Information Technology Law in 2035: Where are we headed?

Transcription

1 Information Technology Law in 2035: Where are we headed? September 16, 2015

2 Information Technology Law in 2035: Where are we headed? Information Technology Law in 2035 The Future of IT: DEVICE DEMOCRACY Jay Safer Vice-President, General Counsel and Secretary IBM Canada September 16, 2015

3 Device Democracy Backgrounder: Dramatic IT progress 1. Privacy must be part of the progression discussion 2. By 2020: a. sensor enabled devices will number 28x more than humans b. 30B devices will have communication capability 3. E-Commerce: 5 years ago? 4. Agile 5. Watson: learning to 'see'; soon to take radiology exams 6. Security Incidents: a. breach through car's infotainment system b. satellite: GPS hack c. "disturbing spending gap i. dual factor authentication ii. encryption, anonymization Experience: 1. People compromise privacy for convenience 2. Stock hits resulting from incidents: ALL recover IBM Corporation Device Democracy 1. Internet of Things a. band width universal and ubiquitous 2. Intelligence in all chips: a. analyze, predict, decide b. communications capability A. Decision Making Capability: 1. By distributed chips -- no centralized processing -- enabled to perform on site 2. never alone -- at least for key decisions 3. cluster of devices to jointly make the decision, confirm the decision a. fact finding etc., may be delegated to one chip 4. trust enablement: a. Bitcoin example -- crowdsource knowledge b. Chips will know the mechanisms to establish trust c. Ability to disavow unrecognized = rogue chips 5. Scope or other inhibitor to adoption *house example *motorcycle scenario 6. New protocols for exchanging instructions: e.g. ITTT IBM Corporation

4 Device Democracy B. Policy issues 1. What decisions do 'we' want the chip to make? to conclude and implement? priorities? a. pervasive policy required: notion of singularity b. who owns the data decided by the chip(s) 2. universal security requirements? sufficient for privacy interests? IBM Corporation Device Democracy Health 1. Premise: healthier, longer a. prevention v treatment/reactive i. who pays: government v individual a. comfort confirmation b. the worried well c. game-i-fyers: b. the more available the information, the better the result: a. Preemies b. Pregnancies c. Cancer: i. customized cocktails, DNA, immune system, complete history ii. early detection by prediction d. Emergencies e. Bio-Informatics: i. customize soft drinks on the spot ii. shake hands iii. implanted IBM Corporation

5 Device Democracy Future: 1. Ownership of information once projected by cluster of chips 2. Liability 3. Methodology to protect privacy 4. Policy development re chip decision making powers Above discussions cannot be separated Will we Canadians choose to inhibit adoption until consensus reached on all 4 policy areas? IBM Corporation Go Beyond Regulatory Compliance: Embed Privacy by Design, Into your Operations Ann Cavoukian, Ph.D. Executive Director Privacy and Big Data Institute Ryerson University Canadian IT Law Association September 16, 2015 Toronto, ON

6 Internet of Things (IoT) Wireless and Wearable Devices 1) Wearable Computing: Everyday objects i.e. Google glass, Apple watch, Nymi band 2) Quantified Self: Record information about one s habits, lifestyle and activities i.e. Health, Fitness and sleep trackers 3) Home Automation: Computer controlled thermostats, light bulbs etc.

7 Mobile Health & Fitness Devices: Where s the Privacy? As mobile health and fitness apps and wearables gain popularity, privacy experts have raised concerns that companies are monetising personal medical information. There are thousands of health and fitness devices and apps on the market, but it is not always clear if users data is kept confidential. -Bridget Brennan, The World Today, April 28, 2015 Remote Monitoring of Devices: Privacy Risks Third party monitoring removes control of one s information from the individual involved; The nature of the devices may make it more difficult to obtain consent before data collection begins; Specific instances of data collection may not seem important on their own, but when aggregated, they can create a comprehensive picture of a person that may be extremely harmful to the individuals involved, especially in the hands of unauthorized third parties.

8 EU Article 29 Working Party: Opinion on Internet of Things Make privacy the default setting follow Privacy by Design; Delete all raw data after processing; Respect a user s self determination over their own data, always seek consent in a user friendly way; Be transparent about how a user s data is being used; When sensors are continuously collecting one s personal data, remind users of this surveillance activity; Ensure that data published to social platforms remain private, by default; Users should not be penalized for failing to consent; Data should be De Identified, except when necessary. Privacy Commissioners Declaration on the Internet of Things 36 th Int l Conference of Data Protection and Privacy Commissioners The value of Internet of Things (IoT) is not only in the devices, but in the services that arise from their use; Connectivity is ubiquitous: it is the joint responsibility of all actors to ensure trust in connected systems : Transparency is Key; Protection should begin from the moment the data is collected: Privacy by Design should be the key selling point of innovative technologies Strong, active and constructive debate is necessary to overcome the huge challenges presented by the developers of IoT. -September, 2014 Mauritius

9 FTC expresses concerns over Mobile Health Apps The U.S. Federal Trade Commission (FTC) has expressed concerns with the risks associated with the Health Information collected by the Apple Watch and HealthKit platform; Data stored in mobile health apps are not covered by HIPAA; FTC found that 12 mobile health and fitness app developers were sharing user information with 76 different parties; The FTC would like to ensure that developers have the necessary safeguards to protect personal health information. IoT Fears Relating to Tracking Earlier this year, Symantec Corp. analyzed a number of [wireless] wearable products and found that all hardware based devices were 100% trackable. Anura Fernando The Privacy Advisor August 25, 2015

10 Privacy and Security by Default With the personal data of millions potentially at stake, wearable manufacturers, whether their products are regulated as a medical device or not, should incorporate as a default standards based privacy and security controls into their product infrastructures. Anura Fernando The Privacy Advisor August 25, 2015 Connected Medical Devices: The Internet of Things that could kill you New warnings being issued for Internet connected medical devices; A pump sold by Hospira can be hijacked, not by hacking the device, but simply by hacking a hospital s computer network and changing dosages and various other settings; The FDA has issued warnings about other devices, including insulin pumps; Bottom Line: Hackers can hijack computers, devices, cars, etc, resulting in seemingly endless breaches.

11 There is an Essential Need to Embed Privacy into IoT and Mobile Devices, by Design For IoT To Succeed, Engineers Must Build in Privacy Most engineers are still wrapped up in the basic infrastructure of IoT. As a result, more abstract ideas such as personal privacy can quickly fall by the wayside. -Cliff Ortmeyer, Global Solutions Development April 24, 2015

12 The Perfect Storm of Privacy Exposure Health and wellness apps that collect highly sensitive data and use third parties who are not sensitized to the appropriate handling of such data... [make for the perfect storm of privacy exposure.] -Steven Rosa, Privacy Tech April 6, 2015 Internet of Things Trust Framework The Online Trust Alliance (OTA) developed the IoT Trust framework, to address the mounting privacy and security risks associated with connected devices. Hunton & Williams August, /08/21/online-trust-alliancereleases-privacy-data-securityframework-internet-things/

13 Pew Research Internet Project Public Perceptions of Privacy and Security in the Post Snowden Era: November 2014 There is widespread concern about surveillance by government and business: 91% of adults agree that consumers have lost control over their personal information; 80% of social network users are concerned about third parties accessing their data; 80% of adults agree that Americans should be concerned about government surveillance; Pew Research Internet Project (Cont d) Most Americans are aware of the government s monitoring of communications; Only 5% have heard nothing at all about government surveillance; There is little confidence in the security of common communications channels; 81% feel not very or not at all secure using social media to share private information;

14 The Online Privacy Lie Is Unraveling Joseph Turow and Michael Hennessy, University of Pennsylvania Nora Draper, University of New Hampshire A large majority of web users are not at all happy they feel powerless to stop their data being harvested and used by marketers. 91% disagree that If companies give me a discount, it is a fair exchange for them to collect information about me without my knowing. June 6, 2015 TechCrunch The Tradeoff Fallacy: How Marketers are misrepresenting American consumers: (cont d) 71% disagree that It s fair for an online or physical store to monitor what I m doing online when I m there, in exchange for letting me use the store s wireless internet, or Wi Fi without charge; 55% disagree that Its okay if a store where I shop uses information it has about me to create a picture of me that improves the services they provide for me.

15 2014 Survey of Canadians on Privacy Office of the Privacy Commissioner of Canada Nine in Ten Canadians expressed concern about the protection of their privacy; 78% feel at least somewhat likely that their privacy may be breached by someone using their Credit/Debit Card or stealing their identity; 70% of Canadians are concerned about the use of genetic testing for non medical purposes; 73% feel they have less protection of their personal information than ten years ago; 60% have little expectation of privacy because there are so many ways it can be compromised. The Decade of Privacy by Design

16 Adoption of Privacy by Design as an International Standard Landmark Resolution Passed to Preserve the Future of Privacy By Anna Ohlden October 29th JERUSALEM, October 29, 2010 A landmark Resolution by Ontario's Information and Privacy Commissioner, Dr. Ann Cavoukian, was approved by international Data Protection and Privacy Commissioners in Jerusalem today at their annual conference. The resolution recognizes Commissioner Cavoukian's concept of Privacy by Design - which ensures that privacy is embedded into new technologies and business practices, right from the outset - as an essential component of fundamental privacy protection. Full Article: Why We Need Privacy by Design Most privacy breaches remain undetected as regulators, we only see the tip of the iceberg The majority of privacy breaches remain unchallenged, unregulated... unknown Regulatory compliance alone, is unsustainable as the sole model for ensuring the future of privacy

17 1. English 2. French 3. German 4. Spanish 5. Italian 6. Czech 7. Dutch 8. Estonian 9. Hebrew 10.Hindi 11.Chinese 12.Japanese Privacy by Design: Proactive in 37 Languages! 13.Arabic 14.Armenian 15.Ukrainian 16.Korean 17.Russian 18.Romanian 19.Portuguese 20.Maltese 21.Greek 22.Macedonian 23.Bulgarian 24. Croatian 25.Polish 26.Turkish 27.Malaysian 28.Indonesian 29.Danish 30.Hungarian 31.Norwegian 32.Serbian 33.Lithuanian 34.Farsi 35.Finnish 36.Albanian 37.Catalan OECD Privacy Principles (Fair Information Practices) 1. Collection Limitation 2. Data Quality 3. Purpose Specification 4. Use Limitation 5. Security Safeguards 6. Openness 7. Individual Participation 8. Accountability Revised July, 2013

18 Positive Sum Model: The Power of And Change the paradigm from a zero-sum to a positive-sum model: Create a win-win scenario, not an either/or (vs.) involving unnecessary trade-offs and false dichotomies replace vs. with and Privacy by Design: The 7 Foundational Principles 1. Proactive not Reactive: Preventative, not Remedial; 2. Privacy as the Default setting; 3. Privacy Embedded into Design; 4. Full Functionality: Positive-Sum, not Zero-Sum; 5. End-to-End Security: Full Lifecycle Protection; 6. Visibility and Transparency: Keep it Open; 7. Respect for User Privacy: Keep it User-Centric.

19 Operationalizing Privacy by Design 9 PbDApplication Areas CCTV/Surveillance cameras in mass transit systems; Biometrics used in casinos and gaming facilities; Smart Meters and the Smart Grid; Mobile Communications; Near Field Communications; RFIDs and sensor technologies; Redesigning IP Geolocation; Remote Home Health Care; Big Data and Data Analytics. Letter from JIPDEC May 28, 2014 Privacy by Design is considered one of the most important concepts by members of the Japanese Information Processing Development Center We have heard from Japan s private sector companies that we need to insist on the principle of Positive-Sum, not Zero-Sum and become enlightened with Privacy by Design. Tamotsu Nomura, Japan Information Processing Development Center, May 28, 2014

20 Draft E.U. General Data Protection Regulation The language of Privacy/Data Protection by Design and Privacy as the Default will now be appearing for the first time in a privacy statute, expected to pass by the end of this year or early next year: Data Protection by Design Privacy as the Default Privacy by Design Certification Ryerson University is launching Privacy by Design Certification, lead by Dr. Ann Cavoukian partnering with Deloitte Privacy by Design Certification is being offered by the Privacy and Big Data Institute at Ryerson University and is not affiliated with the Information and Privacy Commissioner of Ontario, nor signifies compliance with Ontario privacy laws.

21 SmartData: Privacy by Design 2.0 Context is Key

22 The Next Evolution in Data Protection: SmartData Developed by Dr. George Tomko, at the Identity, Privacy and Security Institute, University of Toronto, SmartData represents privacy in the future with greater control of personal information. Intelligent smart agents to be introduced into IT systems virtually thereby creating SmartData, a new approach to Artificial Intelligence, bottom up, that will contextualize the field of AI. SmartData: It s All About User Control It s All About Context: Evolving virtual cognitive agents that can act as your proxy to protect your personally identifiable data; Intelligent agents will be evolved to: Protect and secure your personal information; Disclose your information only when your personal criteria for release have been met; Put the user firmly in control Big Privacy, Radical Control!

23 Methods of Creating Intelligent Agents Top down, rule based design (traditional AI); Bottom up evolutionary robotics design; The combination of a top down and bottom up hybrid will yield the most dynamic results. Concluding Thoughts Privacy risks are best managed by proactively embedding the principles of Privacy by Design into wireless and wearable devices prevent the harm from arising avoid the data breach; Focus on prevention: It is much easier and far more cost effective to build in privacy, up front, rather than bolting it on, after the fact; Abandon zero sum thinking embrace doubly enabling systems: wireless/ wearable devices and Privacy; Get smart lead with Privacy by Design, not privacy by chance or, worse, Privacy by Disaster!

24 Contact Information Ann Cavoukian, Ph.D. Executive Director Privacy and Big Data Institute Ryerson University 285 Victoria Street Toronto, Ontario M5B 2K3 Phone: (416) ext twitter.com/privacybigdata IT Commercial Law in 2035 George S. Takach McCarthy Tétrault Sept McCarthy Tétrault LLP / mccarthy.ca

25 THE HAZARDS OF TECH PREDICTIONS "All the machines that could be invented have been invented" - Patent Officer, US Patent Office, 1899 Television won t be able to hold on to any market it captures after the first six months. People will soon get tired of staring at a plywood box every night Darryl Zanuck, executive at 20 th Century Fox, 1946 "There is no reason anyone would want a computer in their home" - Ken Olsen, President, Digital Equipment, 1977 McCarthy Tétrault LLP / mccarthy.ca / Our customers are happy with character graphics and would not be interested in any kind of touch screens or pads Steve Jobs, KB ought to be enough for anybody Bill Gates, CEO Microsoft, 1981 "I predict the Internet in 1996 will go spectacularly supernova and in 1996 catastrophically collapse" - Robert Metcalfe, coinventor of the Internet, 1995 McCarthy Tétrault LLP / mccarthy.ca /

26 There is no chance the iphone is going to get any significant market share Steve Ballmer, CEO, Microsoft, 2007 * * * * * But, the 32 bit Unix clock runs out in 2038 (another Y2K type event?) McCarthy Tétrault LLP / mccarthy.ca / COMPUTER LAW DYNAMICS The rapid pace of technological change The elusive nature of information The blurring of private/public The blurring of national/international These dynamics will continue for the next 20 years and well past 2035 McCarthy Tétrault LLP / mccarthy.ca /

27 THE CONTINUED RAPID PACE OF TECHNOLOGICAL CHANGE Moore s Law in the 21 st century (in 1975, he thought it would continue for 10 years; now on track for 2025, a total of 50 years) Quantum computers Faster, smaller, cheaper will continue well past 2035 We tend to overestimate the short term impact of technology, but underestimate its long term impact McCarthy Tétrault LLP / mccarthy.ca / SOME NEW BUSINESS MODELS The networked, autonomous automobile Personalized healthcare Commercial drones All viable by 2025, let alone by 2035 Commercializing private assets through Internet business models McCarthy Tétrault LLP / mccarthy.ca /

28 THE ELUSIVE NATURE OF INFORMATION The Dark Web, TOR, Deep Web National security surveillance, lawful access Bill C-51 - Security of Canada Information Sharing Act American Civil Liberties Union v. Clapper (2 nd Cir. May 7, 2015) Alice v. CLS Bank USSC IoT will reinforce informational elusiveness by 2035 McCarthy Tétrault LLP / mccarthy.ca / THE BLURRING OF PRIVATE/PUBLIC Not just that private becoming more like public, and vice versa; but that private and public are becoming one the amalgamation will be complete by 2035 It all started with Priceline.com Uber, Airbnb, Rover Liberty Village condominium residential/commercial leases Employees v. Contractors McCarthy Tétrault LLP / mccarthy.ca /

29 BLURRING OF NATIONAL/INTERNATIONAL Drone strikes Cyber attacks; cyber security Internet gambling Jurisdictional arbitrage By 2035, technology and business models will be irrevocably global, but laws will still be stubbornly national McCarthy Tétrault LLP / mccarthy.ca / COMPUTER LAW SKILL SETS Common Law Contract Technical Solutions Law Reform These tools will continue for the next 20 years McCarthy Tétrault LLP / mccarthy.ca /

30 COMMON LAW Farley J. in Newbridge Networks: a great decision JBB Investment Partners v. Fair, not so great Equustek Solutions v. Jack The fact that an injunction has not before been made against an internet search provider such as Google is reason to tread carefully, but does not establish that the Court does not have subject matter competence. Indeed, the notion that a court may only make the orders it has made in the past is anathema to the spirit of the common law. But significant transactions costs in mediating legal interests through the common law McCarthy Tétrault LLP / mccarthy.ca / CONTRACTS AND THE APP ECONOMY (1) Contracts will be central to the e-economy in 2035 Nuanced contract formation already today (important distinctions between: Browsewrap; Clickwrap; Scrollwrap; Sign-in-wrap see decisions in 23andMe; Gogo; Nguyen/B&N; Savetsky; Transunion); stakes will only get higher by 2035 McCarthy Tétrault LLP / mccarthy.ca /

31 CONTRACTS AND THE APP ECONOMY (2) More complexity with multi-channel commercial environments by 2035: IoT changes everything, but also recorded voice signatures, and combinations thereof The limits, and dangers, of contracts (just as limits to comprehension, with the very micro and very macro). Agentwrap, botwrap, autofillwrap, autocontract, autopayment all challenges for the commercial lawyer in 2035 (indeed by 2020) McCarthy Tétrault LLP / mccarthy.ca / IT CONTRACTS A goal for the IT Bar, that by 2035, we develop a meaningful, industry standard form agreement, to cover 80% of the basics (so deal teams can focus on the 20% that really matters) We will have by 2035 real time med-arb: neutral transaction umpires on large, expensive, sophisticated deals The private gains, and societal losses, of confidential arbitration (and a commercial service by 2035 to deal with the latter) McCarthy Tétrault LLP / mccarthy.ca /

32 A COMMERCIAL PRIVACY SERVICE Instead of an incomprehensible 80 pages of privacy policies and cookie settings, etc., a new service by 2035 with three choices Red: no sharing your PI or any other of your data with any third party or affiliates, and storage in Tier IV data sites in Canada or the United States Green: in return for a meaningful fee (or some other benefit), sharing permitted with affiliates and third parties, and storage in rudimentary facilities anywhere in the world Yellow: in return for a modest fee, sharing permitted with affiliates and companies listed on a recognized stock exchange or private companies having a Moody s rating of AAA+, with storage only in Tier III or IV data sites in OECD countries McCarthy Tétrault LLP / mccarthy.ca / TECHNICAL SOLUTIONS Authentication and security: from credit reporting validation, to full biometrics by 2035 Privacy: effective ephemeral messaging by 2035, Snapchat but better McCarthy Tétrault LLP / mccarthy.ca /

33 LAW REFORM The success of the UECA law reform efforts: John Gregory s profound legacy will extend beyond 2035 Recent elimination of the real property exception Wills and testamentary documents remain to be freed of the paper-based yoke We need the new John Gregorys for the next 20 years McCarthy Tétrault LLP / mccarthy.ca / THE FUTURE OF THE IT LAWYER By 2035 in Canada: Public law firms: funding end to end professional services (such as cyberliability) Legal process outsourcing (true globalisation) AI systems (lawyers merging with technology) McCarthy Tétrault LLP / mccarthy.ca /

34 VANCOUVER Suite 1300, 777 Dunsmuir Street P.O. Box 10424, Pacific Centre Vancouver BC V7Y 1K2 Tel: Fax: Toll-Free: CALGARY Suite 4000, 421 7th Avenue SW Calgary AB T2P 4K9 Tel: Fax: Toll-Free: TORONTO Suite 5300, TD Bank Tower Box 48, 66 Wellington Street West Toronto ON M5K 1E6 Tel: Fax: Toll-Free: MONTRÉAL Suite De La Gauchetière Street West Montréal QC H3B 0A2 Tel: Fax: Toll-Free: QUÉBEC CITY 500, Grande Allée Est, 9e étage Québec QC G1R 2J7 Tel: Fax: Toll-Free: LONDON, UK 125 Old Broad Street, 26th Floor London EC2N 1AR UNITED KINGDOM Tel: +44 (0) Fax: +44 (0) McCarthy Tétrault LLP / mccarthy.ca / Information Technology Law in 2035: Where are we headed? Thank you for joining us! IT.Can Canadian IT Law Association Toronto, ON Goodmans LLP 333 Bay Street, Suite 3400 Toronto, ON M5H 2S7

35 Lead Speakers Information Technology Law in 2035: Where are we headed? Speaker Biographies Dr. Ann Cavoukian Executive Director, Privacy and Big Data Institute, Ryerson University Dr. Ann Cavoukian is recognized as one of the world s leading privacy experts. She is presently the Executive Director of the Privacy and Big Data Institute at Ryerson University. Appointed as the Information and Privacy Commissioner of Ontario, Canada in 1997, Dr. Cavoukian served an unprecedented three terms as Commissioner. There she created Privacy by Design, a framework that seeks to proactively embed privacy into the design specifications of information technologies, networked infrastructure and business practices, thereby achieving the strongest protection possible. In October 2010, regulators at the International Conference of Data Protection Authorities and Privacy Commissioners unanimously passed a Resolution recognizing Privacy by Design as an essential component of fundamental privacy protection. Since then, PbD has been translated into 37 languages. Dr. Cavoukian s expertise has been recognized in many ways. She was: ranked among the top 25 Women of Influence, recognizing her contribution to the Canadian and global economy; named one of the top 100 City Innovators Worldwide by UBM Future Cities for her passionate advocacy of Privacy by Design; chosen as one of the Power 50 by Canadian Business magazine for her tireless efforts as a privacy champion; awarded an Honorary Doctor of Laws from the University of Guelph; she was selected for Maclean s Magazine s Power List of the top 50 Canadians, and most recently, picked as one of the top 10 women in data security, compliance, and privacy you should follow on Twitter. In her leadership of the Privacy and Big Data Institute at Ryerson University Dr. Cavoukian is dedicated to demonstrating that Privacy can and must be included, side by side, with other functionalities such as security and business interests. Her mantra of banish zero-sum enables multiple interests to be served simultaneously not one to the exclusion of the others. Jay Safer Vice President, General Counsel and Secretary IBM Canada Ltd Jay Safer, Vice-President, General Counsel and Secretary, IBM Canada Limited, together with the Legal Department, have responsibility for all legal aspects of the company, including: secretarial; governance; privacy; security; marketing and distribution of products and services including outsourcing, consulting, systems integration, professional services, leasing and financing; software and software development; manufacturing; human resources issues including pensions; intellectual property; procurement; real estate; and M&A aspects of the company. He has negotiated many large and complex mainframe and network outsourcing and services agreements. Jay currently is prime legal contact for contracts in Canada involving Watson, cloud, and research, such as the Southern Ontario Super Computing Program (SOSCIP). A frequent speaker he co-chaired both the Fourteenth Annual IT.CAN Fall conference held in Montreal in 2010, and the CCCA National Spring Conference in Toronto in He was the primary legal speaker on a Cloud panel held December 3, 2012 at a joint Lexpert-Law Society conference. In addition, Jay recently served as President of the Association of Canadian General Counsel in 2011 and was also awarded the Queen Elizabeth II Diamond Jubilee Medal in November In 2015 he served as Executive-in-Residence for the General Counsel program at the Rotman School of Business.

36 George Takach McCarthy Tétrault LLP George S. Takach is a senior partner in the Toronto office of McCarthy Tétrault. George brings significant value to clients in their tech company M&A/financing deals, their sophisticated tech licensing, IT procurement and other tech commercial transactions, and their more challenging e-commerce activities, including projects involving cloud computing, big data and social media. George s deep experience in tech M&A/financing allows his clients to get deals done more quickly and cost effectively. In the area of sophisticated tech licensing, IT procurement and other tech commercial deals, George s creativity and broad experience allows clients to resolve difficult issues more quickly and to get the relationship off on the right foot. George also helps clients craft sensible and workable solutions to complex e commerce-related legal and compliance challenges. He brings a steady and experienced hand to bear on the invariably unprecedented legal issues generated by novel e commerce business processes. George is the author of three books: Computer Law; The Software Business; and Contracting for Computers. For 20 years he was an Adjunct Professor at Osgoode Hall Law School, York University, where he taught an evening course in Computer Law. George is in demand as a speaker to legal and technology industry audiences and a regular writer on legal technology topics. George received his BA and his JD (Dean s Honour List) from the University of Toronto. He also has his MA in international relations from the Norman Paterson School of International Affairs, Carleton University in Ottawa. He was called to the Ontario bar in George has been on the Board of, and continues to raise money for, Lake Scugog Camp, an organization serving underprivileged and at risk children/youth and their families (a camp that George attended when he was a child). Commentators Richard Corley Goodmans LLP Richard Corley is a partner at Goodmans and leads the firm s Outsourcing practice group. Richard s practice focuses on the intersection of law and technology. He has over 25 years of experience advising clients on complex outsourcing transactions, technology M&A, joint ventures, cleantech and other technology-related matters. Richard s practice complements his personal interests and involvement in energy conservation and energy alternatives. He is currently involved with a number of initiatives supporting the development of distributed renewable energy, low-energy buildings, intelligent power distribution and management, and energy storage systems. Richard ranks as one of Canada s leading experts in the areas of IT and outsourcing and he has led the procurement, negotiation, implementation, renegotiation and resolution of disputes in many of Canada s most complex outsourcing transactions. Richard is recognized as a leading Canadian lawyer in numerous publications including: The Legal 500 Canada Leading Individual, Technology, Media and Telecoms, Chambers Global s Guide to the World s Leading Lawyers for Business (Information Technology: Band 1 ranking), The Lexpert /American Lawyer Guide to the Leading 500 Lawyers in Canada, The Canadian Legal Lexpert Directory, The Lexpert Guide to the Leading US/Canada Cross-border Corporate Lawyers in Canada, Legal Media Group s The Best of the Best, The Best Lawyers in Canada; Law Business Research s The International Who s Who of Business Lawyers in the areas of Internet, E-Commerce & Data Protection; and the Lexpert Canada s Leading Energy Lawyers. Richard obtained an LLM from Yale Law School in 1991, his LLB from Osgoode Hall Law School in 1989 (Silver Medallist) and clerked for Chief Justice McLachlin at the Supreme Court of Canada. He is a frequent speaker at professional conferences and seminars on outsourcing, technology, cleantech, and renewable energy-related topics. Richard is a member of the Board of Directors of Canadian IT Law Association (IT.CAN) and the Board Secretary for the Centre for Outsourcing Research and Education (CORE). He is a member of a number of associations relating to Information Technology, outsourcing, renewable energy and his other interests.

37 David Fraser McInnes Cooper David Fraser, a partner with McInnes Cooper, is Canadian privacy and internet law counsel to some of the world s best known brands. He regularly advises a range of clients from start-ups to Fortune 100 companies on all aspects of technology and privacy laws. David also acts for complainants and respondents in matters referred to the Office of the Privacy Commissioner. A significant portion of David s practice is devoted to working with American and multi-national businesses in addressing Canadian privacy law issues. This often includes contract negotiations, policy reviews, pre-launch product reviews, addressing complaints and advising with respect to data breaches. For example, David regularly advises Google Inc. and has represented the company before the Privacy Commissioner of Canada in connection with a range of matters, including Google s inadvertent collection of WiFi payload information when driving Street View cars in Canada. In addition, David is the Past President of the Canadian IT Law Association and the former Chair of National Privacy and Access Law Section of the Canadian Bar Association. David was honoured to be included in the inaugural (2006) and each subsequent edition of The Best Lawyers in Canada in the category of Information Technology law. He is listed among the world s leading lawyers in Internet and ecommerce Law in the International Who s Who of Business Lawyers. In the spring of 2006, David was a recipient of an Outstanding Young Canadian Award by the Junior Chamber of Commerce International Halifax Chapter. In 2009, David was named as one of Canada s Top 40 Lawyers Under 40 by Lexpert, and is listed in Lexpert s guide to leading lawyers in Canada. In 2011, David was named by The Lawyers Weekly as one of Canada s top 24 legal social media influencers. In 2013, David was among the finalists for Canadian Lawyer magazine s most influential Canadian lawyers. David has served on the Research Ethics Board of the Capital District Health Authority. He is currently a member of the Joint Data Access Committee of the IWK Health Centre for Women and Children in Halifax, which reviews applications for research access to personal health information. In 2002, David was invited to be an associate of the Institute of Law and Technology. He is a member of the faculty of Dalhousie Law School, where he teaches Internet and Media Law, Law and Technology, and Law and Policy for Electronic Commerce. He is on the editorial board of the Canadian Journal of Law and Technology and is a regular contributor to the Canadian IT Law Association s newsletter. Active in the Halifax technology community, David is secretary and director of Digital Nova Scotia (formerly ITANS). Don Johnston Aird & Berlis LLP Don Johnston is a well-known technology lawyer with broad experience as a corporate and commercial lawyer. His experience covers health law, health informatics, information technology, health care privacy law, biotech and pharmaceuticals law, technology financing, telecommunications, procurement and outsourcing. Don has over two decades of expertise in technology procurements, licensing and related transactions. He has acted for numerous technology developers and has been involved in major technology projects (including nuclear and oil and gas), acquisitions, financing and development projects (including P3 projects) in both Canada and the United States. Don is immortalized in three Who s Who Legal publications: The International Who s Who of Information Technology Lawyers, The International Who s Who of Business Lawyers and Who s Who Legal: Canada. He is named as a top practitioner in the Legal Media Group Guide to the World s Leading Technology, Media & Telecommunications Lawyers and is recognized in The Best Lawyers in Canada in the fields of Information Technology Law and Technology Law. He also appears in The Canadian Legal Lexpert Directory as a leading practitioner in the area of Computer & IT Law. Don is funnier than George Takach but nowhere near as good looking or intelligent.

38 Amy-Lynne Williams Deeth Williams Wall LLP For over 30 years, Amy-Lynne s areas of practice have included outsourcing transactions, electronic payments agreements, systems acquisition, distribution, licensing, technology transfers, e-commerce, privacy and software development. She represents both producers and users of information technology in private industry and government. Amy-Lynne has been: recognized in Best Lawyers in Canada Toronto Information Technology Law Lawyer of the Year for 2012 and 2014, and Toronto Technology Law Lawyer of the Year for 2013 and 2016; Listed in Expert Guides Best of the Best list as one of only four Canadian lawyers in the world s leading lawyers for Information Technology Law; identified as Most Frequently Recommended in the Lexpert Canadian Legal Directory in Technology Transactions; and listed in Lexpert/American Lawyer Guide to The Leading 500 Lawyers in Canada ; Best Lawyers in Canada; and Lexpert Guide to the Leading 100 Canada-US Cross Border Corporate Lawyers in Canada. Amy-Lynne is the Past-President of the International Technology Law Association and Past-President of the Canadian IT Law Association (IT.Can). Moderator Richard Austin Deeth Williams Wall LLP Richard practices corporate and commercial law as Counsel to Deeth Williams Wall with a focus on information technology and business process outsourcing, applications development and systems implementation projects. Prior to returning to private practice, Richard was General Counsel at EDS Canada for 18 years where he headed a team of lawyers and contract professionals with responsibility for the legal aspects of EDS business in Canada. Richard s responsibilities at EDS Canada included providing strategic advice on and negotiating IT and business process outsourcing transactions with public and private sector entities. Richard is a frequent speaker on technology law issues including on outsourcing, identity management, privacy, cloud computing, social media and software development. Richard is a member of the Executive Education Faculty of the Centre for Outsourcing Research and Education (CORE) and is a former Director and President of the Canadian IT Law Association. Richard is AV Peer Review Rated by Martindale-Hubbell as Preeminent, its highest level of professional ranking, in Technology and Science, Computers and Software and Labour and Employment and is listed in in The Best Lawyers in Canada 2014, 2015 and 2016 in Information Technology Law.