Data Protection

Wednesday 20th October 2010, Guoman Charing Cross Hotel - London, 09:00 - 16:00

Data Protection: Protecting Information in the Public Sector

Overview

Smarter, more efficient and convenient public services depend on the right information being available, reliable, and well protected. It is therefore a necessity that we make sure that the risks to this information are properly managed.

In a radical shake-up of government transparency, Francis Maude, Minister for the Cabinet Office, has established The Public Sector Transparency Board which will support and challenge public sector bodies in the implementation of transparency and open data. The government will be working with other departments to develop the public’s legal right to data. It will make the changes in central government first, and look to see the rest of the public sector follow too.

Furthermore, the continuing pace of technological change, the prevalence of social networking, the growth of mobile means of accessing the Internet and the advent of Web 2.0, and Web 3.0, mean that the ways in which information is used will continue to pose challenges to how we protect information that is held or transferred. As information becomes an ever greater part of how we live our lives, it inevitably becomes a more attractive target for those who might seek to exploit that information for their own purposes.

In May 2010, it was released that the number of breaches involving people’s personal information reported to the Information Commissioner’s Office (ICO) reached 1000. The privacy watchdog is urging organisations to minimise the risk of mistakes.

David Smith, Deputy Commissioner, said: “We all know that mistakes can happen but, the fact is that human error is behind a high proportion of security breaches that have been reported to us. Extra vigilance is required so that people’s personal information does not end up in the wrong hands. Organisations should have clear security and disclosure procedures that staff can understand, properly implement these and ensure that they are being followed by staff. Staff must be adequately trained not just in the value of personal information".

Agenda

As more and more services go online, it is vital that we ensure that the public has trust and confidence in those services. Public sector organisations must create policies and processes to minimise risks to their information and the systems in which it is handled. The conference will offer delegates the opportunity to discuss and examine how we can improve information security.

09:00	Registration and Coffee
09:50	Chair’s Welcome Address Gerry O’Neil, CEO, Institute of Information Security (CONFIRMED)
10:00	New Directions in Addressing Data Protection Challenges Public sector data sharing guidance Data sharing consultation Technological changes and data protection Empowering the citizen and data protection The future challenges of data protection Rt Hon Lord McNally, Minister of State, Ministry of Justice (invited)
10:20	Information Risk Management in the Public Sector Toby Stevens, Director, Enterprise Privacy Group (CONFIRMED)
10:40	Redesigning Public Services at the Local Level Safeguarding data privacy: effective standards and procedures Robust network security and authentication procedures Independent review - minimising security vulnerabilities: penetration testing, reporting of network breaches and effective remedial action Raising levels of professionalism through supervision, practice and training Using risk management strategies to progress service transformation Jos Creese, President, SOCITM & Head of IT, Hampshire County (CONFIRMED)
11:00	Special Keynote: Personal Information Online: A New Code of Practice A new draft code of practice: providing organisations with a practical and common sense approach to protecting individuals’ privacy online Giving people the right degree of choice and control over their personal information Ensuring sustainable information security compliance A common sense approach to collecting personal information online, including when to collect information and when not to Overcoming the data protection challenges that cloud computing brings Rebuilding public confidence: information sharing and data protection David Smith, Deputy Commissioner and Director of Data Protection for the Information Commissioners Office (CONFIRMED)
11:20	Questions and Answers Session
11:35	Coffee Break and Networking
11:55	Information Sharing: Securing Shared Data Scope of personal information sharing, including benefits, barriers and risks of data sharing and data protection Sharing information in a secure environment Managing the risks around cyber crime Mario Kempton, Head of information Security, Serious Organised Crime Agency (CONFIRMED)
12:15	Improving Information Sharing and Management Risk management : routine training to foster a culture that respects and secures personal data Information assurance: ensuring the security of the information and the integrity of the user Data handling procedures – checks and balances: regular, independent reviews, inspection processes Data sharing standards: providing limited, anonymised information sets Lessons learnt from ContactPoint Christine Goodfellow, Director, Improving Information Sharing and Management (IISaM) Programme, Department for Education (CONFIRMED)
12:35	Information Sharing: Securing Data in Shared Services Information assurance in the age of shared services Overcoming the governance challenge to sharing services Delivering a shared service that protects data from the risks caused by changing and obsolete technologies Working with government departments to make sure they understand the risk Kevin Robert, Head of Corporate Services, Department for Work and Pensions (CONFIRMED)
12:55	Questions and Answers Session
13:10	Lunch and Networking
14:10	Data Protection: Security Awareness and Procurement Understanding current HMG Security requirements including those for Information Assurance and Integrity and Business Impact HMG Vetting and Clearance process The effect of ‘Business Impact’ analysis for loss or failure of Integrity Security awareness and procurement Complying with the data protection principles set out in the Data Protection Act to ensure a high level of confidence that personal data is handled correctly Business continuity and disaster recovery planning Tony Collings OBE, Fellow, British Computer Society (CONFIRMED)
14:30	Data Management and the Criminal Justice System Challenges joining up criminal justice systems across Europe EU wide exchange of convictions Sharing data in a secure environment What data is shared? Det Supt Gary Linton, Head, ACPO Criminal Records Office (ACRO) (CONFIRMED)
14:50	Protecting Digital Infrastructures Through Research and Innovation Network Security Innovation Platform – delivering innovative programmes for a more secure electronic environment Information security road map Key trends impacting information security Managing the risks around cyber space New technologies and data protection challenge Andrew Tyrer, Lead, Network Security Innovation Platform, Technology Strategy Board (CONFIRMED)
15:10	Coffee Break and Networking
15:30	Questions and Answers Session
15:55	Chairs Closing Remarks
16:00	Close

*programme subject to change without notice