karen blau director, scout intelligence inc. jerrard gaertner, ca·cisa/it, cgeit, cissp, cipp/it,...

Karen Blau Director, Scout Intelligence Inc.

Jerrard Gaertner, CA·CISA/IT, CGEIT, CISSP, CIPP/IT, CFI, I.S.P., ITCP Director, Technology Assurance Services, Soberman LLP

Moderator: Eric Green Programme Director, SC World Congress

Latest Regulations - Bill 159 and Security Training


NOT LEGAL ADVICE• Neither Karen Blau nor Jerrard

Gaertner are lawyers.

• This presentation is NOT legal advice.

• Always consult your solicitor or legal advisor if in doubt.


Introductions

• Speaker – Karen Blau, Director

• Scout Intelligence Inc.

• Author - Jerrard Gaertner, Director

• Soberman LLP, Chartered Accountants

• Moderator – Eric Green – SC World Congress


Agenda

• Brief history of Bill 159

• Training requirements in detail

• Bill 159, IT security & digital forensics

• A few comments about PIPEDA et al.

• Conclusion and Q & A


Brief history of Bill 159 - Aims

• Public hearings as far back as 2000– To professionalize security services, including

private investigators

– To protect the public interest through licensing, training and a new code of ethics

– To ensure license portability

– To establish knowledge standards for CPR and use of force

– To establish standrards for uniforms, equipment, vehicles


Brief history of Bill 159 - Enactment

• Enacted 2005 (Ontario) as Private Security and Investigative Services Act (SO 2005, c. 34) (PSISA)

• Regulations for LICENSING enacted 2007

• Regulations regarding TRAINING and TESTING exacted late 2009 and effective April 2010


Brief history of Bill 159

• First substantive change to the security profession since 1966!

• Considerable industry opposition at first because of perceived extra costs and regulatory burden for employers

• No grandfathering provisions with respect to testing – some existing practitioners angry


Brief history of Bill 159 - Applicability• This Act applies to private investigators and to

security guards.

• A private investigator is a person who performs work, for remuneration, that consists primarily of conducting investigations in order to provide information.

• Examples of the types of information referred to: – (a) the character or actions of a person;

– (b) the business or occupation of a person; and

– (c) the whereabouts of persons or property.


Brief history of Bill 159 - Applicability• A security guard is a person who performs work, for

remuneration, that consists primarily of guarding or patrolling for the purpose of protecting persons or property.

• Examples of the types of work referred to:– (a) acting as a bouncer;

– (b) acting as a bodyguard; and

– (c) performing services to prevent the loss of property through theft or sabotage in an industrial, commercial, residential or retail environment.


Brief history of Bill 159 – NON ApplicationThis Act does not apply to:

• barristers or solicitors engaged in the practice of their profession;

• persons who perform work, for remuneration, that consists primarily of searching for and providing information on,– (i) the financial credit rating of persons,

– (ii) the qualifications and suitability of applicants for insurance and indemnity bonds, or

– (iii) the qualifications and suitability of persons as employees or prospective employees.


Brief history of Bill 159 – NON Application• persons acting as a peace officer;

• insurance adjusters licensed under the Insurance Act while acting in that capacity, and their employees while acting in the usual and regular scope of their employment;

• insurance companies licensed under the Insurance Act and their employees while acting in the usual and regular scope of their employment;


Brief history of Bill 159 – NON Application• persons residing outside Ontario who are licensed

employees of a private investigation agency licensed in a Canadian jurisdiction outside Ontario, who– (i) on behalf of a person outside Ontario, make an

investigation partly outside Ontario and partly within , and

– (ii) come into Ontario solely for the purpose of such investigation;

• persons who are paid for work that consists primarily of providing advice about security requirements but who are not soliciting/procuring services of private investigators or security guards;


Brief history of Bill 159 – NON Application

• persons who receive remuneration for work that consists primarily of providing an armoured vehicle service;

• locksmiths; and

• any class of persons exempted by the regulations (persons authorized to investigate by another Act – i.e. Trustees in bankruptcy).


Brief history of Bill 159 – For Discussion• Is a firm which provides computer security advice a

“security guard” within the meaning of the Act?

• Is a firm which provides actively and continuously security monitoring of a client site a “security guard”?

• Is an individual who performs digital forensics a private investigator?


Brief history of Bill 159 – For Discussion – Still NOT legal advice!

• Is a firm which provides computer security advice a “security guard” within the meaning of the Act? Probably not!

• Is a firm which provides actively and continuously security monitoring of a client site a “security guard”? Probably!

• Is an individual who performs digital forensics a private investigator? Depends - who are they working for (lawyer, Trustee, business)!


Training Requirements - Testing• Every licensee MUST pass an exam (60

multiple choice / 75 minutes) once in professional career

• Separate exam for security guard and private investigator

• If initially licensed AFTER April 15, 2010, must ALSO take prescribed 40** hour training programme (live attendance or live video conference) **50 hours for P.I.


Training Requirements - Renewal• Existing licensees whose licences are

renewed PRIOR to July 16, 2010 may renew ONCE without passing the test

• Existing licencees whose licences are renewable July 16, 2010 and onward MUST take the test prior to renewal


Training Requirements – Curriculum Security Guard (40 classroom hours)

• Introduction to the Security Industry

• The Private Security and Investigative Services Act and Ministry Code of Conduct

• Basic Security Procedures

• Report Writing

• Health and Safety

• Emergency Response Preparation


Training Requirements – Curriculum Security Guard (40 classroom hours)

• Canadian Legal System

• Legal Authorities

• Effective Communications

• Sensitivity Training

• Use of Force Theory

• Emergency Level First Aid Certification


Training Requirements – Curriculum Private Investigator (50 classroom hours)

• Introduction to the Private Investigation Industry

• The Private Security and Investigative Services Act

• Provincial and Federal Statutes

• Criminal and Civil Law

• Investigative Techniques


Training Requirements – Other• Special advanced courses offered for “use of

Force” and other high risk areas.

• Not mandatory for general licencee.


Training Requirements – Curriculum Private Investigator (50 classroom hours)

• Principles of Ethical Reasoning/Decision-making

• Key Principles of Communication and Interaction

• Self-Management Skills


Training Requirements – Rules• Take the test as many times as you wish but pay

each time ($60)

• Must be trained by prescribed organization recognized by Ministry of Community Safety and Correctional Services (MCSCS)

– university

– public/private college,

– licenced training agency


Training Requirements – Rules• Employer can train OWN employees if complies

with MCSCS curriculum and guidelines (posted on MCSCS web site)

• Employer subject to audit and penalties for non compliance

• Must attend class in person or live video and write exam in person not on web

• MCSCS delegates all testing to SERCO


The Exam – Sample questions• A security guard patrolling a mall comes upon a

suspect attempting to pick a lock to a store. The guard should:– Call the police and continue observing the

suspect

– Cordon off the area and ensure video surveillance is working

– Apprehend the suspect using the minimum amount of force

– None of the above


The Exam – Sample questions• A security guard may operate in disguise, if:– Authorized by the employer

– Authorized by the Minister of Community Safety

– As permitted by section 35 of the PSISA

– All of the above


The Exam – Sample questions• A private investigator may be licensed only if the

following condition applies:– Over 21 years of age

– Having a clean criminal record

– Posting a bond with the ministry

– All of the above


IT Security and Digital Forensics• Some considerations when determining if

activity falls within PSISA

– Is the engagement/work being done with, by or for a police force or peace officer?

– Is the engagement/work being done for a lawyer or other professional exempt from PSISA?

– What is the nature of the relationship between the service provider, client and subject (contractual, employee/er, agency)?


IT Security and Digital Forensics• Further considerations:

– Does the work fall under any PSISA exemption (i.e. insurance, security advice)?

– Does the service provider's professional organization recommend or require obtaining a licence under PSISA?


IT Security and Digital Forensics• No clear answer at this time as to whether to

licence or not.

• No definitive case law yet.

• Depends on circumstances.

• However, exam process appears to be a relatively minor inconvenience except for the week or required classroom time.


Privacy Law and the Investigator• PIPEDA being a federal law has paramountcy

over provincial laws• Exceptions to privacy rules about collection, disclosure and

use of personal information:

– Investigation of a possible crime or violation of an Act of Canada or a province

– Related to a federal “work” - federally regulated business or operation

– Request made by specified investigative body (see regulations)

– Re: debt collection


Conclusion• PSISA brings a much needed basic level of

professionalism to the security and investigation profession in Ontario

• Much of the tempest-in-a-tea-pot has been about the perceived burden of 40 hours training and one time testing and the associated costs – but these appear relatively minor

• IT security professionals may be caught in the PSISA net if their work falls within the definitions


Questions?


Contact Information• Karen Blau - [email protected]

• (905) 508-6946

• Jerrard Gaertner - [email protected]

• (416) 963-7147

karen blau director, scout intelligence inc. jerrard gaertner, ca·cisa/it, cgeit, cissp, cipp/it,...

Documents

security training slide

security services

private security

security profession

security guards

training requirements

psisa regulations

security digital forensics