Data Protection


Tuesday 8th December 2009, QEII Conference Centre, London, 08:30 - 16:00

Data Protection in the Public Sector: The Way Forward

“"I urge leaders across government, the public, private and third sectors to take a positive attitude to data protection. Protecting people's personal details should not be left to chance. I urge all CEOs and their executive teams to take personal responsibility for treating data protection as a corporate governance issue affecting the whole organisation."

Richard Thomas, Information Commissioner, January 2009

Overview

Following the significant loss of personal data from several central government departments during 2007 and 2008, the Prime Minister called for a review of data-handling in the public sector. In June 2008, the Data Handling Procedures in Government: Final Report was published.

The Cabinet Secretary’s review put in place a new set of minimum mandatory standards that all government departments must comply with when handling personal information.

They include the following:

  • Introducing new rules on the use of protective measures, such as encryption and penetration testing of systems
  • Standardising and enhancing information risk management processes
  • Identifying the key individuals in each department who are responsible for information assets and setting out their responsibilities
  • Mandatory training on appointment and yearly thereafter for all staff involved in handling personal data
  • The use of Privacy Impact Assessments when introducing new policy or processes that involve the use of personal data
  • Scrutiny and monitoring of information risk statements by the National Audit Office through spot checks by the Information Commissioner
  • A range of other measures to improve information security across Government

The purpose of the recommendations reinforce the earlier review conducted by Dr Mark Walport (Director of the Wellcome Trust) and Richard Thomas (Information Commissioner), which explored the protections that must apply when personal information is shared in both the public and private sectors. Both reports aim not only to establish standards and processes, but also foster a culture throughout all government departments and the wider public sector, that values and protects the use personal information.

The Government needs to ensure that the systems underpinning key public services are made as secure and resilient as possible. As more and more services go online, it is vital that we ensure that the public has trust and confidence in those services. Public sector organisations must create policies and processes to minimise risks to their information and the systems in which it is handled.

Over a year since the publication of Sir Gus O’Donnell’s review of data handling procedures in central government, delegates attending this conference will have the opportunity to explore and examine how effectively Government departments have implemented the recommended standards, procedures and practices.

Agenda

08:30 Registration and Coffee
09:00 Chair’s Welcome Address
Dr Louise Bennett, Chair, BCS Security Forum (CONFIRMED)
09:10

Professionalisation and Cultural Change: Delivering an Effective IA Strategy

  • Professionalisation and Cultural Change: Delivering an Effective IA Strategy
  • Cultural change: mapping out a clear structure – leadership roles, responsibility, accountability
  • Managing change: setting out a clear vision for change – single career stream for IA professionals across the public sector
  • Professionalisation: raising competence levels in IA across the public sector


Chris Ensor, Technical Director and Head of Profession for IA, CESG (CONFIRMED)
09:30

Risk Minimisation: Robust Identity Management Systems

  • Delivering public services in a digital world: the opportunities and challenges
  • ID Fraud and cyber-security: testing systems and procedures
  • Information assurance: robust authentication procedures and network security processes
  • Insourcing and outsourcing: partnering handbook
  • Data-handling and corporate governance: changing attitudes, tightening practice


Dr Duncan Hine, Executive Director, Integrity and Security, Identity and Passport Service (CONFIRMED)

09:50

Data Sharing: Enhancing Protection, Minimising Risk

  • Rebuilding public confidence: information sharing and data protection
  • Clear processes, procedures and practice: promoting accountability by building transparent structures
  • Handling personal information: embedding best-practice in organisations
  • Clear, modern, legal framework: access, security and consent


Iain Bourne, Head of Data Protection Projects, Information Commissioner’s Office (ICO) (CONFIRMED)

10:10

Protecting and Securing Data in the Public Sector

  • Security built in rather than a bolted on approach
  • Providing the right identity with the right information across the infrastructure
  • Making sure securing does not inhibit the user experience
  • Adhering to compliance, governance and good practice


Paul Briault, Head of Public Sector UK&I, RSA (CONFIRMED)

10:25 Questions and Answers Session
10:50 Coffee Break and Networking
11:25

Beware! The Tiger Has Grown Teeth

Data is the most critical commodity to any organisation whether it is credit card details, healthcare records or citizens names and addresses. With over 30 million personal data records lost in the public sector in 2008, and the Information Commissioner, Richard Thomas, empowered to fine government departments, action is required but where do you start? Data can be leaked in a variety of ways, CD, USB, laptops, paper records all nearly impossible to police so it makes sense to take action before the data even gets that far.

Fortinet will discuss the data privacy controls that can be imposed at the database level to help minimise the risk of such losses by monitoring who is accessing your data and ensure they are adhering to your data usage policies


Dr Carl Windsor, Public Sector Account Manager, Fortinet (CONFIRMED)
11:40

Redesigning Public Services at the Local Level

  • Safeguarding data privacy: effective standards and procedures
  • Robust network security and authentication procedures
  • Independent review - minimising security vulnerabilities: penetration testing, reporting of network breaches and effective remedial action
  • Raising levels of professionalism through supervision, practice and training
  • Using risk management strategies to progress service transformation


Glyn Evans, Corporate Director of Business Change, Birmingham City Council, Local Government Delivery Council and Local Government CIO Council (CONFIRMED)
12:00 Questions and Answers Session
12:15 Keynote Address
Rt Hon Michael Wills MP, Minister of State, Ministry of Justice (CONFIRMED)
12:35 Questions and Answers Session
12:50 Lunch and Networking
14:00

Personal Data and Government

  • It's the wrong way up
  • Why Government relationship management beats the "deep truth" of centralised data
  • A progressive Conservative perspective


Liam Maxwell, Research Fellow, Centre for Policy Studies (CONFIRMED)
14:20

Safeguarding Personal Information in the Public Sector

  • Information assurance: protecting citizens personal information
  • Power of Information: Broadband Britain, NI 14, and digital communities
  • Consent and privacy laws: data-sharing, operational efficiencies and personalised public services


Andrew Miller MP, Chairman, Parliamentary Information Technology Committee (PITCOM) (CONFIRMED)
14:40 Questions and Answers Session
14:55 Coffee Break and Networking
15:15

Panel Discussion: Protecting Personal Data in the Public Sector

With ID fraud reported to be on the increase, and recent polls indicating that a majority of respondents - over 65% - believe that the government and the public sector already hold too much personal information about them, what further steps can SIROs take to rebuild the public’s confidence in the safekeeping of their personal information by public sector organisations?

Panel:

Toby Stevens, Director, Enterprise Privacy Group (CONFIRMED)
Dr Lizzie Coles-Kemp, Lecturer in Information Governance and Security Management, Royal Holloway, University of London (CONFIRMED)
Andrew Miller MP, Chairman, Parliamentary Information Technology Committee (PITCOM) (CONFIRMED)
16:00 Chair's Summary and Close

*programme subject to change without notice

Main Sponsors

Fortinet

Fortinet is a leading provider of network security appliances and the market leader in Unified Threat Management or UTM. Fortinet solutions were built from the ground up to integrate multiple levels of security protection - including firewall, antivirus, intrusion prevention, VPN, spyware prevention and antispam - designed to help customers protect against network and content level threats.

RSA

RSA is the security division of EMC and is the premier provider of security solutions for business acceleration. As the chosen security partner of more than 90% of the Fortune 500, RSA help the world’s leading organisations succeed by solving their most complex and sensitive security challenges.

Exhibitors

NetFort Technologies Ltd

Sophos Plc

Verisec

Audience

Delegates will include Heads of IT / IT Directors, Heads of Shared Services, Heads of Transformation, Heads of Information Compliance, Chief Technology Officers, Business Change Directors, Heads of IT Infrastructure, Heads of Information Assurance, Heads of Disaster Recovery, Technical Directors / Managers, Managers, Risk / Change Managers, Local Authority Heads, e-Learning Managers, Directors and Heads of Research and Knowledge Transfer, ICT suppliers and e-Learning providers and Heads of Procurement, central government departments & bodies, local authorities, trade unions, businesses and employers, regional development agencies, local strategic partnerships, academia and legal & voluntary and all those interested in the information security debate.


inside government events provide unique insight into current government agendas”