Gath

er

•InspIr

e•s

uc

ceed

MAY 4 - 6

MAY 4 - 6

may 4–6

ryerson unIversIty torontowww.privacyassociation.org/symposium

an opportunIty to Gather wIth your peers.

a forum to InspIre Ideas.

the knowledGe to succeed.

IAPP Canada invites you to join your colleagues at the IAPP Canada Privacy

Symposium 2011 for three days of education, networking and inspiration.

The Symposium returns to Ryerson University bigger and

better than ever before. Featuring more educational sessions,

myriad networking opportunities and a special Privacy by

Design track developed in partnership with Commissioner

Cavoukian and her team, the Symposium is the only

conference that tackles data protection as a global issue

from the Canadian perspective.

Be part of a growing community. Come to the Symposium

and gather with privacy experts, regulators, researchers and

your peers from across the country and around the world

to discuss progressive thinking, best practices and practical

solutions for data protection. Be inspired by more than

30 sessions dedicated to helping you propel your privacy

programme, and go home with the knowledge and

strategies you need to succeed.

keynote speakersAnn Cavoukian, Ph.D. Information and Privacy Commissioner of Ontario

Dr. Ann Cavoukian is recognized as one of the leading privacy experts in the world. Noted for her seminal work on Privacy Enhancing Technologies (PETs) in 1995, her concept of Privacy by Design seeks to proactively embed privacy into the design specifications of information technology and accountable business practices, thereby achieving the strongest protection possible. In October, 2010, regulators from around the world gathered at the annual assembly of International Data Protection and Privacy Commissioners in Jerusalem, Israel, and unanimously passed a landmark Resolution recognizing Privacy by Design as an essential component of fundamental privacy protec-tion. This was followed by the U.S. Federal Trade Commission’s inclu-sion of Privacy by Design as one of its three recommended practices for protecting online privacy—a major validation of its significance.

An avowed believer in the role that technology can play in the protection of privacy, Dr. Cavoukian’s leadership has seen her office develop a number of tools and procedures to ensure that privacy is strongly protected, not only in Canada, but around the world. She has been involved in numerous international committees focused on privacy, security, technology and business, and endeavours to focus on strengthening consumer confidence and trust in emerging technology applications.

Dr. Cavoukian also serves as the Chair of the Identity, Privacy and Security Institute at the University of Toronto, Canada. She is also a member of several Boards including, the European Biometrics Forum, Future of Privacy Forum, RIM Council, and has been conferred as a Distinguished Fellow of the Ponemon Institute. Dr. Cavoukian was also named by Intelligent Utility Magazine as one of the “Top 11 Movers and Shakers for the Global Smart Grid industry for 2011,” and has been honoured with the prestigious Kristian Beckman Award for her pioneering work on Privacy by Design and privacy protection in modern international environments.

Joshua KauffmanHarvard School of Design

Joshua Kauffman is a designer and entrepreneur who advises leading organizations on strategic issues in technology, society and geopolitics. Recent projects include communication infrastructure in Cuba, sustainable design and civil society training in Egypt. Kauff-man is strategic director of Groupshot, which develops ’Technology for Informality,’ advises the Arctic Perspective Initiative, and operates a personal data consultancy. He is a winner of a World Bank innova-tion award, been resident at the Banff New Media Institute and spoken at Stanford, Harvard, Intel, The Institute for the Future and the OECD. He is currently based at Harvard University’s Graduate School of Design.

Gather•InspIre•succeed

Be inspired at the symposium. hear from privacy’s thought-leaders

and take away new perspectives on leading your organization’s

privacy endeavours.

Networking DinnersWednesday, May 4, 5:30 p.m.

Need a dinner partner? Sign up for an industry networking dinner and head out to a local restaurant with other like-minded privacy pros. These free-flowing unstructured dinners offer an opportunity to connect with peers on the opening night of the conference. Drop off your business card near the registration desk on Wednesday to sign up. Individuals are responsible for their own expenses.

Privacy Café The Privacy Café is a room dedicated to networking and engaging discussions led by guest speakers. A schedule of events will be posted, so stop by for a cup of coffee and open dialogue.

Facilitated Networking Sessions Back by popular demand! Attend one of our interactive discussions to network with other attendees while getting a great education!

Early Bird Run and WalkJoin a group for a run or walk around the city. It’s a great way to get some fresh air while you network and build your professional relationships!

networking opportunities

Gath

er

•Ins

pIr

e•s

uc

ceed

come together

with the privacy

community. the

symposium is

the one place

you can make

connections and

start a dialogue

with the people

who share your

challenges and

understand

your goals.

prIvacy soIrée

thursday, may 5, 5:30 – 7 p.m.art Gallery of ontario’s Baillie court

Network with fellow Symposium delegates against the stunning backdrop of the Art Gallery of Ontario’s Baillie Court. Enjoy cocktails and hors d’ oeuvres as you take in panoramic views of the city and world-class art in this spectacular Frank Gehry-designed gallery.

Gath

er

•Ins

pIr

e•s

uc

ceed

preconference seminars: wednesday, may 4

8 a.m. – 12 p.m.Know Your Risk and Manage It Well: Data Breach Preparation, Response and RecoveryAlan Brill, CIPP, Senior Managing Director, Secure Information Services, Kroll, Shaun Brown, Counsel, nNovation LLP, Robert Parisi, Jr., Senior Vice-President, National Practice Leader for Network Risk, Technology & Telecommunications, FINPRO, Marsh USA, INC, Alex Ricardo, CIPP, Zone Leader, Kroll

Join this interactive session for a review of privacy laws, risk exposures and strategies for prevention, response and recovery. Take a look at the current state of provincial and federal requirements, and examine common privacy and breach preparedness practices. You’ll gain an understanding of breach crisis management, from initial forensics investigation and data reconstruction practices to providing notification and consumer remedy, and be able to recognize options when it comes to risk transfer solutions, including privacy insurance—an option many companies are not even aware of.

Privacy BootcampJohn Jager, CIPP/C, VP Research Services, NYMITY Inc.

This practical workshop will introduce privacy to those new to the field. Learn the fundamentals of privacy law in Canada, understand the role of the privacy commissioners’ offices and explore the myriad of operational issues faced by organizations that collect, use and disclose customer and employee personal information. You’ll also learn the ins and outs of the creation, management and monitoring of an effective privacy program.

1 – 5 p.m. Data Sharing Agreements in an E-Health SystemDavid Young, Partner, Lang Michener LLP, Tara Tyson, Privacy Officer, Ontario Association of Community Care Access Centers, Paul Lewis, CIPP/C, CIPP/IT, Senior Manager, Deloitte &Touche LLP, Bruce McWilliam, Partner, McMillan LLP

In the absence of a publicly mandated electronic health records (EHR) infrastructure, data sharing agreements perform the critical function of establishing rules for disclosure of personal health information among health professionals and health care institutions and underlie the legal framework for local and regional health networks. Review the role and function of these agreements in the context of privacy and security requirements, both statutory and otherwise, and participate in an analysis of agreement terms and conditions using case examples. Gain a clear understanding of where and when data sharing agreements are required and where other legal relationships, such as service provider agree-ments, are more appropriate.

Security Governance FrameworkMagued Meleka, Vice President, Technology, 360 Security Experts, Fred Bedrich, Jr., President, Bedrich Consulting, Inc.

Security management framework constitutes the reference for companies to deploy IS-IT security practices within an organization. It paves the way to manage all related documentation that defines the rules for enforcing security—security policies, procedures, standards, guidelines and performance measurements. Join this session to identify the parts of the framework that should be communicated to different user groups and stakeholders.

Get the answers, solutions and resources to put you on the path to success. our preconference seminars and concurrent sessions are thoughtfully programmed to give you the expertise you need in today’s privacy, security and risk manage-ment landscape.

Preconference seminars offer a practical, focused look at specific operational topics. Register for one seminar for $450, or get two for $600.

11 a.m. – 12 p.m.

APEC’s Cross-Border Privacy Rules System: A New Model for Accountable Data FlowsAnick Fortin-Cousens, CIPP/C, Global Privacy & Data Protection Leader, IBM Corporation, Danièle Chatelois, Senior Policy Advisor, Industry Canada, Carman Baggaley, Senior Strategic International Policy Analyst, Office of the Privacy Commissioner of Canada

The APEC Cross-Border Privacy Rules system will enable accountable organizations to demonstrate and receive recognition for their APEC Privacy Framework-compliant cross-border data flows. As the APEC CBPR system gets closer to launch (expected in 2012), Canadian organizations should understand how they may leverage this system to foster greater trust in their cross-border data flow policies and practices. Join government, regulator and private sector representatives who have been closely involved in the development of the CBPR

system for an insightful look at its objectives, design and governance and the benefits organizations can derive from it.

Demonstration Accountability James Byrne, Associate General Counsel and Chief Privacy Officer, Lockheed Martin Corporation, Constantine Karbaliotis, CIPP, CIPP/C, CIPP/IT, Americas Privacy Leader, Mercer, Terry McQuay, CIPP, CIPP/C, CIPP/E, President, NYMITY Inc.

What does it mean for an organization to be accountable for privacy? Accountable to whom—consumers, management, the commissioner’s office? How does an organization validate accountability? Are there frameworks available? Find answers to these questions and gain perspectives on accountability while touching on international developments that will impact accountability in Canada in the future. Explore accountability validation, from assertions to certification, followed by advice from privacy leaders who will share their experiences of demonstrating accountability to management in their organizations.

Developing an Effective Privacy Training CourseDavid Hughes, Senior Legal Counsel and Privacy Compliance Manager, BCLC

In July 2010, BCLC introduced a mandatory online privacy training course for all of its 900+ employees. The course was developed by a small team of BCLC employees within six months, at a low cost and has proven to be highly successful. As of November 2010, the course has been successfully completed by all of BCLC’s employees and has significantly raised the profile of privacy throughout the organization. The course has also been demonstrated to British Columbia’s Office of the Information and Privacy Commissioner and BC’s Public Service Agency and has received positive feedback from both entities. Hear from course developer David Hughes as he demonstrates the course and provides insights into BCLC’s philosophy around developing an effective privacy program, the design elements that contributed to the success of the course and practical suggestions for organizations that are considering implementing privacy training.

E-Marketing Policy-Building WorkshopShaun Brown, Counsel, nNovation LLP, Matthew Vernhout, Director, Delivery & ISP Relations, ThinData Inc.

Electronic marketing involves two separate yet related compliance challenges: how to collect information about your target audience, and how to deliver your message to that audience. While these challenges

are often addressed in isolation, there are a number of overlapping issues, and in many organizations the same individuals are responsible for both matters. Learn how to develop an e-marketing policy that effectively complies with both the Personal Information Protection and Electronic Documents Act (PIPEDA), and the newest Internet law, the Electronic Commerce Protection Act (ECPA). Gain valuable insights on key issues under PIPEDA when getting to know your target audience, how to ensure that your message is delivered in compliance with ECPA and how to build these issues into an effective privacy policy.

Operationalizing Privacy by Design: Achieving the Gold Standard in Data Protection for the Smart GridModerator: Catherine Thompson, Regulatory & Policy Advisor, Office of the Information & Privacy Commissioner of Ontario, Jim Hall, Manager, Business Development & Support, Hydro One, Peter Ruppert, Solution Architect, ADS Program, IBM, Ryan Vinelli, CIPP, Privacy Legal Fellow, General Electric

The Information & Privacy Commissioner of Ontario has taken a global leadership position in partnering with Smart Grid stakeholders Hydro One, GE, IBM and Telvent for the paper “Operationalizing Privacy by Design: The Ontario Smart Grid Case Study.” Learn how the IPC and stakeholders worked together to embed privacy into the architecture of Ontario’s Smart Grid. This implementation will ensure the protection of consumer energy use data.

concurrent sessions: thursday, may 5

9 – 10:30 a.m. Opening Plenary

Gather•InspIre•succeed

12:10 – 1:10 p.m.

A Decade after 9/11—How Do Enterprises Protect Data?Claudiu Popa, CIPP, President, Informatica Corporation

Join this session for an opportunity to examine 10 ways in which enterprise practices around data protection have changed drastically over the past decade and participate in a lively discussion about possible reasons, both social and corporate.

Privacy Assurance in the CloudLauren M. Easom, Manager, Risk and Compliance, KPMG

Privacy brings a host of unique challenges for organizations considering cloud solutions. Complex global privacy requirements and high customer expectations can be daunting and may seem like a barrier to entry. But they don’t need to be. With the right controls and oversight in place, systems and processes can be successfully launched in the cloud without increasing privacy risk. The ability to provide privacy assurance can be a critical success factor in managing risk, addressing stakeholder concerns, satisfying regulatory requirements and establishing a competitive advantage. In the cloud, it is practically mandatory. Join this highly interactive session to explore available solutions for privacy assurance, such as new international and national standards (ISAE 3402, CSAE 3416/SSAE 16), agreed-upon procedures, internal review and self certification, and share your concerns and experiences with privacy assurance in the cloud.

Privacy Risk Management: Embedding Privacy Protection into a Risk Management FrameworkModerator: Jeff Kirke, Strategic Advisor to the Commissioner, Office of the Information & Privacy Commissioner of Ontario, Fariba Anderson, VP, IT, Lottery and Bingo, Ontario Lottery and Gaming, Yim Chan, CIPP/C, Privacy and Data Protection Executive, IBM Corporation, Chief Privacy Officer, IBM Canada, Dan Ruch, Partner, Ruch & Associates

To organizations, personal information is an asset, the value of which is protected and enhanced by a suite of security practices and business processes, including formal risk management discipline. The potential for irreparable harm, however, demands a highly proactive approach that is consistent with the principles of privacy by design. Ultimately, who is responsible for managing privacy risks? Hear from a panel of risk management and privacy leaders who will share their experiences in applying PbD within various environments.

2:15 – 3:15 p.m.

Addressing the Privacy Implications of Mobile Computing with Privacy by DesignKen Anderson, Assistant Commissioner of Privacy, Office of the Information & Privacy Commissioner of Ontario, Patrick Walshe, Privacy Matters Ltd, Frank Dawson, CIPP/IT, Head of Consumer Data & Privacy Program, Nokia, Fred Carter, Policy & Information Analyst, Office of the Information & Privacy Commissioner of Ontario

Mobile computing is dramatically changing our world and the manner in which we interact with it—enabling new services and conveniences, while introducing new privacy and security challenges. Portable computing

devices have become an innovative enabling platform, driving benefits on a societal scale. Join this session, led by staffers from the Information & Privacy Commissioner of Ontario’s office, for an insightful look at leading edge work that applies the principles of Privacy by Design to areas such as WiFi, traffic data assessment, road tolling and the GSMA principles.

AICPA/CICA Privacy Maturity Model: A Theory in ActionLea Beeken, Supervisor, District Records and FOIP Management, Edmonton Public Schools, Robert Parker, Member AICPA-CICA Privacy Task Force, Principal, Robert G Parker Consulting

Monitoring and measuring privacy compliance requires the establishment of effective monitor-ing procedures and a baseline against which to assess performance. Most monitoring techniques are designed to assess against legislative and regulatory requirements or entity policies and procedures, and usually provide a hard target—one that is frequently difficult to meet, at least initially. The Privacy Maturity Model is based on AICPA/CICA Generally Accepted Privacy Principles (GAPP), a recognized privacy framework that addresses the requirements of most global privacy legislation. Edmonton Public Schools assessed their privacy and access program with this model, and learned some surprising and powerful truths about their privacy and access initiatives. Not only did the Privacy Maturity Model provide a baseline of performance, but using the tool generated clear and detailed ‘next steps’ for Edmonton Public Schools. Join an engaging session to understand and implement PMMs and gain tools you can use to make PMMs work for your organization.

Baked In Not Bolted On: A Day in the Life of Baking Privacy into a Global OrganizationDeborah Joslyn, CIPP, Senior Manager, Ernst & Young, Liz Kiss, Chief Compliance Officer, Quality and Risk Management, Ernst & Young

Join a robust discussion of how privacy is embedded into a global organization’s code of conduct, culture, training programs andfirm communications. View and discuss sample videos, vignettes, communications plans and training. In turn, share your experience educating personnel on privacy—what hasworked and what hasn’t. Walk away with strong ideas, tools and best practices for embed-ding privacy into your organization’s culture.

Video Surveillance Notification: PIPEDA and Signage in Publicly Accessible Spaces Andrew Clement, Professor, University of Toronto, Dr. Joseph Ferenbok, Lecturer, University of Toronto Mississauga, Simeon Kanev, CIPP/C, Master’s Student, Research Assistant, University of Toronto

The Office of the Privacy Commissioner of Canada is sponsoring a research project examining the video surveillance installations and accompanying signage of a broad range of major private-sector video surveillance operations in the greater Toronto area. The research team has uncovered a disturbing trend: The majority of these installations are not compliant with PIPEDA notification requirements. This deprives consumers of essential information needed to make informed choices and exposes operators to the risk of public embarrassment if complaints are made. Join this thought-provoking presentation and learn about a prototype signage scheme that is compliant with PIPEDA requirements.

Gather•InspIre•succeed

Why Transparency Works in Behavioural AdvertisingFran Maier, President and Executive Chair, TRUSTe

Explore the advantages of conducting behavioural advertising in a transparent manner so that consumers understand how their personal information is used and have meaningful choice in the process. TRUSTe president Fran Maier will examine various strategies for achieving transparency by moving privacy notice beyond the traditional privacy policy and allowing consumers to modify their advertising preferences or opt-out of the process altogether. She will share consumer data collected from TRUSTe’s behavioural advertising privacy programs to demonstrate how a balance can be struck between consumer privacy and corporate profitability.

3:30 – 4:30 p.m.

Biometrics: Enhancing Privacy, Security and Trust through Privacy by DesignModerator: Vance Lockton, Policy Analyst, Office of the Information & Privacy Commissioner of Ontario, Alex Stoianov, Biometrics Scientist, Office of the Information & Privacy Commissioner of Ontario, Karl Martin, President & CEO, KMKP Engineering, Soren Frederiksen, VP, Development, iViewsystems

Biometric technologies have hit the main-stream, touted as ideal for enhancing identity authentication, access controls and fraud detection. Ironically, the same technologies that can enhance trust can also undermine it when deployed improperly. Biometric data are exceedingly personal data. As this personal data is collected, used, retained and shared across networked environments by

more and more actors for more purposes, how will the security threats that under-mine the reliability of biometric systems be overcome? How will individual privacy be assured? Privacy risks can undermine user confidence, leading to a lack of acceptance and trust in biometric systems. Is there a positive-sum way out? Explore answers to these current issues and trends in biometrics research and deployment. One of the themes will be a novel application of face recognition for the Ontario Lottery and Gaming Corporation’s self-exclusion program.

Cloud Computing in Practice: Getting Down to BusinessPamela Snively, Managing Director, AccessPrivacyHB, Amanda Maltby, Chief Privacy Officer, Canada Post Corporation

Cloud computing is here to stay. It’s time to stop talking about it and get down to the practical realities involved with managing the privacy risks. Start with a review of the broad privacy and legal compliance risks associated with the cloud and the range of practical solutions available to Canadian organizations, followed by a look at Canada Post’s experience implementing a practical approach to assessing and managing cloud computing risk. You’ll leave with practical tips and best practices for a successful cloud computing strategy.

Key Elements of Effective, Compliant Data Destruction PoliciesRobert Johnson, Executive Director, National Association for Information Destruction

Proper information destruction is the most overlooked and misunderstood aspect of data protection. Even some of the most

regulated and data-sensitive organizations lack adequate direction to employees or pro-vide little internal accountability. At the same time, regulatory attention and media coverage related to improper data disposal are at an all-time high. Join one of the world’s most respected authorities on proper information destruction, policy development and vendor selection criteria to discuss key elements of effective policies and procedures, including training, auditing, vendor qualifications and documentation.

Privacy Online: Where Do We Go from Here?Barbara Bucknell, Strategic Policy Analyst, Office of the Privacy Commissioner, Alan Raul, Partner, Sidley Austin LLP, Ben Goold, Associate Professor, Faculty of Law, University of British Columbia

Privacy in the online ecosystem is a hot subject. The proliferation of online tracking, profiling, and targeting of consumers is raising new and complex issues for privacy. Finding workable approaches that balance an individual’s right to privacy with the need to monetize online business models has been the challenge faced by industry representa-tives and regulators. The OPC conducted consultations on this issue in 2010, issued a draft report in the fall, and will be publishing its final report on the consultations in the spring of 2011. Similarly, in the United States, the Federal Trade Commission issued a pre-liminary report on December 1, outlining a framework for businesses and policy makers on this issue. The question is: Where do we go from here? Join this session to discuss the work under way on this issue.

9 – 10 a.m.

How Much for Your Avatar? Personal Information as Currency Ruth Vale, Senior Analyst, Privacy, eHealth Ontario, Constantine Karbaliotis, CIPP, CIPP/C, CIPP/IT, Americas Privacy Leader, Mercer

We create stories about our lives in online ‘personas’ and trade them for a variety of wonderful services—social media, warranty services, free e-mail, free storage and otherWeb services. While privacy is a fundamentalhuman right, it is a peculiar one: We willinglytrade it as a marketable commodity in exchange for ‘things’ but as currency, per-sonal information holds value as it is further exchanged. Join this practical session as the panelists present a model by which to analyze the transactional value of personal information, to determine if this lens offers organizations a more precise way to assess the value of protecting personal informa-tion and avoid a general “devaluation” of the individual’s profile.

Privacy and E-Health Information Systems: A New Dawn of Governance and Compliance ChallengesElaine Ashfield, CIPP/C, Executive Director, Privacy, Records & Information Management and Chief Privacy Officer, Canadian Blood Services, Patricia Kosseim, Office of the Privacy Commissioner of Canada

The development and implementation of national e-health information systems are giving rise to complex governance, account-ability and compliance challenges across Canada. Join a discussion of some of the unique legal, policy and compliance issues that have been encountered and will be illustrated by recent examples. You’ll leave with valuable guidance on some of the process improvements and problem-solving required to address the issues and ideas for coordinating privacy impact assessments, improving governance and accountability, and creating a national model for privacy compliance.

Privacy by Design in the Public Sector—It’s More than Just Compliance and Regulations!Moderator: Michelle Chibba, Manager, Policy and Compliance, Office of the Information & Privacy Commissioner of Ontario, David Nicholl, Corporate Chief Information & Information Technology Officer, Province of Ontario, Dave Wallace, CIO, Information & Technology Division, City of Toronto

Privacy must not be an afterthought. Protecting privacy, including the proper stewardship of the personal information entrusted to governments and other bodies, is essential to maintaining the public’s trust and confidence. It also is an essential component of customer service and quality assurance. Regardless of the type of institutionor health care provider—from a town hall to a police service, a library board to a school board, a university to a hospital, a doctor’s office or a health clinic—protecting personal information is critical. Explore the benefits of embedding privacy into the design of information technology, business practices and physical design and infrastructures, and examine examples of successful Privacy by Design initiatives used in the public sector.

Networking Session: Social Networking, an Employer’s GuideFazila Nurani, CIPP/C, President, PrivaTech Consulting

The proliferation of the use of social networking sites such as Facebook, MySpace and Twitter has left many employers searching for answers to a host of questions. What can be done about the loss of employee productivity? How can the divulgence of confidential information or dam-age to the company’s reputation through social networking be prevented? Does monitoring potential or existing employees through personal or work-based social media violate privacy laws? When can decisions be made about an employee or prospective hire based on information collected from social networking sites? What are reasonable limitations on the use of social media on the job? Should the organization have its own social media platform or use a third party? Explore these timely issues and recent cases involving social media, and leave with a sample social networking policy.

concurrent sessions: friday, may 6

10:15 – 11:15 a.m.

Governing the Extended Enterprise: A Three-Year Plan for Deploying a Robust Privacy Governance StrategyMario Morel, Privacy Architect, YourPrivacy

Ubiquitous mobile devices, pervasive cloud technology and an orgy of sensitive informa-tion leakages are only a few of the myriad challenges faced by privacy executives. The uncertainty present in such a diverse group of issues is most likely to trigger a constant flow of changes that are unpredictable, unexpected and will result in unfamiliar situations. To thrive in such a fluid environ-ment, a privacy governance strategy must seek to increase organizational agility, adopt a productivity infostructure based on a network-centric architecture and mandate decision-making from quantitative risk assessments. Using a case study approach, this session will show you how to build a three-year plan for deploying a privacy governance strategy that is robust, flexible, resilient, innovative and adaptive.

Networking Session: The Internet of ThingsAdam Kardash, Partner, Heenan Blaikie LLP

Many privacy observers are considering the “Internet of Things” as the newest tech-nological development to raise an array of privacy concerns. While the Internet of today connects billions of people, the Internet of Things refers to the connection of billions of objects and devices through sensors, RFID tags, near-field communications and other technologies. Consider examples of the Internet of Things, with an emphasis on the explosion in the amount of personal

information that will be created, collected, used, disclosed and otherwise managed as a result, and participate in a discussion of appropriate privacy governance frameworks that will enable society to reap the vast poten-tial of these emerging technologies while at the same time respecting individual privacy.

Made to Order: Role-Based E-Learning in the GTAPeter Lambert, Manager, Information Security, St. Michael’s Hospital, Natalie Comeau, CIPP/C,Senior Privacy Advisor, University Health Network

In today’s ever-changing hospital environ-ment, educating staff means more than orienting personnel at intake. In 2009, the Toronto Academic Health Sciences Network began creating and deploying a shared set of role-based e-learning modules across the Toronto Central LHIN. The hospitals worked to harmonize key concepts and developed a framework to reflect organization-specific procedures. Explore the objectives, side benefits and nuances of these activities, including the ability of organizations to foster continuity and completion of training for staff and students that work at and transition frequently between multiple organizations. Leave with an understanding of the key factors to consider when implementing harmonized training within an organization and across partners.

Privacy Impact Assessment Expectations of the Office of the Privacy Commissioner of CanadaLara McGuire Ives, Manager, Privacy Impact Assessment Review, Office of the Privacy Commissioner of Canada

Delve into a discussion on the Office of the Privacy Commissioner of Canada’s processes for analyzing the privacy risks of government initiatives as well as the office’s expectations of government institutions relating to the type and depth of information and analysis to be provided in privacy impact assessment (PIA) reports. Learn about the office’s forth-coming Expectations Guide and what the Treasury Board of Canada Secretariat’s new Directive on Privacy Impact Assessment has meant to the PIA process.

11:30 a.m – 1 p.m. Closing Plenary

1 – 2 p.m. Banquet Luncheon

Game show

don’t miss the special contestants we have lined up!

Back by popular demand, canada’s own, kris klein, will host this year’s Game show during the closing plenary session.

CONFERENCE LOCATIONRyerson University Ted Rogers School of Management55 Dundas Street WestToronto, ON M5G 2C5

Need accommodations? Please visit our Web site, www.privacyassociation.org/symposium, for a list of area hotels.

REGISTRATION FEES Early Bird Rate Regular Rate All pricing is in Canadian dollars Until April 8 After April 8

Preconference Seminars (Wednesday only)

One Seminar $450 $450Two Seminars $600 $600 Concurrent Sessions (Thursday & Friday only)

IAPP Member $995 $1,095 Nonmember $1,245 $1,345Government/Higher Education $825 $925 Corporate Rate (5 people for the price of 4; must sign up as a group) $4,073 $4,550 Guest Price (Coworkers or associates in the industry are not eligible) n/a $270

Subject to 13% HST, not included.

*If you have registered to attend the CIPP/C or CIPP/IT training, you will not be able attend the Preconference Seminars due to the schedule conflict.

Registration for certification training or testing must be completed separately. Please visit www.privacycertification.org/certification to register. IAPP membership is required to register for any IAPP certification exam.

not an Iapp canada member?

Join today! learn more about the

benefits of membership at www.privacyassociation.org/canada.

ARE YOU CERTIFIED?

Privacy certification is an essential way

to validate your knowledge base and

demonstrate your value as a privacy

professional to your organization.

Training for two IAPP certification

credentials—CIPP/C and CIPP/IT—

will be offered at the Symposium.

The Certification Foundation training is

offered as a full-day session on Tuesday,

May 3, followed by half-day module

training sessions on Wednesday, May 4.

Testing for all credentials—CIPP, CIPP/C,

CIPP/G and CIPP/IT—will be offered on

Friday, May 6. Certification candidates

may take the Certification Foundation

exam and one module exam in the

same day.

Visit www.privacyassociation.org/symposium to register and for complete conference details.

sponsors

exhIBItors

IAPP Canada would

like to thank the

PROGRAM CHAIRS

Monitoring and Verification

Laura Davison, CIPP, CIPP/C,

Deputy Chief Privacy Office,

Deputy Chief Anti-Money

Laundering Officer, Deloitte &

Touche LLP

Preconference Seminars

Gilles Fourchet, CIPP/IT,

Information Privacy & Security

Specialist, Ministry of Com-

munity and Social Services.

Thérèse Reilly, CIPP/C, Law

Office, M Thérèse Reilly

Security: The Extended

Enterprise

Della Shea, CIPP/C, Chief

Privacy & Information Risk

Officer, Symcor Inc.

Social Media/E-Marketing

Technology

Shawn Melito, MBA

Training

Lorne MacDougall,CIPP/C,

Chief Privacy Officer &

National Legal Services

Manager, Holt Renfrew

Trends and Influences:

International and

Canadian Perspectives

Jill Scott, LLB, LLM,

Barrister & Solicitor

MAY 4 - 6

MAY 4 - 6

may 4–6 ryerson unIversIty toronto

Thomson ReuTeRs

Thomson ReuTeRs

International Association of Privacy ProfessionalsGlobal HeadquartersPease International Tradeport75 Rochester Ave., Suite 4Portsmouth, NH 03801 USA