Wednesday 20th October 2010, Guoman Charing Cross Hotel - London, 09:00 - 16:15
Data Protection: Protecting Information in the Public Sector
Overview
Smarter, more efficient and convenient public services depend on the right information being available, reliable, and well protected. It is therefore a necessity that we make sure that the risks to this information are properly managed.
In a radical shake-up of government transparency, Francis Maude, Minister for the Cabinet Office, has established The Public Sector Transparency Board which will support and challenge public sector bodies in the implementation of transparency and open data. The government will be working with other departments to develop the public’s legal right to data. It will make the changes in central government first, and look to see the rest of the public sector follow too.
Furthermore, the continuing pace of technological change, the prevalence of social networking, the growth of mobile means of accessing the Internet and the advent of Web 2.0, and Web 3.0, mean that the ways in which information is used will continue to pose challenges to how we protect information that is held or transferred. As information becomes an ever greater part of how we live our lives, it inevitably becomes a more attractive target for those who might seek to exploit that information for their own purposes.
In May 2010, it was released that the number of breaches involving people’s personal information reported to the Information Commissioner’s Office (ICO) reached 1000. The privacy watchdog is urging organisations to minimise the risk of mistakes.
David Smith, Deputy Commissioner, said: “We all know that mistakes can happen but, the fact is that human error is behind a high proportion of security breaches that have been reported to us. Extra vigilance is required so that people’s personal information does not end up in the wrong hands. Organisations should have clear security and disclosure procedures that staff can understand, properly implement these and ensure that they are being followed by staff. Staff must be adequately trained not just in the value of personal information".
Agenda
As more and more services go online, it is vital that we ensure that the public has trust and confidence in those services. Public sector organisations must create policies and processes to minimise risks to their information and the systems in which it is handled. The conference will offer delegates the opportunity to discuss and examine how we can improve information security.
| 09:00 |
Registration and Coffee |
| 09:45 |
Chair’s Welcome Address
Gerry O’Neil, Past CEO, Institute of Information Security (CONFIRMED) |
09:55 |
Special Keynote: Personal Information Online: A New Code of Practice
- A new draft code of practice: providing organisations with a practical and common sense approach to protecting individuals’ privacy online
- Giving people the right degree of choice and control over their personal information
- Ensuring sustainable information security compliance
- What personal information to collect, when to collect it and when not to
- Overcoming the data protection challenges that cloud computing brings
- Information sharing and data protection: the next Code of Practice
David Smith, Deputy Commissioner and Director of Data Protection for the Information Commissioners Office (CONFIRMED)
|
| 10:15 |
Redesigning Public Services at the Local Level
- Safeguarding data privacy: effective standards and procedures
- Robust network security and authentication procedures
- Independent review - minimising security vulnerabilities: penetration testing, reporting of network breaches and effective remedial action
- Raising levels of professionalism through supervision, practice and training
- Using risk management strategies to progress service transformation
Mark Brett, Head of Information Assurance, SOCITM (CONFIRMED)
|
| 10:35 |
Sponsor Presentation: Pricing Privacy in Public Sector
- Protecting Privacy, consolidation of services and making efficiency savings
- Trends in public sector data processing and privacy issues
- Managing privacy when minding your budget
- How to get the most out of the organisation
- How to get the most out of your suppliers
Rajee Sritharan, Data Privacy public sector, Deloitte LLP (CONFIRMED)
|
| 10:55 |
Questions and Answers Session |
| 11:05 |
Coffee Break and Networking |
| 11:35 |
Improving Information Sharing and Management
- Risk management : routine training to foster a culture that respects and secures personal data
- Information assurance: ensuring the security of the information and the integrity of the user
- Data handling procedures – checks and balances: regular, independent reviews, inspection processes
- Data sharing standards: providing limited, anonymised information sets
- Lessons learnt from ContactPoint
Christine Goodfellow, Director, Improving Information Sharing and Management (IISaM) Programme, Department for Education (CONFIRMED)
|
| 11:55 |
Information Sharing: Securing Data in Shared Services
- Information assurance in the age of shared services
- Overcoming the governance challenge to sharing services
- Delivering a shared service that protects data from the risks caused by changing and obsolete technologies
- Working with government departments to make sure they understand the risk
Kevin Robert, Head of Corporate Services, Department for Work and Pensions (CONFIRMED)
|
| 12:10 |
Sponsor Presentation: Protecting Data with Cyber Defence
- With stored data forecast to grow by over 650% in the next 5 years and Cyber attacks damaging the global economy by an estimated $1Trillion per year, what is the IT industry doing to address the safeguarding of organisations crown jewels – data.
- There is an urgent need to take a fresh look at how we protect our data from cyber crime and attacks. The current philosophy of increasing the complex edge defences to our networks is being outpaced by the criminal or terrorist and can never provide a totally secure answer.
- By taking a alternate view at the way in which organisations arrange their defences, NetApp would advocate that a simpler approach can be taken to provide a far higher level of data protection at a lower cost.
Nigel Wood, UK&I Partner & Alliance Director, Fujitsu & Paul Wooding FBCS CITP, Head of UK Public Sector, NetApp (CONFIRMED)
|
| 12:30 |
Questions and Answers Session |
| 13:00 |
Lunch and Networking |
| 14:00 |
Information Sharing: Securing Shared Data
- Scope of personal information sharing, including benefits, barriers and risks of data sharing and data protection
- Sharing information in a secure environment
- Managing the risks around cyber crime
Mike Humphrey, Head of Information Assurance and Accreditation, Serious Organised Crime Agency (CONFIRMED)
|
| 14:20 |
Data Protection: Security Awareness and Procurement
- Understanding current HMG Security requirements including those for Information Assurance; Confidentiality, Integrity, Confidentiality and Business Impact
- The HMG Vetting and Clearance process
- The effect of ‘Business Impact’ analysis for loss or failure of Integrity
- Security awareness and procurement with particular emphasis on Security Aspects Letters to suppliers
- Complying with the data protection principles set out in the Data Protection Act to ensure a high level of confidence that personal data is handled correctly in the contract
- Pitfalls in Business continuity and disaster recovery planning when contracting
Tony Collings OBE, Fellow, British Computer Society & Chairman, ECA Group (CONFIRMED)
|
| 14:40 |
Sponsor Presentation: Data Privacy for Testing - Closing the Privacy Gap When Data are Used in Software Development, Testing and Training
- The “Testing Paradox”
- What is Done to Protect Data Today?
- The Easiest Way to Expose Private Data … Internally with the Test Environment
- What’s the Risk?
- Best Practise Approach - Rendering Data Unusable to Protect Privacy
Robert Boden, IBM Optim IT Specialist, IBM (CONFIRMED)
|
| 15:00 |
Coffee Break and Networking |
| 15:20 |
Data Management and the Criminal Justice System
- Challenges joining up criminal justice systems across Europe
- EU wide exchange of convictions
- Sharing data in a secure environment
- What data is shared?
Det Supt Gary Linton, Head, ACPO Criminal Records Office (ACRO) (CONFIRMED)
|
| 15:40 |
Protecting Digital Infrastructures Through Research and Innovation
- Network Security Innovation Platform – delivering innovative programmes for a more secure electronic environment
- Information security road map
- Key trends impacting information security
- Managing the risks around cyber space
- New technologies and data protection challenge
Andrew Tyrer, Lead, Network Security Innovation Platform, Technology Strategy Board (CONFIRMED)
|
| 16:00 |
Questions and Answers Session |
| 16:15 |
Chairs Closing Remarks and Close |
*programme subject to change without notice
Sponsors
Deloitte
NetApp / Fujitsu
IBM
Audience
Delegates will include chief information officers, chief technology officers, heads of IT, heads of shared services, heads of transformation, heads of information compliance, chief technology officers, business change directors, heads of IT infrastructure, heads of information assurance, heads of disaster recovery, technical directors , risk managers, heads of HR, e-learning managers, directors of research and knowledge transfer, ICT suppliers and e-Learning providers and heads of procurement, from central government, local authorities, trade unions, businesses and employers, regional development agencies, local strategic partnerships, academia and legal & voluntary and all those interested in the information security debate.
