A global audience of privacy specialists and data practitioners met at PrivSec Dublin today at the capital’s Convention Centre for an insightful day of keynote talks and panel debates.
As anticipated, the event’s 1,000 attendees found themselves at the forefront of the global debate on data protection thanks to engaging presentations on a range of topics delivered in three separate theatres.
In the Data Privacy Theatre, Steve Wright, CEO of Privacy Culture, looked at the broad data protection picture, noting how “the term cyber-security didn’t exist 10-15 years ago”.
“Now we are learning about the value of data, but still making mistakes about how it is used,” Steve commented before elaborating on the work of the CISO and DPO.
“As DPOs, we’re not there to tell you what to do, we’re there to advise you because ultimately it’s a business decision regarding what to do with data. I’m there to protect the rights of the individual”.
“I’m heavily reliant on the CISO, as ultimately, [whether a breach is malicious or not], the consequences are the same. Now we are seeing these two cultures – data privacy and cyber-security – joining together. It’s very significant because risk of breach is being recognised around the world as a problem that needs to be addressed.”
Steve described how he feels a national US data privacy law will eventually come in, but not for another five or ten years.
In the Data Privacy, Security and Emerging Technology theatre, Chief Security Risk and DPO at Princes Trust, Glen Hymers looked at how data specialists can manage compliance and security within budgetary parameters.
“Try to make your policies as easy going and light as possible, but make those policies informative. Make sure they empower staff to be able to do their job,” Glen said. By way of example, staff should feel able and authorised to approach an unfamiliar person in the firm’s building and ask for ID, should that person not be wearing appropriate identification.
“Your members of staff need to have that clarity when it comes to policy. If people don’t understand it or they’re not empowered, they’ll just ignore it or find ways around it,” Glen said.
Among talks at the Cyber and Business Continuity theatre, Head of Information Security, University of Salford presents on accountable information security, Greg van der Gaast championed the cause of Information Security culture.
“You could argue that InfoSec is the more important [element] because it underpins much of data protection. But the problem is that InfoSec is often done badly – we can be terrible at providing information assurance and security,” Greg said.
He pointed out that the problem with negative blame culture in InfoSec is that it recognises a person – who is ostensibly to blame for an incident – as the weakest link, when in fact they are just the first link.
To overcome the negative mindset, Greg emphasised how we all need to ask what we can do to help, and to see “every barrier as a challenge.”
“Stay positive and enjoy overcoming those challenges. If we hit resistance, step back, work out the cause and address that. It’s often relationships, understanding and support. Solve these issues first. We must not let our egos stand in the way of our own growth,” he continued.
Attendees flocked to the Data Privacy theatre towards the end of the day to hear The Great Hack star, David Carroll, answer questions alongside Austrian data privacy activist Max Schrems.
Are we now in a new era in data privacy, post Cambridge Analytica, asked panel chair and partner at Privacy Culture, Vicky Guillot.
“I think there are such huge differences across industries,” Schrems said.
“A business model that collides inherently with GDPR – you see creative reinterpretation of the law in order to get around the GDPR”, referring to a certain social network’s tendency to package user consent into contracts to circumnavigate explicit consent requirements as stipulated by the GDPR.
David Carroll responded:
“We have seen a huge shift in attitudes. The response to Cambridge Analytica is a reflection of that – there was always an anxiety bubbling under the surface.”
David pointed to anxiety finding root in 2014, when ad-blockers became a big concern. At the time, the New York professor was vocalising how the concerns were down to data privacy issues.
Today, David describes how he is not surprised by the arrival of the Cambridge Analytica scandal, but says he could never have anticipated the global scale of the data privacy disaster.
“Cambridge Analytica is a release valve of tension that was there. It signaled a change in attitudes towards technologies used.
“Before 2014, we believed that tech could do no wrong. Now it’s more about looking for the wrongs that tech is invariably committing,” David added.
The day’s debates continued on social media
@EgressSoftware: “Great presentation from Egress CPO Sudeep Venkatesh today at #PrivSecDub, looking at how organizations can make email a safe for employees sharing sensitive data
@okeefekat: Good point from Greg van der Gaast on the so-called “skills gap”. If you only hire for “experience” and a strict skillset, you can miss human potential.
@MissIG_Geek: ‘Predict, Prevent, Detect, Enforce’ is the model that the Guernsey Data Protection Commissioner operates within. Simply detecting and enforcing isn’t enough. The misuse of data should be treated as seriously as the theft of a wallet – it’s unacceptable -Emma Martins #PrivSecDub
@CiaranJohnson: Fantastic views and talk by Greg van der Gaast at #PrivSecDub
Quotes from the day’s presentations:
“Compliance is a journey not a race”
“Legislation is a safety-net but not an ethical baseline”
“Sharing power is the best way to hold power”
Join us tomorrow for day two of PrivSec Dublin, when more topics will be explored to depth by a roster of global names in data privacy and cyber-security.
Catch the replays and discover the best talks from Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.