04 - 05 September, 2018 | The Royce Hotel, Melbourne

Conference Day Two: Wednesday, 5th September 2018

8:30 am - 9:00 am COFFEE & REGISTRATION

9:00 am - 9:10 am Opening Remarks from Conference Chairperson

Privacy and Security have become well entrenched lenses through which we approach and test our design of services. However in a ‘customer centric’ and ‘identity is at the centre of everything’ world, Identity still fails to get the attention it deserves. Approaching service design from an Identity perspective as well as Privacy and Security can provide opportunities for organisations to see risks to their services in a new way. But in this session Joanne, an identity practice guru, will explore what is possible for data privacy and protection when you stop thinking about identity all together.

This session will show you how to:

  • Avoid creating a pseudo National ID infrastructure by stealth and face an inevitable truth
  • Focus on personal information verification rather than identity verification, with accuracy and binding as core aspects
  • Make use of claims, and services that offer accurate and bound information, to devalue information in the face of the inevitable

Joanne Knight

Head of Analytics and Data Science
Department of Internal Affairs, New Zealand

9:50 am - 10:30 am Don’t Risk it! How to Develop a Global Privacy Program to Ensure Secure Cross-Border Disclosures of Personal Information

Marion Hemphill - General Counsel and Head of Government Relations, The Australian Red Cross Blood Service
Regulations vary from country to country and because of this companies must make decisions to protect their customer data and comply with locals laws on a company-by-company and incident-by-incident basis. This session will explore the strategies of how your business can meet the compliance requirements of both national and international laws that is suited to your company culture, budget and risk appetite in mind

This session will show you how to:

  • Develop and implement practical compliance solutions to the data protection laws that apply to global business
  • Assess your privacy compliance against the brief summaries of requirements, assessments on the enforced risks and
  • How to ensure the control of data and IT
  • The weight of potential heavy fines if your privacy compliance does not meet the regulations

Marion Hemphill

General Counsel and Head of Government Relations
The Australian Red Cross Blood Service

10:30 am - 11:00 am MORNING TEA

11:00 am - 11:40 am Reinventing Privacy Policies as a Strategic Communication Tool to Build Consumer Trust and Loyalty

Dali Kaafar - Leader Information Security and Privacy, CSIRO Data 61
A clearly written and readily available privacy policy will not only educate consumers on how their personal information will be managed but will also build trust. By shortening and simplifying a privacy policy with an easy-to-understand language that clearly states what specific data it will collect, where the data will be stored and the consumer’s benefits to company’s practices, will maintain and build the consumer’s trust.

This session will show you how to:

  • Better understand a consumer’s perspective on security and privacy
  • Revamp a ponderous privacy policy y ensure consumers are engaged and confident and with privacy Messages
  • Put customers at the forefront of security privacy planning and practices
  • Responding to consumer queries and improve the consumer’s perception of your privacy and security practices

Dali Kaafar

Leader Information Security and Privacy
CSIRO Data 61

11:40 am - 12:20 pm Privacy as a Priority: Integrating The Australian Privacy Principles (APPs) To Drive Transparency and Improve Customer Experience

According to the Ponemon Institute, only 25% of companies monitor access and activity of sensitive data. There is a great importance in respecting the customer privacy, safeguarding data and enabling trust as this could be the difference in your customer leaving or staying.

This session will show you how to:

  • Analyse and Implement practices, procedures and systems in relation to The Australian Privacy Principles (APPs)
  • Implement the collection and management of personal information to mitigate consumer risk
  • Deliver the notification of personal information in a quick, simple, effective and transparent procedure to boost customer retention and engagement
  • Overcome the challenges in disclosing personal information cross-border

12:20 pm - 1:20 pm LUNCH

1:20 pm - 2:00 pm Data Privacy Becomes A Competitive Issue: How to Efficiently Adapt To The Ever-Changing Threats and Regulations to Gain Competitive Advantage

Rachel Hamlen - Privacy Officer, World Animal Protection Australia
This session will highlight how you can leverage modern technology, maintain security and compliance across your enterprise. In this session, Rachel will highlight her journey as a Privacy Officer and explore the appropriate strategies and technology to protect your data without the high cost and required complex internal infrastructure management.

This session will show you how to:

  • Rapidly adapt to the changing customer demands, technological landscape and privacy regulations as a Privacy Officer
  • Creating a framework to identify genuine threats
  • Reduce the overall storage footprint of data across multiple sites
  • Assess cyber security risk management and solutions

Rachel Hamlen

Privacy Officer
World Animal Protection Australia

2:00 pm - 2:40 pm Incorporating a Breach Response Plan into Your Data Security Strategy to Mitigate Risks, Enhance Consumer Confidence and Competitive Advantage

It is always better to be safe than sorry. If a data breach was to occur, your company should have a plan in place. Developing a workflows and connections beforehand will ensure you won’t have to scramble later in case of a data breach.

This session will show you how to:

  • Prepare a clear plan of action to face regulatory officers, consumers and the press
  • Create a culture of compliance and increased security by having a standard set of security practices for all employees
  • Setting encryption practices for the transfer of data and only storing data that’s absolutely necessary for the organisation
  • Actions the response team should take to hand le the aftermath of a data breach swiftly

2:40 pm - 3:20 pm AFTERNOON TEA

3:20 pm - 4:00 pm Do’s and Don’ts: Avoid Punitive Fines of up to 4% of Your Global Turnover by Preparing for Assessments and Audits

There is so much more to security than just prevention. Throwing technical solutions at a security problem will prevent it and make that problem go away. However a truly effective approach when preparing to be assessed will involve three aspects- prevention or technology, people and process. Join this session to ensure that your organisational security will work towards the compliance assessments, not against it.

This session will show you how to:

  • Prepare for a privacy assessment by regulator from the Office of the Australian Commissioner or an independent audit
  • Conduct self assessments prior to the audit
  • Ensure practices and behaviours that align with your documented systems and processes
  • Implement your own digital privacy risk assessments as a solution to PIAs

4:00 pm - 4:40 pm PANEL DISCUSSION: Embracing the Future of Privacy, Trust, Protection and Ethics in Your Privacy Approach

Roslyn Toms - Group Executive - Legal and Chief Risk Officer, NIB Health Funds Ltd
Nicole Hunt - Director of Privacy, Australian Digital Health Agency
The challenge to extract the maximum value from customer data while respecting privacy is still an ongoing quest. Businesses still need to go beyond pure compliance to entrust truth within the customer. This panel discussion will highlight how data breaches can mean disrespect to the law, a violation of ethical principles, a breach in trust and a dilution in security.

Points that will be discussed in his panel discussion:

  • Over the next 12 months, how will the way we detect and remedy cyber threats change? Will traditional methods of defence become redundant?
  • What does it mean for a companies to consider their ethics with respect to customer data?
  • Is ‘compliance-only’ approach strategy enough? Why?
  • Do you feel like your organisation has a robust and ethical solution to ensure the long-term suitability in the way they store and use data?
  • Will there ever be an ethical method to collect data?

Roslyn Toms

Group Executive - Legal and Chief Risk Officer
NIB Health Funds Ltd


Nicole Hunt

Director of Privacy
Australian Digital Health Agency

4:40 pm - 4:40 pm Closing Remarks from Conference Chairperson