Delegates at PrivSec London were able to learn about crucial issues affecting data privacy and cyber security over the conference’s two days at the Queen Elizabeth II Centre, but its the importance of ethical approach to data handling stood as a key theme.
Attendees in the conference’s Public Sector heard how transparency is crucial: “If you’re not willing to talk about what you’re doing, then you shouldn’t be doing it”, said Hellen Beveridge, Privacy Lead, Data Oversight.
However, if you’re being open and honest, then be vocal about your transparency to obtain the edge against competitors in an age when customers are actively seeking companies they can rely upon.
Thoughtfulness is paramount, because data subjects are vulnerable as soon as private information becomes mishandled.
Equally, if organisations are to nurture positive, compliant growth, then they must work to generate more trust. Employees, customers and clients alike need to be able to trust companies to do the right thing.
Other themes explored at PrivSec London included:
Data Protection and Ethics in Marketing and Advertising
- Brexit and PECR 2019
- Data Protection and Brexit: The UK as a Third Country
- International Data Transfers
- Emerging Tech and AI: Ethical Use within Financial Services (FS)
- Cyber Incident Disaster Recovery
- Privacy as an Enabler for FS
In the Privacy and Security theatre, Sheila FitzPatrick, President & Founder, FitzPatrick & Associates, discussed innovation and the challenges creative growth can pose to privacy.
Sheila FitzPatrick said:
“We need to release the power of data through innovation, but we can’t do that at the expense of privacy. There are challenges are around things like AI, Machine Learning (ML), and big data, but we have to think about how these technologies impact upon personal privacy.”
“Companies think that they have a right to use data simply because they hold it, as though you can say that you’re providing a better personal experience and use that to justify your use of that data. There are a lot of hidden agendas, and that means there’s a lack of privacy by design.
“Companies think that security equals privacy. It doesn’t.”
Describing the key pitfalls that companies must watch out for, Sheila FitzPatrick cited:
- Lack of understanding of what constitutes privacy
- Companies focusing solely on security
- Global expansion of laws with multiple inconsistencies
- Contracting out privacy obligations
- Privacy violations versus data breaches
- Innovation driving substantial changes with little regard to privacy, particularly in the fields of big data, AI and ML, open banking and smart cities.
In the Public Sector theatre, delegates heard Dave Parsons, Information Governance Manager at Cardiff Council, give advice on handling Data Subject Access Requests (DSARs)
Dave Parsons said:
“Records management and creating a record of processing activity is very important. You can’t handle a request if you don’t know what you’ve got.
Focusing on how organisations can recognise that a SAR has been, or is in the process of being, submitted, Dave said:
“It could arrive in writing, or it could be verbal, without the data subject specifying that it’s a DSAR. You will have to go back and get some sort of written request from them. They may not say they want their data under the GPDR specifically.”
“Acknowledge receipt of the request and get to the core of what the data subject wants. Record all requests to monitor compliance. It’s important that you redact information accurately, and this will depend on your own organisational controls.”
Later in the Public Sector theatre, Florian Marcus, Presenter-Analyst at e-Estonia Briefing Centre, gave a fascinating talk on the case for e-governance and digitalisation, using the case study of Estonia, the most digitally advanced society in the world.
Florian Marcus firstly addressed the question of how a country such as Estonia has gone so far down the pathway of digital transformation.
After gaining independence from the Soviet Union in 1991, Estonia was left with a unique set of characteristics that made it a fertile location for digital development. The Estonian government had a meagre budget of around 130m Euros and a relatively small population. With limited financial resource and limited people-power the traditional routes to economic recovery and growth were largely cut off. As a result, the government decided to embrace online technologies and this has created a digital-by-default culture, Florian explained.
Florian Marcus said:
“In Estonia, the internet is now a social right that’s fulfilled even in the smallest towns and villages. Each resident has an electronic ID. The only things you can’t do online now include getting married, divorced, or conducting real estate transactions.”
“Even if you submit paper documents, the data is still digitised. There is trust by design. I can see who has looked at my data, when and why, through the Estonian state portal. Using the X road, there is no single point of failure or entry.
“Transcending boundaries through proactive government services can cut out so many of the inefficiencies that exist within government bodies and private companies.
“Digitalisation has never been a technology problem, but a people problem,” Florian added.
Throughout the day, experts at PrivSec London gave advice on how organisations can foster and demonstrate a working culture that upholds legal standards in data privacy in a way that builds consumer trust.
In the Governance, Risk & Compliance and Industry theatre, Shoshana Rosenberg, Privacy Specialist & CEO and Founder at SafePorter, underlined how diversity of talent and greater inclusivity in the workplace are at the foundation of strong data privacy culture.
“We are all aware of the problems that arise in technology when design teams are insufficiently diverse. The same teams that are deployed to generate algorithms and create AI are those tasked with setting in place privacy and data protection by design. These protections need to be uniformly accessible and without bias.
“Open lines of communication and a create a culture of community within the organisation. Seeking, making channels for, and providing real responses to feedback will help. Accountability for inclusion rests on the same foundation as data privacy.”
For more information on PrivSec events coming in 2020, click here.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/