As artificial intelligence becomes increasingly embedded across organizations, questions surrounding oversight, privacy, public trust, and the responsible use of data are becoming more consequential. These issues are particularly salient in government, healthcare, and financial services — sectors where data privacy and sovereignty have moved from peripheral concerns to strategic imperatives.
These tensions formed the foundation of discussions at "AI Governance: New Tradeoffs for Sovereignty, Trust, and Sustainability," a workshop hosted by the Lawrence National Centre for Policy and Management in partnership with Ivey's Scotiabank Digital Banking Lab and the Ivey Chair in Telecommunication Economics, Policy, and Regulation.
Several themes emerged throughout the discussions:
-
While organizations are increasingly experimenting with AI through sandboxes and pilot programs, moving from experimentation to implementation demands robust internal governance frameworks.
-
AI governance must extend beyond data privacy and sovereignty to actively ensure that the benefits from the applications being developed do not exclude marginalized communities.
-
In the absence of regulatory frameworks that adequately balance innovation with privacy protection, organizations often over-invest in internal governance infrastructure.
-
Sovereign data centres may help address some of these concerns, but only when paired with policy frameworks that support responsible adoption and minimize social harm.
-
AI literacy emerged as a recurring priority throughout the workshop, with speakers emphasizing the importance of user awareness, digital literacy, and accountability as AI adoption expands across institutions.
Building Governance into AI Systems
Opening the workshop, Ima Okonny, Assistant Deputy Minister and Chief Data Officer at Employment and Social Development Canada (ESDC), offered a grounded perspective on the operational realities of AI governance within large-scale public service systems. Okonny described how ESDC deployed custom machine learning and natural language processing tools during the pandemic to help manage an unprecedented surge in Employment Insurance applications. She emphasized that responsible AI deployment in the public sector demands sustained coordination across legal, cybersecurity, privacy, policy, and program teams, as well as ongoing review processes designed to ensure that automated systems do not inadvertently disadvantage vulnerable or underrepresented populations.
The workshop also featured a panel bringing together Jennifer Curtiss, Chief Data Officer at Scotiabank, and Michael Page, Senior Director of Data Science and Advanced Analytics at Unity Health Toronto, moderated by Romel Mostafa, Professor and Director of the Scotiabank Digital Banking Lab.
Curtiss described AI governance in financial services as a system of controls and oversight mechanisms designed to ensure AI tools operate within established risk thresholds. At Scotiabank, this encompasses governance reviews tied to privacy, security, transparency, and responsible AI practices, alongside growing efforts to automate parts of the review process as AI adoption scales across the organization.
In healthcare, Page described how Unity Health Toronto developed its AI governance processes largely from the ground up, in the absence of broader sector-specific regulatory standards. AI applications are evaluated through legal, privacy, ethics, and IT security lenses alongside technical assessment — with governance conversations focused not only on model performance, but on whether systems are safe, operationally reliable, and appropriate for clinical environments serving diverse patient populations.
AI Literacy, Public Trust, and Digital Infrastructure
Discussions throughout the workshop focused on the relationship between AI literacy, organizational adoption, and public trust. Speakers noted that governance challenges increasingly stem from how employees, frontline staff, and end users understand — or misunderstand — the tools being introduced into their workflows. Reflecting on an internal example in which inaccurate AI-generated outputs were traced to underlying data quality issues, Curtiss emphasized the importance of meaningful human oversight and ensuring that employees understand both the appropriate uses and the limitations of the systems they work with.
Okonny emphasized that AI governance in the public sector cannot be separated from broader questions of representation, accessibility, and equitable service delivery. Drawing on ESDC's national mandate, she noted that systems deployed across Canada must account for significant demographic, regional, and infrastructural variation, including persistent broadband access gaps and uneven digital literacy across communities.
Page highlighted the added complexity of governance in healthcare environments serving patients facing housing insecurity, mental health challenges, addiction, and other structural barriers to care. In these settings, governance extends well beyond technical deployment into questions of trust, accessibility, and the practical realities of integrating AI into already strained clinical workflows.
Data sovereignty and infrastructure also emerged as recurring themes throughout the workshop, particularly as organizations grow increasingly reliant on cloud platforms, external AI providers, and interconnected digital systems. Page described Unity Health Toronto's decision to maintain much of its infrastructure on-premise, citing concerns about sensitive patient data and the risks associated with foreign-owned platforms, noting that this approach reflects a broader norm across the healthcare sector rather than an isolated choice.
Audience discussion also returned frequently to the operational challenges organizations face as they integrate growing numbers of AI systems, governance reviews, and third-party tools into already complex institutional environments. Several speakers emphasized that governance processes will likely need to evolve alongside rapidly changing technologies rather than function as fixed regulatory frameworks.
This event formed part of the Centre’s broader telecommunications and digital policy workshop series, which brings together international scholars, policymakers, and industry leaders to examine emerging issues shaping digital infrastructure, telecommunications policy, technology governance, and innovation.