RECAP: Smart Technology Privacy Summit

RIGHTFUL ACCESS: PRIVACY, TRUST & REWARD

Recap: Smart Technology Privacy Summit (#STPS)

15 Expert Speakers, 95 Organizations & More!

Hosted by Feroot and the Privacy & Access Council of Canada the goal of this Summit was to discuss the impact of Smart Technologies on privacy and access to information obligations under Canadian Law and the GDPR.

Speakers included the creator of Privacy by Design, Dr. Ann Cavoukian, world- renowned legal advisors, Adam Kardash, & John Beardwood, privacy advocates, government, city privacy experts and many more. Below are their presentations, key takeaways and audio recordings of the panel discussions.

Enjoy the Summit Recap and please reach out to lori.smith@feroot.com if you have any questions!

Download PDF

Table of Contents

Dr. Ann Cavoukian: Opening Keynote


Privacy, Facial Recognition & Intelligent Technologies: Preparing for the Unintended Consequences

Ann Cavoukian Presenation

Key Takeaways: Dr. Ann Cavoukian

Privacy doesn’t mean secrecy, it means control of your data. Privacy should be proactively embedded into design, baked into code, into data architecture. Devote a little more time upfront to embedding privacy and gain a competitive advantage. You're going to be offering a lot more than the minimum regulatory compliance requirements.

  • Make privacy the default. Users don't have to ask for privacy, you give it automatically
  • Privacy is a win-win model
  • Make privacy a positive: invest upfront because you get multiple gains
  • Embedding privacy by design helps achieve essential equivalence with the GDPR

Presentation Slides: Dr. Ann Cavoukian

 

Link to Download Slides:

https://www.slideshare.net/FerootPrivacy/privacy-facial-recognition-intelligent-technologies-preparing-for-the-unintended-consequences-118029522/FerootPrivacy/privacy-facial-recognition-intelligent-technologies-preparing-for-the-unintended-consequences-1

Audio Recording of Smart Cities Panel

Link to Audio Recording of Dr. Ann Cavoukian 

https://soundcloud.com/feroot-privacy/dr-ann-cavoukian-privacy-facial-recognition-intelligent-technologies-unintended-consequences

Panel 1 — Smart Cities: Personal Data, Trust, and Technology


Smart Cities Panel

Moderator: Bianca Wylie, Founder of Open Data Institute 

Panelists (from left to right): Dr. Ann Cavoukian, Privacy by Design Centre of Excellence; Jenny Tremblay, Director General, Smart Cities Challenge, Infrastructure Canada; Eric Lawton — I&T Division, Risk Management, Cyber Security & Compliance (RMCS&C), City of Toronto; Greg Wolfond, CEO of SecureKey

Key Takeaways: Smart Cities Panel

Organizations use a lot of third parties who collect information on their behalf because organizations don't have the resources to do everything. So it's important to maintain control over that information. While data may be in custody of a third-party for a period of time you always should retain control over that data. Look at what information should be storing in a public cloud or versus of private cloud. Put privacy and security requirements in place. Put terms and conditions on privacy and security requirements into agreements. So that you have those contractual controls with the service providers that meet your requirements.

  • Resident engagement: it's not just a nice to have, it's a must-have
  • Private sector partners should respect privacy laws and respect privacy rights
  • We want to create a Smart City of privacy to distinguish us from the Smart Cities of surveillance
  • People in a country legitimize the government and we need to remember that inaction leads to the legitimacy of something that is not what you like

Audio Recording of Smart Cities Panel

Link to Audio Recording of Smart Cities Panel

https://soundcloud.com/feroot-privacy/panel-1-smart-cities-personal-data-trust-and-technology

John Beardwood: Fiduciary Duties


Fiduciary Finesse: Function or Flail — How New Laws, Scrutiny and Expectations Have Raised the Stakes for Officers and Directors

John Beardwood Fid_cropped

Key Takeaways: John Beardwood on Fiduciary Duties

Top five reasons why boards of directors should care about privacy and security measures:

  1. Avoiding harm to the shareholder value
  2. Privacy regulators require It
  3. CSA MS Notice 51-347 disclosure of cyber security risks & incidents: security regulators require
  4. Risk of derivative actions: self-preservation requires It
  5. In United States derivative actions were brought not just against the corporation in the case of a privacy breach, but also against the board the directors themselves

Presentation: John Beardwood on Fiduciary Duties

Link to Download Slides

https://www.slideshare.net/FerootPrivacy/fiduciary-finesse-cybersecurity-why-boards-of-directors-need-to-care-about-is-governance-118034959

Audio Recording of John Beardwood on Fiduciary Duties

Link to Download Audio Recording for John Beardwood

https://soundcloud.com/feroot-privacy/john-beardwood-on-fiduciary-duties-for-privacy-officers-and-directors

John Beardwood Part 2: The Connected Car


The Connected Car: Understanding the Legal Framework 

John Beardwood CCar_Cropped

Key Takeaways: John Beardwood, the Connected Car

There's an unspoken assumption that all the data which is collected by connected cars is personal information. That's not the case. And there's another unspoken assumption that even if it is collected, that it would be governed by privacy legislation. That's also not the case. There are 3 key privacy definitions that need to be examined in the context of connected cars and IoT.

These are:

  1. To what extent is the info collected by IoT Personal Information (PI)?
  2. To what extent is the PI collected, used or disclosed by a party other than the subject individual?
  3. To the extent that privacy laws do apply, what consent should be obtained — and how? 

Base definition of personal information: information about an identifiable individual

  • Information that relates to an object or property does not become information “about” an individual, just because some individual may own or use that property. (Alberta Court of Appeal 2011)
  • Information about an Object is PI because info associated with objects – like VINs – when there is a serious possibility it could be used in with other information to identify an individual (Alberta IPC 2012)
  • Information which is identifiable and being used for a purpose relating to that individual, is PI. BC IPC (2012) *NOT consistent across jurisdictions

Presentation: the Connected Car

Link to Download Presentation

https://www.slideshare.net/FerootPrivacy/the-connected-car-understanding-the-legal-framework

Audio Recording of The Connected Car: Understanding the Legal Framework

Link to Audio Recording of John Beardwood on the Connected Car

https://soundcloud.com/feroot-privacy/the-connected-car-understanding-the-legal-framework-connected-car

Panel 2: Driving Change for Access to Information from Intelligent Vehicles


Intelligent Vehicles Panel

Panelists from Left to Right: Sharon Polsky MAPP, President, Privacy & Access Council of Canada, Jay Fallah, Co-founder & CTO at NXM Labs; Greg Scott, Executive Director of the Global Alliance for Vehicle Data Access (GAVDA); Noemi Chanda, Manager, Data Protection and Privacy at Deloitte & Rajen Akalu Ph.D., Assistant Professor at the University of Ontario Institute of Technology.

Key Takeaways: Intelligent Vehicles Panel

Connected vehicles are a game-changing technology with respect to legislation and regulation. Currently, there isn’t a data mechanism for companies to work together and it’s a highly fractured system. For instance, some government departments are responsible for safety, another department is responsible for consumer rights. Existing regulatory constructs are woefully inadequate and there is still a lot of ambiguity about what is considered “identifiable data”. It’s a matter of catching up to the technology, clarifying what is meant by “identifiable data” and finding new, innovative ways of working together and building a coordinated transportation system that is inclusive and equitable for everyone.

  • You have to standardize the system at some level. At some point, consumers will have to opt in or not
  • We need to make a better connection between privacy + transportation systems
  • A public-private partnership is a potentially effective way of managing these issues and making it more systematic
  • We need robust protection and competition, or else consumer protection will suffer
  • Future autonomous connected car systems need to be wary of potential discriminatory practices, in order to serve the public good

Audio Recording: Intelligent Vehicles Panel

Link to Audio Recording of Intelligent Vehicles Panel

https://soundcloud.com/feroot-privacy/panel-2-driving-change-for-access-to-information-from-intelligent-vehicles

Adam Kardash


Addressing Privacy, Legal & Ethical Risks in the Emerging Data Environment

Adam Kardash

Key Takeaways: Adam Kardash — Addressing Privacy, Legal & Ethical Risks

We're dealing with massive, incalculable, amounts of data. The Internet of Things is just one example of that. There's also an explosion of companies using third party service providers to manage their data in helpful ways. But the data is everywhere and it’s a very, very, very complex ecosystem. The focus for addressing the myriad of issues is less about legislation and more about the creation of a trust model: how do we respectfully treat data? How do we “do the right thing”? The ethical considerations with respect to data use. That's where things are going. That's where the freight train is.

  • Respectfully treating data is premised on trust
  • If you want to build a trust model or framework, you need transparency
  • A part of accountability is building accountability frameworks for the respectful treatment of data from the moment you collect it, create it, to the moment it's no longer with you
  • It’s important not to have a knee jerk reaction to more regulation, because a lot of the work is just by companies or groups of companies working together to actually respectfully treat data

Abubakar Khan: Closing Keynote


Abubakar Khan —Director, Business Advisory for Office of the Privacy Commissioner of Canada

Abubakar Khan_cropped

Key Takeaways

The Business Advisory Directorate at the Office of the Privacy Commissioner provides free and voluntary consultation for SME’s and large Enterprises. The goal is not to replace any legal services or consultants, but to provide regulatory certainty or regulatory advice and engage in conversations about forward looking opportunities, especially in areas where business models are evolving and where new technologies are being implemented.

The Business Advisory Directorate can help you determine what you can and cannot do, and how to do what’s right. They can also ask for an on-demand review, not pointing fingers or alleging that you have broken the law, but saying this is an area they would like to come in and review. For instance, here is their latest report on Smart Cities: https://www.ipc.on.ca/newsrelease/ontarios-privacy-commissioner-leads-call-for-a-privacy-protective-approach-to-smart-city-projects/

On that note, the OPC invites you to keep track of their Business Advisory opportunities and if there is something that is of value to your organization, don't feel shy to reach out and engage with them!

Publications by Event Partners


Some additional information in one line

Facebook_logo_(square)

See more photos and follow us on Facebook!

Thank you to our Event Partners, Speakers & Sponsors!


Footer_Logos V3

Download the Entire Summit Recap Package as a PDF! 

The package includes additional information such as bios of presenters, a special note from presenters and information about Feroot and the Privacy & Access Council of Canada.


 
Download PDF