PIPA Conference 2008 - Privacy 2.0 - Managing Privacy from the Inside Out

With an increase in negligent hiring, defamation lawsuits, and increasing costs of recruitment, employers are gathering more information not only about potential employees but current employees from social networking sites such as FaceBook and MySpace. What is the appropriate balance between an employer's "need to know" versus an employee’s right to privacy? Is information on a social networking site “public” information? Can employers restrict what their employees may post on their personal blog about their employers?

Chair
Frank Work
Commissioner
Office of the Information and Privacy Commissioner of Alberta

Alberta's second Information and Privacy Commissioner appointed in 2002. Mr. Work was born in Calgary, received his Bachelors Degree in Political Science and Masters Degree in Environmental Design from the University of Calgary and obtained a law degree in 1981 from McGill University. He practiced corporate commercial law in Calgary, worked for the Attorney General of Bermuda, and was seconded to the United Nations Environmental Program. After returning to Canada in 1987, Mr. Work took a contract position with the World Bank and was assigned to the country of Mauritius. From 1991 to 1996 Mr. Work worked as Parliamentary Counsel to the Legislative Assembly of Alberta, and General Counsel to the Ethics Commissioner of Alberta. In 1996 Mr. Work began his career at the Office of the Information and Privacy Commissioner as General Counsel and Assistant Commissioner. Mr. Work was appointed to a five-year term as Information and Privacy Commissioner in May 2002.

Jason Young
Barrister & Solicitor

Jason Young is Legal Counsel at Yahoo! Canada where his practice focuses on commercial matters relating to information technology, intellectual property, privacy, consumer protection. Jason is the former Editor of the Ontario Bar Association’s Privacy Law Review: Eye on Privacy. He completed his LL.B. at Queen’s University at Kingston and his Masters in Law with a concentration in technology and law at the University of Ottawa as a Gowling LaFleur Henderson Fellow. He has worked for the British Columbia and Ontario privacy commissioners and publishes regularly on privacy including in the Yale Journal of Law & Technology and the Canadian Privacy Law Review. He is the author of “Constitutional Rights and New Technologies in Canada” in Constitutional Rights and New Technologies: A Comparative Study and “Privacy Law in Canada” in Data Protection Laws of the World. Jason was an advisor to the intervenor in BMG Canada Inc. et al. v. Jane Doe et al., 2004 FC 488 on the privacy of Internet subscribers.

Kevin Doyle
Chief Privacy Officer
Telus

Mr. Kevin P. Doyle is Vice-President, Corporate Affairs – Compliance and Privacy at TELUS. Prior to taking on the role of Privacy Officer, Mr. Doyle held various positions within TELUS’ Telecom Policy and Government Affairs department, including Director of Regulatory Services and acting as TELUS’ legal counsel at numerous proceedings before the Canadian Radio-television and Telecommunications Commission. Mr. Doyle graduated from the University of Calgary Law School (1991), was called to the Alberta Bar in 1992, and completed his Master of Laws (Evidence) at the University of Alberta (1993). Prior to joining TELUS in 1995, Mr. Doyle taught Evidence and Land Titles at the University of Alberta Law School and practiced law in the city of Edmonton.

Philippa Lawson
Director
Canadian Internet Policy and Public Interest Clinic
University of Ottawa

Pippa Lawson is the director of Canada’s only technology law clinic, located at the University of Ottawa, Faculty of Law. She is a nationally recognized public interest advocate and expert on private sector data protection law. Prior to starting up CIPPIC in 2003, she was Counsel with the Public Interest Advocacy Centre, where she worked with consumer groups at national and international levels on issues involving telecommunications, privacy and online consumer protection. As Director of CIPPIC, Ms. Lawson’s work focuses on training students and ensuring that the public interest is robustly represented in policy and law-making processes involving the use of new technologies.

An all too common gripe heard by privacy regulators is the inability of customers to obtain information about an organization’s privacy policy, contact a privacy officer or lodge a complaint without first manoeuvring through a maze of WebPages or being interminably transferred from person to person. Organizations that are transparent about their data handling practices and efficient in responding to customer complaints have a better chance of avoiding a formal investigation by the privacy commissioner. In this workshop, learn how to reduce customer frustration by designing readable privacy policies and accessible complaint handling mechanisms.

Chair
David Loukidelis
Commissioner
Office of the Information and Privacy Commissioner of British Columbia

David Loukidelis is in his second six-year term as Information and Privacy Commissioner for British Columbia. An independent officer of the Legislature, he oversees compliance with British Columbia's Freedom of Information and Protection of Privacy Act, Personal Information Protection Act and Lobbyists Registration Act. David's experience in access and privacy issues goes back to 1990. Since becoming Commissioner in 1999, he has written hundreds of access to information appeal decisions, privacy complaint decisions, investigation reports, discussion papers and policy materials. David has participated in the Asia Pacific Economic Cooperation organization's work on international privacy standards and has been a member of several Canadian privacy advisory bodies in the area of health research. His university teaching experience includes teaching access to information and privacy law at the University of Victoria.

Drew McArthur
Consutant
The McArthur Consulting Group

Drew retired in late 2007 after a rewarding 35 year career with TELUS that spanned many functions, including operations, customer service, marketing and most recently as Vice President Corporate Affairs and Chief Compliance Officer. As Chief Compliance Officer, Drew was responsible for legal and regulatory compliance for all of TELUS’ operations, reporting to the Audit Committee of the Board of Directors. The responsibilities of this role included ensuring TELUS had the appropriate controls, policies and measurements in place to be compliant with many areas of law and regulation, including CRTC regulations, insider trading, competition law, privacy and record retention. He has many years experience dealing with compliance and privacy issues of a practical nature, and has worked throughout Canada to represent industry and other stakeholders in various initiatives.

Most recently, Drew played a pivotal role working with many stakeholders to develop information breach notification guidelines, which have been adopted by the Office of the Privacy Commissioner of Canada and provincial privacy commissioners.

Drew continues to work in the field of privacy and compliance, providing the unique perspective of a practical understanding of policy development and brings it to life within a large, complex organization with many diverse operational units.

Laird Miller
Chief Privacy Officer
London Drugs

Laird is currently the Chief Financial Officer and Chief Privacy Officer of London Drugs Limited, a BC owned and operated private company with 63 retail locations in British Columbia, Alberta, Saskatchewan and Manitoba. Laird joined the H.Y. Louie/London Drugs family in 1996 after having served the organization for the previous ten years as part of Deloitte & Touche as a Senior Manager. Positions within the group have included Director of Audit Services - H.Y. Louie Co. Limited, Corporate Secretary, Treasurer and then Chief Financial Officer of London Drugs. Laird has been in current Chief Financial Officer role for 6 years. Laird also serves on London Drugs' Executive Committee.

Victor Lee
Manager, Group Compliance
The Great-West Life Assurance Company

Victor is the Manager for Group Compliance at Great-West Life and Canada Life. He consults on privacy, compliance and legislative issues for group life and health products at Great-West Life and for group creditor and direct marketing products at Canada Life. Victor is a member of the Manitoba Bar, has achieved the FLMI, ACS, and AIRC designations, and has worked in group insurance for 17 years. He is a member and past-chair of the Canadian Life & Health Insurance Association (CLHIA) Subcommittee on Group Privacy, and is also a member of the CLHIA Compliance Committee and the Committee on Group Insurance.

A solid privacy management plan involves integrating records management into business systems and practices. Hear from experts how to approach privacy from a holistic perspective by properly classifying records, developing a storage and retention plan, coordinating access to personal information, assigning responsibilities and ensuring reasonable data security.

Chair
Jill Taylor
Portfolio Officer
Office of the Information and Privacy Commissioner of Alberta

Jill Taylor has recently joined the Calgary office of the Office of the Information and Privacy Commissioner as Portfolio Officer, Personal Information Protection Act. Jill holds degrees in nursing and in law. She is an experienced mediator of disputes related to family law and healthcare. Jill is a member of the legal bars in both Nova Scotia and Alberta. In addition to her legal and mediation practices, she provided consulting services related to patient safety issues and healthcare policy development.

Anna Paton
Compliance Director
Telus

Anna Paton is Compliance Director – Corporate Affairs for TELUS. In this position, she is responsible for record retention, privacy, and competition law compliance.

Anna is currently leading the compliance initiatives within TELUS for the record retention policy.

With over 30 years experience in the telecommunications industry, Anna has been involved in many aspects of the business, including Customer Service, Marketing, Operations, and Sales. Anna has worked for BC Tel and TELUS, in British Columbia, as well as many years in Bell Canada, Telecom Canada, and Stentor.

Maggie Shane
Alberta Teacher's Association

Margaret Shane, BA, MLIS is the Privacy Officer (and Records Manager and Archivist) for the Alberta Teachers’ Association (ATA) Maggie holds a Master’s degree in Library & Information Studies from the University of Alberta, is the President of ARMA International Edmonton Chapter, and a graduate of the U of A’s IAPP program. A passionate privacy advocate, Maggie’s focus will be on practical approaches to privacy awareness and compliance in the private sector.

Biometric identification is no longer a concept reserved for science fiction movies. Increasingly, employers are using biometric identification systems, like hand geometry recognition and fingerprint scanners to track employees’ hours and manage payroll. The use of biometrics often sets off alarm bells amongst employees, who worry about what information is being gathered, how secure it is and who it will be shared with. In this session, you will learn from an expert what to consider before you deploy a biometric identification program, the privacy risks and mitigation strategies and how to reduce the fear and anxiety surrounding workplace use of biometrics.

Brian Hamilton
Portfolio Officer
Office of the Information and Privacy Commissioner of Alberta

Brian Hamilton joined the Office of the Information and Privacy Commissioner of Alberta as a Portfolio Officer in January 2006. Brian reviews and comments on Privacy Impact Assessments, and investigates privacy and access complaints. From 2001 to January 2006 he was Senior Manager, Privacy and Security at Alberta Health and Wellness. Brian's responsibilities included managing the Privacy Impact Assessment process, developing and implementing privacy and security policies, security threat-risk assessments, and privacy and security investigations. Brian's office coordinated efforts to ensure that Alberta's heath sector met minimum information security standards and lead the development of privacy and security assessment tools for the health sector.

Chair
LeRoy Brower
Director, HIA
Office of the Information and Privacy Commissioner of Alberta

LeRoy Brower is the Director, Health Information Act (HIA) for the Alberta Office of the Information and Privacy Commissioner. Over the past six years he has led the health team in providing oversight of the HIA. This role involves investigation of privacy complaints, mediation of access requests and reviewing and commenting on privacy impact assessments submitted to the Commissioner. LeRoy has previously held FOIP positions within the Alberta Government as: FOIP Coordinator, Municipal Affairs; FOIP Advisor, Environment & Energy; and FOIP Coordinator, Social Services. LeRoy was a child abuse investigator for Social Services prior to becoming involved in the field of privacy.

Surveys consistently underscore the real concern of the public around the security of their personal information and the risks of misuse by organizations, their employees and by criminals. Data breaches cost an organization time, money and reputation. These losses can be mitigated if an organization responds quickly and completely to the data breach. In this session, learn how to contain a data breach, evaluate the risks caused by the breach, whether, when and how to notify affected individuals and whether the organization should notify the Privacy Commissioner.

Chair
Jill Clayton
Director PIPA
Office of the Information and Privacy Commissioner of Alberta

As a privacy consultant for a number of years, Jill assisted organizations in health care, oil and gas, telecommunications, non-profit and other sectors with their privacy compliance implementation activities, including: compliance audits, policy development, privacy impact assessments, and training and awareness.

Jill joined the Office of the Information and Privacy Commissioner of Alberta in 2004, shortly after the Personal Information Protection Act (PIPA) came into force. As a Portfolio Officer with the PIPA Team, she was responsible for investigating and mediating privacy complaints and requests for review. Jill is currently Director - PIPA.

Mark Hayes
Partner
Blake, Cassels & Graydon LLP

Mark Hayes is a Partner in the Intellectual Property Group in Toronto. His practice focuses on litigation and commercial matters relating to copyright, entertainment and media, information technology, privacy and access to information. He has extensive experience with regulatory matters and Canadian federal tribunals, including the Copyright Board.

Mark is a certified specialist in both civil litigation and intellectual property (copyright). He has written and lectured in Canada and abroad on issues relating to privacy, copyright, entertainment law, technology and the Internet. He is the author of "Privacy Law in Canada," a chapter of the U.S. publication Proskauer on Privacy, and is a co-author of The Cyberspace is Not a "No Law Land," the landmark 1997 study commissioned by Industry Canada on liability on the Internet.

Mark has been ranked in The Canadian Legal Lexpert Directory, The Lexpert/American Lawyer Guide to the Leading 500 Lawyers in Canada, and The 2008 International Who's Who of Internet and E-commerce Lawyers.

Catherine Tully
Manager, Investigation and Mediation
Office of the Information and Privacy Commissioner of British Columbia

Catherine Tully is a Manager of Investigations and Mediation with the Office of the Information and Privacy Commissioner of British Columbia. In that capacity she is responsible for supervising and conducting investigations and mediations and for providing advice on issues relating to the Freedom of Information and Protection of Privacy Act. For six years prior to joining the staff at the Office of the Information and Privacy Commissioner, Catherine was the Director of Information, Privacy and Records Management for the Ministry of Attorney General and the Ministry of Public Safety and Solicitor General. Catherine began her legal career in the Ontario Legal Clinic System as a staff lawyer specializing in workers' compensation law. Catherine received her B.Sc., B.A. and LL.B. from the University of Ottawa and her LL.M. in international human rights law from Dalhousie University.

Elizabeth Denham
Assistant Privacy Commissioner
Office of the Privacy Commissioner of Canada

Effective November 1, 2007, Elizabeth Denham was appointed Assistant Privacy Commissioner of Canada with primary responsibility for the federal private sector privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA). Immediately prior to this appointment, she served as Director of Research, Analysis and Stakeholder Relations with the Office of the Privacy Commissioner of Canada.

From 2003 to 2007, Ms. Denham was Director, Private Sector, for the Office of the Information and Privacy Commissioner of Alberta. In this role, she established and directed the compliance and enforcement program for Alberta's private sector privacy law.

She holds degrees in history (Bachelor of Arts) and archival and information science (Masters of Arts)from the University of British Columbia.

Privacy laws give employees and customers the right to request access to their personal information collected by an organization, including the right to request an accounting of how their information has been used and to whom it has been disclosed. In this session you will learn how to manage the most common access issues, including what is or is not personal information, severing records, issuing fees, responding properly and on time and key exceptions to disclosure.

Chair
Jim Burrows
Office of the Information and Privacy Commissioner of British Columbia

Jim Burrows has been with the B.C. Office of the Information & Privacy Commissioner as a Portfolio Officer since March, 2003. Previous to that, Jim worked for the City of Victoria from 1990 until 2001 in various capacities including managing the Information Systems Division as well as Information and Privacy Coordinator and City Archivist. Jim received a Masters of Archival Studies from the University of British Columbia.

Johanne Lessard
Manager, Investigations
Office of the Privacy Commissioner of Canada

Johane Lessard has been Manager of Investigations at the Office of the Privacy Commissioner of Canada since January 2008. She plans and manages the work of a team of investigators who respond to complaints concerning the protection of personal information that have been filed against organizations subject to the Personal Information Protection and Electronic Documents Act. Ms. Lessard has been with the federal government for about seven years. She spent six of those years investigating civil and criminal matters on a national and international scale, and worked one year as a Special Advisor at the Competition Bureau. Prior to that, she worked with the Government of Quebec for about ten years.

Ms. Lessard has a Bachelor of Laws and a Master’s Degree in Business Administration from the Université Laval.

Linda Sasaki
Portfolio Officer
Office of the Information and Privacy Commissioner of Alberta

Linda Sasaki is a Portfolio Officer with the Office of the Information and Privacy Commissioner of Alberta where she is responsible for investigating and mediating matters under review, or relating to complaints about organizations’ compliance with Alberta’s Personal Information Protection Act (“PIPA”).

With over 18 years experience in Alberta’s public service, Linda has been involved in many aspects of government, including Board development work with not-for-profit organizations, facilitating community development projects and investigating and mediating human rights complaints.

Unauthorized use or disclosure of personal information is more often than not the result of insider error or malfeasance. Recent studies have concluded that human error was the main culprit in the loss of sensitive personal information in 61% of breaches. The most common sources of data breaches include unauthorized browsing of personal information by employees, insecure storage or care of personal information and insecure disposal of personal information. How can an organization best manage this risk? In this session, you will receive expert advice and strategies on how to control, monitor and investigate employee access and handling of personal information.

Chair
Mary Carlson
Executive Director
Office of the Information and Privacy Commissioner of British Columbia

Mary Elizabeth Carlson is the Executive Director of the Office of the Information and Privacy Commissioner and the Office of the Lobbyist Registrar for the Province of British Columbia. The OIPC is an independent quasi-judicial office of the legislature, responsible for enforcing the public sector Freedom of Information and Protection of Privacy Act, the private sector Personal Information Protection Act and the Lobbyist Registration Act. Ms. Carlson leads all agency staff collectively responsible for investigating and mediating access to information appeals and privacy complaints filed under those statutes and provides strategic access and privacy advice to public and private agencies.

In addition to her extensive privacy and access regulatory experience, Ms. Carlson recently acted as Chief Privacy Strategist for the BC Ministry of Health, advising on the privacy implications of the proposed electronic health record. She has experience in the privacy technology field, formerly employed by Zero-Knowledge Systems in Montreal as a Senior Privacy Architect and Policy Consultant. From 1990 to 1993 Ms. Carlson was the Director of Policy and Planning for the Yukon Workers' Compensation Health and Safety Board and before that, she spent seven years with the Yukon Department of Justice, Corrections and Law Enforcement Division.

Ms. Carlson has a BA in Criminology from Simon Fraser University and a Master's Degree in Public Administration from the John Jay College of Criminal Justice, City University of New York.

Mark Vale
Chief Information & Privacy Officer
Office of the Chief Information and Privacy Officer of Ontario

Dr. Mark Vale was appointed the Ontario government's first Chief Information and Privacy Officer in July 2006. He leads the development and implementation of information management strategies that support sound business practices, build capacity across the government, and make access to information and privacy fundamental business considerations. Before joining the Ontario Public Service, Mark was President of Information Management & Economics, Inc. working with governments and companies across Canada to help them become more efficient by effectively managing information and knowledge resources. Mark is an information economist and has more than 25 years experience in information policy, information strategy and planning, and implementing corporate information and knowledge management programs. He is one of North America's leaders in shaping the information and knowledge management disciplines and has taught at the University of Alberta, York University, Stanford University and California State University. Born in Toronto, Mark received his MA in economics from the University of California, Berkeley and his PhD from Stanford University.

Steve Heather
Manager, Privacy & Fair Practices
ICBC

Steve Heather is an Insurance and Privacy Professional who has worked for the Insurance Corporation of B.C. (ICBC) for 30 years in many different capacities. Since 1992, when B.C's FOIPP Act was first introduced, he has been responsible for developing and directing ICBC's Freedom of Information and Privacy programs as well as ICBC's Fair Practices department. A Crown Corporation, ICBC is B.C's monopoly provider of basic auto insurance and competes with the private sector for optional insurance. It also provides driver licensing and vehicle registration services on behalf of government. It has over 6000 employees, a 900 plus broker network, and vast holdings of personal information in its driver, vehicle and claims data bases. Steve will share his experience in meeting the considerable privacy challenges and insider threats that such an organization presents.

Increasingly, marketers and advertising networks monitor and collect data from consumers as they browse and shop online. Online behavioural advertising is the online tracking of a consumers activities, including searches performed, Web pages visited and in what order. This information is sometimes used to deliver targeted advertising to consumers. Some privacy groups have sounded the alarm about online behavioural tracking, stating consumers are largely unaware that it is taking place. Can the online tracking and targeting of consumers –– both in its current form and as it may develop in the future –– be structured to add value to an organization’s bottom line and respect the privacy rights of consumers?

Chair
Wally Hill
Vice President, Public Affairs & Communication
Canadian Marketing Association

As V.P. Public Affairs and Communications, Wally has responsibility for the strategy and oversight of CMA’s advocacy work in the public policy arena. His portfolio includes government relations, member and public communications programs, CMA’s Ethics & Privacy and Postal Issues Committees, and the Association’s Special Interest Councils and related research activities.

Sean Cummings
Principal
SXC Marketing

Sean X Cummings is a recognized leader and expert on Internet marketing and advertising, with over 100 published articles and 30 speaking engagements. For over 15 years he worked as an award winning copywriter, account director and digital strategist for brands such as American Express, Nike, MSNBC, US Robotics, Miller, Corona, Hyatt, American Airlines, and many others. Most recently Sean ran both online and offline marketing for Ask.com, including new business development, team management, agency relationships and negotiations, creative, media buying, planning and analytics.

He is eagerly sought after as a dynamic speaker and writer, helping to educate brands, agencies, and vendors on how to best leverage emerging and existing advertising and marketing technologies.

He is regular columnist for iMedia Connection, and writes on a broad range of topics, including the myth of consumer privacy, and the societal impacts of a digital society. Look for his book, “The Luddite Effect,” coming out in 2009.

James Bond
Partner
Lang Michener LLP
& VP Canadian Bar Association, BC

JAMES M. BOND is a partner in the Vancouver office of Lang Michener LLP. He practices primarily in the areas of intellectual property protection and licensing, corporate transactions, and privacy. His clients range from start-ups to multinational corporations and operate in the technology, retail and service sectors. James holds a BV rating from Martindale Hubbell, and has been listed as a leading lawyer in Canada by The National Post, The Best Lawyers in Canada and LEXPERT.

Privacy is a dynamic concept. Part of a healthy privacy management strategy is ongoing assessment to ensure your organization remains compliant with the law. How do you measure the health of your privacy program, on an ongoing basis? In this session, you will hear from the experts how to develop and implement a corporate wide privacy compliance check up, what audit tools are currently available and how to construct and execute a more detailed privacy audit.

Chair
Amanda Swanek
Senior Policy Analyst
Service Alberta

Amanda Swanek is a Senior Policy Analyst with Access and Privacy in Service Alberta, the Ministry responsible for Alberta’s Personal Information Protection Act. Amanda was part of the technical team that supported the MLA committee appointed to review the Act. Amanda’s other responsibilities include developing resources to assist organizations in making privacy part of their business.

Fiona Jones
Director, Corporate Responsibility
Petro Canada

Petro-Canada is an integrated Canadian oil and gas company with international interests. The company creates value by responsibly developing energy resources and providing world class petroleum products and services. As Director, Corporate Responsibility, Fiona supports an executive steering team to integrate the Company’s corporate responsibility commitments, which include business conduct, into its strategic planning and business processes. Reporting to the Chief Privacy Officer, she leads a cross-functional internal privacy network which oversees the implementation of the company's privacy compliance. Fiona took on the corporate responsibility role at Petro-Canada 2.5 years ago. Prior to taking on this role 3 years ago, she worked for 14 years in the Company’s Treasury group, managing financial risk, including commodity market risk exposure, cash management and corporate finance. She joined Petro-Canada after 10 years of trading in global currency and bond markets.

Claudiu Popa
CISSP PMP CISA
Informatica Corporation

Claudiu Popa is a Certified Information Systems Security Professional and with over 18 years of information systems and risk management experience. He is an ardent supporter of information security and privacy awareness, as well as a presenter and lecturer. As president and Chief Security Officer of Informatica Security, he is involved in supporting regulatory compliance efforts and helping to define and implement effective industry standards.

Mr. Popa is the author of the Canadian Institute of Chartered Accountants' Canadian Privacy and Data Security Toolkit for Small and Medium-Sized Enterprises, due to be released in 2009. He oversees information security management deployments for organizations in diverse industries and will share his insights with us at the conference. As a Certified Information Systems Auditor and Project Management Professional, he facilitates and leads information security audits, privacy impact assessments and risk assessments including WebTrust and SysTrust.

As a respected media resource and certified information security professional, Mr. Popa also builds security and privacy awareness by taking part in print, radio and television interviews, conference appearances and by publishing research papers and newsletters. All are testaments to his dedication to a personal and professional passion for protecting the most valuable intangible asset in the global economy: information.

Trevor Shaw
A/Director General, Audit & Review
Office of the Privacy Commissioner of Canada

Trevor Shaw is a Chartered Accountant and Certified Management Consultant by professional training. For 30 years he has been auditing Canadian government departments and agencies at both the federal and provincial levels.
Trevor joined the OPC in December 2004 as acting Director General of the Audit & Review Branch reporting to Jennifer Stoddart the Privacy Commissioner of Canada. He came from the Office of the Auditor General for Canada where he served as an Audit Principal. Prior to legislative auditing, Trevor was a partner in a national firm (Dunwoody and Company now BDO) where he provided audit, accounting and tax services to clients in the National Capital Region.

Trevor is married, with two children and five grandchildren.

Managing the payroll function necessarily involves the collection, use and disclosure of sensitive personal information, including social insurance numbers, detailed information about dependents and banking information. It also involves the disclosure of information to various government agencies. Hear from an expert privacy consultant on solutions to payroll privacy issues. In this workshop, you will also learn how to manage your privacy risks with respect to the recruitment process, including pre-employment testing and conducting background checks such as credit and reference checks.

Murray Long
President
Murray Long & Associates

Murray Long is one of Canada's foremost private sector privacy experts. As a member of the Canadian Standards Association (CSA) privacy committee, he helped write the CSA Model Code for the Protection of Personal Information, which is the basis for the Personal Information Protection and Electronic Documents Act (PIPEDA) and subsequent provincial laws.

Since 1997, Murray has provided guidance on privacy law compliance to organizations in the telecommunications, banking and insurance, transportation, retailing, franchising, healthcare, employment privacy, and charity sectors. He has undertaken numerous policy research, privacy review, privacy impact and training projects for the federal and provincial governments as well as private firms. On several projects, he has collaborated with other leading Canadian privacy consultants and can assemble a team, as needed, to meet any requirement.

Lorene Novakowski
Partner
Fasken Martineau DuMoulin LLP

Lorene A. Novakowski, LLB, is a Partner with the Employment, Labour and Human Rights Practice Group of the Vancouver Office of Fasken Martineau DuMoulin LLP. Lorene is also the Regional Chair of the Privacy and Information Practice Group, and is a member of the Fasken Martineau National Privacy and Information Practice Group. Lorene assists employers and businesses to implement privacy policies and procedures, provides training, assists with access requests and provides timely and strategic advice in the event of a privacy breach. She has acted as counsel in inquiries before the Office of the Information and Privacy Commissioner, both in public sector and private sector matters. She has given advice on compliance in cross-border issues involving the B.C. public sector privacy law and assisted clients in negotiating privacy agreements with B.C. public sector bodies. She has given advice in respect of responses to government and law enforcement requests for personal information, and assisted multinational internet service providers in respect of their Canadian privacy obligations. She has spoken regularly on various aspects of privacy law and, in particular, has provided numerous training sessions for human resources professionals on their obligations under the Personal Information Protection Act. She has also written articles on privacy and information protection, given interviews on the subject, and co-authored the 2004, 2005, 2006, 2007 and 2008 editions of the Personal Information Protection Act – BC and Alberta: Quick Reference Guide published by Thomson Carswell. Lorene has the credential of Certified Information Privacy Professional/Canada, effective October 2006

Chair
Catherine Tully
Manager, Investigation and Mediation
Office of the Information and Privacy Commissioner of British Columbia

Catherine Tully joined the staff of the Office of the Information and Privacy Commissioner of British Columbia in the spring of 2006. As Manager of Investigations and Mediation, Catherine’s primary responsibilities are to supervise and conduct investigations and mediations and to provide advice on issues related to the Freedom of Information and Protection of Privacy Act and the Personal Information Protection Act.

Prior to joining the Office of the Information and Privacy Commissioner, Catherine was the Director of Information, Privacy and Records Management for the Ministry of Attorney General, Ministry of Public Safety and Solicitor General and the Ministry of Aboriginal Relations and Reconciliation for 5 years. As a special researcher for the Ted Hughes’ Inquiry, Catherine authored, “Public Reporting of Child Death Reviews, April 2006” B.C. Child & Youth Review.

Catherine Tully has a broad background in administrative law beginning with a career in the Ontario legal clinic system specialising in workers’ compensation and criminal injury compensation law. She also worked for 2 years as an advocate at the Together Against Poverty Society, a front line advocacy organization in Victoria. She has a B.Sc., B.A. and LL.B. from the University of Ottawa and an LL.M. in international human rights law from Dalhousie University.

With few exceptions, an organization must obtain the consent of the data subject before or at the time it collects personal information. In addition, an organization cannot require consent for the collection of personal information not necessary to provide the service. Consent can take several forms, including express consent, implied consent, and opt-in/opt-out, and the type of consent that should be obtained varies with the circumstances. In this session, you will learn how to provide proper transparent notice, what form of consent to obtain, how long consent is valid, how to manage consent withdrawals and the legal implications of those withdrawals.

Chair
Sharon Plater
Director, IM/IT Privacy and Legislation
BC Ministry of Labour and Citizens Services

Sharon has been involved in all aspects of privacy and access in BC since 1993 including developing legislation, managing the government’s corporate privacy file, responding to access requests, mediating disputes and conducting investigations. Currently, Sharon is responsible for overseeing information management legislation for the province of British Columbia.

Sharon has a Masters of Arts degree in Counselling Psychology and over 25 years experience as a counsellor, educator, author, policy analyst and program designer.

Rick Klumpenhouwer
Consultant
Cenera

Rick Klumpenhouer, Manager Consulting Services, Cenera. Rick has over 20 years experience in various aspects of information management, archives, and privacy. He holds a Masters degree in history from the University of Western Ontario and a Masters in Archival Studies from the University of British Columbia. He was Executive Director of the Legal Archives Society of Alberta from its founding in 1990 to 1997. He was Coordinator, Records Management later Information Management and Privacy at the Calgary Health Region between 1997 and 2002, when he joined Denham and Associates as a privacy consultant. He has been with Cenera since September 2003.

Dale Philp
Assistant Vice-President and Senior Counsel, Central Law - Products & Distribution
Sun Life Financial Inc.

DALE PHILP, Assistant Vice-President & Senior Counsel in the Law Department of Sun Life Assurance Company of Canada, is the primary legal contact for Group Benefits matters, and privacy related issues generally across Sun Life Financial. Dale was called to the Ontario Bar in 1987, and practised in the area of litigation prior to joining Sun Life in October, 1998. Dale serves on the Canadian Life and Health Insurance Association Group Insurance Committee and is the current Chairperson of the Privacy Steering Committee.

In the past year, both the BC and Alberta private sector privacy laws have undergone legislative review following in the footsteps of the review of PIPEDA. Hear the results of those reviews, who won, who lost, what is likely on the horizon with respect to legislative changes and how those changes will impact your business model. In this session, critical privacy investigations, orders and court cases that have broad application will also be discussed.

Chair
Hilary Lynas
Director, Access & Privacy
Service Alberta

Hilary Lynas (BA, MBA) is Director of the Access and Privacy Branch, Service Alberta. The Branch coordinates the administration of Alberta's Personal Information Protection Act and supports the private sector in its implementation. Hilary has been working in the field of access and privacy since 1995, first processing access requests under Alberta's Freedom of Information and Protection of Privacy Act, then coordinating the extension of that act to municipalities, schools, universities and colleges. Hilary was directly involved in the development of PIPA and the recent review of the act.

James Bond
Partner
Lang Michener LLP
& VP Canadian Bar Association, BC

JAMES M. BOND is a partner in the Vancouver office of Lang Michener LLP. He practices primarily in the areas of intellectual property protection and licensing, corporate transactions, and privacy. His clients range from start-ups to multinational corporations and operate in the technology, retail and service sectors. James holds a BV rating from Martindale Hubbell, and has been listed as a leading lawyer in Canada by The National Post, The Best Lawyers in Canada and LEXPERT.

Ann Goldsmith
Policy Team Leader
Office of the Privacy Commissioner of Canada

Ann Goldsmith is the Team Lead, Policy in the Office of the Privacy Commissioner of Canada in Ottawa. She has been with the Office since its inception in 1983 and has worked in many of the branches of the Office including Parliamentary Affairs, Legal, Inquiries and the Private Sector Secretariat. She has been involved with PIPEDA through both stages of implementation (2001/2004).

Jillian Vincent
Portfolio Officer
Office of the Information and Privacy Commissioner of Alberta

Jillian Vincent is a Portfolio Officer, Personal Information Protection Act with the Office of the Information and Privacy Commission of Alberta. Jillian holds degrees in both molecular genetics and law and is a member of the Alberta bar. Prior to joining the OIPC she spent several years in private practice at a national firm advising clients on privacy, employment and technology issues.

Employees breathe life (or death) into an organization’s privacy policy. Everyone in your organization involved in handling personal information has a responsibility to keep it secure and confidential. This is how customer trust is earned and maintained. Hear from global experts how they infuse privacy into the fabric of their organizations, from initial training, to monitoring, evaluation and finally, to refreshing that commitment.

Chair
Terry McQuay
President
Nymity Inc.

Terry McQuay is the founder and President of Nymity Inc. a privacy research firm that provides privacy support tools for Canadian and US privacy professionals. Mr. McQuay is the Canadian Co-Chair of the International Association of Privacy Professionals' KnowledgeNet and a Certified Information Privacy Professional (CIPP & CIPP/C). He is on the Canadian Marketing Association's Ethics and Privacy Committee, a Privacy Advisor to the Canadian Standards Association(CSA), a Privacy Trainer for the Canadian Institute of Chartered Accountants(CICA), and a Privacy Advisor for the Retail Council of Canada.

Sandra Smith-Frampton
Privacy Officer
ATB Financial

Sandra Smith-Frampton is a Certified Information Privacy Professional, and a Certified Records Manager, currently employed as ATB Financial’s Privacy Officer. She has nineteen (19) years subject matter expertise that includes applied knowledge for legislative interpretation and research, privacy compliance, operational risk, anti-money laundering, disaster planning, business continuity, IT system architecture, and records and electronic information management.

Sandra’s array of experience is derived from industries that include, financial, communication, education, public sector government, and oil and gas. She is an avid public speaker and has presented at local and international venues across Canada and the United States. She has instructed adult-education at an accredited College in Canada, and is a graduate of the University of Alberta’s National Information Access Protection of Privacy program.

Sandra’s presentations cover topics of privacy compliance, employee training, project management, business continuity, disaster planning, electronic information management, and project implementation.

Robin Gould-Soil
Chief Privacy Officer
TD Canada Trust

Robin Gould-Soil, is the Chief Privacy Officer at TD Bank Financial Group, a position she has held since November 2000. In this role, she is charged with overseeing the development and execution of the Bank’s corporate privacy strategy as well as that of its insurance, securities and other subsidiaries in Canada

Her responsibilities include championing a strategic approach to privacy enterprise-wide; ensuring the integration of privacy management into business planning and operations; fostering the development of a privacy culture and mindset within the organization through privacy training, education and other communications; advising employees on resolving privacy complaints and requests; monitoring risk/control issues and developing tools to help implement, monitor and evaluate compliance throughout the organization; and liaising with external privacy bodies and industry groups.

Robin is a recognized privacy leader within Canada. She has obtained CIPP/C certification. Robin is a former executive member of the Canadian Chief Privacy Officers’ Association and is on the Advisory Board of the International Association of Privacy Professionals (IAPP) as well as a member at the Canadian Bankers Association’s privacy specialist group. As a privacy practitioner, Robin brings to the table first-hand experience working in the many domains affected by privacy. Since first joining TD Bank Financial Group over 20 years ago, she has held positions and accumulated diverse knowledge in all areas of the business, from product development, operations management and IT to retail branch banking.

On December 13, 2004, the federal government announced they would introduce legislation to create a national Do Not Call List. Bill C-37 gave the CRTC the authority to establish a national do not call list, to establish procedures to administer the Act and to levy penalties for violations. In this session find out more about the Do Not Call list, who is exempt, the extent and duration of the contact prohibition, how to retrieve names from the list and how this affects existing customer relationships.

Chair
Jann Lynn-George
Manager, Legislation and Policy
Access and Privacy Branch
Service Alberta

Jann Lynn-George is the Manager of Legislation and Policy in the area of access to information and protection of privacy in the Government of Alberta. Jann has been working in this area for over a decade and was involved in the drafting of Alberta's Personal Information Protection Act in 2003. She was also on the support team for the all-party committee of MLAs that conducted the first review of the Act in 2006 to 2007. She is currently working on a PIPA Amendment Act.

Wally Hill
Vice President, Public Affairs & Communication
Canadian Marketing Association

As V.P. Public Affairs and Communications, Wally has responsibility for the strategy and oversight of CMA’s advocacy work in the public policy arena. His portfolio includes government relations, member and public communications programs, CMA’s Ethics & Privacy and Postal Issues Committees, and the Association’s Special Interest Councils and related research activities.

Cross border transmissions of personal information create special compliance challenges for organizations. As data flows across national and international boundaries, different rules and different oversight agencies may apply. In this session, you will be presented with a hypothetical case study of a multi-jurisdictional flow of personal information originating from a western Canadian business. The session leaders will walk you through the legal analysis of the trans-border privacy issues and the extra-territorial jurisdiction of Canadian privacy laws with respect to data flows to the rest of the world.

Chair
Cindy Roberts
Senior Counsel
Petro Canada

CINDY ROBERTS is Senior Counsel for Petro-Canada in its Calgary head office. She practices in the Corporate Legal group, providing legal advice to various departments in the company, including Information Technology, Treasury and Corporate Finance, Risk Management, Human Resources, Supply Chain and Petro-Canada's Privacy office. She has been with Petro-Canada for the past 20 years, and has experience in the upstream and downstream, as well as corporate legal groups. Since June, 2002, she has been very involved in the company's privacy compliance project, and is an active member of the corporate privacy steering committee. Ms. Roberts is past chair of the Alberta Privacy and Access Law section of the Canadian Bar Association (Alberta). She received her B. A. in Political Science from the University of Alberta in 1977, her LL.B. from the University of Alberta in 1980, and her Master of Laws (E-Business) from Osgoode Hall Law School in 2003.

Michael Whitt
Partner
Borden Ladner Gervais LLP

Michael Whitt is a partner in our Calgary office. Mr. Whitt was called to the Alberta Bar in 1979, and has given numerous presentations on Privacy topics. Mr. Whitt is Co-Chair of the Calgary BLG Intellectual Property and Technology Department and heads Calgary’s informal multi-disciplinary “Technology Law Group”. Mr. Whitt also serves on several important functional committees for BLG, including the firm’s Privacy Committee and the Information Technology Steering Committee. Mr. Whitt routinely deals with complex information and communication technologies, particularly in healthcare, informatics and privacy, IT outsourcing and complex licensing regimes.

Julio Arboleda
Senior Associate
Borden Ladner Gervais LLP

Julio Arboleda is a senior associate lawyer in our Calgary office. Mr. Arboleda was admitted to the Alberta Bar in 1997, and has given numerous presentations on Privacy topics.
Mr. Arboleda first dealt with Privacy issues in 1996 when, as a member of the University of Calgary team in the Phillip C. Jessup Internal Law Moot, he was responsible for arguing then emerging European law with respect to Privacy. He placed first in the Canadian National Round, and second in the preliminary Worldwide Round (Washington D.C.) hosted by the American Society of International Law.
Following this, he completed a Masters in Law (LL.M.) in e-business from Osgoode Hall, York University, Toronto in 2004. His masters paper was on the impact of the privacy legislation on corporate mergers and acquisitions. Mr. Arboleda has advised numerous clients with respect to privacy issues arising in mergers and acquisitions, the design and implementation of national and international privacy compliance programs and other privacy related legal matters. In addition, he has handled privacy breaches and represented a client during an investigation by the Privacy Commissioner under the Alberta privacy legislation.