EXCHANGE EXCHANGE is is aa quarterly quarterly magazine magazine published published by by the the Local Local Government Government Management Management Association Association (LGMA) (LGMA) of of British British Columbia. Columbia. It’s It’s about about sharing sharing information, information, exchanging exchanging ideas ideas on on best best practices, practices, enhancing enhancing professional professional development development and and building building networks. networks. Reach Reach us us at at www.lgma.ca. www.lgma.ca.
CYBER SECURITY TIPS
P13
ADVENTURES IN PRIVACY
P14
FCM OVERSEAS MISSIONS
P17
FALL 2016
Cyber Security: Is Your Data Safe?
P6
Comprehensive legal services for municipalities and regional districts throughout British Columbia. We help to lay the foundation for growth and success in large and small communities across the province by supplying local governments with the legal advice and strategic support required to help them carry out their mandates.
VANCOUVER OFFICE
KELOWNA OFFICE
1616–808 Nelson Street Box 12147 – Nelson Square Vancouver, BC V6Z 2H2 T: 604.689.7400 F: 604.689.3444 Toll Free: 1.800.665.3540
201–1456 St. Paul Street Kelowna, BC V1Y 2E6 T: 250.712.1130 F: 250.712.1180 www.younganderson.ca
Update In this Issue President’s Report Executive Director’s Report Case of Interest Members Page Our Town
Professional Development 2 3 4 5 23 24
Tips & Tactics: Improving Your Cyber Security
13
Adventures in Privacy
14
Programs & Events
23
6 Cyber Security: Is Your Data Safe?
Exchange is the magazine for members of the Local Government Management Association of British Columbia. Exchange is distributed quarterly to over 900 members of the LGMA, as well as Mayors and Regional District Chairs.
Local governments today face a range of cyber threats, from phishing and malware to distributed denial of service attacks. What can they do to protect their data – and the privacy of their citizens?
Adventures in Privacy: Saanich Shares Lessons Learned
Exchange is printed on Sappi Flo, an FSC® Certified 10% post-consumer recycled paper at Island Business Print Group.
LGMA Office: 7th Floor 620 View Street Victoria, BC V8W 1J6 Telephone: 250.383.7032 Fax: 250.383.4879 Email: office@lgma.ca Web: www.lgma.ca Contact the Editor: Email: editor@lgma.ca
Cover Illustration: Meriel Jane Waissman/Getty Images
Promoting Professional Management & Leadership Excellence in Local Government
14 Every day is an adventure in privacy, as Saanich has learned through its efforts to improve its already advanced privacy management system. The District shares its lessons learned through the process.
17 Sharing Experiences in Peru and Colombia Travel to South America with LGMA members and staff, who relate their experiences supporting local governments in Peru and Colombia on a mission with the Federation of Canadian Municipalities.
1
24 Our Town: Cumberland Find out how this village of 3,900 on Vancouver Island has transformed from a town that time forgot to a place where everyone wants to be.
IN THIS ISSUE
What stands out clearly for both cyber security and privacy protection is that each member of the organization holds responsibility for supporting the protection of information.
yber security has its own language and some intimidating threats and consequences. We all appreciate the many benefits from new technology and the capacity to store data electronically, but with those benefits comes a steady increase in pressure on organizations related to how they protect that data. It’s also a false assumption to think that information technology (IT) departments own the responsibility for protecting data. The fact is, every individual in the organization holds that responsibility, and some of the greatest risk areas are from individual actions that are easily preventable by staying informed and aware of how to block attacks through email or other direct contact.
C
The impacts of cyber security attacks hit close to home recently when I heard from friends and family who had been fooled by phone calls advising them that their computers were at risk. The callers are sophisticated and easily trick people into opening up their computers to be “fixed” as they download financial information and other personal data. If they successfully access personal data, you have to deal with cancelling credit cards, changing banking security information, and many other hassles related to identity theft. When you assess the damage that results from a breach of one person’s data, the magnitude of the potential damages stemming from a breach of an organization that holds data for hundreds or even thousands of people becomes clear. As I worked on the feature story, Cyber Security: Is Your Data Safe? I was shocked by the range of threats that exist today and continue to emerge and evolve to be more sophisticated. At first, it was intimidating to learn how difficult it is to anticipate where threats will come from and the shape they may take. Then it was discouraging to realize that most local government organizations don’t have the resources or capacity in place today to deal with the onslaught. And then it was reassuring to find out that 80 per cent of threats can be addressed with some basic steps that are affordable and manageable. Even better, there is a plethora of resources available through the provincial and federal governments, and through associations that focus on cyber security, to support policy development and provide advice and assistance to local governments.
It was also interesting to hear from the District of Saanich as they shared their journey on how to improve policies and processes to protect privacy. They provide excellent advice based on experience that others in local government can apply in their organizations. I noted that Saanich emphasized that it’s essential to have the policies in place, but it’s also critical to provide training and raise awareness to keep those policies and related processes top-of-mind at all levels of the organization. What stands out clearly for both cyber security and privacy protection is that each and every member of an organization holds responsibility for supporting the protection of information. We certainly need to be more conscious of how various threats like phishing work, and it’s amazing that we can nullify a threat a lot of the time simply by being able to spot it in advance. It’s also important to be conscientious about the information we collect, how it’s used and how it’s protected. Thanks to the advice from the experts in this edition, our fall Exchange provides an excellent resource that can be applied in the workplace as well as in how we manage our personal information. My thanks go to those who contributed their input and advice – I know I’ll be using these tactics at home and in my office. Therese Mickelson, ABC Editor Upcoming themes for Exchange: Winter 2017 Affordable Housing: Challenges and Opportunities
Promoting Professional Management & Leadership Excellence in Local Government
2
PRESIDENT’S REPORT
Continuing education has always been a motivating and driving force behind the good work that LGMA does.
GMA is not just about delivering events. Perhaps in the past, the annual conference was the primary focus along with our MATI work. Today we have evolved to become a fullyfledged learning organization with a multitude of programs, supports and resources. We have become a trusted advisor on local government matters. We develop strategic partnerships to leverage our capacity and to take advantage of the skills and abilities that those partners bring to the table. We have a small and nimble leadership board and staff team, and we readily adjust to dynamic change.
L
Continuing education has always been a motivating and driving force behind the good work that LGMA does. That’s why I am proud of the steps the LGMA Board is taking to model the way. This year, the Board members made a commitment to pursue their own continuing professional development through the Canadian Society of Association Executives (CSAE). We have since participated in a webinar series on best practices for association boards, and I am pleased that our Board members have also agreed to volunteer time out of their busy schedules for a full day of CSAE work prior to the December meeting. This day will be focused on Robust Not for Profit Governance and will help the Board and our staff continue to improve and grow. I’m looking forward to more professional development becoming regular business in the future. I’m also excited about our plan to continue learning and improving over the next year through an exciting initiative to help us be more responsive to our members. The Board has asked our Professional Development and Education Committee to look to the future and develop a strategic three- to five-year Education Plan and Financial Plan framework. Inspiring this vision is our commitment to take another step forward in being deeply responsive to the changing environment we operate in.
Promoting Professional Management & Leadership Excellence in Local Government
3
It’s a significant leadership challenge, and one that will chart a path for us to change and improve the services we provide and the way that we do business over the next few years. That work is already underway, and we hope to have something to share with the membership in the new year. On a personal note and following along the educational theme, one of my favourite roles over the past six years with LGMA has been as a member of the MATI Foundations Committee. This is one of the LGMA’s longest-running educational committees, and I’ve very much enjoyed working with my colleagues to bring MATI programs forward. My term is ending along with those of committee members Sonia Santarossa and Gavin Joyce, and I wanted to take this opportunity to thank both Sonia and Gavin for their volunteer commitment and contributions to the committee’s work. With these three vacancies, there is another opportunity for you to be involved and give back to your peers. The Board will be calling for volunteers in September, and I encourage our members to consider putting their name forward for this rewarding assignment. Look for an announcement at www.lgma.ca and our Twitter feed @lgma. This is an exciting and challenging time for our profession and local government in British Columbia. Being a learning organization is fundamental to our future success in such a dynamic environment. In taking up this leadership challenge, we can chart a successful path forward together. Paul Murray President
EXECUTIVE DIRECTOR’S REPORT
As we head into our second century as an association, your Board and staff have started to chart the way forward, reflecting the changing needs of local government professionals to be able to continue to support you.
id you know that the LGMA will turn 100 years old in 2019? It’s pretty amazing to think about how long the LGMA has been serving local government professionals and providing the training and professional development they need to excel in their jobs! We’re already beginning to think about how we’re going to celebrate this incredible milestone.
D
The latter three bullets point to the fact that our communications and the information we share about the LGMA may not be reaching many mid- and entry-level staff. This has us wondering if we should be considering a New Professional category of membership to be sure we are connecting with those early in their careers. We’d like to hear your thoughts on this potential new membership category.
We’ve been very lucky this summer to have Daniel Fowler, a University of Victoria history student, working on a co-op assignment to organize a historical review of our past 100 years. Daniel’s research has shown that over the past century, much has stayed the same in terms of how the LGMA defines its role and conducts professional development and training.
We also asked some questions about potential new services.
That said, over the decades, the role of local government and local government staff has changed significantly, and the LGMA has had to be adaptive, nimble, flexible and responsive to adjust its programs to ensure it remains relevant. As we head into our second century as an association, your Board and the staff team have started to chart the way forward, reflecting the changing needs of local government professionals to be able to continue to support you, no matter what stage you are at in your career or what position you hold. The LGMA Strategic Plan for 2014-19 highlights the principles guiding our work, including adapting to the needs of local government professionals while remaining focused on our core strengths of professional training and networking. Over this past May and June, we invited local government professionals, both members and non-members, to tell us more about the training and services they need and want now and into the future, and where they would like to see the LGMA focus its professional development efforts. We have posted the results to our website. There were some interesting trends that emerged from the survey and from the feedback we also received at our Annual Conference in Nanaimo. Here is a brief summary of what we learned about the respondents: • Nearly 45 per cent were in the broad area of Administration. • Sixty-five per cent were in senior management. • Fifty-five per cent have worked fewer than five years in their current roles. • Fifty-seven per cent have worked more than 10 years in local government in B.C. • About 50 per cent were not aware of LGMA member services, consistent with the results of the 2014 educational needs survey.
• Sixty-seven per cent thought mediation services would be helpful to improve relations between Board and/or Council members, and between elected officials and staff; this mirrors the feedback that there is a decline in respectful communications across all aspects of local government activities. • Respondents also thought executive coaching would be valuable. We hear, anecdotally, that the workplace is becoming more stressful and that stronger leadership, communications and personal management skills are needed to manage that stress. • Nearly 50 per cent of respondents are interested in services to support them through stressful periods or workplace trauma. We are continuing explore what that support might look like, including partnering with the BC Municipal Safety Authority to see if there is a joint service we can develop to better assist our members. One of the strongest themes focused on a formal mentoring program. • Seventy-two per cent think a formal mentoring program is needed. • Forty-six per cent said they would volunteer to be a mentor. Those are significant numbers of both those who would like formal mentoring and those who are willing to assist as mentors. Thank you to those who shared your views and ideas. We are going to look very closely at how to develop a formal program for the future. Stay tuned for continued conversations about our member services and training through our discussion forums, social media, focus groups and further evaluations. We also always like to hear feedback on what’s changing or what needs to change. Have a good fall and I look forward to seeing many of you at LGMA or Chapter events! Nancy Taylor Executive Director Promoting Professional Management & Leadership Excellence in Local Government
4
By Ryan Bortolin and Marie Watmough Stewart McDannold Stuart
CASE of INTEREST
Employer Liability for Data Breaches ncidents of data breaches involving the disclosure of personal information by public bodies are frequently in the news. Data breaches can occur in several different circumstances, including as a result of employee misconduct. In addition to the negative publicity and loss of public confidence that can result from breaches, there is the potential for lawsuits from individuals whose personal information has been disclosed, as is illustrated by the recent B.C. Court of Appeal case in Ari v. Insurance Corporation of British Columbia.
I
Ari is a class action lawsuit that was launched against ICBC after one of its employees improperly accessed the personal information of more than 60 ICBC customers. The class action was filed based on alleged breaches of both the Privacy Act and the Freedom of Information and Protection of Privacy Act (FOIPPA). Section 1 of the Privacy Act creates a cause of action for breach of privacy when a person “wilfully and without a claim of right” violates the privacy of another. The pleadings in Ari included a claim that ICBC is vicariously liable for its employee’s wilful privacy violations. In regards to FOIPPA, the lawsuit included a claim that ICBC is liable for damages because of an alleged breach of section 30 of FOIPPA, which requires a public body to make reasonable security arrangements to protect personal information against unauthorized access. ICBC made an application to have the class action struck on the basis that it was plain and obvious that the Privacy Act does not allow for claims based on vicarious liability, and that a breach of a statutory duty under FOIPPA does not create a cause of action. When the application was heard in the B.C. Supreme Court, the judge hearing the matter agreed that while the action under FOIPPA should be dismissed, it was not plain and obvious that the claim under the Privacy Act action would fail. As a result, the action was permitted to go forward on the basis of an alleged breach of the Privacy Act. The Court of Appeal upheld that ruling, and the class action is scheduled for a certification hearing in 2017. The issue under the Privacy Act was whether claims based in vicarious liability could succeed, given that section 1 of the act creates a cause of action where a person “wilfully” violates the privacy of another.
Promoting Professional Management & Leadership Excellence in Local Government
5
“In addition to the negative publicity and loss of public confidence that can result from data breaches, there is the potential for lawsuits.” ICBC argued that the use of the word “wilfully”meant that a cause of action could only be established against a person who knowingly violated the privacy of another, and therefore could not be established on the basis of vicarious liability, where an employer is held liable for the acts of an employee not on the basis of the employer’s own fault, but on the basis that the employer is the person ultimately responsible for the employee’s activities. In finding that it was possible to hold an employer vicariously liable in these circumstances, the Court of Appeal noted that the use of the word “wilfully” does not clearly preclude a plaintiff from recovering damages on the basis of vicarious liability. The Court stated that while employers are not generally found to be vicariously liable for the intentional and deliberate wrongdoing of employees, this can occur in some circumstances. Therefore, the fact that the Privacy Act requires proof of deliberate wrongdoing in order for liability to arise did not preclude a finding of vicarious liability. The Court of Appeal confirmed that there is no tort for breach of a statutory duty for the claim based on an alleged breach of FOIPPA. Rather, liability for the release of personal information would have to be considered in the context of a claim in negligence. The Court found that the comprehensive dispute resolution framework in FOIPPA precludes a claim in negligence based solely on a breach of the act. This result contains both good and bad news for local governments. While the Court of Appeal has left open the door for vicarious liability under the Privacy Act, it has confirmed that there is no cause of action in damages available against a public body resulting solely from a failure to comply with FOIPPA. This case serves as an important reminder to public bodies to have robust privacy policies in place and emphasizes the importance of monitoring and enforcing these policies to prevent privacy breaches.
CYBER SECURITY: Is Your Data Safe?
By Therese Mickelson, ABC
Promoting Professional Management & Leadership Excellence in Local Government
6
When it comes to protecting information, a locked file cabinet simply doesn’t cut it anymore. hese days, most information is stored in digital format, and there’s no such thing as a key or a perfect system to keep everything locked up safely. Information even has a new name. Most often it’s no longer referred to as a file, report or information materials. Now it’s called data, and that data faces a steady barrage of threats that circulate and evolve in the cyber world.
T
The nature of the threats varies and can take multiple forms. A few of the common threats plaguing the public and private sectors today include: social engineering techniques that manipulate people into sharing personal information (e.g. phishing), malware that gives hackers access to your computer, ransomware that hijacks your computer unless you pay a “ransom,” distributed denial of service (DDoS) attacks that flood a network to shut it down, and advanced persistent threats that involve hacking a network undetected for long periods of time. It’s equally difficult to pinpoint the culprits, as you’re just as likely to experience a cyber attack from a juvenile hacker or hacktivists with a cause as from organized crime and cyber terrorists. However, a disturbing number of attacks today come from organized crime and have a financial motive. Regardless of the source or type of attack, the impact on organizations and their critical infrastructure can be catastrophic. For local governments, cyber attacks are not only a threat to infrastructure (like water and sewer systems) and to their day-to-day business, but they also jeopardize the security of the confidential information in their care – including citizens’ personal data. Just recently, a municipality in northern Alberta had to cut itself off from all Internet access and is working to recover from a hack of its systems that has likely compromised personal data, including financial information. This sensitive personal data can be sold on the black market or used for identity theft. Cyber criminals can also use the information they obtain to impersonate the local government in attacks on individuals and other organizations. These attacks, which may come in the form of an emailed link that sends someone to a phony website, are often quite successful because they will appear to have come from a trusted source – local government. “When you consider the impact on citizens when their data is stolen, it’s more than just the reputation of your organization,” says David Izzard, Cyber Security Manager, City of Surrey. “You could ruin a person’s life if their data is stolen. I think we need to care more about the impact on our citizens.” Promoting Professional Management & Leadership Excellence in Local Government
7
“The reality is that the attackers are well-funded and have better resources than our organizations, because for them it’s a game of money.” David Izzard
See page 12 for cyber security definitions With so many different threats, and the fact that they continue to change with newer, more advanced threats emerging all the time, it’s daunting to realize that most organizations are always going to be one step – or more – behind the attackers. “The reality is that the attackers are well-funded and have better resources than our organizations because for them it’s a game of money,” says Izzard. “So we’re always playing catch up and dealing with a new type of attack. You need a layered defense – or defense in depth – because there’s no such thing as one solution that fits all.” Not only is it impossible to find the silver bullet that will demolish all threats, it’s also dangerous to focus on just the latest threat to information security. “I would caution organizations against tunnel vision on specific threats like ransomware as it’s not the only nor the most severe threat,” says Gary Perkins, Executive Director and Chief Information Security Officer for the Province of British Columbia. “If your security program only consists of preventions against a single threat, by definition it will be incapable of defending against the variety of other threats organizations face today.” Organizations are increasingly required to refine their technical and non-technical controls, and it takes continuous due diligence in the form of policies, procedures and technical measures like firewalls to help reinforce protective barriers and keep information safe. Equally frustrating is the knowledge that with each threat addressed, multiple others are looming and a breach is always a possibility, which makes response plans just as essential as preventative measures. Continued on page 8
Cyber Security: Is Your Data Safe? Continued from page 7
Unfortunately, even with all of these threats looming and the continuous warnings stemming from security breaches in other organizations, most local governments do not have sufficient security measures in place. This gap may be due to many factors. For some, it’s lack of funding or in-house expertise. In other cases, elected officials and executive management do not rate information security as a priority. And in others, it may be a misconception that local governments will not generally be targeted because they don’t have anything of value worth stealing – or hacking. “Many organizations have failed to take this threat seriously,” says Perkins. “More and more, I find my role is helping people find religion around security before there is an incident. After a breach, it’s much easier.” The complexity of the challenges and the technical expertise required is also a significant barrier for many organizations. Many local governments don’t even have their own Information Technology (IT) staff, let alone someone with expertise dedicated to cyber security. “If you looked at cyber security 10 years ago, you would find that you needed five to six skill sets to do well, and now those skill sets are in the hundreds,” says Izzard. “No one can have all the skill sets readily on hand, but the industry is growing to include the full mix, including
“Just doing the basics can stop 80 per cent of the problems. You take a risk-based approach for your organization.” analysts, risk assessors, incident responders and others – cyber security has become a domain in and of itself.” When you put together the continuous and escalating threat level, the challenges to implement effective protective measures and the barriers affecting local governments, the view of cyber security may seem quite grim. Fortunately, there are measures local governments can apply that do not need to cost a lot of money and will significantly improve their cyber security position. “There are measures we call hygiene and compliance level controls, and not all of them are technical,” says Perkins. “Just doing the basics can stop 80 per cent of the problems. You take a risk-based approach for your organization and develop a plan that addresses the specific threats your organization faces.”
Promoting Professional Management & Leadership Excellence in Local Government
8
Perkins recommends that organizations implement the following procedural or non-technical controls to mitigate risk: • Information Security Policy: Identify what employees may and may not do that will impact risk to systems and data. • Risk Register: Consciously identify and document physical and logical risks to systems and data, and plans to treat these risk areas. • Risk Assessments: Examine risk each time a new system is introduced or upon material change to an existing system. • Incident Response Plan: Develop a plan to respond to inevitable security incidents in a consistent and repeatable way. • Incident Response Team: Identify a team that is dedicated, virtual or on retainer with a third-party provider to respond to security incidents. • Security Education and Awareness: Raise awareness of security matters with staff as they often represent the easiest method for attackers to gain unauthorized access to systems and data. Some of the basic technical security controls include the following: • Firewall: Use a modern version that is designed to prevent illegitimate network traffic. • Intrusion Prevention: Install sensors to prevent unauthorized access to networks and data.
Promoting Professional Management & Leadership Excellence in Local Government
9
• Website Content Filtering: Use a system to detect employee access to inappropriate and infected websites. • Email Content Filtering: Use a system to detect infected email and spam messages. • Anti-virus/Malware: Install software to detect malware and viruses on workstations and servers. For some organizations, even implementing these basic steps can be a challenge, particularly in smaller organizations where there is no in-house IT support, but Perkins notes that most of the basics can be put in place without excessive costs. For instance, there are examples of procedural and non-technical controls available online at SANS (www.sans.org), NIST (www.nist.gov), and ISACA (www. isaca.org). The provincial government offers complimentary products including a weekly Security News Digest, online quizzes, and free one-day security conferences that are webcast twice a year. As well, the Province offers education and awareness materials on its website and provides its information security policy as an example for others to use as a resource. (See Tips and Tactics on page 13.) There is also the Privacy and Security conference held every February in Victoria that, while not free, is very affordable. Continued on page 10
Cyber Security: Is Your Data Safe? Continued from page 9
Perkins notes that many attacks can be prevented by using strong passwords that are not shared with others and by teaching people not to click on suspicious links and email attachments. He also recommends an exercise for prioritizing where to focus cyber security resources. The exercise involves identifying the systems and data that are most valuable, reviewing the security controls for each, and assessing whether the security controls are sufficient to mitigate the risk to an acceptable level. “My point isn’t that you need to have a large security team,” says Perkins. “But you must have someone doing security on your behalf. With the frequency and sophistication of threats, organizations cannot opt out of security. As public servants, it is our responsibility to protect the infrastructure and data entrusted to us by the citizens of British Columbia.” Izzard agrees that cyber security can be a significant challenge for many local governments, but that as technology for cloud computing improves, there may be opportunities to leverage the added security that comes with them. “I see the cloud being a cyber security measure for smaller municipalities as it’s tough for a small local government to build
the same level of security into their infrastructure and processes that you can get out of the cloud,” says Izzard. “In the early days of cloud, you were releasing control of data and didn’t know what the security would be, but today, cloud security can be better. Just remember that not all clouds are created equally, and you pay a premium for extra security.” Gary Perkins
While cloud services may offer a viable and more secure option, local governments need to be very careful about selecting them. Those interested in protecting data should focus on securing, encrypting and protecting information. For local governments in British Columbia, it’s also essential to ensure that the cloud and its backup are stored on servers within Canada to adhere to provincial privacy legislation. Izzard notes that there are some new vendors coming to Canada, such as Microsoft and Amazon, that may help local governments address their privacy concerns, and some telephone companies are branching out into cloud-type services.
Promoting Professional Management & Leadership Excellence in Local Government
10
Both Izzard and Perkins emphasize that cyber security is not solely the job of the security team but the responsibility of each and every employee. It is also a recurring topic in the boardroom for executives. “Security is not an IT problem, but rather a business enterprise risk,” says Izzard. “Leadership in this area must come from the top and be part of the culture, with engagement across the organization.” Given the importance of establishing cyber security as a responsibility for all employees and allocating budget to support this area, it’s essential to engage the decision-makers such as Council or Board members and senior management to gain their support for investing in cyber security measures. Some local governments, like the City of Surrey, have been successful in gaining increased support and budget for cyber security improvements. As a larger city, there was already an IT department, but now Surrey has added Izzard’s new position as the Cyber Security Manager to develop and implement strategies to protect the security of all digital information within the corporate environment and protect critical infrastructure. With this position in place, the City is making significant progress in improving its cyber security measures. Over the past year, it has implemented an Enhanced Cyber Risk Management program and a “Be Safe Online” internal security awareness campaign. It is implementing a Privileged Identity Management system to control access and use of privileged identities. The City has just completed its Connected Advanced Threat Defense, which is a system that provides protection against some of the most advanced cyber threats that come from email and through the web. The City also has an initiative underway called “Anytime, Anywhere, Any Device” to provide secure access to specific City of Surrey resources on any device, internal or external to the City, with full identity verification and single sign on. In addition to its preventative measures, the City is also hiring a third-party organization to review its incident response protocols. The exercise will include walking through what the incident response team would do if there was a security breach, and then helping the City improve its processes. Izzard is also leading a project to promote greater awareness about cyber security in the community. The City is partnering with the Surrey Board of Trade and other businesses to develop a Security Awareness Public Outreach Program, which will include the development of a Cyber Security Awareness website and education sessions delivered through public libraries. The City is also looking into opportunities to partner with the Province and Public Safety Canada to further support public outreach. “Our public awareness initiative is just in its infancy, but I believe strongly that teaching people to behave securely in their daily lives will lead to them behaving securely in the workplace,” says Izzard. Continued on page 12
Promoting Professional Management & Leadership Excellence in Local Government
11
GEORGE B.CUFF
& ASSOCIATES LTD
MANAGEMENT CONSULTANTS
A Familiar Name in the Municipal World George Cuff, FCMC is well known in the municipal world both in Canada and internationally. Contact him for: • • • •
advice regarding governance, Council-management relations his books and video series on good governance; copy of an article a proposal on a seminar or major study advice on a referral to another consultant
www.georgecuff.com george@georgecuff.com tel: 780-960-3637 fax: 780-962-5899
Canada’s Leading Municipal Governance Consultant
Save the date!
2017 BC MUNICIPAL OCCUPATIONAL HEALTH & SAFETY CONFERENCE October 15 - 17, 2017 Penticton, BC
ONSITE HEALTH & SAFETY TRAINING CERTIFICATE OF RECOGNITION(COR) PROGRAM REDUCED COST FOR ONLINE SDS MANAGEMENT DISABILITY GUIDELINES TO HELP WITH YOUR STAY AT WORK/RETURN TO WORK PROGRAM
CONTACT US Cathy Cook Executive Director P: 778-278-3486 F: 778-278-0029 E: ccook@bcmsa.ca
www.bcmsa.ca
Cyber Security: Is Your Data Safe? Continued from page 11
“From an investment perspective, if you can only spend money on one thing, you will get the most value from raising awareness.” While there is a lot of training available, such as through organizations like Global Knowledge and Microsoft, Izzard notes that there is equal value in working together to share experiences and tactics for addressing cyber threats. This is particularly true for local governments, where larger cities may have more resources in place and can share information with their colleagues around the province. However, even smaller organizations, such as those who have experienced a cyber attack, will have information to share that is beneficial for others.
“What I’d like to see is local governments coming together to share information,” says Izzard. “Some of us with processes and teams in place could help other local governments, and we could potentially work jointly on contracts for security systems to save money. If other local governments are interested in pursuing opportunities to discuss security and work together, I encourage them to contact me at David.Izzard@surrey.ca.” “Cyber security is a journey, and as long as we keep moving forward, I think we’re in good hands,” adds Izzard. ❖
Cyber Security Definitions Advanced persistent threats: Refers to sophisticated attacks designed to go undetected, gain access, and persist for a long period of time while ex-filtrating data. Bitcoin: Untraceable digital currency. Compliance level security controls: Security controls often found in IT audit requirements. Cyber terrorists: Attackers intent on causing maximum damage or other disruption to networks, systems, and other infrastructure. Distributed denial of service (DDoS): A DDoS attack occurs when multiple remote systems are used to flood a targeted system. The objective is to cause the system to fail and disrupt service. Hacktivists: Attackers that are intent on promoting a social or political cause (e.g. Anonymous). Hygiene-level security controls: Security controls that are absolutely necessary. Malware: Malicious programs used by attackers to infect and control computers. Phishing: A social engineering method commonly used by cyber criminals to capture personal and/or financial information from victims. Phishing emails use spoofed addresses and take users to fraudulent websites. Ransomware: A form of malicious code or malware that infects a computer or network and encrypts the data. This malware makes the data inaccessible to the users and the criminals responsible demand payment from the user in order to have their files unencrypted and returned. The payment is often requested in Bitcoin or other untraceable currency. Social engineering: Refers to techniques used to manipulate people into revealing sensitive or personal information. Social engineering is a non-technical kind of intrusion that relies on human interaction and can be done using the Internet, the telephone or in person.
Promoting Professional Management & Leadership Excellence in Local Government
12
tips & tactics Improving Your Cyber Security Top 10 Recommendations to Improve Cyber Security:
Canadian Cyber Incident Response Centre (CCIRC): www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/ccirc-ccric-en.aspx
1. Use strong passwords and don’t share them. National CIO Sub-Committee on Information Protection 2. Don’t click on suspicious links and attachments. (NCISP): www.iccs-isac.org/councils/pscioc/ncsip 3. Provide the access staff need to do their job – no more, • The NCSIP represents all federal, provincial and territorial no less. governments and the Municipal Information Systems 4. Identify critical systems and data and protect them Association (MISA). This forum enables participating appropriately. governments to exchange information, policies, security 5. Encrypt sensitive data in transit and at rest. awareness program practices and architecture initiatives related 6. Patch your systems regularly to ensure operating systems to information protection. and applications are up to date. • The objectives of the NCSIP are: 7. Use technical controls on servers, desktops, mobile devices, ∙ To exchange information, share best practices and and wireless – e.g. anti-virus, anti-malware, firewall, inactivity recommend national and provincial goals, programs and timeout, logging. priorities on Information Protection. 8. Use a layered defense on your network – e.g. firewall, ∙ To jointly create, develop and support operational intrusion prevention, and web and email content filtering. procedures and automated tools to ensure that all 9. Test the effectiveness of your defenses – e.g. vulnerability jurisdictions in Canada maintain the highest standards of scans, penetration tests, phishing campaigns. information infrastructure protection. 10. Educate your employees regarding risks and good security hygiene – e.g. security awareness program, annual security IT Associations: course. • (ISC)2: This international non-profit membership association focuses on inspiring a safe and secure cyber world. www.isc2.org Cyber Security Resources: • ISACA: This independent non-profit global association has an active Vancouver chapter and engages in the development, B.C. Government information security website with resources adoption and use of globally accepted, industry-leading to support awareness, policy, information incidents and access knowledge and practices for information systems. www.isaca.org to Security News Digest: http://gov.bc.ca/informationsecurity Government of Canada’s cyber security websites: • www.getcybersafe.gc.ca/index-eng.aspx • www.canada.ca/en/services/defence/cybersecurity.html • www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/index-en.aspx
Promoting Professional Management & Leadership Excellence in Local Government
13
Many thanks to Gary Perkins, Executive Director and Chief Information Security Officer for the Province of British Columbia and David Izzard, Cyber Security Manager, City of Surrey for providing these Tips and Tactics.
ADVENTURES IN PRIVACY Saanich Shares Lessons Learned The District of Saanich has been busy over the last year, specifically on the privacy front. What started as a privacy review turned into a journey with valuable lessons that reach far beyond what the District could have ever imagined. In March 2015, B.C.’s Information and Privacy Commissioner Elizabeth Denham gave Saanich five recommendations to improve its management of personal information. Saanich accepted these recommendations and has not only strengthened existing processes and policies, but has also invested in enhanced programs, staffing and training resources. In an interview on their process, the District of Saanich’s Director of Corporate Services Laura Ciarniello and Director of Legislative Services Carrie MacPhee share their insights on the key considerations and tips that Saanich learned as they improved their already advanced privacy management program.
How did the privacy program improvements come about? We’ve always had an access and privacy program that included many standard privacy protection components, such as a personal information bank, collection statements and staff training resources.
“Saanich’s view on privacy is simple: building an effective privacy program requires corporate awareness and a team approach.” However, we knew we needed to spend the time and money to make privacy a top priority, as well as continue our work on making our process a more holistic approach throughout the organization.
How did you begin the conversation? Saanch’s view on privacy is simple: building an effective privacy program requires corporate awareness and a team approach. But, as we know, Rome wasn’t built in a day. The process was challenging at first and the road wasn’t an easy one to travel. We knew that staff already felt that privacy was important, but we needed to show the benefits at all levels in the organization. There were times when this was easy and also times when this took some creativity to achieve. This journey will take time and privacy will continue to be part of our day-to-day work for years to come.
How did you start? We identified that we already had some fantastic internal expertise, but that we also needed help from an outside consultant. That’s why we retained David Loukidelis to help us identify the gaps. It was important to know where we were so that we could determine how to improve. One of the first things we worked on was getting buy-in from directors and managers, and determining what a culture of privacy and security meant for us. The management team raised many challenging questions that we knew we needed to address down the line. We knew our work needed to involve the entire organization, but we asked David to work with key partners in IT and Legislative Services to get the ball rolling. Many fruitful discussions resulted in David’s recommendation for a comprehensive privacy management program.
What was your approach? A big part of our approach was getting staff buy-in and increasing awareness. From conversations to presentations to informal chats, we started to shift the culture of privacy in Saanich and encourage our staff to become privacy champions.
Promoting Professional Management & Leadership Excellence in Local Government
14
As we started to move down this path, we kept our goals at the forefront. Building an interdisciplinary team that involves all departments collaborating on privacy and security management was the light at the end of the tunnel. This approach requires constant review and the need to integrate privacy protection into all initiatives. Let’s not forget the importance of actively attending and supporting training programs, as well as updating policies and procedures. To determine how you need to improve, you must first determine where you are. We took a strategic look at all of the puzzle pieces and started to build our plan. The plan included some key themes: • Review and take inventory of all forms and methods of collecting personal information. • Create personal information inventory and update personal information banks. • Evaluate policies, agreements and contracts. • Create privacy management policies. • Redraft IT policies. • Add a privacy officer to our HR roster who is tasked with managing the privacy program. • Allocate appropriate staffing. • Train staff.
What role did the Office of the Information and Privacy Commissioner (OIPC) play? Regular contact with the OIPC was helpful as we worked to improve our program and understand their expectations. We also asked the OIPC to assist us with our major milestones as we addressed the Commissioner’s recommendations. In fact, our connection with the OIPC didn’t stop there. We continue to encourage staff to use the OIPC resources as they implement privacy initiatives within the overall program. We also plan to meet with the OIPC on a regular basis to ensure we’re still on track. Ongoing collaboration will help us understand best practices to ensure personal information is protected.
How did staff receive this? Privacy and its importance is something that we all inherently understand, but building a culture of privacy is no small project. With David’s help, we learned that we had a good baseline and that many processes already existed, but they just needed to be formalized and absorbed as part of corporate culture. Continued on page 16
CONDITIONS CHANGE. SO SHOULD THEIR SPEED. The safety of your employees is your responsibility. Help reduce the risks your workers face in hazardous road conditions by using the tool kit on ShiftIntoWinter.ca.
Be part of the solution. ShiftIntoWinter.ca #ShiftIntoWinter DriveBC.ca
Promoting Professional Management & Leadership Excellence in Local Government
15
Adventures in Privacy: Saanich Shares Lessons Learned Continued from page 15
As we progressed, staff started to question how privacy fits into their day-to-day work, so we knew we were on the right track and that they were looking at the world through a new lens. Even the relatively simple tasks of procuring software, contract services or equipment have a privacy impact. Software or applications that seem simple can have a significant privacy impact, and it’s important to do your homework early on. Did you know that privacy impacts are present even when buying a new fire truck, exploring new IT software or upgrading HVAC systems?
What advice do you have for other municipalities? Privacy isn’t just one piece of the puzzle. There are three key areas to focus on when examining your privacy program: Rethink: Examine how and why personal information is collected, how it is used, who has access to it and the necessity for collecting personal information. We have found that ramping up the use of the privacy impact assessment tool has helped staff assess their programs from a privacy perspective, particularly for initiatives that involve new technology. Re-position: Hire an outside consultant, if necessary. This can help you to identify gaps and areas for improvement.
Re-train: Take advantage of the resource tools the LGMA and OIPC have in place, specifically the Freedom of Information and Protection of Privacy Act Toolkit for Local Government and Accountable Privacy Management in B.C.’s Public Sector. It’s important that organizations take the time to self-learn, follow the prescribed methodology and be proactive in how privacy laws apply to every day practices.
Do you have any privacy ‘gold nuggets’ to share? • Start off by having meaningful conversations at senior management team and dedicate enough time and resources. • Contact the OIPC and develop a relationship. • Don’t reinvent the wheel – Saanich has developed some great resources that we would be happy to share. • Identify and foster champions in departments. • Talk to Council and ensure there is an awareness at that level. David has imparted wise words that Saanich lives by: “Effective privacy management requires an ongoing, or evergreen, effort.” Every day is a privacy adventure, and it’s important that local governments be flexible and creative in their approach. ❖
Promoting Professional Management & Leadership Excellence in Local Government
16
At left, Curtis Helgesen with his hosts in Manaure, Colombia. Above, Peruvian women in traditional dress participate in a public workshop.
Sharing Experiences in
Peru & Colombia By Curtis Helgesen, Dianne Hunter and Nancy Taylor Imagine being asked to volunteer to work somewhere so remote, so out of the ordinary from your everyday world, and in a place you’ve only known through National Geographic? That was the experience for three LGMA members who were invited to join a Federation of Canadian Municipalities (FCM) mission to Colombia and Peru in support of a program to strengthen the capacity of local governments to build more sustainable, resilient and inclusive communities in areas influenced by mining activities. Curtis Helgesen, Elkford’s Chief Administrative Officer, travelled to Colombia to support four communities. Dianne Hunter, Fort St. John’s Chief Administrative Officer travelled to Peru to support local governments in Cusco. And LGMA’s Executive Director Nancy Taylor travelled to Peru to assist with a local government association that represents small, rural local governments. The following are highlights from their experiences.
COLOMBIA: EXPLORING ECONOMIC DEVELOPMENT OPPORTUNITIES – CURTIS HELGESEN Curtis Helgesen was paired with Marie-France Brisson, Chief Administrative Officer, Conception, Quebec, and their mission focussed primarily on identifying regional and economic development opportunities and requirements to improve the supply, distribution, treatment and management of drinking water. Shortly into their journey, they began to appreciate the challenges of the region as they travelled to their first stop in the town of Manaure, which is two hours from the nearest major centre of Riohacha in the La Guajira district.
Promoting Professional Management & Leadership Excellence in Local Government
17
“Along the way, we began to come to terms with the numerous visual stimulations we would experience over the next several days of our mission in La Guajira,” said Helgesen. “Mental processing of the visual contradictions we were exposed to later helped shape our understanding of the opportunities and challenges of the region: from natural beauty, bumpy roads, roaming goats, and the apparent lack of water and precipitation to informal gas stations, poverty (human and animal misery) and an abundance of refuse littering the landscape.” On arriving in Manaure, the power was out, which became a common theme throughout the region. Manaure is an isolated municipality that has lived for decades on the proceeds from salt mining, despite the fact that the salt industry has suffered from slim profit margins and export challenges. A new transportation corridor is needed to help export larger quantities in an effort to revive the industry. Continued on page 18
Practical advice, creative options and value for local government Planning, Development & Environmental Law
Carvello Law Corporation
Lui Carvello, MCIP Lawyer & Planner 203-1005 Broad Street Victoria, BC V8W 2A1 250-686-9918 lui@carvellolaw.ca
www.carvellolaw.ca
Sharing Experiences in Peru and Colombia Continued from page 17
The new road would also increase the potential for eco- and ethno-tourism and significantly increase employment and income opportunities in the community. Unfortunately, there remain major challenges due to the lack of a stable supply of potable water and no solid waste management. The second area the team visited was the coal mining corridor between the communities of Fonseca and Hatonuevo. The major issue for both communities is water quantity, but the team also identified a clear need to focus on long-term water quality as well. “As we worked with the authorities of Fonseca and Hatonueva, we quickly realized and identified a serious concern that they could be headed in the wrong direction, trying to solve their water issue by only looking at a short-term solution to solve water quantity,” said Helgesen. The well and water system is operated by a private contractor through a 15-year contract that began in 2002, but the system is not working properly, water quality testing appears to be unknown, and citizens have not been able to rely on water, with only 1.6 hours of access per week. They don’t know or aren’t advised when the water will be available.
Both communities also need support in land and urban planning, along with financial and project management, including the methodology and business case analysis needed to build and plan projects. The fourth community the team visited was Albania, where the Cerrejon coal mine is located. The mine significantly impacts development of the whole region, accounting for some 13,000 local jobs, though they have implemented effective rehabilitation techniques. “Cerrejon has demonstrated the successful rehabilitation of the natural environment once an area is not being exploited anymore,” said Helgesen. “We visited one of those areas and we were surprised by the results. The area had been rehabilitated only eight years ago and it looked like an area that would have been rehabilitated over 25 years ago! To facilitate the process, before an area gets developed (stripped) for coal mining operations, they keep and protect the topsoil to reuse it when needed for rehabilitation. Their method allows them to keep this natural material for up to 30-35 years.”
Promoting Professional Management & Leadership Excellence in Local Government
18
A mining convoy travels through Cusco province.
PERU: STRATEGIC PLANNING AND DEVELOPMENT – DIANNE HUNTER Dianne Hunter’s assignment in Peru was to assist the local governments in Cusco on how to develop a long-term strategic development plan for their communities taking into consideration the mining operations in the region. Dianne worked with Jess Precourt, Chief Administrative Officer, Teulon, Manitoba in Santo Tomas communities that are predominately Quechua, which is a culture pre-dating the Incas. “I travelled to Santo Tomas by road, which is about a six-hour trip,” said Hunter. “It was a great introduction to the region and the lifestyle of the people, which is very pedestrian. The region is classified as having extreme poverty, which means families live on less than $1 per day. The ‘canons’ or royalty from the mines are provided to the community; however, the communities have little to no capacity to manage their new-found wealth. As the Mayors are only elected for one term of four years, it is difficult for them to engage in long-term planning.” Hunter and Precourt participated in a two-day workshop with community leaders and members of the public from the region, and gave a presentation on Fort St. John to highlight its context and economy, how its strategic plans were developed, how the public was involved, and how the municipality used its Strategic Plan, Official Community Plan and community engagement initiatives to build a foundation for negotiations with a large hydro development. The Northern Development Trust Initiative was also profiled, showing how Fort St. John has benefited, and in particular how the Supply Chain Connector works. The presentation emphasized the benefits of collaboration between communities and how the Trust is structured to ensure the funds it receives continue to grow in order for the communities to prosper. They also worked with a technical committee to provide advice on how to structure the process for a long-term development plan, which had just begun, and provided advice on how to designate protected areas or policies, especially around agriculture.
LOCAL GOVERNMENT PROGRAMS Join the hundreds of local government employees from across BC who have taken Capilano University’s public administration courses to improve their knowledge and skills and advance their career by completing one of the following:
Ω Local Government Administration Certificate Ω Local Government Leadership Development Certificate Ω Local Government Administration Advanced Certificate and Diploma
Spring 2017 Courses
Register today!
Starting in January: Ω PADM 201 Local Government Services in BC – North Vancouver
Ω PADM 202 Local Government Finance in BC – Kelowna and Cowichan Bay (offered in two locations) Ω PADM 203 Municipal Law in BC – North Vancouver Ω PADM 209 Fundamentals of Corporate Administration – North Vancouver * New * Ω PADM 306 Project Management Skills – Parksville Location Ω 2017 MATI Spring Courses – Advanced Communication Skills (April); Managing People (May); Leadership (June)
Continued on page 20 Promoting Professional Management & Leadership Excellence in Local Government
19
For specific dates, see www.capilanou.ca/local-govt To register for these and future courses, contact Alison McNeil at amcneil@capilanou.ca
Sharing Experiences in Peru and Colombia Continued from page 19
“Personally, I found my experience in Santo Tomas to have a profound impact on me. The sky, the clear air, the beautiful landscape, the provincial lifestyle, all made for a wonderful experience.” “Development plans are the foundation for communities to plan for their future and to prioritize their needs to support sustainable communities,” said Hunter. “There appears to be a lack of planning around infrastructure, and there doesn’t appear to be a growth plan. Growth appears to be happening in a random manner. This is already creating issues for the installation of future infrastructure.” Just like in Canada, mining operations respond to global markets, and the revenues these communities have come to rely on are very vulnerable to declining commodity prices. The team therefore also looked at how the communities that rely on royalties from the mines could develop strategies to diversify economic opportunities. “The region lacks infrastructure to support any but the most ‘off the beaten track’ tourist; however, that may be a place to start,” said Hunter.
“Trekking, off-road mountain bike trips and high-altitude training may all be early opportunities without a huge investment in tourist infrastructure which may assist with early development of this sector.” Their mission also generated recommendations to assess the current quality of the agro-products, particularly the production of cattle and sheep, with the goal to produce better products and expand access to markets, with an initial focus on the City of Cusco. Cusco is an ideal market as it is the gateway to the Sacred Valley and Machu Picchu, with hundreds of restaurants and hotels that serve the tourist industry looking for fresh, local organic produce. Cooperatives for agricultural products is another potential opportunity to help expand both the quality and quantity of products available and get them to ready tourist markets.
WE VALUE OUR CUSTOMERS BC Assessment’s Local Government & First Nations Customer Department has launched Community Corner, a web forum committed to enhancing the way we share information with our customers. In our ongoing commitment to continuous improvement, we want to hear from you – so share your feedback with our team. Visit the Community Corner Forum to join the conversation.
Contact BC Assessment Local Government & First Nations Department: Local Government 1-866-valueBC or 1-866-825-8322 x 00498 localgovernment@bcassessment.ca First Nations 1-866-valueBC or 1-866-825-8322 x 09455 firstnations@bcassessment.ca bcassessment.ca https://forum.bcassessment.ca/
Promoting Professional Management & Leadership Excellence in Local Government
20
REMURPE is committed to building the local government profession in Peru with a strong ethical focus and direct accountability to communities for the funds spent in providing services. Indeed, their members must commit to ethical practices, and mayors found to be in breach of those practices can no longer remain part of REMURPE. Corruption in Colombia and Peru is a significant problem, and cynicism about politicians in Peru is high, especially local ones. “A local government election was under way during our visit, and taxi drivers and ordinary citizens we encountered were skeptical any of the candidates could tackle the significant problems facing Lima,” said Taylor. “Indeed, several of the outgoing mayors around the country are being investigated for embezzlement, and corruption was one of the key themes of our discussions with the team from REMURPE.”
A technical meeting group in Peru.
“Personally, I found my experience in Santo Tomas to have a profound impact on me,” said Hunter. “The sky, the clear air, the beautiful landscape, the provincial lifestyle, all made for a wonderful experience. The experience of the drive to Santo Tomas, changing landscapes and lifestyles as well as the vistas are some of the best in the world.”
PERU: EXPANDING REVENUE AND BUSINESS OPPORTUNITIES – NANCY TAYLOR Nancy Taylor joined Andy Koopmans from the Association of Municipal Clerks and Treasurers of Ontario to work with REMURPE, one of the two main local government associations in Peru. Their mission focused on assisting REMURPE to develop revenue streams and new business opportunities that could contribute to their long-term sustainability as an association in support of local government professional development. REMURPE is a non-profit association representing primarily rural local governments, particularly those with mining activities, and it has a history of activism in support of democratic reforms and decentralization. REMURPE emerged from a dark period in Peru’s recent history, when the repressive military regime of Alberto Fujimori accessed national institutions to support vast illegal activities in the late 1990s. Decentralization in Peru devolved funding and responsibilities to local governments without regard to the shortage of qualified managers, limited transparent procurement practices, and the lack of auditing and controls over their spending. REMURPE was created to promote management practices and support management competencies in local governments in the context of decentralization of local government powers from the central government to local governments.
In both Colombia and Peru, mayors can only serve a single fouryear term. Limiting them to one four-year term was meant to check corruption, but in fact it has only increased the perception that the number of elected officials who benefit from large capital project funding is growing. There have also been other consequences of this fouryear mandate, with most of the staff of every local government completely turning over every four years. This has limited both the stability of local government policies and programs, as well as the ability to increase the professionalism of local government staff and services.
“It was a rewarding experience, and one that reminded us of how lucky we are to live and work in a local government system that, however flawed, is committed to ethical public service practices.”
Much of REMURPE’s success over the 15 years of its history can be traced to the credibility they have gained for their anti-corruption mandate and the political advocacy and professional development training they have conducted with local governments across Peru. “We found the REMURPE team to be highly skilled, visionary and creative. They recognized that to achieve financial sustainability, they need to focus more broadly on value-added services,” said Taylor. “They have an ambitious growth agenda, and while we weren’t able to definitely identify viable revenue streams that could sustain scrutiny and ensure revenue streams that could be transparently reported on in the short time we had with REMURPE in Lima, we were able to leave them with some tools and processes to test their ideas. It was a very rewarding experience, and one that reminded us of how lucky we are to live and work in a local government system that, however flawed, is committed to ethical public service practices.” ❖
Promoting Professional Management & Leadership Excellence in Local Government
21
MEMBERS PAGE
Board of Examiners Spotlight Keeva Kehler, MPA Director of Administrative Services and Corporate Officer, City of Parksville ➤ Board of Examiners Certificates in Local Government Services Delivery and Local Government Administration Shortly after receiving her Board of Examiners (BoE) Certificate in Local Government Administration, Keeva took a few minutes to share her thoughts about the program. What led you to the BoE? I came across the BoE when working for the provincial government. I wanted to return to local government, and BoE recognized my previous work experience with a regional district. I could also transfer credits from my MPA (UVIC) – which was a great help. Has the BoE made a difference, professionally or personally? Both! Combining academic credentials with practical knowledge certainly helped me transition from planning to a corporate officer role. I also continue to use the course materials as references in my day-to-day work and vice versa. And I got to do homework alongside my two young children, showing them that education is a fulfilling and life-long endeavour! Were you surprised by anything in the BoE certification program? The relevancy of the courses in both technical and applied knowledge was more than I imagined. The networking and sharing expertise was also invaluable. We discussed common challenges ranging from transit to homelessness, community gardens and more, sharing perspectives from around B.C., Canada, and even internationally from Abu Dhabi!
What was the most challenging aspect of the program or process? I was surprised about the BoE’s low profile. This program is unique as it’s an accredited process that recognizes both practical experience and education – valuable for both local government employees and employers. What would you say to someone considering the BoE and its value? It’s undeniably valuable, combining academic success and work experience. This is an important consideration given the increasing emphasis on education and professional development these days and challenges of financing education. The BoE is also important in recognizing our work and expertise as local government employees.
SPECIAL RECOGNITION Board of Examiners Three local government employees, recognized for their education and work experience in the local government field, are being awarded a Certificate by the Board of Examiners: Certificate in Local Government Service Delivery: • Melany de Weerdt, Acting Chief Administrative Officer, Regional District of Bulkley-Nechako • Lynn Merry, Senior Committee Clerk, District of Saanich
North Central Local Government Management Association (NCLGMA) – Life Membership Recognition • Walter Babicz – served from 2009 to 2016 - Director, President, Past President • Janet Prestley – served from 2005 to 2016 - Director, Vice President, President, Past President, Alternate LGMA Chapter Representative • Sheryl Worthing – served from 2004 to 2016 - Director, Secretary/ Treasurer, Treasurer, LGMA Chapter Representative, Alternate LGMA Chapter Representative
Certificate in Local Government Administration: • Caoimhe (Keeva) Kehler, Corporate Officer / Director of Administrative Services, City of Parksville Promoting Professional Management & Leadership Excellence in Local Government
22
MEMBERS PAGE MEMBER MOVEMENT Tim Savoie, Chief Administrative Officer, City of Port Moody (formerly Vice President, TransLink) Jim Hendricks, Chief Financial Officer, City of Kimberley (formerly Chief Administrative Officer, City of Fernie) Dawn Attorp, Corporate Officer, City of Kimberley (formerly General Manager of Corporate Administration, Regional District Central Kootenay) Mark Brodrick, Planning & Development Services Manager, City of Merritt (formerly Director of Planning & Community Services, District of North Saanich)
Kathleen Day, Chief Financial Officer, City of Powell River (formerly Consultant) Heidi Frank, Chief Administrative Officer, Village of Canal Flats (formerly Chief Administrative Officer, Town of Oliver) Debra Carter, Director of Finance, District of Oak Bay (formerly Executive Director of Corporate Finance and Senior Financial Officer, Province of Alberta)
RETIREMENTS Lindy Kaercher, Deputy Clerk, City of Langford Kevin Ramsay, City Manager, City of Port Moody
Keir Gervais, Chief Administrative Officer, Village of Cache Creek, (formerly Chief Administrative Officer, Village of Lytton)
2016 LGMA 2016 RELATED PROGRAMS & EVENTS ORGANIZATIONS PROGRAMS & EVENTS September 29 CAO Breakfast Hotel Grand Pacific, Victoria, B.C. October 2-7 MATI - Community Planning in Local Government Organizations The Cove Lakeside Resort, West Kelowna B.C. October 16-21 MATI School for Statutory Approving Officers South Thompson Inn, Kamloops B.C.
September 25-28, 2016 International City/County Management Association (ICMA) Annual Conference Kansas City, Missouri September 26-30, 2016 Union of BC Municipalities (UBCM) Annual Convention Victoria, B.C.
October 26 LGMA Workshop on Electronic Documents and Records Management Tigh-Na-Mara, Parksville, B.C. October 26-28 Clerks and Corporate Officers Forum Tigh-Na-Mara, Parksville, B.C.
LGMA: More for Our Members Are you taking advantage of all your LGMA membership has to offer? Learn more at www.lgma.ca or 250-383-7032
Promoting Professional Management & Leadership Excellence in Local Government
23
MEMBERS PAGE OUR TOWN: VILLAGE OF CUMBERLAND
Affectionately called Dodge by the new breed of locals, Cumberland is Vancouver Island’s best kept secret. But word is getting out. It’s no longer scorned by outsiders, the insular place where visitors aren’t welcome. Cumberland is now the place where everybody wants to be – the place for cool kids. Progressive in some ways, unsophisticated in others, it’s the place where everyone is running away to (and bringing their kids, dogs and bikes). The village is the epitome of smart growth. The first home I lived in was one block from the pizza place, one block to the brewery, two blocks to work, and four blocks to the school. It felt like freedom – no more driving to work and putting my kids on the school bus. It’s like the way that I grew up near downtown Victoria, before it got too big, too busy. How did Cumberland become the place where everyone wants to be? People say it started with the construction of the inland Island Highway in the late 1990s so it was no longer a town at the end of the road. The construction of the 80 km of mountain biking trails on the village’s doorstep, which was started over 20 years ago by a small group of bikers, probably had something to do with it. Anyone can ride the trails – including me – making Cumberland the “epicentre of mountain biking on Vancouver Island” (credit to www.ridespots.com).
Visit Us Online! Drop by www.lgma.ca for: • • • • • • •
info about our organization, our board, chapters and more membership information publications, including Annual Reports and Exchange program and event listings current career postings and job posting info a wide variety of tools and resources and more!
PEER GARDEN MEDIA PHOTO
When I came to Cumberland for my job interview just four years ago, my first impression was that it was a town that time forgot. I saw small coal miners’ houses and an old village centre on a tight grid of streets. It was a bit rundown, not affluent – but not rough. As I drove down main street to the village office, a kid zipped by on a two-stroke dirt bike, then the guy in the pickup in front of me stopped mid-block to talk with another guy in a pickup passing the other way, and everyone just waited until they were done – a Cumberland traffic jam. It was then I knew that this was where I wanted to be.
Locals in Cumberland on Vancouver Island debated whether the entrance sign, pictured above, should say the village is “historic” or “legendary.” According to Deputy Corporate Officer Rachel Parker, it’s both.
My ears first pricked up at the name “Cumberland” when the band Elastica was on the lineup of the Big Time Out music festival, which was held here from 2005 to 2012. Although the Big Time Out has moved on, the Atmosphere Gathering has taken its place, and the music scene in Cumberland remains world class. Bigger influences likely played a part, as I suspect the boom of the provincial economy finally found its way to the village that time forgot. I’m sure it was all of these things, combined with our great location. The village centre is minutes to both Comox Lake and the ski runs at Mt. Washington, and we’re a quick 10-minute ride from the ocean. One problem about a community that was left behind is that for decades there has been little investment to maintain its assets. Like many other small towns trying to balance growth with 100-year-old pipes, Cumberland continues to struggle to get its infrastructure sorted out, including how to fix its potholed roads and find affordable sewer and water treatment for a town of 3,900 that’s not sure if it really wants to grow. Despite these million-dollar problems, the news that really gets the locals buzzing is whether you should be able to have chickens or not (stay tuned), if riding on the trails owned by logging companies is legit (which it now is), and of course there’s the recent great debate about whether the new entrance sign should say that Cumberland is historic or legendary. No matter what the sign says, I can tell you it’s both. – Rachel Parker, Deputy Corporate Officer, Village of Cumberland
Promoting Professional Management & Leadership Excellence in Local Government
24