Keynote Speakers

Dr Borking is the former Privacy Commissioner and Board Member of the Dutch Data Protection Authority (CBP) in The Hague. He is one of the leading experts on law and privacy in Europe, and advises national and international public and private sector organisations on privacy and computer law and more specifically the deployment of Privacy Enhancing Technologies (PETs) and alternative dispute resolution. He also is involved in several EU funded research projects in the area of privacy enhancing identity management and PETs and acts as ICT arbitrator and mediator. Dr Borking holds a PhD from Leiden University. The title of his PhD-thesis is ‘Privacy Law is Code, About the deployment of privacy enhancing technologies’.

PETs for Privacy-By-Design

Abstract: The European Commission has introduced in the draft Data Protection Regulation (DPR) the concept of Privacy-by-Design (PbD) in artikel 23.

The  Article 29 Working Party points out in her opinion WP 168 The Future of Privacy (2010) on p.13: The application of such principle (PbD) would emphasize the need to implement privacy enhancing technologies (PETs), privacy by default settings and the necessary tools to enable users to better protect their personal data (e.g. access controls, encryption).

This presentation explains the need for, and the concepts of, privacy enhancing technologies (PETs) and PbD; their anchoring in the EU legislation and how they may contribute to the lawful processing of personal data. Shown will be the progress that has been made since 1995 when it became obvious the law alone can’t protect privacy and what legal specifications have to be built into an information system. Examples will be presented of the architecture of a privacy safe hospital information system, the privacy incorporated software agent and the concept of a privacy management system.

Malcolm Crompton is Managing Director of Information Integrity Solutions P/L. 
IIS has advised Government agencies, financial services institutions and leading global ICT companies on developing trust and delivering privacy to customers.  Malcolm has advised APEC on the APEC privacy framework.  Malcolm was Australia’s Privacy Commissioner between 1999 and 2004.  He led the implementation of Australia’s private sector privacy law.  He was the Foundation President of the International Association of Privacy Professionals Australia New Zealand and the first Director of the IAPP who was based outside North America.  He is also a member of the Microsoft Trustworthy Computing Academic Advisory Board. Malcolm has been a member of external Reference Groups for large research projects funded by the European Union.  He has sat on international privacy award judging panels. Earlier in his career, Malcolm was Manager of Government Affairs in Canberra for AMP Ltd and held senior executive positions in the Australian Public Service.  He has degrees in Chemistry and Economics, is a Certified Information Privacy Professional from the International Association of Privacy Professionals and is a Fellow of the Australian Institute of Company Directors. Malcolm was awarded the inaugural Chancellor’s Medal in 2004 for distinguished contribution to the Australian National University. 

C is for Citizen, Connection, Control and Creativity – your Digital Identity in a Networked World

Abstract: Identity management has traditionally been built around the enterprise, government or business, as it seeks to minimise its risks arising from a transaction with another party, often the individual as an employee or customer.  The balance of trust falls one way: whether the enterprise can trust the individual.

Things are changing.  The growth of user-generated content; the proliferation of anywhere, anytime devices; the burden of existing authentication credentials and methods; and the cost to enterprises have shifted the identity management landscape. Identity management now and in the future will need to reflect a much better balance of trust between the individual as citizen and the enterprise, where both parties exercise a balance of control.

Identity management from a citizen perspective means:

1. Connection: the citizen expects easier connection with an ever increasing range of people and organisations; to connect with ‘government’ rather than disparate agencies and programs; integrated (horizontal) services focused on the citizen’s complex needs for which interoperability between services, agencies, businesses and countries is the key and where borders are becoming meaningless for purchase, service and travel.
2. Control: the cornerstone of citizen-centred identity management is based on informed and enforceable decisions made by the citizen based on (i) information flows that are visible, minimal and in context, (ii) without constant and unnecessary surveillance and (iii) where enterprise accountability is as strong as individual accountability.
3. Creativity: emphasising both creative identity solutions and creative ways of using information for the public good when old style ‘enterprise identity’ and federation of ‘enterprise identities’ will not do.

This presentation will explore citizen-centred identity management principles and how they are being reflected in research and implementation around the world.  There will be a particular emphasis on Australia and programs elsewhere such as the UK Cabinet Office Identity Assurance Programme, the US National Strategy for Trusted Identities in Cyberspace and the EU’s ABC4Trust project.

Sue Gordon is the Acting Chief Executive of Land Information New Zealand and leads the organisation in delivering strategic priorities that support the growth of New Zealand’s economy. These include maintaining a world class property transactions system, increasing the productive use of geospatial information, and enabling the appropriate use of Crown-owned Land.

Prior to this, Sue was LINZ’s General Manager Strategic Development and Support, with responsibility for a range of corporate functions, and the New Zealand Geospatial Office where she led work to promote the New Zealand Geospatial Strategy.  She was also involved in cross-government work in the natural resources sector.

Sue joined LINZ in 2009 from the Ministry of Economic Development, where she was the Deputy Secretary of Organisational Development and Support for six years. Previously, she held organisational development roles in Fonterra, and led the organisational development practice area at Sheffield. Sue has also held roles in the Ministry of Health, Housing New Zealand, and the Ministry of Defence.

The Role of Location in Identity

Abstract: Land Information New Zealand collects a vast amount of location based information, and this information has a key role to play in the wider open government data agenda. Location-based information underpins how we analyse and understand this data, and this presents a number of opportunities and risks.

An understanding of and connection to 'place' underpins much of our culture, and information about the land and our relationship with it shapes both our individual and collective sense of identity. As we make this information more readily available, how do we manage our identity and our privacy while still allowing for innovation and growth?

Colin MacDonald takes up his position as Chief Executive and Secretary for Internal Affairs and Government Chief Information Officer on 16 April 2012.

From July 2008 Colin has been Chief Executive of Land Information New Zealand. From November 2001 to June 2008 Colin was Deputy Commissioner Business Development and Systems at Inland Revenue.

Colin has 30 years experience in Information Technology (IT) and general management in both New Zealand and UK and was previously Chief Operating Officer for the ANZ Banking Group (NZ). Prior to joining the ANZ in 1995, Colin was employed by KPMG as Associate Director in the IT consulting team.  From 1980 to 1994, Colin, who is Scottish-born, was based in the UK, where he held IT management roles in the oil industry and in the legal and retail sectors.

The Balancing Act: Identity and Innovation in the Public Sector

Abstract: Knowing the identity of customers, clients and staff is even more vital in the public sector than in the private sector. Agencies have a responsibility to taxpayers to ensure that services are provided to people who are eligible, which requires knowing who they are. On the other hand, new technology is expanding what is possible for government, creating tension with privacy concerns and changing people’s expectations of government. The challenge for government is to work to improve interaction for New Zealanders and meet their growing expectations for service delivery, while ensuring that identity is protected.
This keynote address will discuss what identity means, how government has risen to the challenges of identity information management and the vision for the future.

Graeme Osborne is the Director of the National Health IT Board and Director of Information Group, National Health Board, Ministry of Health. The IT Health Board is responsible for health IT leadership. It has developed a National Health IT Plan that takes a “whole system” view to guide and prioritise the delivery of health solutions at a national, regional or local level.   The Board emphasises the role of clinical leadership to promote improvements and innovation in the delivery of health care services, enabled by health information, that support the development of a sustainable health system.

Graeme has worked in senior management roles in the financial, health insurance and information technology fields, including ACC, Statistics and Southern Cross Healthcare.

Graeme obtained a Bachelor of Science in Mathematics and Marketing from Canterbury University in 1986. He has experience as a member on the Land Information New Zealand Audit Committee, the e-GIF Management Committee, as a trustee of the Computer Access New Zealand (CANZ) Trust, and a member of the Institute of Directors. He was also a member of the Health Intranet Governance Board, the Telecommunications User Association of New Zealand (TUANZ) Board, and the Digital Strategy Advisory Group.

Identity, the Key to eHealth Effectiveness and Patient Safety

Abstract: New Zealanders have benefited significantly over the last 18 years through the use of a national health index number across much of the health and disability sector.
 
In late 2009 the National Health IT Board was created to improve and broaden the base of the leadership for the eHealth Programme. The programme objective includes a greater level of information sharing to support the delivery of high quality healthcare and to improve patient safety.
As the eHealth programme develops greater momentum, how is the National Health IT Board thinking about idenitity and in particular when identity issues occur, how are they being addressed?
 
The presentation will explore how the Board is engaging with consumers and clinicians as it refines current identity and information sharing principles, policies and guidelines by following the consumer principle “Nothing about us, without us”.

Charles D. Raab was Professor of Government in the University of Edinburgh, and is Professor Emeritus and Honorary Professorial Fellow. He has held visiting positions at several other universities and institutes, and has served on advisory or editorial boards of research projects, national research funding bodies, and academic journals, a well as on conference programme committees. With the Surveillance Studies Network, he co-authored the Report on the Surveillance Society (2006) and an Update Report (2010) on this subject for the UK Information Commissioner. With Benjamin Goold, he co-authored Protecting Information Privacy (2011) for the UK Equality and Human Rights Commission. He has conducted funded research on information policy and regulatory issues, including privacy, data protection, surveillance, identity management, data-sharing, e-government, and European police co-operation, and is the author of a large number of articles, book chapters, and books, including (with Colin Bennett), The Governance of Privacy (2006). He is on the Management Committee of the EU/European Science Foundation’s COST Action ISO807 on ‘Living in Surveillance Societies’ (LiSS), participates in several EU-funded projects within the 7th Framework Programme, and is associated with the Canadian-funded project on ‘The New Transparency’. He has written reports for the European Commission, UK and Scottish government agencies, and has advised several civil society and research organisations on their privacy and surveillance projects and publications. He was the Specialist Adviser to the House of Lords Select Committee on the Constitution for an Inquiry that resulted in Surveillance: Citizens and the State, HL Paper 18, Second Report, Session 2008-09. He helped to draft the Scottish Government’s Identity Management and Privacy Principles (2010) as a member of an Experts Group, and an Identity Rights Charter in 2010 as an Experts Group member in the UK’s Identity and Passport Service. He is an Academician of the UK’s Academy of Social Sciences (AcSS), and a Fellow of the Royal Society of Arts (FRSA).

Privacy and Identity: Recent Developments in the United Kingdom

Abstract: Privacy protection is increasingly considered to be an important dimension in securing public trust in information practices involved in systems for identifying individuals for a variety of purposes in the public sector. The formulation of principles and rights are seen as contributing a valuable element to this dimension.

This presentation will review and comment upon some recent approaches to safeguarding privacy in identity management and assurance systems in the United Kingdom and Scottish Governments.

Mary Rundle is a Technology Policy Strategist in Microsoft’s Technology Policy Group and a Non‑Residential Fellow with the Center for Internet and Society (CIS) at Stanford Law School. In her work on identity management, she has sought to promote trustworthiness in products and solutions, with particular emphasis on the rule of law, security, and privacy and other core democratic freedoms. Previously Mary held concurrent fellowships with CIS and Harvard’s Berkman Center, and she enjoyed exchanging ideas as a visiting fellow with the Oxford Internet Institute. Her focus was on inter-governmental efforts to regulate the Internet’s infrastructure and use. In the 1990s Mary served as a Legal Officer and an Economic Affairs Officer at the World Trade Organization in Geneva, Switzerland.

Identity Governance:  Some Basic Questions

Abstract: In this talk Mary Rundle will highlight lessons learned from her work in identity management from 2008 to today. At the heart of the matter is the fact that there are unresolved “identity governance” issues of a political nature:  industry pursues global reach and eschews regulation even as it depends on law for predictability; governments seek to preserve local values even as they speak of universal human rights and the global information economy; people want to share personal data while retaining certain control but do not know what their rights are. Specific initiatives that are underway have implications for the political arrangement.

As policymakers consider delegating identity governance functions to industry in trust frameworks, they must ensure accountability, transparency, and open competition. All in all, there is a dire need for public education and debate on identity governance – particularly with respect to who has what rights over information, who determines what the package of those rights is, and what the basis of that decision-making authority is.

 Bruce Schneier

Bruce Schneier is an internationally renowned security technologist, referred to by The Economist as a "security guru."  He is the author of eleven books including the best sellers Beyond Fear, Secrets and Lies, and Applied Cryptography, as well as hundreds of articles and essays, and many more academic papers.  His influential newsletter "Crypto-Gram," and his blog "Schneier on Security," are read by over 250,000 people.  Bruce has testified before Congress, is a frequent guest on television and radio, served on several government technical committees, and is regularly quoted in the press.  Bruce is the Chief Security Technology Officer of BT.

Digital Security in a Networked World

Marie Shroff was appointed to the independent statutory position of Privacy Commissioner in late 2003. Her responsibilities include independent comment on significant personal information policies and issues, providing opinions on privacy complaints made against government and business, monitoring government data matching and promoting good personal information handling practices in New Zealand.

From 1987–2003 Marie Shroff held the position of Secretary of the Cabinet and Clerk of the Executive Council, and was responsible for the operation of Cabinet, the Executive Council, and Government House. She worked with four Governors-General, six Prime Ministers, and governments of various parties. Earlier in her career Marie Shroff worked in foreign affairs, teaching, journalism and the public service. From 1986 to 1987 she led an official group managing the corporatisation of nine major state agencies in New Zealand. From 1980‑82 she was seconded to the UK Cabinet Office.

"Sweet Spot": Controlling Personal Identity and Privacy Online

Abstract: The presentation will explore some of the tensions that currently exist in managing identity and privacy online and will examine the responsibilities that government, business and individuals have to build trust.

Personal identity and the data associated with that have become commodified.  Commercial value accrues from extracting that data, and from automating the processes that combine and refine it.

Individuals now are faced with an overwhelming array of opportunities to engage online, both with government, in commerce, and through social media, but our ability to negotiate a path through that is challenging.  

There is significant commercial and government pressure to merge our online identities, and to maintain an enduring, singular, persona online. Although our identities are multi-layered and changeable, individuals are now subject to pressure to maintain "integrity" online. The benefits for the individual in this are open to question, while the increase in administrative efficiency and commercial profitability are real.

Alma Whitten joined Google in 2003 and is currently Google's Director of Privacy for Product and Engineering. She received her computer science Ph.D. from Carnegie Mellon University in 2004 where she specialized in human factors challenges for computer security.

Online Identity Management – How do you Build Privacy in to Products?

Abstract: As the Web becomes increasingly integral to every aspect of our lives—social, economic, and cultural—the burden on engineers to solve critical problems at the nexus of identity and privacy becomes greater than ever before. Companies, organizations, and individuals are taking myriad approaches to these problems, but engineers alone face the challenge of building the technological solutions. There are increasing demands to have a meaningful real-world identity that can be used reliably for online transactions, but it’s important not to lose the many opportunities for free expression that have come to define the Web itself over the past decade. Dr. Whitten will discuss how Google approaches the notion of online identity management with this backdrop in mind.