Data Breaches: Avoidance, Preparedness and Response

Faculty Agenda Download Brochure PDF

Business executives, in-house counsel, compliance professionals and lawyers who advise on corporate or privacy issues must ensure that they are well-equipped to mitigate the risk of and adequately respond to a data breach incident.

This intensive OsgoodePD program will provide an in-depth overview of how to avoid, prepare for and respond to a data breach incident. Featuring a faculty of leading cybersecurity and data breach experts, the program will provide a substantive and practical review of the steps you need to take to protect your or your client’s organization. OsgoodePD’s distinguished faculty will also walk you through a hypothetical data breach case study to provide you with hands-on experience in dealing with data breach issues.

Topics will include:

• Current trends in data breach and privacy litigation
• Conducting an organizational review to minimize and mitigate data breach risks
• Managing risks when selecting vendors and sub-contractors
• Key components of an effective data breach incident response plan
• The role and composition of the breach response team
• Legislated breach notification requirements and drafting breach notifications
• A review of current breach investigations and recent breach notices
• The evolving market for data breach and cybersecurity insurance

PLUS don’t miss a panel on data breaches and regulator expectations, featuring:

Brian Beamish, Acting Commissioner, Office of the Information and Privacy Commissioner (Ontario)
Jill Clayton, Information and Privacy Commissioner, Office of the Information and Privacy Commissioner of Alberta
Daniel Caron, Legal Counsel, Legal Services, Policy, Research and Technology Analysis Branch, Office of the Privacy Commissioner of Canada

Faculty

Chair

• Alex Cameron, Fasken Martineau DuMoulin LLP

Faculty

• Timothy M. Banks, Dentons Canada LLP
• Brian Beamish, Acting Commissioner, Office of the Information and Privacy Commissioner (Ontario)
• Patrick Bourk, Head, Enterprise Privacy, Bank of Montreal
• Karen Burke, Privacy Director, Canada and International, Bank of Montreal
• Peggy Byrne, Senior Counsel, CIBC
• Daniel Caron, Legal Counsel, Legal Services, Policy, Research and Technology Analysis Branch, Office of the Privacy Commissioner of Canada
• Theodore P. Charney, Charney Lawyers LLP
• Jill Clayton, Information and Privacy Commissioner, Office of the Information and Privacy Commissioner of Alberta
• Matthew Davies, Senior Underwriting Specialist, Chubb
• David Fraser, McInnes Cooper
• Bobbie Goldie, Vice President, Professional Risk, ACE Canada
• Shawn Melito, Vice President, Immersion, Ltd.
• Daniel J. Michaluk, Hicks Morley Hamilton Stewart Storie LLP
• John Russo, Vice President, Legal Counsel & Chief Privacy Officer, Equifax Canada
• Daniel Tobok, Managing Director, Security Consulting and Forensics, TELUS Security Solutions
• Vera Toppings, Fasken Martineau DuMoulin LLP
• Greg Vanier, Director,Global Public Affairs

Agenda

• Data Breaches: Avoidance, Preparedness and Response

  Original Date: March 2, 2015
  

  Expand All Collapse All

  • 9:00 am
    Welcome and Overview from Course Leader

    Alex Cameron, Fasken Martineau DuMoulin LLP

  • 9:10 am
    Legal Risks and Damages: State of the Law

    Alex Cameron, Fasken Martineau DuMoulin LLP

    Vera Toppings, Fasken Martineau DuMoulin LLP

    Theodore P. Charney, Charney Lawyers LLP

    • Current trends in data breach and privacy litigation
    • What are plaintiffs’ class action lawyers looking for?
    • What activities and breaches have given rise to claims?
    • How have claims been framed?
    • What damages are claimed?
    • How are defendants responding to such claims?
  • 10:15 am
    Refreshment Break
  • 10:30 am
    Conducting an Organizational Review

    Timothy M. Banks, Dentons Canada LLP

    Karen Burke, Head, Enterprise Privacy, Bank of Montreal

    • Reviewing types of data that are collected and retained, and why
    • Reviewing organizational policies and controls
    • Privacy risk management framework
    • Privacy/data governance
    • Due diligence requirements when selecting vendors and sub-contractors
    • Contractual terms regarding privacy and security
    • Contractual audit rights and conducting audits
    • Negotiating obligations and indemnities
    • Privacy law accountability obligations and liabilities
    • Common issues and pitfalls
  • 11:30 am
    Developing an Effective Incident Response Plan

    Daniel J. Michaluk, Hicks Morley Hamilton Stewart Storie LLP

    Peggy Byrne, Senior Counsel, CIBC

    • Key components of an effective incident response plan
    • Who should be on the incident response team
    • Role of internal and external counsel
    • Escalation protocols for breaches
    • Testing and monitoring incident response protocols
    • Sample response plans
  • 12:00 pm
    Networking Luncheon
  • 1:15 pm
    Roles of the Breach Response Team

    Daniel Tobok, Managing Director, Security Consulting and Forensics, TELUS Security Solutions

    Shawn Melito, Vice President, Immersion, Ltd.

    Greg Vanier, Director,Global Public Affairs
    
    

    • The role of legal counsel
    • Definition of a “breach coach” and the importance of privilege
    • Roles of public relations, forensics and notification providers -- who does what and the importance of good co-ordination
    • The length of a typical breach investigation and response
    • When to rely on internal vs. external resources: is it dependent on size, complexity and cost?
    • Current breach investigations
    • Case studies of the good, the bad and the ugly
  • 2:15 pm
    Breach Notification and Harm Mitigation

    David Fraser, McInnes Cooper

    John Russo, Vice President, Legal Counsel & Chief Privacy Officer, Equifax Canada

    • Legislated breach notification requirements
    • Direct vs. indirect notification
    • Who to notify and when?
    • Drafting breach notifications
    • Reporting requirements in quarterly reports and public filings
    • Review of recent breach notices
    • Credit monitoring and other harm mitigation steps
  • 3:00 pm
    Data Breach Insurance

    Patrick Bourk, Senior Vice President, Management Risk Practice Risk Leader, Integro Insurance Brokers

    Matthew Davies, Senior Underwriting Specialist, Chubb

    Bobbie Goldie, Vice President, Professional Risk, ACE Canada                             

    • The evolving market for data breach insurance in Canada
    • To what extent do traditional policies respond to breaches?
    • What amounts are covered under a ‘cyber’ policy?
    • What is required to obtain data breach insurance?
    • Insurance issues regarding outsourcing and service providers
  • 3:30 pm
    Refreshment Break
  • 3:45 pm
    Regulator Expectations and Responses to Breaches

    Brian Beamish, Acting Commissioner, Office of the Information and Privacy Commissioner (Ontario)

    Daniel Caron, Legal Counsel, Legal Services, Policy, Research and Technology Analysis Branch, Office of the Privacy Commissioner of Canada

    Jill Clayton, Information and Privacy Commissioner, Office of the Information and Privacy Commissioner of Alberta

  • 5:00 pm
    Program Adjourns

Group Discounts

2-3 delegates: 25% off archived program fee
4-10 delegates: 30% off archived program fee
11+ delegates: 35% off archived program fee
Boardroom rates available.

Delivery

The video stream, including link to program materials will be sent to you via email as soon as payment is successfully processed.

Refunds

All sales are final. Please make all enquiries related to program content and CPD/MCLE credit hours prior to purchase. In the event you experience technical difficulties, please contact opdsupport@osgoode.yorku.ca for assistance.