Legal Issues in Privacy & Cyber Security
Compliance and Best Practices
November 19 - 20, 2019 · Toronto, Ontario
Day Two Program Agenda: Wednesday, November 20, 2019
8:00 - 9:00 Registration and Continental Breakfast
9:00 - 9:15
Welcome and Chair’s Opening Remarks
David Goodis, Assistant Commissioner, Information and Privacy Commissioner of Ontario
9:15 - 10:15
PANEL DISCUSSSION:
Health Care Challenges: What the Sector is Learning and How It Can Assist Other Sectors
Moderator: Laura Davison, Vice President, Chief Privacy Officer, General Counsel & Corporate Secretary, eHealth Ontario
Gillian Kafka, Hamilton Health Sciences, Legal Counsel and Chief Privacy Officer
Erica Zarcovich, General Counsel and Chief Privacy Officer, Cancer Care Ontario
Sandeep Deol, Legal Counsel - Information Management (Privacy) and Technology, Corporate/Commercial at University Health Network
- Key lessons learned the hard way
- What cyber risks are we seeing?
- What we have learned about attacks and prevention
- The need for long term strategic plans and collective action
- How is critical infrastructure being safeguarded?
- Need to raise awareness, define roles and responsibilities, develop policies and standards, establish cyber security plans and budgets
10:15 - 10:30 Networking Break
10:30 - 11:30
PANEL DISCUSSSION:
Canadian Banks and Financial Institutions: At the Forefront of Privacy and Cyber Security
Moderator: Charles Docherty, Assistant General Counsel, Canadian Bankers Association
Holly Shonaman, Chief Privacy Officer, RBC
Claude Baksh, Chief Compliance Officer, Chief Risk Officer, Chief Privacy Officer and Chief AML Officer, Computershare Canada
Ferris Adi, Instructor, Cyber Security Management Program/ University of Toronto School of Continuing Studies, Former Risk Manager, TD Bank
- Actions for prevention, detection and response
- Key challenges
- How the banking sector is working toward solutions
- Breaking and entering to date - patterns and trends
- Sector specific learning
- Money transfers via email - convenience over security?
- Other typical problems and solutions
11:30 - 12:15
PANEL DISCUSSSION:
Public Sector issues in Privacy and Cyber Security
Moderator: Imran Ahmad, Partner, Blake, Cassels & Graydon LLP
Iain Paterson, Managing Director, Cycura Professional Services Group
Altaf Kassam, Director, Information Management, Children’s Aid Society of Toronto
- Key challenges
- Innovative solutions
- Breaking and entering to date - patterns and trends
- Sector specific learning
12:30 - 1:30 Luncheon Break
1:30 - 2:30
Assessing Privacy and Cyber Security Team Bench Strength: Can the Team Do the Job?
Vanessa Henri, Privacy and Cybersecurity Group, Fasken
- Roles and responsibilities of the Privacy Office
- Legal, functional and operational differences (CPO, DPO, GC, etc.)
- Tools and reporting functionality to prevent and respond to PII risks
- Roles and responsibilities of the CIO/CISO Office
- Distinguishing IT and security
- Responding to an incident; who does what, and according to what documents?
- IRP – What does it look like? How long should it be, and how should it be coordinated? (Based on NIST)
- Incident classification against roles and responsibilities
- IT incident
- Security Incident
- Privacy Incident
- Timely involvement of contractors and third party expertise
- Communicating effectively with stakeholders and data subjects on an incident
- Assessing effectiveness of roles and responsibilities
2:30 - 2:45 Networking Break
2:45 - 3:45
How Shifts in the International Data Protection World Affect Data Protection Issues in Canada
Imran Ahmad, Partner, Blake, Cassels & Graydon LLP
Over the past 12 – 18 months, several jurisdictions have adopted prescriptive data protection and privacy laws which impact Canadian businesses. This session will cover:
- What has the impact of the EU’s GDPR been on Canada, one year later?
- What can be expected with the California Consumer Privacy Act coming into force January 1, 2020?
- How to reconcile Canadian privacy requirements with international requirements.
- Should you worry about the extraterritorial scope of foreign data protection and privacy laws?
- Best practices when navigating global requirements.
3:45 - 4:30
Cyber Security And Privacy Liability Insurance For Public And Private Organizations
Ruby Rai, Cyber Practice Leader, Canada, Marsh & McLennan Companies
- State of the cyber risk market
- Underwriting cyber risk
- Convergence of coverage
- What are your insurance coverage options?
- Reading the fine print - What’s covered, what’s not?
- Quantitative foundations for managing cyber risk
- Cyber aggregate risk, silent cyber exposure, risk selection, reinsurance, catastrophic events
- Prioritizing execution plans, enabling risk management and quantification as variables for decision making
- Balancing compliance programs with day-to-day activity
- Role and insurance for privacy officers, Chief Information and Security Officers
- Trends in cyber insurance claims
- Breach preparedness – key factors insurers consider when underwriting cyber insurance
- The need for a comprehensive, well communicated incident-response plan
4:30 End of Day Two
|