»»   REGISTER 
[This] conference provided further clarification on an extremely opaque subject.
 
- Global Product Manager
Government Securities
CanDeal Inc.
[   Register |  Day 1 |  Day 2 |  Speakers |  Venue |  Full Agenda (PDF)   ]
 
 

Legal Issues in Privacy & Cyber Security

Compliance and Best Practices

November 19 - 20, 2019  ·  Toronto, Ontario
 
   
 
Day One Program Agenda: Tuesday, November 19, 2019
 
8:00 - 9:00        Registration and Continental Breakfast
 
9:00 - 9:15
Welcome and Chair’s Opening Remarks
Mark Hayes, Hayes eLaw LLP
David Goodis, Assistant Commissioner, Information and Privacy Commissioner of Ontario
 
9:15 - 9:45
Armchair Chat with David Goodis: Are We Moving in the Right Direction?
David Goodis, Assistant Commissioner, Information and Privacy Commissioner of Ontario
Constantine Karbaliotis, Director, PWC Canada
  • Impact of current changes on your privacy and cyber security strategy
  • Is the Digital Charter a step in the right direction?
  • Impact of the Charter on Canadian organizations
  • Post election analysis
  • Strategies for planning ahead
 
9:45 - 10:45
Are You Meeting Legal Obligations to Safeguard and Protect Client/ Customer Information?
Best Practices Preparing for/Preventing Data Breaches
Panel Moderator: Vance Lockton, Manager, Digital Compliance, Waterfront Toronto
Michel Jutras, General Compliance Officer, Air Canada
Elspeth Hagen, Global Compliance, McCain Foods Limited
Samir Murji, Corporate Counsel, Walmart Canada
  • What your comprehensive, pre-tested. robust incident readiness and response plan should contain
  • Defining roles and responsibilities and who coordinates efforts?
  • What are the legal standards?
  • Monitoring and differentiating between minor events and major incidents
  • Policies and procedures to ensure alignment with your organization, best practices and updates for new and emerging threats
  • Training on policies and procedures
  • How to build staff awareness including detection of malware, signs of data breach
  • Putting your Incident Response Plan (IRP) to the test to arm your team with experience
  • Table top exercises to test every IPR procedure from detection and containment to remediation and recovery
  • What does proactive compliance mean in the context of these different organizations?
  • How do the obligations change depending on the sensitivity of the information?
  • Baseline security requirements
  • Self assessment, vulnerability assessments
  • What constitutes sufficient steps to meet legal obligations to safeguard and protect client/customer information
  • What is best practice in protective and preventive measures?
  • Checklist for assessing how well your organization protects and safeguards client and customer information
  • Preparing for transfer of information across borders – are Canada’s standards good enough?
  • Privacy impact and security assessments – meeting regulatory and business expectations
 
10:45 - 11:00        Networking Break
 
11:00 - 12:00
How Will You Be Judged in the Aftermath of an Attack?
Best Practices in Responding to Data Breaches: Metrolinx, Telus, Air Canada, Staples
Mark Hayes, Hayes eLaw LLP
Sara Azargive, Sr. Privacy Officer, Office of the General Counsel and Corporate Secretary, Metrolinx
Pam Snively, VP, Chief Data & Trust Officer, TELUS
Michel Jutras, General Compliance Officer, Air Canada
Dean Dolan, General Counsel and Chief Privacy Officer, STAPLES Canada
  • Activating The Incident Response Plan
  • Moving in accordance with policies, protocols, processes and procedures that guide how incidents are detected, reported, assessed, and responded to
  • Key regulatory developments and trends
  • Determining the source of the breach and whether threshold for notification has been reached
  • New breach notification rules
  • Examining the breach reporting legal threshold for determining “real risk of significant harm”
  • Assessment tools/ the privacy breach tool kit
  • How can the test be made more objective and more robust?
  • Obligation to report “as soon as feasible” – what does this mean?
  • Obligation to maintain accurate, complete and current records of an incident and decisions made with respect to response
  • Description of incident containment and investigation re specific risks
  • Obligation to keep records of all breaches so the Commission can assess compliance with the law as required – what does it entail?
  • Handling multiple jurisdictions
  • Determining content of communications to commission and customers/clients – direct versus indirect notice
  • Tension between legal and communications about what should be released
  • Media and public relations
  • Setting out strategies for maintaining legal privilege with respect to communications and documentation relating to the incident
  • Court cases, class actions and penalties for data security breaches
  • Who’s doing what out there and how do you compare?
  • Are you over or under cautious?
  • Post-incident analysis
  • Engaging with law enforcement
 
12:00 - 1:00        Luncheon Break
 
1:00 - 2:00
Assessing Privacy and Cyber Security Team Bench Strength: Can the Team Do the Job?
Vanessa Henri, Privacy and Cybersecurity Group, Fasken
  • Roles and responsibilities of the Privacy Office
    • Legal, functional and operational differences (CPO, DPO, GC, etc.)
    • Tools and reporting functionality to prevent and respond to PII risks
  • Roles and responsibilities of the CIO/CISO Office
    • Distinguishing IT and security
  • Responding to an incident; who does what, and according to what documents?
    • IRP – What does it look like? How long should it be, and how should it be coordinated? (Based on NIST)
    • Incident classification against roles and responsibilities
      • IT incident
      • Security Incident
      • Privacy Incident
    • Timely involvement of contractors and third party expertise
    • Communicating effectively with stakeholders and data subjects on an incident
  • Assessing effectiveness of roles and responsibilities
 
2:00 - 2:15        Networking Break
 
2:15 - 3:00
Third Party Contracts: How Well Are You Protecting Client/Confidential Information in the Hands of Your Third Party Providers Inside and Outside Canada?
J. Fraser Mann, Mann Symons LLP
  • Managing risk and allocating liability
  • Vendor vetting and contract negotiation
  • What’s negotiable/what’s not?
  • What vendors and suppliers will and will not promise
  • Most contentious and most important contract provisions
  • Steps to mitigate risk when you can’t get the contractual terms you’re after
  • Checklist for evaluating how well you safeguard information in the hands of your third party providers
  • Formula for selecting options and services from third parties based on deemed acceptable risk level and sensitivity of information
  • Facebook/Cambridge Analytics
 
3:00 - 4:00
Mergers & Acquisitions: Privacy and Cyber Security Due Diligence
Constantine Karbaliotis, Director, PWC Canada
  • Are you sufficiently quantifying and analyzing cyber security as part of due diligence?
  • Differentiating the cyber security challenge from the risks of mergers and acquisitions
  • Risks and liabilities surrounding the original and new organizations
  • What are appropriate cyber activities before, during and after a merger or acquisition
  • Practical solutions on how to identify, understand and mitigate cyber risk during the M & A due diligence process
 
4:00        End of Day One
 
[   Register |  Day 1 |  Day 2 |  Speakers |  Venue |  Full Agenda (PDF)   ]

SHARE:

 
   

Cyber attacks are increasing in frequency and complexity. No company is immune. Failure to take the appropriate steps will leave your organization more vulnerable to privacy breaches, litigation, expensive downtime, enormous recovery costs, and lasting reputational damage.

Infonex’s Legal Issues in Privacy & Cyber security event will address the evolving threat landscape in your industry. Learn how to: determine whether or not you are meeting your legal obligations to protect client and customer information - in your own hands or in the hands of third parties; apply best practices in reacting to a cyber attack; what your Incident Response Plan should contain; when to notify the Privacy Commissioner and the client, and more.

Hear from leaders and experts at RBC, Air Canada, Telus, Waterfront Toronto, Metrolinx, Hamilton Health Sciences, Cancer Care Ontario, University Health Network, Computershare Canada, Canadian Bankers Association, McCain Foods and more as they share their strategies for safeguarding data.

Save the date for November 19-20, 2019!

Register today!

Telephone: 1.800.474.4829  |   360 Bay Street, Suite 900, Toronto, ON  M5H 2V6   |   Fax: 1.800.558.6520  |  Contact Us
© 2000-2019 INFONEX Inc.