karen blau director, scout intelligence inc. jerrard gaertner, ca·cisa/it, cgeit, cissp, cipp/it,...
TRANSCRIPT
Karen Blau Director, Scout Intelligence Inc.
Jerrard Gaertner, CA·CISA/IT, CGEIT, CISSP, CIPP/IT, CFI, I.S.P., ITCP Director, Technology Assurance Services, Soberman LLP
Moderator: Eric Green Programme Director, SC World Congress
Latest Regulations - Bill 159 and Security Training
Latest Regulations - Bill 159 and Security Training
NOT LEGAL ADVICE• Neither Karen Blau nor Jerrard
Gaertner are lawyers.
• This presentation is NOT legal advice.
• Always consult your solicitor or legal advisor if in doubt.
Latest Regulations - Bill 159 and Security Training
Introductions
• Speaker – Karen Blau, Director
• Scout Intelligence Inc.
• Author - Jerrard Gaertner, Director
• Soberman LLP, Chartered Accountants
• Moderator – Eric Green – SC World Congress
Latest Regulations - Bill 159 and Security Training
Agenda
• Brief history of Bill 159
• Training requirements in detail
• Bill 159, IT security & digital forensics
• A few comments about PIPEDA et al.
• Conclusion and Q & A
Latest Regulations - Bill 159 and Security Training
Brief history of Bill 159 - Aims
• Public hearings as far back as 2000– To professionalize security services, including
private investigators
– To protect the public interest through licensing, training and a new code of ethics
– To ensure license portability
– To establish knowledge standards for CPR and use of force
– To establish standrards for uniforms, equipment, vehicles
Latest Regulations - Bill 159 and Security Training
Brief history of Bill 159 - Enactment
• Enacted 2005 (Ontario) as Private Security and Investigative Services Act (SO 2005, c. 34) (PSISA)
• Regulations for LICENSING enacted 2007
• Regulations regarding TRAINING and TESTING exacted late 2009 and effective April 2010
Latest Regulations - Bill 159 and Security Training
Brief history of Bill 159
• First substantive change to the security profession since 1966!
• Considerable industry opposition at first because of perceived extra costs and regulatory burden for employers
• No grandfathering provisions with respect to testing – some existing practitioners angry
Latest Regulations - Bill 159 and Security Training
Brief history of Bill 159 - Applicability• This Act applies to private investigators and to
security guards.
• A private investigator is a person who performs work, for remuneration, that consists primarily of conducting investigations in order to provide information.
• Examples of the types of information referred to: – (a) the character or actions of a person;
– (b) the business or occupation of a person; and
– (c) the whereabouts of persons or property.
Latest Regulations - Bill 159 and Security Training
Brief history of Bill 159 - Applicability• A security guard is a person who performs work, for
remuneration, that consists primarily of guarding or patrolling for the purpose of protecting persons or property.
• Examples of the types of work referred to:– (a) acting as a bouncer;
– (b) acting as a bodyguard; and
– (c) performing services to prevent the loss of property through theft or sabotage in an industrial, commercial, residential or retail environment.
Latest Regulations - Bill 159 and Security Training
Brief history of Bill 159 – NON ApplicationThis Act does not apply to:
• barristers or solicitors engaged in the practice of their profession;
• persons who perform work, for remuneration, that consists primarily of searching for and providing information on,– (i) the financial credit rating of persons,
– (ii) the qualifications and suitability of applicants for insurance and indemnity bonds, or
– (iii) the qualifications and suitability of persons as employees or prospective employees.
Latest Regulations - Bill 159 and Security Training
Brief history of Bill 159 – NON Application• persons acting as a peace officer;
• insurance adjusters licensed under the Insurance Act while acting in that capacity, and their employees while acting in the usual and regular scope of their employment;
• insurance companies licensed under the Insurance Act and their employees while acting in the usual and regular scope of their employment;
Latest Regulations - Bill 159 and Security Training
Brief history of Bill 159 – NON Application• persons residing outside Ontario who are licensed
employees of a private investigation agency licensed in a Canadian jurisdiction outside Ontario, who– (i) on behalf of a person outside Ontario, make an
investigation partly outside Ontario and partly within , and
– (ii) come into Ontario solely for the purpose of such investigation;
• persons who are paid for work that consists primarily of providing advice about security requirements but who are not soliciting/procuring services of private investigators or security guards;
Latest Regulations - Bill 159 and Security Training
Brief history of Bill 159 – NON Application
• persons who receive remuneration for work that consists primarily of providing an armoured vehicle service;
• locksmiths; and
• any class of persons exempted by the regulations (persons authorized to investigate by another Act – i.e. Trustees in bankruptcy).
Latest Regulations - Bill 159 and Security Training
Brief history of Bill 159 – For Discussion• Is a firm which provides computer security advice a
“security guard” within the meaning of the Act?
• Is a firm which provides actively and continuously security monitoring of a client site a “security guard”?
• Is an individual who performs digital forensics a private investigator?
Latest Regulations - Bill 159 and Security Training
Brief history of Bill 159 – For Discussion – Still NOT legal advice!
• Is a firm which provides computer security advice a “security guard” within the meaning of the Act? Probably not!
• Is a firm which provides actively and continuously security monitoring of a client site a “security guard”? Probably!
• Is an individual who performs digital forensics a private investigator? Depends - who are they working for (lawyer, Trustee, business)!
Latest Regulations - Bill 159 and Security Training
Training Requirements - Testing• Every licensee MUST pass an exam (60
multiple choice / 75 minutes) once in professional career
• Separate exam for security guard and private investigator
• If initially licensed AFTER April 15, 2010, must ALSO take prescribed 40** hour training programme (live attendance or live video conference) **50 hours for P.I.
Latest Regulations - Bill 159 and Security Training
Training Requirements - Renewal• Existing licensees whose licences are
renewed PRIOR to July 16, 2010 may renew ONCE without passing the test
• Existing licencees whose licences are renewable July 16, 2010 and onward MUST take the test prior to renewal
Latest Regulations - Bill 159 and Security Training
Training Requirements – Curriculum Security Guard (40 classroom hours)
• Introduction to the Security Industry
• The Private Security and Investigative Services Act and Ministry Code of Conduct
• Basic Security Procedures
• Report Writing
• Health and Safety
• Emergency Response Preparation
Latest Regulations - Bill 159 and Security Training
Training Requirements – Curriculum Security Guard (40 classroom hours)
• Canadian Legal System
• Legal Authorities
• Effective Communications
• Sensitivity Training
• Use of Force Theory
• Emergency Level First Aid Certification
Latest Regulations - Bill 159 and Security Training
Training Requirements – Curriculum Private Investigator (50 classroom hours)
• Introduction to the Private Investigation Industry
• The Private Security and Investigative Services Act
• Provincial and Federal Statutes
• Criminal and Civil Law
• Investigative Techniques
Latest Regulations - Bill 159 and Security Training
Training Requirements – Other• Special advanced courses offered for “use of
Force” and other high risk areas.
• Not mandatory for general licencee.
Latest Regulations - Bill 159 and Security Training
Training Requirements – Curriculum Private Investigator (50 classroom hours)
• Principles of Ethical Reasoning/Decision-making
• Key Principles of Communication and Interaction
• Self-Management Skills
Latest Regulations - Bill 159 and Security Training
Training Requirements – Rules• Take the test as many times as you wish but pay
each time ($60)
• Must be trained by prescribed organization recognized by Ministry of Community Safety and Correctional Services (MCSCS)
– university
– public/private college,
– licenced training agency
Latest Regulations - Bill 159 and Security Training
Training Requirements – Rules• Employer can train OWN employees if complies
with MCSCS curriculum and guidelines (posted on MCSCS web site)
• Employer subject to audit and penalties for non compliance
• Must attend class in person or live video and write exam in person not on web
• MCSCS delegates all testing to SERCO
Latest Regulations - Bill 159 and Security Training
The Exam – Sample questions• A security guard patrolling a mall comes upon a
suspect attempting to pick a lock to a store. The guard should:– Call the police and continue observing the
suspect
– Cordon off the area and ensure video surveillance is working
– Apprehend the suspect using the minimum amount of force
– None of the above
Latest Regulations - Bill 159 and Security Training
The Exam – Sample questions• A security guard may operate in disguise, if:– Authorized by the employer
– Authorized by the Minister of Community Safety
– As permitted by section 35 of the PSISA
– All of the above
Latest Regulations - Bill 159 and Security Training
The Exam – Sample questions• A private investigator may be licensed only if the
following condition applies:– Over 21 years of age
– Having a clean criminal record
– Posting a bond with the ministry
– All of the above
Latest Regulations - Bill 159 and Security Training
IT Security and Digital Forensics• Some considerations when determining if
activity falls within PSISA
– Is the engagement/work being done with, by or for a police force or peace officer?
– Is the engagement/work being done for a lawyer or other professional exempt from PSISA?
– What is the nature of the relationship between the service provider, client and subject (contractual, employee/er, agency)?
Latest Regulations - Bill 159 and Security Training
IT Security and Digital Forensics• Further considerations:
– Does the work fall under any PSISA exemption (i.e. insurance, security advice)?
– Does the service provider's professional organization recommend or require obtaining a licence under PSISA?
Latest Regulations - Bill 159 and Security Training
IT Security and Digital Forensics• No clear answer at this time as to whether to
licence or not.
• No definitive case law yet.
• Depends on circumstances.
• However, exam process appears to be a relatively minor inconvenience except for the week or required classroom time.
Latest Regulations - Bill 159 and Security Training
Privacy Law and the Investigator• PIPEDA being a federal law has paramountcy
over provincial laws• Exceptions to privacy rules about collection, disclosure and
use of personal information:
– Investigation of a possible crime or violation of an Act of Canada or a province
– Related to a federal “work” - federally regulated business or operation
– Request made by specified investigative body (see regulations)
– Re: debt collection
Latest Regulations - Bill 159 and Security Training
Conclusion• PSISA brings a much needed basic level of
professionalism to the security and investigation profession in Ontario
• Much of the tempest-in-a-tea-pot has been about the perceived burden of 40 hours training and one time testing and the associated costs – but these appear relatively minor
• IT security professionals may be caught in the PSISA net if their work falls within the definitions
Latest Regulations - Bill 159 and Security Training
Questions?
Latest Regulations - Bill 159 and Security Training
Contact Information• Karen Blau - [email protected]
• (905) 508-6946
• Jerrard Gaertner - [email protected]
• (416) 963-7147