We are very happy to announce that Privacy Law specialist, Kristen Pennington will speak at PrivSec Global, this month.

Kristen Pennington

Kristen Pennington is Partner in Privacy & Data Protection at McMillan LLP.

Streaming live November 29 and 30, PrivSec Global unites experts from both Privacy and Security, providing a forum where professionals across both fields can listen, learn and debate the central role that Privacy, Security and GRC play in business today.

Kristen Pennington is Partner in Privacy & Data Protection at McMillan LLP, where she maintains a dynamic practice in privacy, data protection and employment law. In her role, Kristen assists emerging and established companies across a range of industries, and provides insights into Canada’s distinct laws to support businesses entering or investing in the Canadian market.

Kristen appears exclusively at PrivSec Global to discuss AI and how workplace policies can adapt to meet the emerging technology’s compliance and responsibility demands.

Below, Kirsten answers questions on the topic and sheds light on her professional pathway so far.

  • Workplace AI policies: Does your company need them? - Day 1, Wednesday 29th November, 13:30 - 14:15pm GMT


PrivSec Global

Could you outline your career pathway to date?

I am a lawyer and partner in the Privacy and Data Protection Group at McMillan LLP, a full-service Canadian law firm that assists businesses of all sizes and types. I am fortunate to be a member of McMillan’s Technology Team, where I have the opportunity to collaborate with colleagues working in the intellectual property, data management, technology contracting and technology transaction spaces.  

My legal practice has changed significantly over my five years at the firm, in particular as we help clients tackle changing regulatory and risk landscapes related to emerging technologies like AI.

What are the big compliance challenges facing organisations who want to embrace AI technology?

Organisations that want to embrace AI technology are struggling with the lack of specific laws or regulations tailored to AI. Trying to shoe-horn AI into existing privacy and data protection legislation can be really difficult, and regulators and legislators are having trouble keeping up with the rapid pace at which this technology is being developed and made available to the public.

Organisations want to jump in and be able to leverage efficiencies and opportunities created by AI technology, but may be reluctant to do so absent more concrete legal and regulatory guidance. Multinational organisations are in for a particular challenge as they navigate requirements across various jurisdictions.

What strategies should companies be implementing in order to mitigate risk and work towards responsible use of AI?

From a privacy perspective, two key points to keep in mind regarding the use of AI technologies are 1) what goes in, and 2) what comes out.

In terms of what goes in, how are you ensuring that your employees are not feeding confidential or proprietary business or customer information, or personal information, into AI technologies without providing required notices or obtaining required consents? 

In terms of what comes out, how are you monitoring how and when your employees can rely on AI-generated content or tools at work? How are you mitigating the risks that AI outputs may be incomplete, inaccurate, biased or discriminatory? When do AI outputs require human oversight, like fact-checking and editing, in your workplace? When and how do your employees need to be transparent about, or document how they use, AI tools in their work?

A lot of this will come down to implementing proper policies and procedures, training and oversight of employees who use AI tools in the workplace.

Organisations will also need to be flexible and nimble to adapt not only to new technological developments, but also new laws and regulatory guidance that apply to AI technologies.  Policies, procedures and training will need to adapt over time to take into account these developments.

Don’t miss Kristen Pennington talking through these issues in depth in the PrivSec Global panel: Workplace AI policies: Does your company need them?

There is no doubt that AI is the new revolution; it is developing rapidly, both technologically and legally, and many organisations are facing the big question: How do you remain compliant, while gaining the commercial benefit of using AI? 

This interactive session will provide a practical roadmap to avoid AI chaos, guiding on how to overcome challenges and pitfalls, and build a responsible AI strategy in the workplace.

Get to the heart of the conversation, only at PrivSec Global.

Also on the panel:


  • Session: Workplace AI policies: Does your company need them?
  • Time: 13:30 – 14:15pm GMT
  • Date: Day 1, Wednesday 29 November 2023

The session sits within a packed two-day agenda of insight and guidance at PrivSec Global, livestreaming through Wednesday 29 and Thursday 30 November, 2023.

Click here to book your place at PrivSec Global today

Discover more at PrivSec Global

As regulation gets stricter – and data and tech become more crucial – it’s increasingly clear that the skills required in each of these areas are not only connected, but inseparable.

Exclusively at PrivSec Global on 29 & 30 November 2023, industry leaders, academics and subject-matter experts unite to explore these skills and the central role they play within privacy, security and GRC.

Click here to register

PrivSec Global