The International Association of Privacy Professionals (IAPP) will be offering privacy certification examinations in advance of the Reboot conference on February 2, 2008. Candidates have the option to take the Certification Foundation exam (required for all first-time candidates seeking any of our certifications) and one module exam of their choice: CIPP, CIPP/G, CIPP/C or CIPP/IT.

The Certified Information Privacy Professional/Canada (CIPP/C) launched in 2006 as the IAPP's first national data protection certification. The CIPP/C certification assesses understanding and application of Canadian information privacy laws, principles and practices at the federal, provincial and territorial levels. For more information about the CIPP/C and the IAPP's other certification programs, as well as course outlines and training materials, please visit the "Certify" section of the IAPP Web site at www.privacyassociation.org.

To register for the exam, visit the IAPP Community Portal https://community.privacyassociation.org/eWeb/
DynamicPage.aspx?WebCode=LoginRequired&Site=iapp. IAPP membership is a requirement for certification; you must be an IAPP member in order to register for any of the exams.

The Executive Women's Forum (EWF--Western Region) invites you to their meeting to be held in conjunction with the Government of British Columbia's 10th annual Privacy and Security Conference. Please join members of the EWF on February 2nd at 8:30 a.m. in the Sidney room for networking opportunities and to learn more about the Executive Women's Forum.

Founded in 2002, The Executive Women's Forum is a community of the nation's most influential female executives in the Information Security, Privacy and Risk Management industries. The EWF provides a trusted community for discussing best practices, sharing ideas, and building relationships for like minded women in the fields of information security, risk management, privacy, governance, information technology, compliance and IT audit.

The EWF community is a global network of intelligent, powerful and influential women who have "been there and done that" and are willing to share their challenges and successes to empower other members to achieve excellence in their careers and their organizations. Members represent Fortune 100 to 1000 companies and provide critical and relevant knowledge on issues that impact every organization.

The Executive Women's Forum is committed to helping you grow and strengthen your business and personal networks. EWF gives you the opportunity to develop relationships across the globe and across industries as well as government and educational institutions. The strength of this diverse group of experts allows you to bring more value to the table both within and outside of your company.

A. Privacy and Access Workshop
A thorough understanding of the Freedom of Information and Protection of Privacy Act is essential for the proper administration of FOIPP Act programs. This full day workshop is designed to give general practitioners involved in administering the FOIPP Act a deeper understanding of the legislation that governs their programs. The workshop will cover the FOIPP Act's requirements for protecting personal information, including collection, use, disclosure, accuracy, and disposition of personal information, and the FOIPP Act's requirements governing the right of access, including how to properly apply exceptions to disclosure through severing. Attendees can expect to leave this workshop with a better understanding of the underlying principles of transparency and privacy and how to properly balance these fundamental concepts".

Presenters:

• Jeannette Van Den Bulk, Senior Legislative Policy Analyst, LCS
• Jason Eamer-Goult, Senior Manager, Knowledge and Information Services, LCS
• Joanne Gardiner, Senior Legislative Policy Analyst, LCS
• Kash Basi, Senior Legislative Policy Analyst, LCS

A(1). Sun Microsystems Workshop

OpenSSO Federation Lab

OpenSSO (http://www.opensso.org) provides access management by allowing the implementation of authentication, policy-based authorization, federation, SSO, and web services security from a single, unified framework. The core application is delivered as a simple web archive (WAR) that can be easily deployed in a supported web container.

In this hands on lab, you will learn how to install and configure OpenSSO and create your first "Fedlet". A Fedlet is a streamlined Service Provider implementation of SAMLv2 single sign-on (SSO) protocols. Fedlets are designed as a light weight federation solution used by Service Providers when a full-featured federation solution is not required, and when the primary goals are to achieve single sign-on with an Identity Provider while also retrieving some user attributes from the Identity Provider.

Participants are asked to bring their own laptops. At the conclusion of the lab, you will have a complete OpenSSO environment running on your laptop inside a VirtualBox (http://www.virtualbox.org) image.

The lab requirements are as follows:

• Laptop running Windows (XP, Vista), Linux or Mac OS X (intel)
• 2 GB of RAM (minimum)
• 5 GB of available disk space
• 1.8 GHz or faster Intel/AMD cpu (dual core preferred)

Lab Modules:

• Module 1: Installation and Configuration of VirtualBox
• Module 2: OpenSSO installation and configuration - overview
• Module 3: Fedlets
• Module 4 (time permitting): SAML federation. Join two instances of OpenSSO together in a SAML federation.

Presenters:

• Paul Bryan, Senior Software Engineer, OpenSSO Project, Sun Microsystems
• Warren Strange, Senior Software Architect, Sun Microsystems

If you have any questions regarding the lab or laptop requirements please contact Warren.Strange@Sun.com. If you wish to participate but do not have a laptop please let us know. We will have a limited number of workstations available. Space in the lab is limited - please register early.

B. Security Workshop: Social Escapes - Where do your kids webscape to?
The web today offers our children endless opportunities for virtual social contact, keeping kids tied to their keyboards, game consoles and other electronic devices, rather than their park playground. Unfortunately, the web playground is populated with unsavoury characters and other threats that can have significant negative impacts which far exceed the dangers of the park playground. In this workshop, we will explore the social networking opportunities that exist and discuss the pros and cons involved as they relate to the iGeneration. From YouTube to Facebook to chat rooms, this workshop promises to invoke some exciting discussions and reveal information which will enlighten and guide both children and parents.

C. Adobe Workshop
At times it seems that the objectives around securing and collaboration information are diametrically opposed. Government agencies are challenged with the need to greater collaborate, while at the same time meeting requirements around the security and privacy of information. This session will explore the conflicting challenges agencies are facing and discuss whether it is possible for customers to achieve both.

D. Oracle Workshop
Presenter: Derick Cassidy - CISSP-ISSAP, Master Principal Solution Specialist, Oracle

In an effort to assist the Departments in tackling major security initiatives such as the protection of Personally Identifiable Information (PII) data, Oracle will be hosting a free Maximum Security Architecture Workshop. Please take this opportunity to learn how you can meet security mandates using Oracle's out-of-box security solutions.

Topics to be discussed will include:

• Comprehensive Data Protection
• Comprehensive Identity & Access Management
• Comprehensive Controls Enforcement

E. The MITRE Corporation with the Information and Privacy Commissioner's Office of Ontario
Presenters: Presenters: A panel of experts will discuss the concept of enterprise privacy enhancing technologies (E-PETs) from public and private sector perspectives.

This session is intended to explore the area of ePETs, which are aimed at supporting privacy within large organizations that must appropriately handle and safeguard large amounts of personally identifiable information (PII) throughout the information life cycle. The dominant focus of traditional PET research and development has been tools to enable data subjects to protect their personal privacy, typically by preventing the collection of PII. There is a growing need, though, for tools that can help data stewards responsibly manage the PII in their possession in accordance with Fair Information Practices.

F. Accenture Workshop
Presenter: Eric Ashdown, Senior Director, Accenture Security Strategy and Risk Management Group

Security in the Mist: Dispelling the Fog around Cloud
Computing in the Cloud is something many organizations are intrigued by, but few know how to determine if it's the right solution for their enterprise. While it offers some compelling economics, it can also expose the organization to more risk. Questions about privacy, compliance and accountability are just some of the topics within the risk ecosystem that need to be considered and addressed when choosing a Cloud vendor. Whether or not you decide to utilize cloud computing, it is highly likely that many of your customers, supply chain providers and partners will. The risk will need to be accounted for and managed even if you do not use this resource directly.

Workshop participants will walk away from this session with a working knowledge of Cloud, its impact on Security and pragmatic tools to both assess the service itself and choose the right solution for your organization. You'll also understand how to manage your extended network of partners and stakeholders who may already be in cloud. Participants will use a case study to examine the risks and rewards of Cloud, and will have an opportunity to share and learn from one another in an open discussion.

When Dr. Ann Cavoukian first coined the term "Privacy by Design" in the 1990s, she envisioned that technology could be enlisted in the protection of privacy, not only its encroachment. She believed that privacy was far more likely to be protected if it was embedded into technology - built directly into its architecture. Dr. Cavoukian is now extending Privacy-Enhancing Technologies (PETs) to "PETS Plus" by combining it with a positive-sum (not zero-sum) paradigm, enabling both privacy and whatever functionality a technology was designed to perform. Hear Dr. Cavoukian explain how PETs Plus can actually be transformative in nature - transforming your privacy problems into privacy solutions.

1. Stewart Baker, Assistant Secretary for Policy, Department of Homeland Security
2. Dr. Walid Hejazi, Professor of Business Economics, Rotman School of Management, and Alan Lefort, Director, Product Management TELUS Security Solutions, 2008 Rotman-TELUS Joint Study on Canadian IT Security Practices-the first annual study of the state of IT Security in Canada, across industries, provinces and businesses of all sizes.

Panel A: Cloud Computing - Privacy and Security, is there a Silver Lining?

Cloud computing is shifting tasks - and the handling of personal information - away from our personal computers and onto the Internet. From word processing and spreadsheets, to photos and image editing, to our communications, large scale data storage, and entire operating systems - these services are increasingly available anytime, anywhere. But are individuals paying for greater access and convenience with their privacy?

Once this information is located in one or more databases out there "in the clouds", it may be accessed and used in ways that individuals never envisioned or intended, and with little oversight. Governments can dip into this treasure trove with a subpoena; companies can mine this information to build profiles, deliver targeted advertising, and share with others. And with the lengthy data retention periods and ineffective deletion procedures of many companies, users may find it very difficult to remove their data once it is uploaded. This session will explore the opportunities and risks posed by personal computing in the clouds.

Moderator: Ann Cavoukian, Ph.D., Information and Privacy Commissioner for Ontario, Author of "The Privacy Payoff"
Speakers:

1. Nicole A. Ozer, ACLU of Northern California
2. Joseph H. Alhadeff, Vice President for Global Public Policy and Chief Privacy Officer, Oracle
3. Anthony Nadalin, IBM Canada

Panel B: Deep Packet Inspection - Under the Magnifying Glass

Deep Packet Inspection, or DPI, is a next-generation technology that is capable of inspecting every byte of every packet that passes through the DPI device - packet headers, types of applications, and actual packet content. As a technological solution, DPI is a fundamental tool for network managers - it enables network security and network access control. It also offers a possible tool for authorities or organizations that wish to monitor or restrict particular traffic or content, enabling as it does lawful access compliance, quality of service and DRM enforcement.

If we expand our perspective to incorporate the challenges posed by the renewed copyright legislation, lawful access, behavioral targeting, traffic shaping and the monitoring of civilian communications under the auspices of the national security imperative, then DPI is a technology that can fundamentally alter how Canadians are able to access and profit from information available online. This session will examine some of the fundamental issues raised by the use of DPI technology, including those of accountability, transparency, and democratic control and oversight.

Moderator: Bruce Phillips*, Former Privacy Commissioner of Canada
Speakers:

1. Steven Johnson, Privacy Commissioner's Office
2. Suzanne Morin, Bell Regulatory Affairs
3. Sponsor

Panel C: Fusion Centres - What Happens When it All Comes Together?

Fusion centers are a rapidly emerging public-private Information Sharing Environment being built to help manage critical infrastructure and terrorism risks, but privacy policies and controls need attention. These centres are bringing together information and intelligence from public, classified and sensitive but unclassified sources.

This session will provide an overview of how the various pieces of this growing information sharing fabric fit together, describe privacy issues associated with this growing information sharing model, and discuss mechanisms used (or in some cases badly needed) by government and industry to identify and manage the privacy risks associated with the use of personal information for critical infrastructure protection.

Moderator: John Sabo, CISSP, Director, Global Government Relations, CA
Speakers:

1. Deputy Directeur General Steven Chabot, President, Canadian Association of Chiefs of Police
2. Priscilla Regan*, Professor, Department of Public and International Affairs, George Mason University
3. Greg Gardner, Vice President, Public Sector Strategy and Business, Oracle

Luncheon Address: Peter Evans, CTO, IBM Internet Security Systems (Crystal Ballroom)

1. Sun Microsystems (Colwood I&II)
2. Symantec - PCI and Compliance (Saanich I&II)
3. TELUS (Oak Bay)
4. EDS (Esquimalt)
5. CA (Salon C)
6. RIM (View Royal)
7. IBM (Theatre)
8. PricewaterhouseCoopers - Hein Gerber, Director - IT Advisory Services, PricewaterhouseCoopers LLP(Sydney)

Panel A: The Chief Privacy Officer: High Expectations and Realities
The appointment of a Chief Privacy Officer, with appropriate support and resources, is widely perceived as an essential tool of privacy risk management for public and private sector organizations in North America. While there are major success stories to date, there are also serious issues of lack of resourcing, inadequate reporting relationships in the hierarchy of any organization, cooptation, and incompetence.

This interactive panel will consist entirely of questions and answers among the panelists about their own experiences as CPOs or with CPOs, with pointed interventions from the floor by a group of Chief Privacy Officers, past and present, who will be in attendance in the front row.

Moderator: David Flaherty, Information Policy Consultant & Principal, David H. Flaherty Inc
Speakers:

1. Dr. Alan Westin, Professor Emeritus, Columbia University, President, Privacy and American Business
2. Richard Purcell, CEO Corporate Privacy Group
3. Michelle Fineran Dennedy, Chief Data Strategy and Privacy Officer, Sun Microsystems
4. Peter Reid, Chief Privacy Officer, EDS
5. Mimi Lepage, Chief Privacy Officer and General Counsel, CIHI

Panel B: TBC

Panel C: Web 2.0/3.0 - The Pros and Cons of the New Network

Web 2.0 has blurred the line between producers and consumers of content and has helped to increase the active participation of many users by transforming the web into a massive collaboration space. The emergence of cloud computing is changing the paradigm between the personal computer and the Web, with the PC or PDA becoming an appliance that accesses virtual applications and data located anywhere on the Web. While Web 2.0 is still evolving, Web 3.0 is appearing bringing with it technologies that have the power to significantly change the way the Internet is used. This new "semantic web" is based on a cognitive decision-making process that emulates they way human beings think and will be able to combine data from multiple sources, adding broader meaning and creating a "net new" knowledge.

These new technologies will bring the potential to significantly and radically improve the capability to deliver services in the enterprise and public sector. With this kind of paradigm shift come greater security and privacy challenges. Data sharing, and the trust that enables it, will become dynamic and the parties involved may not necessarily be known to each other; their data sharing and privacy policies may be different, sometimes even contradicting. This session will explore how we will deal with the challenges of this emerging technology as we strive to take advantage of its capabilities.

Moderator: Drew McArthur, Privacy and Compliance Consultant, The McArthur Consulting Group
Speakers:

1. Avner Levin, Ted Rogers School of Management
2. Ratko Spasojevic, TELUS
3. Danielle Citron, UMBC
4. Carole Nap, President, TradeStrat Inc

PriceWaterhouseCoopers - Speaker TBC

Peter Swire*, Professor of Law University of Ohio, former CPO Advisor to President Clinton

1. Winn Schwartau, President, Interpact, Inc., Author of "Information Warfare", "CyberShock", "Time Based Security" and "Internet and Computer Ethics for Kids".
2. Chris Hoofnagle, UC Berkley, Samuelson Law, Technology & Public Policy Clinic, Berkley Center for Law & Technology

Panel A: CIO Panel Session - Identity Management - What's broken in the online world?
While the real world uses and depends on defacto universal identity documents like drivers license and passport, the online world, whether at work or at home, continues with local solutions for identity management. What we take for granted regarding how we use our identities in the real world, like buying wine at the corner store or opening an account at a bank, has no similar capability on the Internet. The panel will discuss limitations of local approaches to identity management and potential solutions and improvements in security and privacy that might be achieved in an online world.

Moderator: Dave Nikolejsin, CIO Province of British Columbia
Speakers:

1. Gerry Matte, CIO, Saanich Municipality
2. Michel Rosciszewski*, Directeur, Direction des politiques, Ministère des Services gouvernementaux, Quebec
3. Dave Hanson, Corporate Senior Vice President & General Manager, CA Security Management Group

Panel B: Laptops Blackberries & Borders
Heightened security concerns at airports worldwide, has led to increased focus on the data contained on laptop computers and other electronic devices. This puts at risk organizations' goals of securing data, which includes confidential and personal information. What can organizations do? This session will explore the reasons behinds these searches, and a combination of strategies and tactics that organizations can take to reduce the potential for data loss.

Moderator: Lyn Rahilly, Privacy Officer at U.S Immigration and Customs
Speakers:

1. Constantine Karbaliotis, Information Privacy Lead, Symantec Corporation
2. Peter Swire, Professor of Law University of Ohio (former President Clinton's CPO Advisor)
3. Michael Brown, Director of Product Management, BlackBerry Security, RIM
4. Websense - Speaker TBC

Panel C: Data Leakage - Causes, Costs and Avoiding Catastrophes
Although companies are responding to data breaches more effectively, consumers seem to be less forgiving when their personal information is compromised. The bigger problem, however, remains the persistent underlying issue of data security. The easiest way for companies to avoid the costs associated with a data breach is to avoid a breach in the first place; however, incidents of data loss or leakage seem to be on the rise, as are the costs associated with such incidents. This session will present common data loss and leakage scenarios, explore the underlying causes of these incidents, review the costs associated with such data loss and leakage, and compare and contrast some of the solutions currently being used to address the problem.

Moderator: Frank Work, Privacy Commissioner of Alberta
Speakers:

1. Dr. Victoria Lemeiux, University of British Columbia
2. Dean Turner, Director, Symantec Global Intelligence Network, Symantec Corporation
3. Eric T. Ashdown, Senior Executive, Accenture Global Security Strategy & Risk Management

Luncheon Address: Joseph H. Alhadeff, Vice President for Global Public Policy and Chief Privacy Officer, Oracle (Crystal Ballroom)

1. Adobe (Esquimalt)
2. Oracle (Theatre)
3. Accenture (Saanich)
4. Bell (Colwood I&II)
5. Sierra (Sidney)
6. Microsoft (Oak Bay)
7. PCIS (View Royal)

Panel A: Privacy and the 2010 Olympics

In February 2010, Canada will host the Winter Olympic Games in Vancouver, British Columbia. These Games constitute a unique event from a privacy perspective, in that they serve to focus our attention on the range of technological and institutional pressures that come together at this one time, producing extraordinary security challenges but also significant pressures on personal privacy and other civil liberties. This panel will bring together experts from academia, civil society, and government to discuss the privacy and security implications associated with hosting the Vancouver 2010 Winter Olympic Games. What security measures are being contemplated for the Games? What is their likely impact on privacy? To what extent have government officials involved in 2010 security taken privacy protection into account? What will be the legacy of the new security and surveillance apparatus being deployed as a result of the Games - in Canada, and locally in Vancouver and Whistler - on the privacy rights of citizens?

Moderator: Chantal Bernier, Assistant Privacy Commissioner (Privacy Act), Office of the Privacy Commissioner of Canada
Speakers:

1. Professor Colin Bennett, Department of Political Science, University of Victoria
2. Michael Vonn, Policy Director, British Columbia Civil Liberties Association
3. David Loukidelis, Information and Privacy Commissioner for British Columbia

Panel B: Network Forensics - Who is Watching You?
Technology in the workplace can be both a blessing and a curse. This topic will explore some of the key challenges facing employers as they address new technologies in the workplace and the use, or misuse, of these technologies by their employees. When a security or privacy breach has occurred, investigators with specialized knowledge and skills are needed. Find out how forensic investigators secure critical digital evidence that may provide the only clues to identify the perpetrators and the methods used. Special measures should be taken when conducting a forensic investigation if the information might become evidence in a court of law. Forensic investigators must ensure that the evidence has been accurately collected and that there is a clear chain of custody from the scene of the crime to the investigator, and ultimately to the court if need be.

Moderator: Winn Schwartau, President, Interpact, Inc., Author of "Information Warfare", "CyberShock", "Time Based Security" and "Internet and Computer Ethics for Kids".
Speakers:

1. Richard DeBrune, Grant Thornton
2. Francis Graf, Founder, Forensic Data Recovery (FDR)
3. Michael Legary, Founder, Seccuris

Panel C: Cell Phone and PDA Security - A Wake Up Call
Each past year malware and other threats to cell phones and PDAs have turned out to be only a minor concern. However, malware continues to grow steadily and recent trends indicate that a tipping point is approaching that will raise the stakes for protecting these devices. Organizations, if not already doing so, need to begin to turn their attention to the security of cell phones and PDAs. This session will provide provide an overview of the growing security threats and steps that organizations can take to make informed information technology security decisions.

Moderator: Michael Brown, Director of Product Management, BlackBerry Security, RIM
Speakers:

1. Wayne Jansen, Computer Scientist, National Institute of Standards and Technology
2. Bell - speaker TBA

In the United States major software companies have created online services that enable individuals to post and manage their own health records. Can these companies protect personal health records, avoiding the recent plague of data breaches and losses? Will advertising and health partnerships lower the promised privacy protections? And should individuals really be in control of their own health data - could secrets and out-of-date information cause more harm than good?

In Canada, federal and provincial governments are working to establish electronic health records. What is the difference between the two models and why does it matter to you?

Listen and respond to the latest developments in this important field from the largest and most influential businesses in Web 2.0 services as they explain their online applications, back-end systems, and business models for Personal Health Records management.

Hosted by Richard Purcell, CEO Corporate Privacy Group

• George Scriban, Health Solutions Group, Microsoft Corporation
• David Hoffman, Intel/Walmart
• Dr. Alan Westin, Professor Emeritus, Columbia University, President, Privacy Consulting Group
• Maya A. Bernstein, Senior Advisor, Privacy Policy, U.S. Dept of Health and Human Services
• Trevor Hodge*, Canada Health Infoway
• Lorrainne Dixon, Sun Microsystems