Cybersecurity
and Data Privacy

A Breach Can End A Career And A Firm

November 6 Fairmont Royal York
Toronto

In-person & Webcast
(in-person registration is limited)

logo-sash-2017-1_3_orig.png
Proud Sponsor
CanadianCyberThreatExchange

Cybersecurity + Data Privacy

Mandatory Breach Notification is now in effect,
Are you ready?
To avoid fines and law suits.
Join us on November 6th

What the conference is about:

Mandatory Breach Notification obligations.Penalties for non-compliance.
Investigations & Enforcement
Incident response reporting requirements
Cyber Liability Insurance
Breach file disclosure to insurers.
Reporting data breaches to customers.

Who Should Attend:

Finance & Accounting management
Senior corporate and government executives
Corporate legal counsel
Internal and external auditors
Chief information security officers
Information technology management
Lawyers, Consultants and Advisors.

Conference Agenda

8:00 AM - Coffee

8:50 AM - Welcome + Introduction

9:00 AM - Setting the stage

Ira Nishisato, Partner, Borden Ladner Gervais, National Leader of BLG's Cybersecurity and Cyber-Risk Management Practice

Why this is important.
The businesses and activities most affected.
The rapidly changing environment and escalating risks.
Navigating the landmines.Progress to date.

9:15 AM - Implementing Cybersecurity and Data Privacy Practices

Steve Hawkins, Chief Information Security Officer &
SVP Information Security & Control, ScotiaBank

Breach Notification Requirements.
Best practices to ensure that your organization is protected and complying with current regulations. Lessons learned

9:55 AM - Significant Regulatory Developments

Brent Arnold, Partner, Gowlings
chris Oates, Partner, Gowlings
Breach Notification Requirements. PHIPA (Personal Health Information Protection Act).
Ontario Privacy Commission’s new notification requirements.
Draft regulations PIPEDA (Personal Information Protection and Electronic Documents Act).
Federal notification requirements.

10:35 AM - Break

10:50 AM - Breaches are certain, Impact is not

Kevvie Fowler, Partner and National Resilience Leader, Deloitte
It’s well understood that data breaches often result in devastating reputational, operational and financial impact.  The common understanding is that you can’t stop breaches, you can however ensure that your response is adequately prepared to manage them in a defensible manner to truly limit their impact.
The latest cyber attack methods and defensible breach response procedures to limit impact.
11:30 AM - The Role of the Office of the Privacy Commissioner of Canada in the New Breach Notification Requirement
Amanda Edmunds, Manager, PIPEDA Investigations, Office of the Privacy Commissioner of Canada
The Office of the Privacy Commissioner of Canada provides advice and information for individuals about protecting personal information. It also enforces two federal privacy laws that set out the rules for how federal government institutions and certain businesses must handle personal information.
New breach notification requirements.
Strategic privacy priorities.

 12:15 PM - Lunch

1:00 PM - The importance of Collaboration in Cybersecurity

Bob Gordon, Executive Director, Canadian Cyber Threat Exchange (CCTX)
The role of the Canadian Cyber Threat Exchange (CCTX) in Canada.

1:15 PM - Cyber Insurance

Matthew Davies, Vice President, Cyber Liability, Chubb Canada
What type of Cyber Insurance to buy. First party cost including downtime.
Third party liability to customers and employees.

1:45 PM - Survey of Recent Cases

Manish Khera, Associate Partner, Cyber Incident Response and Investigations Leader, Ernst & Young
Facebook & Cambridge Analytica, Ashley Madison, CompuFinder, University of Calgary.
Equifax, 9/17 “The largest breach in history” – data of 143m Americans compromised.
How these cases are affecting the current landscape.
M&A – A Special Case Study: This area has higher exposure than most. How to protect your firm.

2:30 PM - Break

2:45 PM - Role of the Cybersecurity Consultant

Claudiu Popa, CEO, Datarisk Canada & Informatica Security Corporation
Ed Dubrovsky, Managing Director, Cyber breach response, Cytelligence
Shelley Ma, Associate Director of Cyber Investigations, Kivu Consulting
Rob Brickman, Executive Advisor, The Poirier Group

Grant Geminiuc, Managing Director
R3P Consulting Limited

How the Cybersecurity consultant can engage before an issue arises.
Helping organizations put policies and practices in place to protect themselves.
What steps should be taken now in anticipation of new regulations.

3:30 PM - Round table discussions with the speakers on specific topics of interest

4:15 PM - Reports back from the round table discussions

4:45 PM - Cocktail Reception

Speakers

Steve Hawkins

Steve Hawkins is Scotiabank’s Chief Information Security Officer (CISO) and Senior Vice President, Information Security & Control (IS&C). He brings over 35 years of experience to these roles and leads a team of over 500 information security professionals that protect over $900 billion in assets, and information for 24 million customers across 50+ countries. Currently, he is delivering on Scotia’s transformation to a Digital Bank through key strategies aimed at keeping systems and consumers safe.

Steve majored in Finance graduating from McMaster University’s Commerce Program Summa Cum Laude and has also attended the Queen’s Executive Program.

SteveHawkins
Ira-Nishisato

Ira Nishisato

Ira Nishisato is a Litigation Partner based in Toronto and National Leader of BLG’s Cybersecurity and Cyber-Risk Management Practice.  A widely-recognized expert in civil litigation, Ira currently serves as Co-Chair of the Litigation Committee of the International Bar Association (IBA).

Ira’s practice focuses on complex commercial litigation, commercial fraud, intellectual property litigation, cybersecurity and information technology litigation.

He has litigated a diverse array of cases over his career, including cases involving computer and Internet law, cybersecurity and cybercrime including privacy, data protection and information security.

Amanda Edmunds

Manager, Breach Response and Complaint Intake, Personal Information Protection and Electronic Documents Act (PIPEDA),
Office of the Privacy Commissioner of Canada (OPC)

Since 2012, Amanda Edmunds has worked as a manager within the Compliance Sector at the Office of the Privacy Commissioner of Canada.  In this role she is responsible for the team reviewing data breach reports received by OPC from private sector organizations under the current voluntary regime.  She has also led a number of investigations with a focus on information security safeguards including the OPC’s investigation of the Ashley Madison data breach in 2016, and its current investigation of the Equifax data breach in 2017.

Prior to joining the OPC, Ms. Edmunds held a variety of positions within the Government of Canada, largely in the field of International Affairs. She holds a Bachelor’s degree in Economics and International Relations from the University of British Columbia.

AmandaEdmunds
KevvieFowler

Kevvie Fowler

Kevvie is a partner at Deliotte Consulting, and the National Resilience Practice Leader responsible for the strategy and delivery of Crisis Management, Cyber Response and Business Continuity services.

He has over 22 years of experience assisting organizations protect and ensure the availability of sensitive information as well as preparing for and recovering from disruptions and some of the industry’s most high-profile data breaches.

Kevvie has served as an expert witness and advisor in data breach cases and is well experienced helping organizations demonstrate cyber defensibility after an incident.

Mandatory Breach Notification Became Law November 1st.
Is your Organization Ready?
Click here to Learn More

Robert-Gordon

Robert Gordon

Bob is the Executive Director of the Canadian Cyber Threat Exchange (CCTX). The CCTX is Canada’s private sector organization for the sharing and analysis of cyber threat information, and enabling collaboration across all sectors. Most recently, Bob was a Director, Global Cyber Security at CGI. Prior to this, he enjoyed a long and successful career in the Federal Government, which included being the architect of Canada’s first Cyber Security Strategy.

Bob has also provided operational leadership in investigating and analyzing the full range of threats to the security of Canada, which included leading the CSIS Counter Terrorism program.

Matthew Davies

Matthew Davies is Vice-President and product manager for Professional, Media and Cyber Liability at Chubb Insurance Company of Canada.

Matthew is frequent speaker at insurance industry events across Canada and in the United States on topics concerning errors and omissions, media liability, social media; and cyber exposures.

He holds an industry designation of Fellow, Chartered Insurance Professional (FCIP) and a diploma in Risk Management (CRM).

MatthewDavies-Cybersecurity
BrentArnold

Brent Arnold

Brent heads Gowling’s Commercial Litigation Technology Sub-group. He also leads cybersecurity initiatives for the firm’s Financial Services Regulatory Group. His experience includes cyber breach coaching, cyber risk, consumer, implementation and other disputes for e-commerce vendors and software developers.

Brent appeared before the Supreme Court of Canada in support of the federal government’s constitutional reference regarding a Canadian Securities Act.

He co-authored the Advocate Society’s Paperless Trials Manual, is a frequent speaker on the topics of cybersecurity, courtroom innovation, and electronic trials, and writes a regular technology column for The Advocates’ Society’s Advocacy Matters publication.

Brent currently serves on the Cybersecurity and Data Privacy Committee of the U.S.-based DRI (Defence Research Institute).

Cybersecurity + Data Privacy

A Breach Can End A Career and a Firm

Chris Oates

Chris Oates is a Toronto-based Gowling WLG partner practising in the Advertising & Product Regulatory Group, with a particular focus on matters related to privacy and electronic commerce. His practice includes advising clients on privacy and consumer protection law, including drafting and reviewing privacy policies and advising on privacy in the context of financial institutions, social media, consumer marketing campaigns, electronic commerce and Canada’s anti-spam legislation (CASL).

In his privacy practice, Chris advises organizations on the collecting, use, and disclosure of consumer information, including credit reporting, risk management and behavioural advertising and tracking. His experience includes reviewing the adoption of new website analytics tools and tracking programs, and the attendant privacy obligations, as well as reviewing and revising data transfer and processing agreements.
Chris is the co-editor of the firm’s AdBytes advertising and marketing law newsletter. He is a frequent contributor to both AdBytes and the privacy alerts published by Gowling WLG’s Privacy & Data Protection Group. He also contributes to other publications on advertising and privacy law-related matters.

ChisOates
Shelley-Ma

Shelly Ma

Shelley Ma is an Associate Director of Cyber Investigations at Kivu Consulting in Toronto. She is an EnCE-certified digital forensic analyst and specializes in ransomware investigations, digital forensic investigations, and incident response.

Shelley joined Kivu in March 2016 and has since conducted and/or supervised over 200 cases, of which over 100 involved ransomware response. In addition to ransomware investigations, Shelley’s casework has included website breaches, network intrusions and data theft, intellectual property theft, employee misconduct, spoliation, malware infections and tax fraud.

Manish Khera

Manish Khera is an Associate Partner, Cyber Incident Response and Investigations Leader at Ernst & Young LLP’s Forensic Technology and Dispute Services practice. He leads Cyber Investigations and Computer Forensics for Canada.

Prior to joining the firm, he was the Vice President, Chief Information Security and Privacy Officer at Sentry Investments. Manish has also led the Merchant Compliance and Data Breach Investigation team for JP Morgan Chase globally, where he oversaw complex high-profile global cyber breaches of large merchant companies within the JPMC portfolio. Manish has led the IT Security program at the post-breach TJX Companies, and earlier in his career, was both a computer forensic and security assessment consultant conducting complex investigations and leading both full penetration tests and vulnerability assessments.

Manish-Khera
Ed-Dubrovsky

Ed Dubrovsky

Over the past 26 years, Ed Dubrovsky’s name has been synonymous with information security, Cyber breach response, risk management and cyber education.

As the managing director for Cyber breach response at Cytelligence, Mr. Dubrovsky is responsible for the business unit that helped hundreds of customers recover from cyber breaches. Mr. Dubrovsky’s passion is in evolving cyber resiliency by furthering education of clients about the topic of the evolving cybercrime economy and improving clients’ security posture in a strategic manner.

Grant Geminiuc

Grant Geminiuc is Managing Director of R3P Consulting founded in 2008. With most of the IT budget allocated to “Keep The Lights On”, Mr. Geminiuc brings a innovated approach to reduce IT operating expenses and increase return on IT capital investment programs. As an executive consultant, interim executive, instructor, speaker and author, he is a major change agent in enterprise IT infrastructure of Fortune500 companies.

He specializes in IT vendor management, sourcing advisory, program management, service management, risk/compliance management and the application of new technologies for competitive advantage. He has advised on some of the largest outsourcing deals in Canada, established several IT vendor management offices, acted as Interim CIO for Shoppers Drug Mart and has overseen 100+ consolidations and transitions. Mr. Geminiuc is on the executive training faculty of CORE – Center for Outsource Research & Education and has co-authored their outsourcing strategy course and transformation management course.

GrantGeminiuc
Claudiu-Popa

Claudiu Popa

Claudiu Popa, CISSP, CIPP, PMP, CISA, CRISC, is the CEO of Datarisk Canada and Informatica Security Corporation. He is a leading authority on risk management, personal information protection, data security strategy and author of four books including The Canadian Cyberfraud Handbook: A Professional Reference (Thomson Reuters) and Managing Personal Information: Insights on Corporate Risk and Opportunity for Privacy-Savvy Leaders (Thomson Reuters).

He is the co-founder of the KnowledgeFlow Foundation, a Canadian non-profit organization with the unique objective of bringing children, families and communities in touch with cybersafety techniques that provide lifelong protection from scams, privacy abuses, online victimization and cybercrime.

Rob Brickman

Rob Brickman, CPA, CA is President of Rob Brickman & Associates Ltd., a Toronto-based consultancy that makes organizations more effective, compliant, adaptive and profitable in managing their reliance on third parties. Rob’s passion is ensuring that there is structure, good governance and financial benefit whenever an organization entrusts processes, services and infrastructure to a third party. He is particularly concerned about the impact that managed security providers have on companies’ compliance and reporting efforts in cybersecurity, including Canada’s new Mandatory Breach Notification (MBN) requirements. In collaboration with The Poirier Group, Rob has recently developed a rapid MBN Readiness Assessment that quickly highlights gaps in organizations’ MBN posture.

Rob has over 30 years of leadership in business operations, controls and advisory services, including over two decades advising IBM’s largest clients. He has been recognized for his innovation, diplomacy and integrity in outsourcing governance, operational risk management, global service delivery, finance and IT controls. Most recently, Rob has helped one of Canada’s largest financial institutions to refine operational business controls and compliance in its Cloud environments.

Rob-Brickman-Headshot

Mandatory Breach Notification Became Law November 1st
Avoid fines and law suits

Click here

What’s Included

Conference fee includes conference information kit including speakers notes, lunch and cocktail reception.

Please note that conferences can count towards up to 9 of the 12 hours of mandatory CPD for Ontario lawyers.