VIPSS 2025: At the Nexus of Privacy, Security, and Emerging Tech
By Laith Sarhan
Last week, I had the opportunity to attend the Victoria International Privacy & Security Summit (VIPSS) 2025. The event was a convergence point for a diverse and engaged group of cybersecurity professionals, privacy experts, legal minds, and representatives from various public sector agencies. There was a ton of urgent collaboration at the intersection of technology, regulation, and human rights in our increasingly digital world.
Several themes emerged throughout the sessions, painting a picture of a future demanding proactive adaptation and cross-disciplinary partnership.
The Twin Revolutions: AI and Quantum Computing on the Horizon
A sense of overwhelming technological acceleration permeated most sessions. Folks particularly flagged the convergence of Artificial Intelligence (AI) and quantum computing. As we experience, our daily encounters with AI breakthroughs only foreshadow a future arriving faster than anticipated. This rapid advancement brings the prospect of "Q-Day"—the day quantum computers become powerful enough to break current classical encryption standards—into sharper focus.
Several session speakers talked about the profound implications Q-Day holds for global security, financial systems, and fundamental data privacy. The discussion wasn't just theoretical; it centered on actionable strategies for transitioning to quantum-resistant cryptographic standards. The panel stressed the necessity of starting now to understand the timelines, develop preparedness frameworks, and foster collaborative approaches to mitigate these existential risks while simultaneously exploring the potential benefits of quantum advancements.
The consensus was clear: proactive planning for a secure quantum future is no longer optional, but imperative, especially as AI development continues its exponential trajectory, potentially creating a "twin revolution" scenario that will reshape our technological landscape.
Bridging the Silos: The Imperative of Privacy and Security Collaboration
There was also a recurring theme around the need for better collaboration between privacy and security professional. The traditional silos are becoming untenable. As data collection and usage become more complex, particularly fueled by AI, robust cybersecurity practices like the principle of least privilege and zero-trust architectures are not just security measures but also becoming essential components of effective privacy management.
One of the most compelling keynotes vividly talked about the overwhelming complexity defenders face, grappling with nuanced controls across sprawling hybrid environments—from traditional data centers to cloud, virtual, containerized, and serverless architectures. This complexity is the enemy of effective security, creating vulnerabilities that adversaries exploit.
Based on the risks of complexity, organizations must change how they defend, adopting dynamic, adaptable strategies. This perfectly aligns with the need for cross-functional teams where privacy and security insights inform each other, enabling faster, more iterative development cycles. Furthermore, there is potential for AI to act as an "on-the-job coach," to help professionals quickly grasp concepts from adjacent disciplines.
Canadian Privacy Landscape: Stalled Reforms and the Search for Pressure Points
While the technological frontiers are advancing rapidly, the summit also spoke critically on the state of Canada's privacy framework, revealing significant challenges and a sense of frustration. A key takeaway, echoed in multiple sessions, is that many organizations lack sufficient pressure – either regulatory or societal – to truly innovate and invest meaningfully in privacy-enhancing practices.
Privacy lawyers mourned the likely failure of the federal government's Digital Charter Implementation Act and the fact that this leaves Canada's private sector privacy law, PIPEDA, as the primary legislation governing AI development and deployment – a potential gap given the technology's proliferation. The discussion explored the implications of this legislative inertia and debated necessary steps forward for any future government.
This legislative vacuum exists alongside a rising tide of litigation. Increases in cyberattacks and evolving legal theories (potentially allowing damages without proof of specific harm) are fueling class action activity, making robust risk mitigation strategies crucial for organizations.
Against this backdrop, BC Information and Privacy Commissioner Michael Harvey's Keynote Address on "Consent in a Big Data Age" felt timely. Harvey argued against the notion that the consent model is broken, advocating instead for its reinforcement as a rights-centric keystone of privacy law, especially vital for placing guardrails around AI data collection. While acknowledging the need for supplementary legal authorizations, he stressed that prioritizing a robust, rights-respecting consent framework can build trust and empower individuals without unduly hindering innovation.
Collectively, these sessions painted a picture where significant change is needed. Without stronger, more punitive regulatory frameworks or a significant societal shift in demanding better privacy practices – potentially driven by public education – meaningful progress and investment in privacy innovation may lag.
Conclusion
VIPSS 2025 was a thought-provoking and energizing summit. It highlighted the interconnectedness of privacy, security, AI ethics, and looming technological shifts like quantum computing. The key takeaways underscore the urgency for organizations to break down internal silos, foster deep collaboration between privacy and security teams, proactively prepare for quantum threats, and champion robust, rights-based approaches to data governance.
While facing challenges like stalled legislative reform, the collective expertise and commitment shown at VIPSS provide optimism that through continued dialogue, strategic planning, and potentially increased regulatory or public pressure, we can navigate the complexities ahead and build a more secure and privacy-respecting digital future.