate privacy file for the province of British Columbia. Sharon has a Masters of Arts degree in Counselling Psychology and over 25 years experience as a counsellor, educator, author, policy analyst and program designer.

A key privacy principle is that current and former employees have the right to access their own personal information in the custody or control of their employer. How does this right play out when an employee is under investigation, or is the subject or complainant in a harassment investigation, is suing you or on is the verge of termination? What are the employer's rights and obligations with respect to an access request made by an employee or former employee?

Chairperson
Hilary Lynas
Director, Access and Privacy Branch
Government of Alberta

Hilary Lynas (BA, MBA) is Director of the Access and Privacy Branch of Alberta Government Services. The Branch coordinates the administration of Alberta's Personal Information Protection Act and supports the private sector in its implementation. Hilary has been working in the field of access and privacy since 1995, first processing access requests under Alberta's Freedom of Information and Protection of Privacy Act, then coordinating the extension of that act to municipalities, schools, universities and colleges. Hilary was directly involved in the development of PIPA, and will be supporting the review of the act scheduled to begin in 2006.

CINDY ROBERTS is Senior Counsel for Petro-Canada in its Calgary head office. She practices in the Corporate Legal group, providing legal advice to various departments in the company, including Information Technology, Treasury and Corporate Finance, Risk Management, Human Resources, Supply Chain and Petro-Canada's Privacy office. She has been with Petro-Canada for the past 20 years, and has experience in the upstream and downstream, as well as corporate legal groups. Since June, 2002, she has been very involved in the company's privacy compliance project, and is an active member of the corporate privacy steering committee. Ms. Roberts is past chair of the Alberta Privacy and Access Law section of the Canadian Bar Association (Alberta). She received her B. A. in Political Science from the University of Alberta in 1977, her LL.B. from the University of Alberta in 1980, and her Master of Laws (E-Business) from Osgoode Hall Law School in 2003.

Cappone D'Angelo is a partner in the Vancouver office of McCarthy Tétrault LLP. As a member of the firm's Technology Industry Group, he advises domestic and international clients regarding privacy law compliance, regarding the acquisition, development, and distribution of proprietary technology, and regarding eCommerce risk management. He is a frequent speaker and author regarding privacy law matters and was an active participant in the Working Group of the Canadian Bar Association (BC) with which the British Columbia Government consulted regarding implementation of the Personal Information Protection Act.

The Canadian Marketing Association defines "marketing" as "a set of business practices designed to plan for and present an organizations products or services in ways that build effective customer relationships." How do privacy laws influence marketing strategies such as CRM, loyalty programs, contests and direct marketing? What sources of personal information are safe for marketers to access? What are the rules around opt in/opt out consent? Learn from the experts what you need to know about designing a privacy-friendly marketing strategy.

Chairperson
Laird Miller
Chief Privacy Officer
London Drugs Ltd.

Laird is currently the Chief Financial Officer and Chief Privacy Officer of London Drugs Limited, a BC owned and operated private company with 63 retail locations in British Columbia, Alberta, Saskatchewan and Manitoba. Laird joined the H.Y. Louie/London Drugs family in 1996 after having served the organization for the previous ten years as part of Deloitte & Touche as a Senior Manager. Positions within the group have included Director of Audit Services - H.Y. Louie Co. Limited, Corporate Secretary, Treasurer and then Chief Financial Officer of London Drugs. Laird has been in current Chief Financial Officer role for 6 years. Laird also serves on London Drugs' Executive Committee.

As V.P. Public Affairs and Communications, Wally has responsibility for strategy and program development for CMA's work in the public policy arena. His portfolio includes the Association's government relations, communications programs for members and the public, as well as the CMA's Ethics & Privacy and Postal Issues Committees, CMA's Special Interest Councils and related research activities. Wally's private sector background includes senior management positions with a major Canadian financial institution, as well as several years in the Communications and Government Relations consulting business. Prior to that, he worked as a senior advisor at a number of Federal Government Ministries. He has served as Chief of Staff for the Minister of Industry and for the Government House Leader & Minister Responsible for Canada Post Corporation.

Born and raised in Pembroke, Ontario, in the Upper Ottawa Valley, Derek joined Retail Council of Canada (RCC) in July 2005. As Vice-President, National Affairs, Derek manages RCC's Government Relations and Communications Departments. Derek is responsible for the co-ordination of GR activities in Ottawa and with provincial and territorial governments across Canada, representing members on issues ranging from small business taxation to labour regulations; and environmental stewardship programs to international trade. He oversees RCC Member Committee work for the International Trade, Privacy and Public Affairs Committees.

Privacy includes individuals' right to access their own recorded personal information. It also includes the obligation of an organization to retain personal information for only as long as is necessary. Good records management is essential in enabling an organization to easily access records, which facilitates accountability. It is also critical to ensuring records are retained and disposed of in a planned and secure manager. Learn from the experts the best in records management practices.

Chairperson
Rick Klumpenhouwer
Manager, Privacy and Information Management
Cenera Consulting

Rick Klumpenhouer, Manager Consulting Services, Cenera. Rick has over 20 years experience in various aspects of information management, archives, and privacy. He holds a Masters degree in history from the University of Western Ontario and a Masters in Archival Studies from the University of British Columbia. He was Executive Director of the Legal Archives Society of Alberta from its founding in 1990 to 1997. He was Coordinator, Records Management later Information Management and Privacy at the Calgary Health Region between 1997 and 2002, when he joined Denham and Associates as a privacy consultant. He has been with Cenera since September 2003.

Marland Grove is Director of the Corporate Information Management Branch Office of the Chief Information Officer, Ministry of Labour and Citizens' Services. He began his career as a Micrographic Analyst and then Imaging Analyst (when digital scanning began) and has held increasingly senior positions throughout his 30 years with the Government of British Columbia. In his current position he is responsible for providing a government-wide framework for the management of recorded information, including policies, standards and strategic direction for the creation, security, accessibility, retention, disposition and preservation of records. As well as providing common records management systems and services to ministries, Crown Corporations and agencies, while determining on behalf of government as a whole which records have ongoing (archival) value.

Anna Paton is Compliance Director - Corporate Affairs for TELUS. In this position, she is responsible for record retention, privacy, and competition law compliance. Anna is currently leading the compliance initiatives within TELUS for the record retention policy. Anna is a member of the International Association of Privacy Professionals (IAPP) and a Certified Information Privacy Professional/Canada (CIPP/C). With over 30 years experience in the telecommunications industry, Anna has been involved many aspects of the business, including customer service, marketing, operations, and sales. Anna has worked for BC Tel and TELUS, in British Columbia, as well as many years in Bell Canada, Telecom Canada, and Stentor.

"Employee personal information" is a subset of personal information. The rules in Canadian and international jurisidictions regarding the collection, use and disclosure of employee personal information are not uniform, creating special challenges for organizations. What is the best strategy for managing employee personal information across domestic and international borders? Should you manage employee personal information with reference to one or several standards? What is the best baseline? How can you ensure any third party service providers are properly protecting the privacy of your employees? How can you manage the expectations and desires of a parent corporation located in a jurisdiction with less stringent (or different) privacy standards while still meeting your obligations as a Canadian organization? Hear from the experts how to coordinate and inform a cross-border strategy that meets both the needs of your organization and protects the privacy of your employees.

Earl Phillips
Partner
McCarthy Tetrault LLP

Earl Phillips is a partner in the firm's Vancouver office practicing in the Labour and Employment Group. Mr. Phillips obtained a BA (1974) from the University of British Columbia and an LLB (1980) from the University of Victoria. He was called to the British Columbia bar in 1981. He has published papers and delivered lectures on numerous occasions on various topics including, most recently, employment privacy, whistle-blowing, punitive damages in employment cases, substance abuse in the workplace and general employment practices. Mr. Phillips is a member of the Human Resources Management Association of British Columbia and of the BC Labour Section of the Canadian Bar Association. He also serves as a director of the Regent College 2000 Foundation and The Children's Foundation.

Ms. Hunter is a member of the firm's Litigation Department and practises in the areas of administrative law, freedom of information and privacy law and professional regulation law. Before joining Davis LLP, she was a law clerk in the Supreme Court of Canada. Ms. Hunter is experienced in freedom of information and privacy law and has represented a number of clients (including businesses and public bodies) on matters before the Office of the Information and Privacy Commissioner. She has assisted numerous private sector organizations with privacy law compliance. Ms. Hunter was a founding member and is a past co-chair of the CBA Freedom of Information and Privacy Law subsection. Ms. Hunter has acted for a variety of professional regulatory bodies on matters involving professional disciplinary proceedings and related litigation.

Mary Elizabeth Carlson is the Executive Director of the Office of the Information and Privacy Commissioner and the Office of the Lobbyist Registrar for the Province of British Columbia. In addition to her extensive privacy and access regulatory experience, Ms. Carlson recently acted as Chief Privacy Strategist for the BC Ministry of Health, advising on the privacy implications of the proposed electronic health record. Ms. Carlson has a BA in Criminology from Simon Fraser University and a Master's Degree in Public Administration from the John Jay College of Criminal Justice, City University of New York.

Businesses often regard privacy advocates as an opposing force. Are they? What role do privacy advocates have in expressing consumer concerns, identifying privacy problems in the marketplace and offering constructive solutions? What opportunities exist for organizations to partner with privacy advocates to analyze and meet emerging privacy challenges?

Chairperson
Darrell Evans
Freedom of Information and Protection of Privacy Association of British Columbia

Darrell Evans is the founder and currently, the executive director of the B.C. Freedom of Information and Privacy Association, a non-profit society dedicated to the advancement of freedom of information and privacy rights in Canada. He is a frequent public speaker on freedom of information and privacy issues. Prior to founding FIPA in 1990, Darrell spent 15 years in corporate communications as a graphic designer, copywriter, editor, and marketing and public relations consultant to corporations, non-profit groups and trade unions. In 1986, Darrell began to focus exclusively on communications for environmental, civil liberties and access to information issues.

Colin Bennett received his Bachelor's and Master's degrees from the University of Wales, and his Ph.D from the University of Illinois at Urbana-Champaign. Since 1986 he has taught in the Department of Political Science at the University of Victoria, where he is now Professor. From 1999-2000, he was a fellow with the Harvard Information Infrastructure Project, Kennedy School of Government, Harvard University. In 2007 he was a Visiting Fellow at the Center for the Study of Law and Society at University of California, Berkeley. He has given addresses and papers on a variety of subjects in Canada, the United States, Europe, China, Australia and New Zealand. He is an occasional contributor of articles on privacy to The Ottawa Citizen, The Vancouver Sun and the Victoria Times-Colonist. He has completed policy reports for the Canadian Standards Association, the Standards Council of Canada, Industry Canada, the Office of the Privacy Commissioner and for the European Commission. He is currently involved in a comparative project on the subject of "Privacy Advocacy" in advanced industrial states.

Philippa Lawson is Director of the Canadian Internet Policy and Public Interest Clinic (CIPPIC) at the University of Ottawa, Faculty of Law (see www.cippic.ca). As a lawyer and consumer advocate, she has worked with Canadian and international consumer organizations since the early 1990s on many privacy-related issues including codes of practice and data protection legislation. Pippa is widely recognized as an expert in data protection law and is frequently quoted in the media on privacy issues.

Question: What is equal parts analyst, proselytizer, enforcer, visionary, mediator, PR master and party pooper? Answer: A Chief Privacy Officer. What are the typically daily challenges in the life of a CPO? Hear the best advice from the experts on how to anticipate, implement and enforce privacy in your organization.

Chairperson
Steven Lingard
Assistant General Counsel
Insurance Bureau of Canada

Steven is Assistant General Counsel for Insurance Bureau of Canada which is the national trade association for property and casualty insurers. He earned his common and civil law degrees from McGill University and a Master of Laws degree from Osgoode Hall Law School. His thesis was a study of the Canadian, Quebec and European privacy laws. He is Secretary and Legal Advisor to IBC's Regulatory Affairs Committee and its Privacy Working Group.

Mr. Bass is Vice-President, General Counsel & Secretary to The Wawanesa Mutual Insurance Company, as well as its two subsidiaries, The Wawanesa Life Insurance Company and Wawanesa General Insurance Company. Mr. Bass left private practice in 1996 to become General Counsel to the 1999 Pan Am Games. In 1999 he joined Wawanesa Insurance. Mr. Bass is Deputy Chair of Insurance Bureau of Canada's Regulatory Affairs Committee and Chair of its Privacy Working Group.

Patti is the General Manager for TicketWeb Canada, a division of Ticketmaster Canada Ltd. In this role, Patti is responsible for all aspects of the business in Canada. She has also served as the Privacy Officer for Ticketmaster Canada since 2001, taking on this role shortly after PIPEDA was enacted. Patti has shaped Ticketmaster Canada's privacy policies and practices and continuously guides Ticketmaster Canada's compliance with various Canadian privacy acts. In doing so, she has been instrumental in ensuring that Ticketmaster is a leader in the entertainment sector in complying with privacy legislation.

David maintains three roles at PBC: as Director, Audit Services he manages a team of auditors who evaluate and improve the effectiveness of risk management, control and governance processes; as in-house counsel he provides advice on contractual, health, insurance and corporate matters; and as Chief Privacy Officer he offers leadership, training and guidance on privacy protection of personal and health information. David has degrees from Royal Military College (B.Sc.), Queen's University (M.B.A., LL. B.), and Simon Fraser University (M.A.).