Agenda

Monday, May 13, 2013
8:15 am - 9:00 am
Registration for Workshop Participants & Continental Breakfast

Workshop attendance is optional and extra charges apply. See registration page for specific pricing details.
9:00 am - 12:00 pm
W1: Access and Privacy Coordinator/Officer Bootcamp

W2: Putting your Content in the right Context: Who me?

W3: IT Security for non Security Professionals
12:00 pm - 12:45 pm
Lunch for Workshop Participants

General Registration
12:45 pm - 1:00 pm
Welcome Address

Mel Holley
Acting Ombudsman
Manitoba Ombudsman's Office

Mel Holley was appointed Acting Ombudsman for the Province of Manitoba on January 4, 2012.

In Manitoba the office of the Ombudsman also has responsibility for The Freedom of Information and Protection of Privacy Act and The Personal Health Information Act.

Mel Holley joined Manitoba Ombudsman as an Investigator in 1998. Prior to assuming the position of Acting Ombudsman in January 2012 Mel was Manager of Investigations for the Ombudsman Division of Manitoba Ombudsman and had previously served as Manager of Systemic Investigations.

Prior to joining the Ombudsman in 1998 Mel was the Poverty Law Coordinator for Legal Aid Manitoba and had previously worked for 13 years at the Legal Aid Manitoba Public Interest Law Centre where he assisted the Director in the selection and preparation of test case litigation.

His prior experience includes working as a union organizer and broadcast journalist.

Flor Marcelino
Minister of Culture, Heritage and Tourism
Manitoba Government

Flor was first elected in 2007, making history as the first woman of colour elected to the Manitoba Legislative Assembly, and was re-elected as the MLA for Logan on October 4, 2011. In November 2009, Flor was appointed Minister for Culture, Heritage and Tourism by Premier Greg Selinger, a position she maintained after the 2011 election.

Flor was born in the Philippines and immigrated to Canada in 1982 where she and her family have since made Winnipeg home. They first settled in the Weston community, one of the many vibrant neighbourhoods located in the Tyndall Park constituency.

Previously a small business owner and editor of The Philippine Times, she has also been an active community leader, having served on with the Premier's Economic Advisory Council, Project Peacemakers, St. Stephen's-Broadway Foundation and the Broadway Disciples United Church and its international affiliate, the Global Ministries. Flor was also a support staff at Red River College for 17 years.

Flor is determined to work for and with her constituents to help build a brighter future for the residents of Logan.

1:00 pm - 1:50 pm
Open Government: Information, Dialogue, Data and Beyond

Open Government provides a gateway to innovation, problem solving, collaboration and more, by  leveraging one of our most valuable public assets….information. In this presentation Alyssa Daku discusses the fundamentals of Open Government and the shift in organizational culture that is required to fully embrace an agenda of public transparency and accountability.

Drawing on her experience with the City of Regina’s Open Government launch in 2012 as well as her expertise in data governance and access, Alyssa discusses the benefits of Open Government from more than just a public accountability perspective. Additionally, she will look at some of the practical lessons to be learned for organizations looking to implement a more comprehensive Open Government program including successes, failures and opportunities for improvement.

Alyssa Daku
Director Information Governance
EHealth Saskatchewan

Alyssa Daku recently joined EHealth Saskatchewan to become the Director Information Governance. Formerly the Manager of Corporate Information Governance and Program Manager for Open Government at the City of Regina, Alyssa was instrumental in Regina being recently recognized as one of the most "open" public sector organizations in the world.

She has a Masters in Public Administration and is a Certified Information Privacy Professional (CIPP/C). Alyssa has worked in the field of information strategy and governance for more than seven years including the non-profit, provincial health, Crown and municipal sectors.

1:55 pm - 2:55 pm
1A: Manitoba Pupil Files

The presentation addresses how schools and schools divisions must manage personal information they collect and generate about their students. It will cover a variety of issues regarding pupil files, including:

  • collection and storage of personal student information
  • the various components of a pupil file; transferring of files
  • security issues
  • access to files by staff, students, parents and third parties
  • records management policy considerations
  • retention/disposition of pupil files

Joanne Muller
Analyst
Manitoba Education

Joanne Muller has been a Policy Analyst with Education Administration Services, a branch of Manitoba Education, for the past 12 years. The branch fulfills an advisory and consultative role to the Department, school divisions, schools and the public on matters related to legislation and regulations and on the education system in general. Joanne spends much of her time providing information and guidance to school division officials and to parents regarding education legislation and associated administrative requirements. She also coordinates appointments to a number of statutory and non-statutory boards and commissions, and serves as Secretary to the Board of Reference. She has conducted workshops on the Manitoba Pupil File Guidelines for division and school administrative personnel, school clinicians, and university students.


1B: Navigating through the Privacy Maze

Most public bodies have personal information AND personal health information (eg. client or employee information), governed by The Freedom of Information and Protection of Privacy Act (FIPPA), The Personal Health Information Act (PHIA) and other laws. Making privacy decisions about this information can feel like being in a maze where the path to take is unclear.

This practical session will help you navigate the relationships between laws and understand how they work together. Learn how the privacy principles underlying FIPPA and PHIA provide a foundation for understanding and applying these laws. Hear about the similarities and the important distinctions that you need to know in making good decisions about personal and personal health information, and about the other laws that can affect the decisions you make.

Gail Mildren
General Counsel
Civil Legal Services, Manitoba Justice

Gail has been a lawyer with Civil Legal Services of Manitoba Justice since her call to the Manitoba Bar, and was appointed General Counsel in 1990. She practices in a number of areas of law, including information management, access to information and privacy, and is the senior lawyer on Civil Legal Service?s Access and Privacy Law Group. Her involvement with access to information and privacy issues dates back to 1985 (when the former Freedom of Information Act of Manitoba was passed) and Gail was involved the development, drafting and implementation of Manitoba's Freedom of Information and Protection of Privacy Act and Personal Health Information Act. She frequently provides advice on the development and implementation of other pieces of legislation that impact on access to information or privacy. Gail frequently speaks on information management, access to information and privacy matters ? and this is an aspect of her work that she thoroughly enjoys.

Dustin Gene


1C: Modernizing Freedom of Information: Rebuilding, Refocusing and Reinventing Access to Environmental Information

The Ministry of the Environment rebuilt its Freedom of Information (FOI) program through systematic business process review, implementing a far reaching technology solution and investing in human resource capacity. This multi year modernization initiative included components as diverse as reducing paper consumption by 90%, improving request turnaround times to 14 working days and using technology to support web enabled FOI self service and access to information.

The Modernizing FOI initiative has changed in how the Ministry considers its records management program. This has lead to an “end to end” Ministry information access strategy. This paper will provide an understanding of how this transformation initiative evolved and planning and implementation lessons learned.

The overall goal is to prompt broader FOI modernization discussion. A key theme is that FOI service delivery needs to better serve government, the public, non government organizations and business. “Making Connections” between technology, information management and access and privacy communities is essential to this transformation. 

This presentation will cover three main areas:

  • Developing business processes, implementing technology solutions and generating consensus for changing the way FOI and information access services are delivered.
  • Moving FOI activities and priorities from a “FOI 1.0”, internal services perspective to the new world of FOI 2.0, open government and enterprise – wide information management.
  • Detailing strategies for employing technology to support FOI and information access but ensuring these initiatives are not solely driven or defined by technology.

Jim Lewis
Director, Information Management and Access Branch
Ontario Ministry of Environment

Jim Lewis is Director of the Information Management and Access Branch, Ontario Ministry of the Environment. He has over twenty years experience working with access and privacy legislation gained at the Archives of Ontario, Management Board Secretariat and the Ministries of Environment, Energy and Health.
The programs Jim leads manage and deliver environmental information to the public and Ministry staff. This includes managing the Environmental Registry, an on-line site for citizen engagement on environmental issues, and the Information Resource Centre, which provides information and library services to staff. Jim is also responsible for leading the records and information management program including an enterprise information management pilot focusing on managing environmental approvals process documents.
The Ministry FOI program is the largest in the Ontario government receiving approximately 5500 requests a year. Jim lead the successful "Modernizing FOI" initiative that used business process redesign, technology and staff skills upgrades to change access and privacy services delivery.
The Branch is also preparing a Ministry environmental information access and dissemination strategy with objectives that include increasing public accessibility to environmental data and developing audience specific information resources. The current research focus is on understanding and documenting the effectiveness of other environmental information disclosure programs.

2:55 pm - 3:15 pm
Networking & Refreshment Break
3:15 pm - 4:15 pm
2A: Information Management in 2013 and Beyond

The corporate Information Management/Information Governance requirements in 2013 are more demanding than they have ever been. The landscape has changed and the solutions used in the preceeding decade are now in question. This presentation will explore not only the changes but the direction Information management is going, the standards now in play and the options available.

Rick Stirling
President
WesternIM (Western Information Management Inc.)

Rick Stirling is the President of Western Information Management Inc. (WesternIM) and has over 40 years IT experience. Rick is well rounded in many disciplines with a specialty over the last 18 years in the implementation of dozens of enterprise information management solutions. He has held many executive positions in ARMA International (The Records Management Association) including a member of the international board of directors and President of the Canadian Region and is a frequent speaker in both the United States and Canada. Most recently Rick was one of the founding members of the GARP (Generally Accepted Recordkeeping Principals http://www.arma.org/garp ) task force.

About WesternIM

WesternIM specializes in records and information management consulting services for all things RM and the implementation of tier 1 enterprise solutions. We approach client solutions from conceptualization through long term maintenance. WesternIM clients throughout Canada and the US are from municipalities, provincial / federal government agencies and private companies in many different market sectors.

WesternIM offices are located at 410 - 820 51st Street East, Saskatoon, SK, S7K 0X8. We can be contacted through our web site at www.WesternIM.com, by phone at 306.384.6868, by fax at 1.888.752.3133 or by e-mail at office@WesternIM.com.



2B: Practical Approaches to Access Requests

Wish there was an “easy” button for FIPPA requests? With over 24 years of oversight experience relating to access requests, the Manitoba Ombudsman’s Office has seen a lot of great access practices that can make it easier to respond to requests and comply with the requirements of FIPPA.

Not sure where to start when you receive big requests?
Feeling apprehensive about contacting the applicant?
Wrestling with fee issues?
Running out of time?

Learn practical tips to help you address these and other access-related issues.

Linda White
Investigator
Manitoba Ombudsman Office

Linda White has worked for many years in the fields of archives and records management, most recently at Carleton University in the Corporate Records and Privacy Office. She has been employed as an Investigator in the Access and Privacy Division at the Office of the Manitoba Ombudsman since January.

Jacqueline Bilodeau
Manager of Investigations
Manitoba Ombudsman's Office

Jacqueline Bilodeau is the Manager of Investigations in the Access and Privacy Division of the Manitoba Ombudsman’s office. Prior to that, she was an Investigator under PHIA and FIPPA for three years. She previously worked in the group disability insurance field for ten years, first as a Case Manager and then as a Litigation Specialist and Consultant.


2C: Cyber Security Update on the Emerging Threat Landscape

This session will focus on the current state of cyber security and what motivates the actors involved in security threats. It will also examine the future of IT Security in the ever-changing threat landscape.

Patrick Hoger
Chief Information Security Officer, Information Protection Centre
Manitoba Innovation, Energy and Mines

4:15 pm - 6:15 pm
Networking Reception
Tuesday, May 14, 2013
8:00 am - 8:45 am
Continental Breakfast
8:45 am - 9:00 am
Welcome Back!
9:00 am - 9:50 am
Operationalizing Privacy by Design - PbD

Created and championed by Ontario’s Information and Privacy Commissioner Ann Cavoukian, Privacy by Design (PbD) has become the defining approach to protecting privacy in the 21st Century. The 7 Foundational Principles that constitute PbD are recognized by international data protection authorities, and are being advanced in regulatory standards around the world.

This session will discuss the origins, significance of —and prospects for— PbD in today’s hyperconnected Information Age. Particular emphasis will be placed on:

  1. understanding the 7 Foundational Principles;
  2. illustrating how they apply to the design of information technologies, business processes, and networked architectures;
  3. promoting a deeper understanding of how to operationalize PbD in the public sector.

 

Michelle Chibba
Director, Policy
Office of the Information & Privacy Commissioner of Ontario

Michelle Chibba oversees the Policy Department and Special Projects at the Office of the Information and Privacy Commissioner of Ontario, Canada (IPC). Her department is responsible for conducting research and analysis, as well as liaising with a wide range of stakeholders to support the Commissioner's leadership role in proactively addressing privacy and access issues affecting the public. She has over two decades of professional experience, most of it in the public sector where she managed several strategic policy projects. Early in her career, she worked in the private sector as well as for a non-governmental policy research organization in the U.S. One of her many accomplishments within the government was as Quality Manager for the Health Economic Development Unit, where she was instrumental in implementing a quality management system that was successfully registered to the ISO 9001 standard. For this, she received the Amethyst Award for Outstanding Public Service. She is also a recipient of an Ontario Ministry of Health and Long-Term Care ACE Award for achievement, commitment and excellence in Stakeholder/Partner Relations. Ms. Chibba received her master's degree from Georgetown University (Washington, D.C.), with a focus on ethics and international business.

9:55 am - 10:55 am
3A: Mobile Devices

Your organization is getting ready to launch that hot new mobile app, and people are looking to you for answers. Do you have them?

Our increased use of mobile devices as a platform for service delivery challenges traditional ways of thinking about access, privacy, security and information management. But it’s not all bad news. This session will provide an overview of the emerging legal topics that are associated with buying and selling products and services over mobile devices, such as enforceability issues, online profiling and outsourcing considerations.

Andrew Buck
Associate
Pitbaldo Law

Andrew Buck is an associate at Pitblado law, a leading business law firm in Winnipeg, Manitoba. Andrew has a broad business law practice. He helps clients find solutions at all stages of the business life cycle, with a focus on assisting start-ups and emerging for-profit and not-for-profit organizations. He also advises public bodies on their obligations under FIPPA and PHIA, and delivers presentations about intellectual property, privacy and technology laws.


3B: Caution: Privacy Breach Ahead - Are You Prepared?

Being prepared for a privacy breach entails developing a plan before a privacy disaster strikes. Knowing the steps involved in responding to a breach incident is critical for effective breach management. This session will provide practical guidance to equip you to be prepared for, and respond effectively to, a privacy breach.

The presenters will address:

  • how to prepare for a privacy breach;
  • what to do if a breach is suspected;
  • how to respond if it is confirmed;
  • who to notify and when;
  • what happens if the Ombudsman becomes involved;
  • how to turn the disaster into a learning experience that helps to prevent future breaches

Judy Dandurand
Investigator
Manitoba Ombudsman

Judy is an Investigator in the Access and Privacy Division of Manitoba Ombudsman dealing with privacy and access issues, including privacy breaches, under FIPPA and PHIA. Previously, Judy was a Senior Policy Analyst at the Information and Privacy Policy Secretariat, Manitoba Culture, Heritage and Tourism and she was also the Access and Privacy Coordinator and Privacy Policy Analyst for Manitoba Family Services.

Mike Baudic
Director
Information and Privacy Policy Secretariat, Manitoba Culture, Heritage and Tourism


3C: Information Sharing within an Organization: Determining who Needs to Know

The sharing of information within public bodies/trustees is critical to informed decision-making, service delivery and business operations. Under FIPPA and PHIA, the use of personal and personal health information must be limited to the minimum amount of information necessary to accomplish an authorized purpose and the information should only be shared with employees who need to know the information to carry out that purpose. Similarly, the sharing of other types of sensitive information may be restricted within an organization.

Determining who needs to know what information for which purposes can be challenging. This session will help you to understand the legal requirements and best practices for sharing information within your organization.

Brian Bowman
Partner
Pitblado Law

Brian Bowman is immediate Past Chair of the Winnipeg Chamber of Commerce and partner with Pitblado Law. He is involved in numerous community volunteer efforts including serving as Incoming President of the Winnipeg Art Gallery and Incoming Chair of the Canadian Bar Association's National Privacy and Access Law Section. He is a nationally recognized leader in privacy, access to information and social media law, and is a frequent speaker, media commentator and author.

10:55 am - 11:10 am
Networking & Refreshment Break
11:10 am - 12:10 pm
4A: Assessing Capacity and Raising Awareness: Manitoba's Recordkeeping Capacity Assessment Tool

Records and information are critical assets in modern government. Effective recordkeeping not only makes good business sense, it is a fundamental requirement of good government.

In 2011 the Government Records Office launched a self-assessment tool that is designed to help government departments evaluate and improve recordkeeping capacity. Capacity means the policies, people and practices that are needed to support day-to-day work and enable effective use and management of records and information.

The presentation will provide:

  • background on the development of the tool and the models used
  • a brief illustration of the tool, how it works, and the results it generates
  • a discussion of the successes and challenges faced in developing and rolling out this tool.

Carmen Lowe
Records Analyst/Archivist
Government Records Office, Archives of Manitoba

Carmen Lowe has been with the Government of Manitoba since 2008, primarily working at the Archives of Manitoba in the areas of access to archival records and government recordkeeping. She also worked as an archivist with Public Health. She is currently a Records Analyst/Archivist in the Government Records Office. She is a graduate of the M.A. Archival Studies Program at the University of Manitoba.

Jackie Nicholls
Senior Records Analyst/Archivist
Government Records Office, Archives of Manitoba

Jackie Nicholls has been with the Archives of Manitoba since 1995, working as an archivist in the areas of access to archival records, FIPPA and government recordkeeping. She is currently the Senior Records Analyst/Archivist in the Government Records Office. She is a graduate of the M.A. Archival Studies Program at the University of Manitoba with a thesis on the history of records management and the role of the Archives in the development of access and privacy legislation in Manitoba.


4B: Beyond PowerPoints and Awareness Emails: Developing an information protection education program that works

Pertinent and appropriate information protection education is key in any successful organization. Training provides staff, volunteers and contractors with the skills to confidently conduct their jobs and minimizes the risk of an incident or breach. Yet many organizations are using outdated training that has not changed with the operating environment and is not customized for the audience. Further, the program was not developed in collaboration with stakeholders across various disciplines, such as privacy, security and information management.

This presentation will address some of the training challenges faced by organizations, such as how to reach vast and varied target audiences and how to ensure executive support for the program. Case studies and the Newfoundland and Labrador Centre for Health Information’s recent experience redesigning its training and awareness program will be used to provide practical tips to help attendees establish programs that work.

Ruth Marks
Privacy Officer
NL Centre for Health Information

Ruth Marks is a Privacy Officer with the Newfoundland and Labrador Centre for Health Information, where she currently manages the training and awareness portfolio. When not updating and implementing the Centre's privacy training and awareness program, Ruth offers general privacy guidance on Centre initiatives, such as the Provincial Electronic Health Record. Prior to her work as a Privacy Officer, Ruth spent 10 years in communications, working for advertising agencies and both the provincial and federal government. Ruth has a Certificate in Information Access and Protection of Privacy (IAPP) from the University of Alberta and a Masters of Employment Relations from Memorial University of Newfoundland.



4C: Privacy Impact Assessments

Privacy laws require organizations to manage personal information and personal health information in ways that maximizes its protection. A Privacy Impact Assessment is a due diligence exercise in which potential risks to the privacy of personal information and/or personal health information are identified and compliance with applicable legislation is assessed. The Privacy Impact Assessment process provides an opportunity to conduct a thorough analysis of risks and to consider reasonable measures that can be taken to reduce or eliminate them. The presenters will explain what a Privacy Impact Assessment is, the benefits of conducting one, and the expected goals and results.

Barb Devlin
Senior Policy Analyst
Information and Privacy Policy Secretariat (Manitoba Culture, Heritage and Tourism)

Barb Devlin is a Senior Policy Analyst with the Information and Privacy Policy Secretariat (IPPS) of Manitoba Culture, Heritage and Tourism.

The Information and Privacy Policy Secretariat, of Manitoba Culture, Heritage and Tourism, provides corporate leadership and expertise regarding information accessibility, confidentiality, and privacy in the Manitoba Government. An important part of the work of the Secretariat is to provide learning opportunities to help employees in public bodies understand and integrate good access and privacy principles into their day-to-day work.

Barb is a graduate of the University of Manitoba and has worked for several departments during her 24-year (and counting) career with the Government of Manitoba. Prior to joining the IPPS team in 2009, Barb performed the role of Access and Privacy Coordinator for two departments, namely Manitoba Justice and Manitoba Health which are among the busiest of departments in terms of the number of access requests processed. With the Secretariat, Barb has been involved in the development of the Government of Manitoba’s privacy impact assessment process and provides support and guidance through that process to program areas.

Valerie Gural
Access & Privacy Officer
Winnipeg Regional Health Authority

Valerie began her career with access and privacy in 1996, as a Policy Analyst, with the Legislative Unit, Manitoba Health on the development of The Personal Health Information Act. From there her career took her to the Manitoba Ombudsman’s office where she worked as a Compliance Investigator in the Access and Privacy Division. In 2004, she joined the WRHA Legal Department as the Access and Privacy Officer.

12:10 pm - 1:10 pm
Lunch
1:10 pm - 2:10 pm
5A: Accessing Municipal Records - Common Challenges

Municipal governments are often called the "grassroots" level of government and the closest to the people. Local municipal councils are often required to make decisions having the greatest impact on the lives of the residents. As a result of this relationship, citizens expect openness and transparency from their elected council and more often request access to municipal records. But...

  1. What documents are the public entitled to?
  2. Under which legislation are the documents accessed?
  3. How do you as a municipal administrator handle such a request?
  4. What is the municipality's duty regarding personal information when receiving access requests?

These are just some of the questions that will be answered during this session.

Barb Devlin
Senior Policy Analyst
Information and Privacy Policy Secretariat (Manitoba Culture, Heritage and Tourism)

Barb Devlin is a Senior Policy Analyst with the Information and Privacy Policy Secretariat (IPPS) of Manitoba Culture, Heritage and Tourism.

The Information and Privacy Policy Secretariat, of Manitoba Culture, Heritage and Tourism, provides corporate leadership and expertise regarding information accessibility, confidentiality, and privacy in the Manitoba Government. An important part of the work of the Secretariat is to provide learning opportunities to help employees in public bodies understand and integrate good access and privacy principles into their day-to-day work.

Barb is a graduate of the University of Manitoba and has worked for several departments during her 24-year (and counting) career with the Government of Manitoba. Prior to joining the IPPS team in 2009, Barb performed the role of Access and Privacy Coordinator for two departments, namely Manitoba Justice and Manitoba Health which are among the busiest of departments in terms of the number of access requests processed. With the Secretariat, Barb has been involved in the development of the Government of Manitoba’s privacy impact assessment process and provides support and guidance through that process to program areas.

Linda Baleja
Municipal Services Officer
Manitoba Local Government

Linda Baleja is a Municipal Services Officer with the Department of Local Government, Municipal Finance and Advisory Services. The Branch provides advisory and consulting services to elected and appointed municipal officials on most aspects of municipal administration, operations and governance.

Linda has worked with the Department of Local Government as a Municipal Services Officer for the last nine years. Prior to joining Local Government, Linda worked with a rural Manitoba municipality for 23 years, as an Assistant and as Chief Administrative Officer (CAO). Linda is a graduate of the University of Manitoba Certificate in Manitoba Municipal Administration Program.


5B: It Won't Happen to Me: Mitigating Risks to Records

Most organizations do not have a business continuity or disaster recovery plan that includes protection for their most valuable asset – records. Many organizations that experience a crisis do not survive unless there is a plan in place to resume operations quickly.

The information for this session is based on lessons learned from past experience. It offers a way to include records as part of a business continuity or disaster recovery plan.

Attend this session to learn how to:

  • Measure the probability that a risk may occur and the impact it may have on the organization
  • Prioritize risks by calculating a risk factor to measure the risk potential for records
  • Assign a value to records based on the business functions they support
  • Track progress of strategies for mitigating risks to records in the organization

Peggy Neal
President, ARMA Winnipeg Chapter &
Client Services Specialist Librarian
Canada/Manitoba Business Service Centre, Small Business Development

Peggy is a Client Services Specialist Librarian where she identifies client needs and delivers specialized information in response to their requests.

Although she grew up in Winnipeg, she earned her Master of Library and Information Science from Emporia State University through a satellite program located in Grand Forks, North Dakota and her Master of Business Administration specializing in Information Technology Management from Athabasca University which is located in St. Albert, Alberta. She is also a Certified Records Manager and President of the ARMA Winnipeg Chapter where she oversees Chapter delivery of education, networking opportunities and support pertaining to records and information management.

Her 30 year career in the library sciences and information management consists of experience in the aerospace, pharmaceutical, liquor, and public sectors where she began as a Library Page and progressed to include managing library operations, the creation of records management departments, developing records management programs and teaching records and information management courses at the University of Manitoba. In her spare time, she volunteers for community organizations such as Citizen’s on Park Patrol (Bunn’s Creek) and the Winnipeg Zone of the Civil Air Search and Rescue Association.


5C: Security in the Cloud

The availability of cheap and easily accessible computing resources supplied under the marketing term "cloud computing" may increase the risk of information privacy breaches. This session will explain the different types of cloud computing, some of the top security concerns and how those concerns impact information privacy.

Attendees will come away with a better understanding of:

  • What Cloud computing is (and isn’t);
  • The top 7 security concerns when moving to the cloud; and
  • The seven deadly sins of cloud computing
  • How to assess the risks of moving to the cloud

Chris Dunn
President
C.H. Dunn Consulting

Chris H. Dunn has 20 years experience in management and information systems security and IT audit. He successfully applies outstanding analytical and intuitive skills to the design, analysis and implementation of IT security governance and controls. With an excellent track record of leading specialized teams, his diverse expertise encompasses risk assessments, needs analysis, project management and security program development.

Committed to improving the security of organizations, Chris provides crucial insight to the alignment of IT risk with business objectives. His 9 years of IT Audit experience has enhanced his understanding of the importance of continuous monitoring in maintaining an acceptable and consistent level of security.

Chris teaches a two day introduction to IT Audit. Chris has also presented at the Mid Canada Information Security Conference on the topic of Developing a Vulnerability Management Program and at the Disaster Recovery Information Exchange conference on the topic of Data Center Resilience.
Chris holds a Bachelor of Commerce (Hons.) degree in Management Information Systems from the University of Manitoba and is a Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) and Certified Information System Security Professional (CISSP). He has also achieved numerous vendor specific, technical certificates throughout his career and currently holds the position of Program Director on the ISACA Winnipeg Chapter Board of Directors.

2:10 pm - 2:30 pm
Networking & Refreshment Break
2:30 pm - 3:30 pm
Keynote - The Growing Importance - and Irrelevance - of Data Protection Law

Nations around the world are reconsidering data protection law. Many countries without systematic privacy protections, such as in South America, are adopting new laws, while countries with long experience with privacy laws are revisiting them and, for example in Europe and the United States, considering new ones. While the renewed attention to data protection is gratifying and in many ways bringing nations closer together on data protection, many of the new and proposed laws run the risk of ignoring the most critical issues posed by the proliferation of personal data in the 21st century, thereby leaving individuals more at risk than ever. The challenge is to create laws that provide practical approaches to real issues in a global, data-intensive environment.

Fred Cate
Distinguished Professor & C. Ben Dutton Professor of Law
Director, Center for Applied Cybersecurity Research
Indiana University

Fred H. Cate is a Distinguished Professor and C. Ben Dutton Professor of Law at the Indiana University Maurer School of Law. He is managing director of the university's Center for Applied Cybersecurity Research and of the Center for Law, Ethics, and Applied Research in Health Information. Professor Cate is a senior policy advisor to the Centre for Information Policy Leadership at Hunton & Williams LLP, a member of Microsoft's Trustworthy Computing Academic Advisory Board, the Department of Homeland Security Cybersecurity Privacy Advisory Board, the Department of Defense Advanced Research Projects Agency Privacy Oversight Board, and the Board of Directors of The Privacy Projects. The author of more than 150 articles and books, he is one of the founding editors of the Oxford University Press journal, International Data Privacy Law.

3:30 pm - 4:00 pm
Closing Remarks