Education & Events

2019 Municipal Information Access & Privacy Forum


Four Points by Sheraton Toronto Airport
6257 Airport Road
Mississauga, Ontario L4V 1E4

Friday, November 30, 2018

Balancing Information Access & Privacy

About the Forum

Municipal governments manage a broad range of highly sensitive information and records using myriad complex tools. Managing the storage, security and access to these records, while ensuring adherence to the needs of the public, law enforcement, and relevant privacy legislation, is a highly politically charged responsibility. How do you balance, information, access, privacy and security in the digital age? How do municipal professionals manage the often competing priorities of the legislative environment, with the need for good governance?

The annual AMCTO Information Access & Privacy Forum provides a platform for leading experts to share their insights on current and emerging issues and trends in access to information, and privacy matters affecting the municipal sector from a multi-stakeholder perspective.

Opening Keynote Speaker: Brian Beamish, Information and Privacy Commissioner of Ontario

Brian Beamish first began his career at the Office of the Information and Privacy Commissioner (IPC) in 1999, as Director of Policy and Compliance. This was followed by his appointment to Assistant Commissioner in 2005, where he directed the Tribunal Services Division – investigating privacy complaints and resolving access to information appeals.

In addition to overseeing Tribunal, Brian also served as an executive policy advisor, playing a key role in executing the mandate of the IPC and supporting several initiatives in the best interests of the public, such as bringing universities and hospitals under the Freedom of Information and Protection of Privacy Act and ushering in the Personal Health Information Protection Act.

Prior to joining the IPC, Brian held a number of positions within the Ontario Public Service, including with the Ministries of the Solicitor General and Correctional Services. He is a member of the Law Society of Upper Canada and a graduate of the University of Toronto Law School. In 2016, he was the recipient of the OBA Karen Spector Memorial Award for Excellence in Privacy Law.

Afternoon Keynote Speaker: Kris Klein, CIPP/C, CIPM, FIP, Managing Director, IAPP Partner, nNovation LLP

Kris Klein, CIPP/C, CIPM and FIP, has more than two decades of public and private sector experience in the federal regulatory arena in Canada, and is one of Canada’s leading legal experts on privacy, access to information and information security issues.

Kris has litigated and counseled extensively on federal regulatory law with a pre-eminent national firm, and for the Canada’s Department of Justice, including providing instrumental legal advice to Canada’s Privy Council Office. He has also practiced exclusively in the area of privacy law, advising the Privacy Commissioner of Canada. In that role Kris advised the Privacy Commissioner and senior officials on legal, policy and strategic issues, including on the handling of high-profile and sensitive cases. He negotiated and settled complaints with private sector organizations facing scrutiny over privacy compliance issues.

Kris also represented the Commissioner and her office publicly before Parliamentary committees, as a conference speaker, and before the media.

Kris has a demonstrated understanding of technology, theories of anonymity (de-identification of data), authentication systems, health privacy issues, etc., and their relationship to Canadian laws and enforcement practices. Kris has written extensively, including co-authoring several instrumental works.

Agenda (please click here)

Essential guides to privacy and access to information law (PDF)

Evolving Mandates – the IPC and the Ombudsman’s Office – Understanding who does what?

IPC or Ombudsman’s Office? How and when do these agencies interact on issues of privacy and transparency when making rulings and providing opinions? Who has primacy when there is overlap?

These agencies provide input on new legislation and write opinions and decisions interpreting and applying legislation. Do these agencies come to conflicting decisions? If so when and how? If not, what might be some of the sources of confusion experienced by municipal stakeholders?

There are a number of guidelines which municipalities receive from agencies such as the IPC or the Ombudsman’s office, but they are too often interpreted as directives rather than opinions. How do we better communicate which is which?

What guidance is available with respect to not only what to do (or not to do), but how to do it?
Is there a challenge with these agencies potentially being both transparency champions as well as an adjudicator or investigator?

This panel is designed to clarify the roles, responsibilities and legislative mandates of the IPC, and Ombudsman’s office.

Expert panelists will explore these issue from the perspective of both the IPC and the Ombudsman’s Office.

Laura Pettigrew, General Counsel, Office of the Ombudsman of Ontario
Stephen McCammon, Legal Counsel, Office of the Ontario Information and Privacy Commissioner

Custody or Control, Municipal Councillors’ Records and Recent Findings from Ontario’s Information and Privacy Commissioner’s Office

Elected officials have access to volumes of information regarding municipal services from which their deliberations and decisions commence. When elected officials, and municipal employees dare to take those deliberations leading to a decision onto their own personal email, text, (private) social media accounts, the consequences resulting from a formal access request stage a showdown between several parties – requester, municipal staff, and the IPC.

The plain language reading of the phrase “custody and control” may lead many to use unapproved information repositories, such as email accounts, in an effort to not publicly share candid conversations; however these actions fail to support the key principle of MFIPPA, that information should be available to the public, exemptions from the right of access should be limited and specific, decisions on the disclosure of information should be reviewed independently of the institution controlling the information; and to protect the privacy of individuals with respect to personal information about themselves held by institutions and to provide individuals with a right of access to that information. 

This session will review recent developments in IPC orders that may assist practitioners in improving their understanding the scenario when faced with the truth, dare and consequences.

Moderator: John Daly, Director of Legislative Services and County Clerk, Statutory and Cultural Services, County of Simcoe 
Sherry Liang, Assistant Commissioner, Office of the Ontario Information and Privacy Commissioner
Scott T. Williams, Hicks Morley Hamilton Stewart Storie LLP

Surveillance Technologies in the Municipal Environment

The presentation will focus on the use of electronic surveillance and recording devices by municipal employers including video surveillance, biometric scans, mobile recording devices and some of the privacy issues and practical considerations employers must take into account under MFIPPA, the common law and at arbitration when using and disclosing data collected by such devices. The presentation will also address issues arising from access requests for surveillance data.

Jordan Simon, Privacy Associate, Hicks Morley Hamilton Stewart Storie LLP
Evelina Skalski, Manager, Records and Information Services, City Clerk’s Office, Legal and Corporate Services, City of London
Stephen Spracklin, Legal Counsel, Information Technology and Intellectual Property, City of Mississauga

Afternoon Keynote Speaker: Kris Klein, CIPP/C, CIPM, FIP, Managing Director, IAPP, Partner, nNovation LLP 

We are now in a data-driven economy. In answer to citizens’ increasing concern and scrutiny on how their data is being utilized and managed by all organizations, including municipalities, data privacy and protection regulations around the globe are changing and expanding. Organisations are in the midst of building their modern data ecosystem – aligning people, process and technology.  Doing this properly is complex and challenging.  However, it can be done.  In fact, it MUST be.  Let’s talk about the global changes to privacy regulation and how this is going to affect you, the privacy professional within your organization.  Come prepared to listen and engage in a thoughtful discussion about the future of privacy and the journey that will take us there.

Cyber Threats & Ransomware Attacks

There has been a spate of recent cyberattacks on Ontario businesses and municipal governments, where hackers attack a computer or network with malware that encrypts data on those systems to disable them. The attackers then demand a ransom to unlock the compromised systems.  The recent trend has prompted the Ontario Police to issue a warning to municipalities. The OPP’s position is that they do not support paying ransomware attackers, as it only encourages further criminal activity, and there is no guarantee that payment will restore the encrypted data. But 2 Ontario municipalities who recently suffered ransomware attacks, have made the decision to pay.  According to cyberthreat experts, most municipalities are significantly outgunned by the sophistication of cybercriminals versus their lack of understanding and resources to implement effective cybersecurity measures.

You will learn how prevalent are cyberattacks, as well as hearing a first-hand account of dealing with a ransomware breach. Expert panelists will share insights on steps resource-strapped municipalities can take to protect themselves against breaches, and what key steps to take once you do experience a ransomware attack.

Amanpreet Singh Sidhu, Director of Corporate Services, Town Solicitor, Town of Midland
Anne Thompson, AIG Canada, Complex Claims Director, Financial Lines
Sara Runnalls, FCIP, CRM, Vice President and Associate - Public Sector Risk Advisor, BFL Canada 
Michael Kyne, Solicitor, City of Hamilton
Vern Crowley, Detective Sergeant, Ontario Provincial Police, Cybercrime Investigation Team, GHQ  Orillia, Ontario
Ajay Sood, General Manager, Symantec Canada

Roundtable Q & A Session

A panel of expert practitioners will answer your questions regarding Access to Information and Privacy considerations in the municipal context:

Helen Kennedy, Supervisor of Information Services, Corporation of the County of Brant, Office of the Chief Administrative Officer, Council Services Division
John Daly, Director of Legislative Services and County Clerk, Statutory and Cultural Services, County of Simcoe
Michael Kyne, Solicitor, City of Hamilton
Anne Greentree, BA, CMO, Clerk, Clerk’s Department, Municipality of  Clarington 
Andrew Brouwer, City Clerk, City of Oshawa