General Information
Strategies for Public Sector Transformation in the New World of Artificial Intelligence
Guarding Privacy & Fortifying Security
As the world enters the fifth industrial age, transforming the public sector has become an urgent priority. This shift necessitates innovative strategies to ensure that public servants are aptly trained in privacy and security issues. This adaptation is critical as we continue to accelerate our move to digital platforms, where safeguarding personal data is paramount.
The 27th Annual Victoria International Privacy & Security Summit, hosted at the Victoria Conference Centre, is poised to be a cornerstone event in this transformation. This fully in-person summit will welcome up to 1,000 professionals involved in public sector transformation, security, and privacy, offering them a unique opportunity to discuss how we securely live, work, and play in the digital era.
This year’s summit will highlight, “Strategies for Public Sector Transformation in the New World of Artificial Intelligence,” and will spearhead the intellectual odyssey. This summit brings together visionaries, experts, and innovators to explore the intricate intersection of advanced artificial intelligence with critical privacy and security imperatives.
Keynote sessions, interactive workshops, and collaborative panels will unravel the complex challenges and opportunities ushered in by our digital age. Participants will gain insights into creating strategies that seamlessly integrate AI advancements with an unwavering commitment to individual rights, data sovereignty, and technological trust.
Training public servants on issues of privacy and security is emphasized throughout the summit. The event aims to provide attendees with practical strategies to protect data effectively, ensuring that as digital platforms proliferate, the public sector continues to uphold trust and integrity.
Join us in charting a course towards a harmonious future, where the transformative potential of AI aligns with our steadfast commitments to privacy and security.
CPD/CPE Credits
We are proud to announce that delegates within local government and professionals in the industry can obtain CPD/CPE credits through The BC Law Society and various other organizations.
Registration Information
Early Bird Rates (until December 31st)
| Public Sector | Private Sector | |
| VIPSS 3-Day Pass (Victoria Conference Centre) |
$650.00 CAD (plus GST) | $995.00 CAD (plus GST) |
Standard Rates (starting January 1st)
| Public Sector | Private Sector | |
| VIPSS 3-Day Pass (Victoria Conference Centre) |
$795.00 CAD (plus GST) | $1495.00 CAD (plus GST) |
Please note we have 35 complimentary student tickets available sponsored by BC Freedom of Information and Privacy
Association so please contact us if you would like one!
Registration Includes*:
- Join us live in Victoria, B.C for our 3-day summit (March 11-13, 2025) – includes the pre-summit educational workshop day on March 11th (no lunch served this day).
- Collaborate with senior executives who are changing the privacy & security industry
- Signature keynotes and concurrent keynotes by international subject matter experts in privacy & security
- Concurrent panel sessions + interactive in-person Q & A
- Unparalleled in-person networking via 1:1 meetings and small group conversations
- Exhibit booths for our top tier sponsors
- Lunch (March 12 & 13th) and coffee breaks (March 11-13th)
*Subject to provincial guidelines (masks are currently optional).
Social Media
Stay connected and engaged in the conversation leading up to and during the summit by following along on X (Twitter) @VIPSSummit. Use the event hashtag #VIPSS in your tweets to add to the existing discussions. We would appreciate you sharing your voice with our other followers.
Please join us on Bluesky and follow our new account for Reboot Communications
Victoria Conference Centre
There’s nowhere in the world like Victoria. It’s small yet sophisticated; a technology leader and an historic capital city; a vibrant business community yet surrounded by nature. At its heart is the Victoria Conference Centre – an exceptional experience for delegates and world-class support for planners.
Victoria Conference Centre
720 Douglas Street
Victoria, BC
V8W 3M7
Keynote Speakers
Speakers
*Invited Speaker
Click on the date of the agenda you would like to view. Please note the timezone listed on the agenda.
Tuesday, March 11, 2025
8:00am PST •
Registration Opens
9:00 - 10:30am PST • Theatre
Session 1A - Concurrent Workshop by Cisco: Incident Response with XDR & Splunk
In this 90-minute session we will discuss how XDR and SIEM differ and where they complement each other. We will then walk through the lifecycle of an attack and highlight how XDR and SIEM drive unprecedented visibility and context, empowers defenders with the right data at the right time in the investigation without overwhelming them, and drive mitigating capabilities handicapping the adversary while improving resilience. This session will also highlight the powers of Artificial Intelligence augmented with Human Intelligence throughout the practitioner's journey!
9:00 - 10:30am PST • Oak Bay Room
Session 1B - Concurrent Workshop by OIPC BC: Working with the OIPC: An Overview of the Regulator's Processes and Practices
What happens when an individual files a privacy complaint with the Office of the Information and Privacy Commissioner (OIPC) for British Columbia? We are here to demystify the role of the OIPC and our processes.
How does the OIPC process complaints – and what are organizations’ obligations along the way? OIPC staff will detail what happens when the OIPC receives a complaint from someone who believes an organization has misused their personal information - from the role of the OIPC’s case review team to the investigator process and the role of OIPC adjudicators in issuing legally binding orders. Privacy professionals will learn best practices in responding to privacy complaints and working with the OIPC throughout the process. The presentation will also cover how taking a privacy-first approach – such as by developing privacy management programs and conducting privacy impact assessments – can reduce the likelihood of complaints.
Outline:
-Introduction to the OIPC – who are we and what do we do?
-What happens when the OIPC receives a complaint from an individual about their PI being misused?
-OIPC process for handling privacy breaches
-Organizations’ responsibilities along the way
-Use of Privacy Management Programs, PIAs and guidance documents
-Case review – the first stop in the process.
-Investigations – What does an investigation look like and what are the possible outcomes
-Adjudication – Why does a matter go to adjudication and what are the outcomes
-Conclusion: Tips and tricks to avoid privacy complaints and breaches
9:00 - 10:00am PST • Saanich Room
Session 1C - Concurrent Workshop by Ministry of Citizens' Services: AI Policy Framework in the BC Government
Artificial intelligence (AI) is an evolving technology that offers many benefits, but it also has limitations and unique risks. The Ministry of Citizens’ Services launched an AI website to support the responsible use of AI in the B.C. Public Service. Colleen Rice and Caitlin Buck from the Office of the Chief Information Officer will demo the website, provide an overview of AI, and summarize the current landscape in the BC Public Service.
10:30 - 10:45am PST •
Morning Coffee Break
10:45am - 12:15pm PST • Theatre
Session 2A - Concurrent Workshop by Fortinet: Platforms and Fabrics: Building Blocks of a Successful Cybersecurity Strategy
Meshes, Platforms, Fabrics and Solutions? In this workshop, we will explore the building blocks of a successful cybersecurity strategy. We will equip you with the technical and business considerations that your organization can use to cut through all the marketing hype to get you to your goal of creating that successful strategy. Understand why more organizations are moving away from best-of-breed point products towards more tightly knit solutions.
10:45am - 12:15pm PST • Oak Bay Room
Session 2B - Concurrent Workshop: Learning to Tell Your Security Story
In our complex, interconnected world security professionals must do more than just present data—they need to tell a compelling story. Whether speaking to executives, board members, or external stakeholders, the ability to communicate risk, strategy, and security priorities in a way that resonates is critical to gaining support and driving action.
In this interactive 90-minute workshop, Tim McCreight, a seasoned security leader with over 40 years of experience, will guide participants through the power of storytelling as a communication tool. The session will cover:
The History of Storytelling: Why humans are wired for stories and how this impacts security communication.
The Story Arc: Understanding the key elements of a compelling narrative and how they apply to security messaging.
Practical Application: Techniques for crafting human-centered security stories that inspire action.
But this isn’t just theory—participants will get a chance to practice storytelling techniques through engaging exercises designed to build confidence and clarity in security communications. Whether you're presenting a security initiative, justifying a budget request, or responding to an incident, this workshop will give you the tools to make your message stick.
Join us for an insightful and interactive session that will transform the way you communicate security. Your story matters—learn how to tell it effectively.
10:45am - 12:15pm PST • Saanich Room
Session 2C - Concurrent Workshop: Empower Your Practice Through Ethics Training
The goal of this 90-minute workshop is to empower participants to confidently manage risks associated with transformation and innovation through ethics training. The workshop will begin with an overview of fundamental ethics tools and concepts from the field of bioethics. Participants will then have the opportunity to apply these learnings by working through a series of interesting (and sometimes contentious), real-life case studies.
10:45am - 12:15pm PST • Esquimalt Room
Session 2D - Concurrent Workshop: Reduce Risk for your Small Business Through Compliance with Privacy Regulations
This practical 90-minute session covers the key business requirements for businesses to comply with Canada’s private sector privacy laws, the regulators’ role and risks related to non-compliance. The session will conclude with tips for improving your business’ privacy practices and what is needed to foster a strong culture of data protection to prevent privacy breaches.
Outline:
-Security is not enough on its own to prevent privacy breaches
-Risks and costs related to privacy breaches
-Overview of Canada’s private sector privacy laws
-Benefits of compliance
-Compliance considerations and requirements
-Steps to becoming a compliant organization
12:15 - 1:30pm PST •
Lunch Break (on your own for lunch)
1:30 - 3:00pm PST • Theatre
Session 3A - Concurrent Workshop by Palo Alto
1:30 - 3:00pm PST • Oak Bay Room
Session 3B - Concurrent Workshop: Privacy Metrics that Matter
Proving privacy’s return on investment (ROI) is key to securing leadership buy-in, driving organizational support, and ensuring your program gets the resources it needs. But with endless metrics to choose from, how do you pinpoint the ones that truly matter? This session will break down how to use data to justify your privacy budget, quantify revenue impact, and connect privacy efforts to business growth. We will critique commonly used privacy metrics that fail to resonate with leadership and offer more meaningful alternatives that position privacy as a business enabler—not just a cost center. We will discuss strategies for designing B2B vs. B2C metrics, and you’ll walk away with actionable insights to measure, communicate, and maximize privacy’s business impact.
1:30 - 3:00pm PST • Saanich Room
Session 3C - Concurrent Workshop: Preparing for Q-Day - The Quantum Threat
This 90-minute workshop will incorporate practical strategies for attendees to establish the foundations of their own Q-Day plans specifically targeting the public sector.
Agenda:
-Brief introduction to quantum computing
-Strategies in preparing your organization for Q-Day
-Real-life examples
-Table group discussion and presentation by each table group
-Wrap-up
3:00 - 3:15pm PST •
Afternoon Refreshment Break
3:15 - 4:45pm PST • Theatre
Session 4A - Concurrent Workshop by Canadian Cyber Security Centre: Cyber Security Guidance for Critical Infrastructure
In this workshop, participants will review key threats from the Cyber Centre’s National Cyber Threat Assessment (NCTA) and how organizations can leverage the Cyber Security Readiness Goals (CRGs) to bolster their cyber security posture. They will use scenarios to identify concrete actions for enhancing cyber security readiness in Canadian organizations and critical infrastructure. The workshop will cover current cyber threats, protection steps, and response and recovery strategies.
3:15 - 4:45pm PST • Oak Bay Room
Session 4B - Concurrent Workshop by Ministry of Citizens’ Services: PICERL-y Circus
Cyber incidents can happen suddenly. PICERL is a model to respond to cyber incidents. Join this workshop to learn more and practice PICERL.
3:15 - 4:45pm PST • Saanich Room
Session 4C - Concurrent Workshop by OIPC BC: PIA Essentials for Public Bodies and Private Sector Organizations
In this practical and information-packed session, learn essential tools public bodies and organizations of all sizes can use to optimize the PIA lifecycle. From making sure employees identify the need to complete a PIA early on, to writing PIAs efficiently, this session is designed to benefit new professions and seasoned privacy pros alike.
Outline:
• Legislative context: What is a PIA and why to do one
• Getting buy in: the financial, reputational, and career-enhancing benefits of PIAs
• The single best way to start a PIA
• 5 commons PIA mistakes and how not to make them
• Demystifying Common or Integrated Program Agreements
• Demystifying security requirements
• Getting the right signatures at the right time
• Deciding whether to publish PIAs online as a transparency measure
• Deciding whether to submit a PIA to the OIPC for review
• Conclusion: 5 key takeaways from the session
• Q & A
Wednesday, March 12, 2025
7:15am • Level 1
Registration Opens
8:15 - 8:25am PST • Salon ABC
Call to Conference & Territorial Acknowledgement:
8:25 - 8:40am PST • Salon ABC
Opening Remarks
8:40 - 9:20am PST • Salon ABC
Session 1 - Keynote Address: Why Do We Always Talk About Privacy? Human Rights in the Digital Age
Privacy is one of many human rights protected in Canada and by international law. Yet, in the context of AI, we seem to always be focused on privacy as the one right in need of attention. If AI fundamentally changes human life and societies, we ought to be considering other facets of human rights that are affected by such technologies. This talk will refocus our attention to the values of human rights - autonomy, dignity, equality, and community - and why human rights questions around AI are actually data questions. The digital age has made data a human rights issue and a key question for AI governance.
9:20 - 10:05am PST • Salon ABC
Session 2 - Keynote Address by Fortinet: Enabling Digital Transformation: A Personal Perspective
Drawing on his 30+ year career leading projects in the US Federal government and his experience as an executive at Fortinet—a leading global cybersecurity company—Jim Richberg will share principles and practices he found useful for driving transformation in the public sector. Jim will use examples from cybersecurity and AI to illustrate some rules of thumb and share lessons learned from his experience leading projects in government at both the agency and national levels.
10:05 -10:30am PST • Foyers
Morning Coffee Break - Sponsored by Trend Micro
10:30 - 11:30am PST • Salon A
Session 3A - Concurrent Panel: Transformation of Privacy in the Public Sector
Advancing technologies provide new opportunities for governments to use personal data in ways that may improve services for the populations they serve. New technologies also offer the potential for enhanced law enforcement and fraud detection activities. At the same time, these technologies create risks that push at the boundaries of privacy law, such as automated decision-making, shadow uses of generative AI technology, and new cybersecurity threats. Governments are beginning to update their privacy laws to enable novel uses and to provide new privacy assurances. This panel will explore the transformation of privacy – and of privacy law – in the public sector.
10:30 - 11:30am PST • Salon B
Session 3B - Concurrent Panel: Quantum Computing: Q-Day is Coming - It is Time to Worry About Quantum Security
The Q-Day Quantum Panel brings together leading experts in quantum computing, cryptography, and cybersecurity to discuss the anticipated arrival of Q-Day—the moment when quantum computers achieve the capability to break classical encryption methods. Panelists will explore the profound implications for global security, financial systems, and data privacy, delving into strategies for transitioning to quantum-resistant cryptographic standards. This engaging discussion will address the current state of quantum technology, timelines for preparedness, and collaborative approaches to mitigate risks while unlocking the potential of quantum advancements. Attendees will gain critical insights into the path toward a secure quantum future.
10:30 - 11:30am PST • Salon C
Session 3C - Concurrent Panel: Security and Social Media Misinformation/Disinformation - TikTok: China’s Glaring Trojan Horse
10:30 - 11:30am PST • Theatre
Session 3D - Concurrent Panel: Operational Security Cybersecurity and Digital Resilience
As AI becomes the cornerstone of cybersecurity, it simultaneously accelerates both defence and attack capabilities. Businesses increasingly rely on AI to detect anomalies, counter ransomware, and safeguard digital perimeters. However, cybercriminals are exploiting AI’s growing accessibility, weaponizing the very tools designed to protect us. Deepfakes, polymorphic malware, and AI-driven phishing attacks are just a few ways adversaries are turning this technology against us. What began as an ally in cybersecurity has now become a double-edged sword, introducing new vulnerabilities and escalating the arms race in cyberspace.
11:35am - 12:05pm PST • Salon A
Session 4A - Concurrent Keynote: Respecting Privacy Is a National Security Win
This session will address whether or not carving out exceptions to privacy protections has the anticipated impact on security and law enforcement, arguing that robust civil liberties protection is the best first line of defence against adversaries.
11:35am - 12:05pm PST • Salon B
Session 4B - Concurrent Keynote: The Role of Emerging Technology in Combating Transnational Security Threats
Emerging technologies are increasingly central in the global fight against transnational security threats, as they enhance the capabilities of both state and non-state actors in intelligence gathering, cybersecurity, and defense operations. These innovations facilitate real-time intelligence sharing, advanced surveillance, and more effective counterterrorism efforts for the Five Eyes alliance. However, adversaries, including rogue states and terrorist groups, are rapidly adopting these technologies to evade detection, disrupt systems, and launch cyberattacks. The dynamic interaction between the Five Eyes nations, which emphasize cooperative security, and these adversaries, who exploit vulnerabilities in emerging tech, creates a complex landscape where rapid technological advancement drives offensive and defensive strategies to counter global security threats.
In the presentation, we will explore the hybrid use of emerging technologies, which blends traditional defense methods with cutting-edge innovations to create more adaptable and resilient security strategies. While the Five Eyes leverage these technologies to enhance cooperation and preemptively address threats, adversaries also employ similar hybrid strategies, such as using AI to orchestrate cyberattacks or utilizing encrypted communication channels to avoid interception. Understanding the dual-use nature of these technologies—where they can be employed for both defensive and offensive purposes—is crucial for developing comprehensive security frameworks that balance innovation with vigilance.
11:35am - 12:05pm PST • Theatre
Session 4C - Concurrent Keynote by Arctic Wolf / AWS: From Impossible to Unstoppable: Cracking the Code of Modern Security Operations
In an era of sophisticated threats and skill shortages, effective cybersecurity is more important—and difficult—than ever. Join Arctic Wolf and AWS experts for an insider's look at how organizations are transforming their security operations. Arctic Wolf doesn't just offer tools; they revolutionize your entire security approach. With over 750 billion daily security observations being processed, learn how Arctic Wolf leverages AWS for its security commitment and scalability and how AWS offers a secure foundation for workloads of any kind. Plus, learn how to access the Provincial and Municipal Cyber Grant Program to expedite the digital evolution of public services and safeguard government operations through cloud computing technology.
12:05 - 1:20pm PST • Salon ABC
Lunch Break - Sponsored by PBC Solutions
1:20 – 1:50pm PST • Salon A
Session 5A - Concurrent Keynote by Zscaler: Reimagining Security in a Zero Trust World
Insights into the paradigm shift towards Zero Trust security models and how Zscaler is leading the way.
1:20 – 1:50pm PST • Salon B
Session 5B - Concurrent Keynote
1:20 – 1:50pm PST • Theatre
Session 5C - Concurrent Keynote: Privacy and Cybersecurity Class Actions: Key Updates and How to Mitigate Risk
For more than a decade, Canada has experienced wave after wave of privacy and cybersecurity class action litigation. This activity has been fueled by increases in cyber attacks and privacy breaches and by legal theories that could enable plaintiffs to recover staggering damage awards without proof of harm. As the body of court decisions and settlements has grown, plaintiffs’ claims have continued to evolve. This session will provide an overview of key decisions, discuss current trends and highlight practical steps to mitigate risks.
1:55 – 2:25pm PST • Salon A
Session 6A - Applied Session by Dynatrace: Innovate, Transform and Solve your Biggest Challenges with Unified Observability and Security
Attend this session to be inspired and see how you can innovate, transform and solve your biggest digital challenges with unified observability and security. We will also discuss how AI will power the future of the observability and security in order to help companies deliver applications that work perfectly and securely every time. The following questions will be explored during this informative can’t miss session.
· What does it mean to be observable?
· How is AI changing the observability landscape ?
· How can you leverage observability to create business value?
· How do you get started on your observability journey?
· How does security connect with observability?
1:55 – 2:25pm PST • Salon B
Session 6B - Applied Session by SentinelOne/Microserve: From Detection to Response: Winning the Cybersecurity Battle in Public Sector
Relying on traditional, signature-based antivirus solutions is no longer sufficient to protect endpoints in today’s evolving threat landscape. Implementing a modern Endpoint Protection Platform (EPP) requires a proactive approach, as adversaries continuously adapt, and cybersecurity remains a top board-level priority.
Join SentinelOne and Microserve for an insightful discussion on winning strategies to enhance endpoint security. This session will explore:
-Key cybersecurity metrics for board-level discussions
-The critical role of Digital Forensics Incident Response (DFIR)
-Leveraging generative AI to strengthen cybersecurity defenses
Don't miss this opportunity to gain actionable insights into modern Endpoint Detection & Response (EDR) strategies for the public sector!
1:55 – 2:25pm PST • Salon C
Session 6C - Applied Session by Immersive: From Deepfakes to Data Breaches: Strengthening Cyber Resilience in the Age of AI
GenAI has increased cybersecurity risk for organizations. From deepfakes that trick employees into giving up sensitive information to coding vulnerabilities introduced by these tools, it has become increasingly clear that robust cyber resilience across the workforce is no longer optional.
This presentation explores the challenges and opportunities presented by GenAI in cybersecurity, focusing on the Canadian public sector. We'll examine how GenAI fuels sophisticated attacks, including deepfakes, and how organizations can respond effectively by proving and improving cyber capabilities at all levels of the organization.
Drawing on recent high-profile attacks, we'll provide actionable strategies for empowering employees to become the first line of defense, and a critical element in incident response. This includes equipping them to identify and respond to GenAI-powered threats through engaging exercises that simulate real-world scenarios. We'll also emphasize the importance of regular cyber drills that specifically test defenses against GenAI-driven attacks.
By adopting a proactive and human-centric approach, organizations can mitigate the risks posed by GenAI and leverage its potential to enhance their security posture.
1:55 – 2:25pm PST • Theatre
Session 6D - Applied Session by Netskope/CrowdStrike: AI Cometh! Are You Ready?
In this session we will discuss cautionary tales and advice from folks in the trenches. We will also provide a methodical approach to enabling AI tools within an organization.
1:55 – 2:25pm PST • Saanich Room
Session 6E - Applied Session by Wiz: Future-Proofing Cloud Security with CNAPP: A New Operating Model
A successful cloud security strategy needs to evolve to meet the rapidly changing needs of the business and growth of the cloud. Cutting-edge security teams are coming up with new approaches to increase their company's adoption of cloud and AI app development while managing the corresponding growth in potential attach surface. In this session, learn how you can improve your cloud security operational efficiency by 10 times while consolidating multiple siloed technologies using a cloud-native application protection platform (CNAPP).
1:55 – 2:25pm PST • Oak Bay Room
Session 6F - Applied Session by Varonis: A Data-Centric Approach to AI Security in Government Clouds
As generative AI transforms productivity for agencies and public services, government organizations of all sizes face new challenges in protecting their data and managing risk. However, planning your organization’s AI security strategy doesn't have to be daunting.
In this session, we'll explore the importance of proactive data security for AI and discuss practical strategies for effective risk management. Topics include:
-The importance of a data-centric strategy to public sector AI security
-How easily your sensitive data can be exposed using AI tools like Microsoft Copilot
-Practical steps to prevent prompt-hacking and citizen data exposure
-Strategies to ensure a secure AI rollout
1:55 – 2:25pm PST • Esquimalt Room
Session 6G - Applied Session by The British Columbia Cyber Security Hub: An Inclusive Community of Volunteers Making BC More Cyber Resilient
The session will provide an overview of the Waterloo Security Dialogue, emphasizing why the British Columbia Cyber Security Hub (BC Cyber Hub) was established and what it aims to achieve. The BC Cyber Hub is a volunteer-led community of cybersecurity professionals dedicated to strengthening cybersecurity resilience across the province. Its mission is to enhance regional security by empowering less mature or under-resourced organizations through sharing knowledge, offering guidance and tools, and connecting them to resources and services. By fostering a strong community of practice, the hub contributes to a more robust national cybersecurity culture while addressing local cybersecurity needs and building long-term resilience. The initiative does not compete with or replace existing efforts but instead serves as a resource to connect members with the support they need.
The objective of the BC Cyber Hub includes fostering a diverse, local cybersecurity community in BC by expanding an inclusive network, providing resources, tools, and collaboration opportunities. It engages experienced practitioners to mentor and share best practices, helping members meet essential security requirements. Moreover, it supports cybersecurity standards by proactively addressing vulnerabilities, building resilience, and strengthening cyber readiness and stakeholder confidence.
During the session, we will also present high-level findings from the regional cyber threat assessment for British Columbia.
2:25 - 2:50pm PST • Foyers
Afternoon Refreshment Break - Sponsored by Trend Micro
2:50 – 3:50pm PST • Salon A
Session 7A - Concurent Panel: External Review and Oversight of Canada’s National Security Institutions
As Canada’s national security landscape evolves, robust external review and oversight mechanisms are essential to maintaining democratic accountability while ensuring the effectiveness of intelligence and law enforcement operations. Institutions such as the National Security and Intelligence Review Agency (NSIRA), the National Security and Intelligence Committee of Parliamentarians (NSICOP) and the Office of the Intelligence Commissioner (OIC) play a pivotal role in scrutinizing security policies, intelligence activities, and law enforcement practices. These review and oversight functions help uphold the rule of law, protect civil liberties, and reinforce public trust in the institutions tasked with safeguarding national security.
This panel will explore the dynamic interplay between security agencies and review and oversight bodies, highlighting how review mechanisms adapt to emerging threats, technological advancements, and evolving legal frameworks. While these institutions enhance accountability, they also face challenges, including access to classified information, jurisdictional limitations, and the need for specialized expertise. As Canada navigates an increasingly complex security environment, understanding the role, strengths, and limitations of external review and oversight is crucial to ensuring that national security operations remain both effective and aligned with democratic principles.
2:50 – 3:50pm PST • Salon B
Session 7B - Concurent Panel: Artificial Intelligence Trustworthy Frameworks- AI, Ethics and Data Governance
In an era of rapidly advancing AI technologies, this panel tackles a critical and timely question: are current governance frameworks and principles robust enough to guide the ethical use of AI? With AI adoption accelerating across various sectors, frameworks have emerged from private organizations, public institutions, think tanks, and research groups each with the goal of adopting guiding principles for the safe and trustworthy use of AI. Frameworks differ in their intent, with some focused on trustworthy adoption of AI within broader society, some aimed to reduce organizational risk, and some guiding responsible decision making in governments, amongst other objectives. Most of these frameworks have adopted the following principles to operationalize 'trustworthiness', including transparency, accountability, fairness, safety, and security. Public and private sector organizations are embracing these principles to evaluate ethical considerations beyond traditional fairness and bias, tackling issues related to cybersecurity and privacy, data governance, and responsible and explainable use of AI within society and businesses. But will these principles, operationalized, serve as adequate safeguards for trustworthy and safe AI? Audience members will hear from experts in academia, law, and AI practitioners on how to best adopt trustworthiness frameworks and principles to guide the ethical use of AI across public and private sectors.
2:50 – 3:50pm PST • Salon C
Session 7C - Concurent Panel: The Collapse of Canadian Privacy Law Reform: Why it Matters and What Should be Done
It is now very likely that the efforts by the Liberal government to pass its Digital Charter Implementation Act have failed. PIPEDA will not be reformed and modernized, and there will be no statutory guidelines for the development and deployment of artificial intelligence systems. What are the implications of this failure? What lessons should we learn from the privacy legal reform efforts of the last 5 years? What are the necessary steps forward for any new federal government?
2:50 – 3:50pm PST • Theatre
Session 7D - Concurent Panel: The Evolving CISO: From Cyber Guardian to Business Strategist
The role of the Chief Information Security Officer (CISO) has shifted from a purely technical function to a critical business enabler. Today’s CISO must bridge the gap between cyber risk and business strategy, ensuring security is not just an IT issue but a fundamental component of organizational resilience. This session will explore how CISOs bring value beyond compliance—enabling innovation, protecting revenue streams, and fostering trust with stakeholders.
As cyber threats grow in complexity and regulatory pressures increase, how will the CISO role continue to evolve? Will future CISOs take on broader risk management responsibilities? Should they report directly to the CEO or Board? What does it mean to become the “Chief Risk Storyteller”?
Join us for a thought-provoking discussion on the future of the CISO and how security leaders can shape their organizations' success.
4:00 – 4:30pm PST • Salon ABC
Session 8 - Keynote Address/Fireside Chat: Renaissance for the Privacy Professional (Past-Present-Future)
4:30 – 4:45pm PST • Salon ABC
WiCys Scholarship Presentation and Remarks
4:45 – 4:50pm PST • Salon ABC
Day 1 Closing Remarks
Thursday, March 13, 2025
7:15am PST • Level 1
Registration Opens
8:00 - 8:10am PST • Salon ABC
Administrative Announcements
8:10 - 8:40am PST • Salon ABC
Session 9 - Keynote Address: The Importance of Organizational Strategies in the Shadow of an Expanding Cyber Threat Landscape
8:40 - 9:10am PST • Salon ABC
Session 10 - Keynote Address: Consent in a Big Data Age: Keeping Rights Front and Centre
In this presentation, Commissioner Michael Harvey will address one of his top concerns as a privacy regulator - the issue of consent. Commissioner Harvey will confront the argument that the consent model has been broken. He will explain why reinforcing it, rather than replacing it as the first stop for legal authorization, is consistent with a rights-focused approach to privacy and with Canadian values. This is particularly urgent as AI use cases proliferate, to place guardrails around the collection of our personal information. While legal reforms to supplement consent with other forms of legal authorization will be required, consent must remain the keystone for private sector privacy law. As he will detail in his remarks, a rights-centric solution to obtaining consent could increase trust and give individuals more control over their personal information while still remaining favourable to innovation.
9:10 - 9:50am PST • Salon ABC
Session 11 - Keynote Address by Optiv: Everything You Need to Know About CNAPP, but Were Afraid to Ask
As cloud environments grow more complex, organizations face increasing challenges in securing workloads, managing vulnerabilities, and maintaining compliance. Cloud-Native Application Protection Platforms (CNAPP) are transforming cloud security by providing an integrated approach unifying critical security functions into a single, cohesive solution. Discover how CNAPP is not only addressing today’s security challenges but also shaping the future of cloud technology to be more resilient, scalable, and secure.
9:50 - 10:30am PST • Salon ABC
Session 12 - Keynote Address by Cisco: Defenders Struggle with Prescriptive Base Controls in a Hybrid World
Defenders are faced with a plethora of controls with a ton of nuance and complexity. Environments are extended from traditional data centers to the cloud and everything in between - physical, virtual, containers, serverless, with network controls everywhere. It’s pure madness and complexity is the enemy of security which only benefits the adversary. Time to change the way we defend with an ability to be dynamic while at the same time confident in the controls we deliver.
10:30 - 10:55am PST • Foyer
Morning Coffee Break
10:55 - 11:55am PST • Salon A
Session 13A - Concurrent Panel: Establishing AI Foundations for Safe and Trustworthy Digital Governance
Join us for an engaging panel discussion centered on the essential foundations needed to introduce artificial intelligence within Canadian government operations. This session will highlight critical components such as robust data privacy frameworks, secure digital infrastructure, and ethical AI practices to ensure that citizens using digital technology remain protected, safe, and confident in its deployment. Our panelists will explore strategies for transparent AI governance, risk management, and policy development that balances innovation with citizen trust. This session is a must-attend for policymakers, technology leaders, and stakeholders dedicated to fostering secure and trustworthy AI integration in public services.
10:55 - 11:55am PST • Salon B
Session 13B - Concurrent Panel: Foreign Threats Driven by Geopolitical Conflict
Geopolitical conflict impacting Canada is not new. What is new and troubling is the range of foreign actors engaging in activity detrimental to Canada and their use of the latest technology. Technology has become both a weapon and the target. Targets are no longer solely governments. Civil society has become part of geopolitical conflict through the deliberate spread of misinformation and disinformation. Multinational organizations have been impacted by these conflicts and struggle to respond to them.
The panel brings together experts from academia, government, and the private sector to share their insights and personal experiences to dissect the issue and share their thoughts on whether there are opportunities for Canadian leadership.
10:55 - 11:55am PST • Salon C
Session 13C - Concurrent Panel: Privacy, Security and Aging in Place
Recent innovations in digital technologies have led to major improvements in areas related to personalized healthcare and aging in place. Social media, wearable technology, smart home devices, and AI applications have become increasingly popular with older adults. Age-tech, or technology that assists older people in their daily lives, can be greatly beneficial for a variety of purposes including social connection, home security, health monitoring, memory issues, caregiving, and entertainment. At the same time, privacy and security issues related to age-tech are constantly evolving. This panel will discuss topics such as difficulties in obtaining meaningful consent online for the collection, use and disclosure of personal information, as well issues pertaining to social engineering, cybercrime and fraud. User-centric policy and design choices as well as age-friendly education programs will be presented as potential mitigation strategies.
10:55 - 11:55am PST • Theatre
Session 13D - Concurrent Panel: Financial Crime and Privacy - How do we Address a Scam Epidemic?
Scams (and other financial crime) are rising, enabled by digital channels and AI. At the same time, there are increasing calls for privacy to be formalized as a fundamental right. We will explore privacy challenges associated with combatting scams and other financial crime, the concept of reasonably weighing privacy and other risks, and what can be done to effectively protect Canadians.
12:00 - 12:30pm PST • Salon A
Session 14A - Concurrent Keynote by Rubrik
12:00 - 12:30pm PST • Salon B
Session 14B - Concurrent Keynote by Armis: Business Aligned, Threat-Based Prioritization
Considering the constantly evolving threat and business landscapes, prioritizing our security and compliance efforts are more paramount than ever before. Learn more about the context and insights being used by leading security teams to surgically prioritize such efforts and to communicate the value of these efforts and outcomes to business stakeholders and executives.
12:00 - 12:30pm PST • Theatre
Session 14C - Concurrent Keynote
12:30 - 1:45pm PST • Salon ABC
Lunch Break
1:45 - 2:45pm PST • Salon A
Session 15A - Concurrent Panel: Indigenous Data Sovereignty and Indigenous Data Governance
Indigenous Communities continue to face systemic challenges in asserting their rights over data. This panel will explore Indigenous Data Sovereignty in the context of legislative requirements that are intended to protect vulnerable people, but fail to recognize the inherent rights of Indigenous communities to own, control, access, and possess their own information.
This session will feature a candid discussion with Chelsea Nakogee of the Association of Native Child and Family Services Agencies of Ontario (ANCFSAO). She will share first hand knowledge of the real-world impacts of these gaps, including the lack of funding, resources, and regulatory clarity for Indigenous organizations navigating compliance requirements.
Join us to gain insight into the pressing challenges and potential pathways toward equitable, Indigenous-led data governance. The panel is a call to action for the people in this community who set and influence policy, oversee enforcement, and provide the tools and services that uphold the status quo. The discussion assumes foundational knowledge of Indigenous data sovereignty principles.
1:45 - 2:45pm PST • Salon B
Session 15B - Concurrent Panel: Health Data: Perils and Potential
Our health care system in Canada is facing unprecedented challenges on many levels, including emergency departments closing due to staffing shortages, long surgical wait-times, millions of people without a primary care physician and a health workforce that is burning out. Digital health systems and artificial intelligence (AI) are expected to be part of the solution, yet those technologies come with apparent risks. Cyber-attacks against hospitals are becoming increasingly common place and AI systems do not always seem trustworthy, resulting in fears that data can be compromised and easily misused by corporate interests. Our health privacy legislation tends to reinforce fears of data custodians that they must protect such data above all else, often resulting in under-sharing which negatively impacts patient care and prevents health system improvement. What’s the solution to this data “gridlock”? Our expert panel will explore ways in which data can be made securely interoperable and shared to improve care while mitigating risks associated with data breaches and other misuses.
1:45 - 2:45pm PST • Theatre
Session 15C - Concurrent Panel: Children’s Privacy and Safety Regulation and Policy - What to Look Out For in 2025?
Children’s privacy and safety faces a pivotal year! Internationally we will see finalisation of critical regulatory guidance, online safety laws taking full effect, and enforcement action coming to conclusion. The US may move closer to legislation, court cases on social media and addiction will progress - and social media bans will be implemented in some jurisdictions. Many of these developments are in conflict; particularly the tensions between regulations banning social media and a privacy by design approach. What tangible protections and benefits will these developments deliver to children’s digital lives? What trends do we see in Canada? Panelists will discuss regulatory and policy work underway and share perspectives from commissioners, civil society and academics.
2:45 - 3:15pm PST • Foyers
Afternoon Refreshment Break
3:15 - 3:45pm PST • Salon A
Session 16A - Applied Session by Cloudflare: How I Stole Millions of Dollars from an Airline - and How I'd Use AI to Do It Again
As artificial intelligence reshapes the cybersecurity landscape, attackers are leveraging AI to supercharge social engineering, phishing, and fraud at an unprecedented scale. In this session, Tom Fitzgerald will reveal how AI is transforming both offense and defense in cybersecurity—starting with a firsthand account of how he once stole millions of dollars worth of corporate secrets from a major international airline.
Using this real-world heist as a backdrop, Tom will explore how AI-powered attacks exploit human psychology, manipulate trust, and automate deception. He will break down the cutting-edge AI-driven threats that enterprises face today, from deepfake-powered phishing to autonomous malware. More importantly, he will demonstrate how organizations can fight back using AI—showing exactly what it takes to stay ahead in an era where attackers are leveraging automation, deception, and intelligence at scale.
Whether you're an IT professional, security leader, or just fascinated by the dark side of AI, this talk will expose the evolving arms race between attackers and defenders—and what it takes to stay ahead.
3:15 - 3:45pm PST • Salon B
Session 16B - Applied Session by Interac
In an era where digital financial services are expanding rapidly, Canadians are increasingly hesitant to trust them. Research conducted by Interac Corp. reveals that while 61% of Canadians trust online banking, confidence wanes when it comes to embracing other digital financial tools. Join Rebecca Ma, Deputy General Counsel and Chief Privacy and Compliance Officer at Interac Corp., as she delves into a critical discussion on the intersection of security and providing access in the financial sector. Rebecca will highlight why security should not act as a gatekeeper to essential financial services and the pivotal role privacy professionals play in product innovation. Rebecca will also shed light on innovative solutions like Interac Verified™, which enables Canadians to securely verify their data for access to critical government services.
3:15 - 3:45pm PST • Salon C
Session 16C - Applied Session by HPE Aruba / HPE Zerto
3:15 - 3:45pm PST • Theatre
Session 16D - Applied Session by Commvault: FortifAIng the Future: AI-Powered Data Security, Recovery, and Compliance in the Age of Cyber Threats
3:15 - 3:45pm PST • Saanich Room
Session 16E - Applied Session by Mimecast: Balancing Innovation and Risk: AI's Impact on Privacy and Security
As artificial intelligence revolutionizes the landscape of cybersecurity, it brings both unprecedented opportunities and complex challenges and it can play a pivotal role in mitigating human-related risks. For Canada’s public sector, the stakes have never been higher to find the right balance between productivity and risk as AI systems thrive on data, often requiring vast amounts of personal and sensitive information to function effectively.
During this session you will gain actionable insights into navigating AI’s impact on privacy and security, ensuring transparency, trust, and resilience in a rapidly evolving digital landscape.
We’ll cover how you can:
-Unify email security and insider risk to protect users and sensitive company data while simplifying operations and reduce time to incident response.
-Reduce alert fatigue from IP theft, shadow IT, and data loss from departing employees with AI, automation, and proactive remediation strategies.
-Meet compliance and data retention policies across Microsoft Teams, Slack, Zoom, and other tools used daily across the organization.
-Discover how purpose-built AI and NLP models detect sensitive data in files, emails, and screenshots, streamlining content inspection and investigations.
-Educate users on risky behavior with real-time, automated, customizable micro-lessons that educate users, reduce alerts, and automate remediation
3:15 - 3:45pm PST • Oak Bay Room
Session 16F - Applied Session by CIOCAN: What’s Top of Mind for CIOs and CISOs? Are They Converging or Diverging?
Historically, CIOs and CISOs were united in their agenda: protecting the organization and data against data breaches and ransomware. How has that evolved with the hype around Artificial Intelligence and the looming threat of tariff wars? If CIOs are focused on other areas, are CISOs sufficiently empowered to do their work, or are changes needed? We will explore these topics and others during an engaging and informative panel discussion with senior IT leaders. This session is presented by the CIO Association of Canada, including the National CISO Division and the leadership of the Vancouver Chapter.
3:55 - 4:25pm PST • Salon ABC
Session 17 - Keynote Address: A Typewriter, Four Books, and An Atlas: On Technology, Reciprocity, and Relations
4:25 - 4:35pm PST • Salon ABC
Closing Remarks & Announcements
The 27th Annual Victoria International Privacy & Security Summit is proudly sponsored by the following companies.
If you would like to sponsor this event, please download the Sponsorship Brochure for more information.
Title Sponsor
Platinum Sponsors
Gold Sponsors
Silver Sponsors
Summit Sponsors & Marketing Partners
Hotel Room Block
Fairmont Empress Hotel Room Block
If you need to make accommodation arrangements, the Fairmont Empress is offering a special conference rate of $229/night for Corporate and Government reservations. Please note that this room block ends March 3, 2025 (this was extended from the original deadline).
Please contact the hotel directly at (250) 384-8111 or 1 (800) 230-6922 to book a room or book online using the following link. If booking by phone please indicate you are with the “27th Annual Victoria International Privacy & Security Summit” group.
Please note that the above room block is full but we do have a special rate of $249/night still being offered if rooms are available in their general inventory – to book at this rate please go to: https://book.passkey.com/event/50946668/owner/27337/home
Fairmont Empress
721 Government Street
Victoria, BC
V8W 1W5
