May 17th -
Morning
8:30: Registration Begins (Coffee
& Breakfast served)
9:00
PIPEDA and Employee Privacy
Gerry Neary
Director General, Investigation and Inquiry & Chief
Privacy Officer
The Office of the Privacy Commissioner of Canada
This session has two main objectives:
- Where does the PIPEDA impact employee privacy in
provincially regulated organizations, and
- Employee privacy best practices from Federal Works.
Mr. Neary will discuss:
- PIPEDA jurisdictional considerations
- Overview of employee complaints
- Experiences working with Federal Works
- How the Commissioner's office deals with employee
complaint investigations
- How the Commissioner's office deals with whistleblowers
- How the Commissioners' offices works with provincial
privacy Commissioners
- Challenges reported by investigators
- Review main reasons employees complain
- Why it is important for organizations to take employee
inquires and complaints seriously
- Best practices for employee privacy policies and
education recommendations
9:45
Learning from a Federal Works Experiences with PIPEDA
Michelle Tanzos
HR and Privacy Coordinator
Bell Canada
Over three years ago, Bell updated their employee privacy
programs to comply with PIPEDA. In this session, Ms.
Tanzos will speak to both Bell's compliance efforts
and their experiences of being governed by PIPEDA for
over three years. She will discuss:
- Implementation compliant privacy programs
- Employee issues with implementation and training
- Working with Unions
- Dealing with employee access requests
- Dealing with employee complaints
- Where employee privacy has had the greatest impact
on HR policies and programs
- Dealing with the Commissioner's office
- How BC, Alberta and Quebec impacted some Bell divisions,
even though Bell is a Federal Works
- Recommendations and best practices for HR department
10:30
Break |
10:45
Employees Privacy in Alberta
Frank Work
Information and Privacy Commissioner of Alberta
Every employee in Alberta is protected by Alberta's
Personal Information Protection Act (PIPA).
This session will address employee privacy in Alberta.
Topics covered include:
- Differences between British Columbia's PIPA and
Alberta's PIPA
- Jurisdictional review - when does PIPA apply?
- Commissioner's powers
- Working with the Commissioner's Office including
investigations and reviews
- What happens when an employee complains?
- Defining what is reasonable
- Services from Commissioner's Office
- Experience gained in the last four months
- Substantially Similar impact on employee privacy
11:25
Quebec's Experience with Privacy Legislation: Lessons
Learned and Traps to Avoid
Louise Béchamp
Partner (Montreal)
Jeffrey Kaufman
Partner (Toronto)
Fasken Martineau DuMoulin LLP
Quebec's Act Respecting the Protection of Personal Information
in the Private Sector (PPIPS)
has been in place for over 10 years. This session will
give insight to employee privacy in Quebec and what
organizations have done to comply.
Topics include:
- Contrast and comparison between the requirements
of and experience under PPIPS and PIPEDA on consent,
collection, use and disclosure and other significant
employee privacy issues
- Jurisdictional issues - when does PIPEDA apply
and when does PPIPS apply?
- Noteworthy cases, emerging issues and new developments
on the Quebec privacy front
- Practical implication of the above for your privacy
policy, consent forms and business practices
Constitutional Challenge Update
Also covered will be a background and update on Quebec
Government's constitutional challenge against PIPEDA.
12:15
Networking Luncheon |
May 17th
- Afternoon
1:30
Employee Privacy in British Columbia
Mary Carlson
British Columbia's Information and Privacy Commissioner
Office of the Information and Privacy Commissioner
Every employee in British Columbia is protected by
BC's Personal Information Protection Act (PIPA).
In this session Ms. Carlson will speak to:
- Employee privacy components of PIPA
- Jurisdictional considerations in British Columbia
and the rest of Canada
- Employee privacy - What the issues are and their
importance
- Commissioner powers and what is different in British
Columbia
- Compliant investigations - how to prepare
- Access request and accounting for disclosures
- Best practices for complying with multiple employee
privacy regulations
- Experience gained in the last four months
- Services from Commissioner Office
2:15
How to comply with Canadian Employee Privacy
E. Michael Power
Partner and Privacy Officer
Gowling Lafleur Henderson LLP
Once employee privacy goals are determined and initial
privacy vulnerability detected, a privacy impact assessment
(PIA) can offer ongoing guidance each time a data collection
process is created or modified. This discussion will
highlight the advantages of PIA and how to incorporate
this valuable process into your privacy management program.
Also discussed:
- Using a PIA for in-depth assessment of relevant
privacy legislation, privacy implications of systems
design, and consumer privacy expectations
- Evaluating the use of collected information and
its intended and actual use
- Identifying key privacy considerations and creating
a PIA checklist
3:00
Break |
3:30
Risk Management and Corporate Governance
Robert G. Parker
Partner
Nick Galletto
Partner
Enterprise Risk Services
Deloitte and Touche
Employee privacy is a risk management issue and many
businesses are looking to the CA profession for solutions
that will help them manage privacy risks and deal with
corporate governance.
Mr. Parker will address:
- Understanding employee privacy risks
- Corporate governance
- Employee privacy audits
- Privacy and identity theft
4:15
What's Reasonable? Reviewing Commissioner's Decisions
Jonathan D. Cocker
Baker & McKenzie
Mr. Cocker will review several of the employee privacy
decisions from the Federal Privacy Commissioner's office.
He will review the case, discuss the circumstance, discuss
the Commissioner's decision, and provide a legal perspective.
He will look at decisions that involve:
- Grievance and arbitration processes
- Audio recording
- Use of SIN's
- Job interviews
- Investigations
- When privacy supersedes solicitor-client privileges
- Call display
- Information collection without consent
- Disclosure to government agencies
- Physicians disclosure for extended sick leave
- Security screening
- Video surveillance
- Performance evaluations
- Mandatory security procedures
- Employee training
Provincial Privacy Commissioners and provincial courts
look to federal decisions as a source of precedence.
This session will provide insight on the key decisions.
End of day one. See day two below. |
|
May 18th
- Morning
8:30: Coffee and Breakfast Services
9:00
Workplace Privacy: 1000 Employee Access Requests a Year
- Lessons Learned
Richard Sharp
Corporate Privacy Coordinator
Canada Post Corporation
In this session, Mr. Sharp will give practical
advice from the privacy office of an organization, which
has been dealing with privacy legislation for 20 years.
Learn:
- What measures you should implement to protect your
employee's personal information
- Issues and trends in employee access request and
complaints
- Dealing with privacy complaints in the workplace
- Privacy screening, hiring, testing and evaluation
- Balancing privacy compliance and workplace supervision
and monitoring
- The latest word on telephone, email, computer and
video surveillance of employees in the workplace and
what you can and can not do
- Employee health information and records - what
you can and cannot do
- The key role played by supervisors in protecting
employee privacy
- Privacy impact assessment and other compliance
tools
- Sample policies and best practices
- Lessons learned and tips from the Chief Privacy
Officer
9:45
Educating and Training Employees on Privacy Policies
and Procedures
Robin Gould-Soil
Chief Privacy Officer
TD Bank Financial Group
Sound privacy polices must be translated into enterprise-wide
behavior for your privacy program to move from paper
to real compliance. Hear from TD Bank's CPO about
training your frontline and back office employees
to think and act according to privacy legislation
and company policy and turn privacy compliance into
a dynamic and continuous process.
Topics include:
-
Ensuring sensitive customer information
is handled and managed properly
- Educating employees on their privacy rights and
corporate policies
-
Building a winning privacy team
for ongoing compliance
-
Creating a privacy culture and
minimizing risk of non-compliance
-
Engaging key business in your privacy
program
|
10:45
Employee Privacy: Special Considerations in the
Unionized Workplace
Tim Lawson
Partner
Adam Kardash
Partner
Heenan Blaikie LLP
Emerging privacy regulations could have a significant
impact on interactions between employers and unions.
This session will explore a number of questions, including:
-
How should an employer respond
to access requests from unions and bargaining unit
members?
-
Can a union challenge an employer'
personal information management practices?
-
How does privacy legislation affect
disclosure of documents in labour proceedings?
-
What impact might emerging privacy
legislation have on the arbitration process?
-
In what contexts have arbitrators
and labour tribunals been asked to consider privacy
legislation to date?
11:30
Surveillance & Monitoring: Employee Privacy Rights
in the Wired Workplace
Scott T. Williams
Partner
Hicks Morley Hamilton Stewart Storie LLP
Linking employers' rights with employees' rights under
the new privacy regulations have changed the landscape
in the workplace . Learn the new rules for dealing with
e-mail, telephone, computer and internet monitoring,
and video surveillance.
Mr. Williams will address:
- Who has access to company computers?
- Dealing with pornography on computers
- Wiretap lays and company policies
- Admissibility of evidence: recent court rulings
- Defining and communicating what constitutes appropriate
or inappropriate use so that employees understand
- Avoiding libel and slander lawsuits
- Claiming ownership of intellectual property
12:15:
Networking Lunch |
May 18th
- Afternoon
1:30
Accessing and Proper Handling of Employee Medical
Information
Curtis McDonnell
Partner
Fraser Milner Casgrain LLP
Employee privacy legislation in Canada impacts how organizations
deal with employee sensitive information. Specifically
impacted are new considerations when collecting, using
and disclosing employee medical information.
Topics covered include:
- Dealing with third-party insurance - who gets the
information?
- Does the union speak for all giving consent?
- When an employer shops around for benefit plans
- what information can they legally provide to a prospective
insurer?
- When choosing a new insurer - must consent to share
information be given again?
- Impact on in-house doctor or nurse and privacy
officer
2:15
Hallmarks of Legal and Effective Investigations
John Bruce
Partner
Hicks Morley Hamilton Stewart Stories LLB
New privacy legislation has impacted employee investigations.
Topics covered:
- Establishing permission bounds of workplace surveillance
- Off-duty conduct of employees - do you care?
- Can I secretly videotape my employees at their
home or in public?
- Do I tape record the investigation?
- Can I get employee DNA?
- Can I suppress the weak points of the investigation
from the other side?
3:00
Break |
3:30
Shared Experiences - Panel Discussion
Moderator: Linda Drysdale
PriceWaterhousCoopers
What are the most efficient approaches to updating
employee policies in light of the privacy legislative
requirements? What are the priorities? Where are the
hidden risks? What works and what does not?
Linda will lead a panel discussion that will answer
these questions and provide an opportunity for you
to discuss issues that affect your organization. This
best practices session will provide practical approaches
to employee privacy. The panel includes:
-
Carol Grapham - Employee Privacy Relatiohship
Officer - CP Rail
-
Gale Paul - Privacy Officer - Air Canada
-
Heather Innes, Chief Privacy Officer - General
Motors of Canada
4:15:
Crafting Privacy Policies to Avoid Employer Liability
David M. W. Young
Partner - Lang Michener LLP
Michael Deck - Director
PriceWaterhouseCoopers
In light of Canada's privacy regulations organizations
need to create or update employee privacy policies.
This session will help your organization with:
- Developing corporate privacy policies to comply
with the legislation
- Establishing privacy objectives
- Internal policies, procedures
- Adapting existing practices to comply with the
law
- Considerations for companies with multi-jurisdictional
entities
- Establishing a company-wide privacy organization
infrastructure
End of conference. See workshops below. |
Workshops |
May 19th:
Morning Workshop
9:00 - 12:30:
Learn How to Comply with Canadian Privacy
Acts
for Employee Privacy
|
Stuart Bailey
PrivaWorks Program Manager
Nymity Inc. |
Michael Jenkinson
Privacy Program Manager
Nymity Inc.
|
Terry McQuay
President
Nymity Inc.
|
On January 1st, British
Columbia and Alberta joined Quebec by introducing privacy
Acts that governs the use of employee personal information.
These Acts, combined with Canada's federal privacy Act,
PIPEDA, set the landscape for employee privacy in Canada.
These privacy Acts are written for customer privacy
and thus making it a challenge to understand the requirements
for employee privacy.
This workshop provides the knowledge and the tools to
allow you to update your employee policies and human
resources programs to be compliant with Canada's privacy
Acts. This workshop features:
Understanding Legislative Requirements for Employee
Privacy
This session provides the foundation to make your organization
employee policies and programs compliant. Learn:
- Jurisdictional impact of Canadian privacy sector
privacy Acts
- Legislative requirements for employee privacy
- Legislative impact on workplace privacy
- Legislative impact when dealing with Unions
- Legislative impact when outsourcing employee information
- Understand the Commissioner's powers
- Understand employee rights and how they will exercise
these rights
- Understanding key Commissioner's decisions
Learn how to Comply and Create Employee Privacy Policies
This session provides you the knowledge of how to comply
and maintain compliance. Learn:
- The compliance process and how to identify risks
- How to create questionnaires and conduct audits
- How to complete gap assessments
- How to create or update employee privacy policies
- Job description for the HR Privacy Manager
- Structuring an HR Privacy Office
- Managing access and change requests
- Managing complaints
- Working with the Commissioner Office(s)
- Demonstrating compliance
- Retention strategies
- Safeguard considerations
- When and how to conduct Privacy Impact Assessments
(PIA)
|
Electronic Compliance Tools & Templates
Workshop attendees receive a CD containing the following
compliance tools:
- Legislative "High Water Mark" for employee
privacy in Canada
- Compliance guidelines
- Compliance best practices
- Example employee privacy policy
- Example compliance questionnaire
Also included are the complete and detailed legislative
requirements for employee privacy as mandated by:
- British Columbia’s Personal Information Protection
Act (BC PIPA)
- Alberta’s Personal Information Protection
Act (AB PIPA)
- Quebec’s Act Respecting the Protection of
Personal Information in the Private Sector (PPIPS)
- Personal Information Protection and Electronic
Documents Act (PIPEDA)
|
|
May 19th:
Afternoon Workshop
1:30 - 5:00
Learn How to Create an Effective In-House
Privacy Training Program
|
Terry McQuay
President
Nymity Inc. |
Stuart Bailey
PrivaWorks Program Manager
Nymity Inc. |
Marisa Lauri
Training Manager
Nymity Inc. |
Why Train Employees Privacy?
Employees that are unaware of corporate privacy policies
and how they relate to their role make mistakes when
dealing with customers or when using customer information.
In addition, training employees is a legislative requirement.
Employee Mistakes are Costly!
Employee mistakes result in:
- Complaints to the Commissioner office(s)
- Time consuming access requests
- Privacy breaches and the resulting unwanted media
attention
- Loss of business
Training employees on privacy is a sound investment.
Privacy is an Operational Concern
Privacy is not restricted to the Privacy Office alone.
It’s an operational concern and it belongs on
the front lines where customer data is collected right
through to the back end IT solutions where the information
is stored.
Creating privacy policies is not enough. Education is
imperative.
Commissioner's Decisions
Decision after decision of the Privacy Commissioner
sites the need for employee training. Privacy policies
are not enough. For example, Case 176 states:
"The Commissioner deemed it abundantly evident
that the bank had failed to communicate to its staff,
through training or other means, the information necessary
for the effective and consistent implementation of his
recommended best practices regarding the tape recording
of customer telephone calls. He found therefore that
the bank was also in contravention of Principle 4.1.4."
He concluded that the complaint was well-founded.
|
"Most,
if not all organizations, need a multi-faceted education
strategy that is comprised of formal training, awareness-building
communications, and business practices that reinforce
learning and uphold privacy as a fundament goal"
Robin Gould-Soil
Corporate Privacy Officer
TD Financial Group
PrivaViews June 2003
Put Your Privacy Policy to Work
Implementing an effective training program is a challenge.
Employees do not need to be privacy experts, but they
do need to understand policy, learn to be sensitive
to customer privacy concerns, and apply privacy polices
in their role every day.
Learn how customer service staff can use privacy policies
to manage privacy inquires. Learn to empower your staff
to manage first level access requests when dealing with
customers. Move privacy to the front line.
Build Role Based Privacy Programs
Create a multidisciplinary privacy program. Learn to:
- Build awareness programs for all employees
- Create simple but effective training programs for
call centre personnel
- Train marketing program managers how to use and
disclose customer information
- Train Privacy Coordinators and HR Privacy Managers
- Use cost effective delivery methods such as train-the
-trainer and web-based e-Training.
- Implement employee audits to demonstrate compliance
- Integrate privacy training into standard HR programs
- Building education program for employee privacy
Build a Culture of Privacy
There are no short cuts. Building a culture of privacy
will take a long-term privacy program.
This workshop provides you with the knowledge to build
an effective privacy education program for your organization.
|
4
Easy Ways to Register
|
Call: Toronto 416.214.7838
or toll free 866.3.Nymity
Fax: First
Download PDF and then fax
to 416.369.0515
Mail: Nymity Inc.
1 Yonge St., Suite 1801
Toronto, Ontario Canada M5E 1W7
Employee Privacy Conference
$1,495.00 + GST(104.65) = $1,599.65
Morning Workshop
$450.00 + GST($31.50) = $481.50
Afternoon Workshop
$450.00 + GST($31.50) = $481.50
Payment must be received prior to conference.
Location: Metro Toronto Convention Centre
|
Program Materials
Conference participates will receive a comprehensive
set of conference materials prepared by the speakers
and Nymity. These materials are intended to provide
the participants with an excellent reference source
after the conference.
Nymity will be including complementary papers
on several speaker's topics.
Cancellation and Refund Policy
Please note that non-attendance at the conference
does not entitle the registrant to a refund. Substitutions
of participants is permissible with prior notification.
Registration fee includes
Conference sessions, lunches, breakfast, coffee
breaks and documentation. |
|
