IDENTITY THEFT AND DATA BREACH CONFERENCE 2016

Transcription

1 IDENTITY THEFT AND DATA BREACH CONFERENCE 2016 Day 1 Thursday January 28, 2016 INTERNATIONAL DATA PRIVACY DAY 7:30am 8:30am Registration 8:30am 9:00am Opening Remarks Conference Chair Kevin M. Scott, President - Canadian Identity Theft Prevention Association 9:00am 10:00am Keynote Speaker Privacy and Data Breaches New Legislation and Mandatory Reporting 10:00am 10:15am 10:15am 11:45am Panel 1: Understanding Data Breaches This opening panel will provide attendees with a high level yet comprehensive review of the top strategies being employed by identity criminals, the most up-to-date trends and the wide scope of impacts that data breaches have on both organizations and the public

2 at large. Each speaker will examine data breaches from the following three streams; IT, Policy/Legal, and Victims/Clients. Moderator: Darrell Evans President, Canadian Institute of Information and Privacy Studies and Founder of the BC Freedom of Information and Privacy Association 1. IT Speaker To be announced 2. Policy / Legal Speaker Pippa Lawson - Barrister & Solicitor; Consultant at Philippa Lawson, Barrister & Solicitor. Legal counsel for the Yukon Government 3. Victims / Clients Stream Speaker Dr. Sue Sproule - Assistant Professor - Information Systems Brock University. Co-author of Identity Theft and Fraud: Evaluating and Managing Risk 11:45am 1:00pm Lunch Keynote Dr. Ann Cavoukian Executive Director of the Privacy and Big Data Institute at Ryerson University and former Information and Privacy Commissioner of Ontario. (Appearing via video) 1:00pm 2:30pm Panel 2 Understanding the New Canadian Data Breach Notification Legislation This second panel will focus on the recently legislated Data Protection Act which amends the Personal Information Protection and Electronics Documents Act (PIPEDA) creating new substantial legal requirements and operational procedures for organizations to design and implement. Each panelist will examine the new Canadian data breach legislation from the following three streams; IT, Policy/Legal, and Victims/Clients. Moderator: Tamir Israel, Staff Lawyer - Canadian Internet Policy & Public Interest Clinic (CIPPIC) 1. Cara-Lynn Stelmack, Director, Mediation and Investigation Team - The Office of the Information and Privacy Commissioner of Alberta 2. Office of the Privacy Commissioner of Canada Staff To be announced

3 2:30pm 3:00pm Special Presentation 3:00pm 3:15pm 3:15pm 4:45pm out Session 1: Preparing For And Preventing A Data Breach These 3 out Sessions will allow conference attendees to focus in on their specific areas of responsibility within the three programmed streams of IT, Public Policy and Victims/Clients. IT out Session Advanced IT and security solutions You're in the privileged position of preparing for and preventing a data breach. What specific steps should you take? In this session, we'll discuss industry best practices with real world solutions. Moderator: Kris Constable, Senior Advisor & Privacy Officer - PrivaSecTech 1. IT Specialist 2. IT Security Specialist Policy and Law out Session Emerging liability framework and standards for data security This breakaway session will explore emerging regulatory, common law and professional obligations and standards for data security in the legal, government and private sectors. Moderator: David Fewer, Executive Director, Canadian Internet Policy & Public Interest Clinic (CIPPIC) 1. Law Society TBA 2. Government Standards TBA 3. Senior Legal Counsel - TBA

4 Victim / Client out Session Developing strategies to help protect your clients from becoming victims This breakaway session will explore four key strategies to prepare your organization for a data breach with regards to your clients, members and employees from becoming victims. 1st Strategy Engage and educate your clients, members and employees on best practices to ensure they have the necessary knowledge and tools to proactively lockdown their personal information. 2nd Strategy Develop a comprehensive communications and notification strategy for your clients/members and employees to be implemented in the event of a data breach as legislated by the newly enacted Data Privacy Act. 3rd Strategy - Create a crisis communications strategy and incident response plan. 4th Strategy Develop a victim support plan. Moderator: Darrell Evans - President of The Canadian Institute of Information and Privacy Studies and Founder of the BC Freedom of Information and Privacy Association 1. Jim Dorey, Executive Director of the Canadian Identity Theft Support Centre 2. Pippa Lawson - Barrister & Solicitor; Consultant at Philippa Lawson, Barrister & Solicitor. Legal counsel for the Yukon Government 3. Canadian Bankers Association TBA 4:45pm 5:00pm Day Closing Remarks Day 2 - Friday January 29, :30am 9:00am Registration

5 9:00am 9:15am Opening Remarks Conference Chair Kevin M. Scott, President - Canadian Identity Theft Prevention Association 9:15am 10:15am Key Note Minister of Department of Justice or Minister of Industry - TBA 10:15am 10:30am 10:30am 12:00pm Panel 3 - You ve Been Breached, What Now? This final panel will focus on the worst case scenario your organization has suffered a data breach. Upon entering this crisis situation your organization must be positioned to implement a multitude of critical actions in order to mitigate the potential harms to the public, your brand and your bottom line. The speakers on this panel will provide an overview of an overarching strategy that must be deployed at the first sign of a data breach. This high level strategic plan will include IT, legal, public relations and victims strategies. Moderator: Kevin M. Scott, President - Canadian Identity Theft Prevention Association 1. IT Expert TBA 2. Legal Expert - John Russo, Vice President Legal Counsel & Chief Privacy Officer, Equifax Canada 3. Public Relations Expert - Principal, Earnscliffe Strategy Group 12:00 1:30 Lunch - Keynote Speaker TBA 1:30 3:30 out Session 2: All Hands on Deck You ve Been Breached

6 These out Sessions will allow conference attendees to focus in on their specific areas of responsibility within the three programmed streams of IT, Public Policy and Victims/Clients. IT out Session Solutions for an organizational nightmere The dreaded call has come in, you've been breached. If you're not prepared, you won't know who to call or what to do next. It can also be very expensive to resolve and timimg is everything. In this session, you will hear real world experiences, as well as be provided a list of steps, with tips and tricks to minimize the impact and lockdown your organization. The panel will have both the experiences of those who've been breached, and those who have done the breaching. Moderator: Kris Constable, Senior Advisor & Privacy Officer - PrivaSecTech 1. Professional IT Specialist - TBA 2. Renowned Hacker and Security Expert - TBA Policy and Law out Session Security reporting, harm mitigation obligations and blackmail! As 100% security is impossible, you may face a breach regardless of what steps you take. When that occurs, you may face a range of complex issues. Should a discovered security vulnerability be reported? Would doing so cause harm by exposing other systems? Are there any obligations to mitigate potential harm to affected customers or clients and how far might these obligations go? What obligations might arise in extreme situations involving ransomeware or other types of blackmail? Moderator: Tamir Israel, Staff Lawyer - Canadian Internet Policy & Public Interest Clinic (CIPPIC) 1. Legal Expert TBA 2. Policy Expert TBA 3. Security Specialist - TBA Victim / Client out Session You ve been breached and it time to take immediate action. In this session the speakers will focus on how to design a 72 hour and a follow-up 30- day implementation strategy on how to ensure your organization is able to respond

7 effectively and efficiently to the breach. This will include direct communication with your customers, a crisis communications strategy and a plan reduce the likelihood that your clients will become victims of identity theft. Moderator: Darrell Evans, President of The Canadian Institute of Information and Privacy Studies and Founder, BC Freedom of Information and Privacy Association 1. Tim Ashby - Vice President, Equifax Canada 2. Jim Dorey - Executive Director, Canadian Identity Theft Support Centre 3. Principal - Earnscliffe Strategy Group. Crisis Communications Specialist 3:30pm 3:45pm 3:45pm 4:45pm Plenary Kevin M. Scott, President - Canadian Identity Theft Prevention Association 4:45pm 5:00pm Closing Remarks Kevin Scott President Canadian Identity Theft Prevention Association