Proud Sponsor

​Cybersecurity And Data Privacy
“A breach can end a career and a firm”
November 6, 2018
Metro Convention Centre

In-person & Webcast (in-person registration is limited)


New mandatory breach notification requirement effective November 1st.  Are you ready?

Avoid significant penalties for non compliance.

Globally, cyberattacks have increased 38 per cent since 2014, with the annual cost estimated at up to US$1 trillion. Cyber-risk ranks as the top economic peril among Canadian CEOs. The rapid pace of technological change requires companies to constantly improve their cybersecurity capabilities. (Globe & Mail, July 29, 2018)

Conference Agenda

8:00 am - Coffee


8:50 am - Welcome + Introduction


9:00 am - Setting the stage
Ira Nishisato, Partner, Borden Ladner Gervais, National Leader of BLG's Cybersecurity and Cyber-Risk Management Practice
Why this is important. The businesses and activities most affected. The rapidly changing
environment and escalating risks. Navigating the landmines. Progress to date.


9:45 am - Significant Regulatory Developments
Brent Arnold, Partner, Gowlings
Breach Notification Requirements. PHIPA (Personal Health Information Protection Act).
Ontario Privacy Commission’s new notification requirements.
Draft regulations PIPEDA (Personal Information Protection and Electronic Documents Act).
Federal notification requirements.


10:30am - Breaches are certain, Impact is not
Kevvie Fowler, Partner and National Resilience Leader, Deloitte
It’s well understood that data breaches often result in devastating reputational, operational and financial impact.  The common understanding is that you can’t stop breaches, you can however ensure that your response is adequately prepared to manage them in a defensible manner to truly limit their impact.  The latest cyber attack methods and defensible breach response procedures to limit impact.


11:15am - The Role of the Office of the Privacy Commissioner of Canada in the New Breach Notification Requirement
Amanda Edmunds, Manager, PIPEDA Investigations, Office of the Privacy Commissioner of Canada
The Office of the Privacy Commissioner of Canada provides advice and information for individuals about protecting personal information. It also enforces two federal privacy laws that set out the rules for how federal government institutions and certain businesses must handle personal information.  New breach notification requirements.  Strategic privacy priorities.


 12:00 pm - Lunch
1:00 pm - Cyber Insurance
Matthew Davies, Vice President, Cyber Liability, Chubb Canada
What type of Cyber Insurance to buy. First party cost including downtime.
Third party liability to customers and employees.


1:45 pm - Survey of Recent Cases
Manish Khera, Ernst & Young
- Facebook & Cambridge Analytica, Ashley Madison, CompuFinder, University of Calgary.
- Equifax, 9/17 “The largest breach in history” – data of 143m Americans compromised.
How these cases are affecting the current landscape.
M&A – A Special Case Study: This area has higher exposure than most. How to protect your firm.


2:30 pm - Break
2:45 pm - Role of the Cybersecurity Consultant
Panel including Mandiant, Cytelligence, Duff & Phelps, Herjavec
How the Cybersecurity consultant can engage before an issue arises.
Helping organizations put policies and practices in place to protect themselves.
What steps should be taken now in anticipation of new regulations.


3:30 pm - Next Steps
Ira Nishisato, Partner, Borden Ladner Gervais, National Leader of BLG's Cybersecurity and Cyber-Risk Management Practice
Actions that should be taken now to protect your organization.
Anticipated changes in the regulations. How our panel of experts can help.


4:15 pm - Round Table Discussion


4:45 pm - Cocktail Reception


Nishisato-Ira (2)

Ira Nishisato

Ira Nishisato is a Litigation Partner based in Toronto and National Leader of BLG’s Cybersecurity and Cyber-Risk Management Practice.  A widely-recognized expert in civil litigation, Ira currently serves as Co-Chair of the Litigation Committee of the International Bar Association (IBA).

Ira’s practice focuses on complex commercial litigation, commercial fraud, intellectual property litigation, cybersecurity and information technology litigation. 

He has litigated a diverse array of cases over his career, including cases involving computer and Internet law, cybersecurity and cybercrime including privacy, data protection and information security.

Kevvie Fowler

Kevvie is a partner at Deliotte Consulting, and the National Resilience Practice Leader responsible for the strategy and delivery of Crisis Management, Cyber Response and Business Continuity services. 

He has over 22 years of experience assisting organizations protect and ensure the availability of sensitive information as well as preparing for and recovering from disruptions and some of the industry’s most high-profile data breaches.

Kevvie has served as an expert witness and advisor in data breach cases and is well experienced helping organizations demonstrate cyber defensibility after an incident. 

2016-01 Davies Headshot

Matthew Davies

Matthew Davies is Vice-President and product manager for Professional, Media and Cyber Liability at Chubb Insurance Company of Canada. 

Matthew is frequent speaker at insurance industry events across Canada and in the United States on topics concerning errors and omissions, media liability, social media; and cyber exposures.

He holds an industry designation of Fellow, Chartered Insurance Professional (FCIP) and a diploma in Risk Management (CRM).

Ed Dubrovsky

Over the past 26 years, Ed Dubrovsky’s name has been synonymous with information security, Cyber breach response, risk management and cyber education.

As the managing director for Cyber breach response at Cytelligence, Mr. Dubrovsky is responsible for the business unit that helped hundreds of customers recover from cyber breaches. Mr. Dubrovsky’s passion is in evolving cyber resiliency by furthering education of clients about the topic of the evolving cybercrime economy and improving clients’ security posture in a strategic manner.


Manish Khera

Manish Khera is an Associate Partner in Ernst & Young LLP’s Forensic Technology and Dispute Services practice. He leads Cyber Investigations and Computer Forensics for Canada.

This group assists clients in responding to, investigating and remediating cyber and security incidents, as well as investigating and solving cybercrime with a focus on strategic consulting, identification, preservation, collection, extraction of electronic records in support of litigation and investigation.

Prior to joining the firm, he was the Vice President, Chief Information Security and Privacy Officer at Sentry Investments. Manish has also led the Merchant Compliance and Data Breach Investigation team for JP Morgan Chase globally, where he oversaw complex high-profile global cyber breaches of large merchant companies within the JPMC portfolio. Manish has led the IT Security program at the post-breach TJX Companies, and earlier in his career, was both a computer forensic and security assessment consultant conducting complex investigations and leading both full penetration tests and vulnerability assessments.

Manish has significant expertise in responding to all forms of computer crimes, attacks and abuses. He has led as well as supported complex cyber investigations involving corporate espionage, advanced computer intrusions, denial of service, insider attacks, malware outbreaks, internet fraud and theft of trade secrets.

Brent Arnold

Brent heads Gowling’s Commercial Litigation Technology Sub-group. He also leads cybersecurity initiatives for the firm’s Financial Services Regulatory Group.  His experience includes cyber breach coaching, cyber risk, consumer, implementation and other disputes for e-commerce vendors and software developers.

Brent appeared before the Supreme Court of Canada in support of the federal government’s constitutional reference regarding a Canadian Securities Act.

He co-authored the Advocate Society’s Paperless Trials Manual, is a frequent speaker on the topics of cybersecurity, courtroom innovation, and electronic trials, and writes a regular technology column for The Advocates’ Society’s Advocacy Matters publication.

Brent currently serves on the Cybersecurity and Data Privacy Committee of the U.S.-based DRI (Defence Research Institute).


Claudiu Popa

Claudiu Popa, CISSP, CIPP, PMP, CISA, CRISC, is a leading authority on risk management, personal information protection, data security strategy and author of four books including The Canadian Cyberfraud Handbook: A Professional Reference (Thomson Reuters) and Managing Personal Information: Insights on Corporate Risk and Opportunity for Privacy-Savvy Leaders (Thomson Reuters).

He is the co-founder of the KnowledgeFlow Foundation, a Canadian non-profit organization with the unique objective of bringing children, families and communities in touch with cybersafety techniques that provide lifelong protection from scams, privacy abuses, online victimization and cybercrime.

List of Conferences for Cybersecurity

EAI International Conference on Digital Forensics & Cyber Crime (ICDF2C)
September 10 - 12, 2018 | New Orleans, Louisiana

Vanguard Security & Compliance (VSC) Conference
September 10 - 13, 2018 | Fort Worth, Texas

Annual Chicago IIA/ISACA Cybersecurity and Hacking Conference
September 10 - 11, 2018 | Chicago, Illinois

CyberEvents Atlanta
September 11, 2018 | Atlanta, Georgia

Fraud & Breach Prevention Summit - Toronto
September 11 - 12, 2018 | Toronto, Canada

Bank Security Conference
September 12 - 13, 2018 | Philadelphia, Pennsylvania

What’s Included

Conference fee includes conference information kit including speakers notes, lunch and cocktail reception.

Please note that conferences can count towards up to 9 of the 12 hours of mandatory CPD for Ontario lawyers.