You have a lot of data! How can you keep your member and client information secure? What legal rules does you nonprofit need to follow when it comes to data hosting? What tools and apps won't get your in trouble? We have four experts who will answer all your questions. * Alejandra Brown: Introduction to privacy and overview of privacy and data residency rules that apply to BC nonprofits. * Mack Hardy: Five practical things you can do to secure your online self. Policies, 2FA, password managers, and more. * Damien Norris: A suite of curated tools that organizations can use to locally/securely replace the US owned cloud services in their lives. * Kris Constable: IDVPN: a VPN for complying with justistional regulations.

1. KrisConstable.com
• Owner / Operator IDVPN.ca and PrivaSecTech
• Global security expert for Canada’s biggest company in
the first phase of my career (security).
• Advisor and investigator for the privacy commissioner of
BC (since 2005), one of the first international trainers for
the IAPP in the second phase of my career (privacy).
• Now focused on solutions for orgs that don’t have the
resources yet to access top privacy & security talent
(startups and non-profits).

2. A VPN for your identity.
No longer worry about data breaches.

3. How does it work?
• If you have a developer on staff and your org can handle
OpenID Connect (OIDC) = integrate within 10 minutes.
• You let us know which claims (ID attributes) you want
from users, to meet legal requirements.
Age? Email confirmation? FOIPPA compliance?
• We handle the rest.

4. Which claims can we handle?
• Age gates (user is 18 or 19 years old)
• FOIPPA compliance (BC privacy law)
• Sanction list checking
(anti-money laundering, counter terrorist financing)
• Location (Must be in Vancouver, or Manitoba)
• Anything on a government issued ID
• Any combination thereof

5. How we differ
• Once we verify a user, and the claim you’ve requested,
we just confirm with a yes or no if that user meets your
requirements, and then we send you a virtual ID for
them, not their real name. You will never have their real
name in your database.
• This means if/when you are hacked, as you will only
have the virtual IDs.

6. Alex logging in to DecisionTree.io
enabled Wordpress site to vote
What IDVPN.ca knows and
had verified

7. Guarantor
• We can also meet any level of guarantor of an ID you
require, such as:
– Email verification (self attestation)
– Friend (web of trust)
– Government agent
– Lawyer/Notary public

8. Are we a good fit?
• What does it cost you to manage your users securely?
Include systems, databases, and the people required to manage it,
as well the people required to secure it.
• Do you have security and privacy expertise in house?
• How much would a data breach impact your org?
• How much would a regulator non-compliance (GDPR,
FOIPPA) finding cost you in terms of financial penalties,
but also reputation management?

9. Breathe

10. • Award winning boutique privacy & security firm since
2005 based in B.C. focused on non-profits and startups.
• We usually start with a 4 step security audit:
• Building of an asset catalog, threat model, vulnerability
assessment, and penetration test.
• You can also keep us on retainer for privacy and/or
security issues and use as needed.

11. Today’s #1 tip: Backup and Restore (tarsnap)

12. Member of “We fix sh!t” agency
 Boutique agency offering audit and consulting
for: design, privacy, security, finance,
marketing/SEO
 Best in the business -- want to help startups &
non-profits
 Former design director of Metalab
 CPA who’se done DD for +40 VC funded orgs
 My team for privacy, security & marketing
 Built website traffic to +10mm requests

13. Questions?
I love to help, shoot me an email any time
kris@privasectech.com
@cqwww on Twitter
PrivaSecTech on Facebook
No question is too silly