Spent last week at the 17th annual Privacy and Security Conference in Victoria. The event is put on by the BC provincial Office of the CIO & Ministry of Finance. What follows are some notes from the sessions I took in.
Overall, the conference was better than I expected, although I found the huge number of vendor and vendor presentations disconcerting. The vast majority of attendees at this conference are primarily from government ministries and departments. As a bit of an outsider, I was troubled by the amount of prime time given to the likes of Oracle, IBM and Microsoft to pitch directly to those in government who make the decisions around IT, privacy and security. There were many problems raised that – surprise – there were solutions to. I’m not naive to believe that there isn’t a cozy relationship between government and big tech business, but seeing so much of the conference as a sales pitch to government raised the ick factor for me moreso than the usual conference vendor presence. I hope that, at the very least, BC taxpayers made a chunk of sponsorship cash from the conference.
That said, there were some good sessions. My interest was more on the privacy side over the security, so I passed on a lot of the security bits and stuck with mostly privacy sessions.
The first day was dedicated to pre-conference half-day workshops, and the two I attended (Privacy & Ethics, and Privacy Governance) were perfect primers for me coming into a new role that will have privacy and FIPPA as an integral component of the work I’ll be doing.
Privacy is a fairly new societal concept. It wasn’t until the 1890’s that this idea of personal privacy as a right began to appear in legal journals, driven by new information technologies of the day (the party line telephone and postcards). Interesting to see how technology remains the primary driver behind privacy discussions today.
Privacy is contextual was a reoccurring message throughout many of the governance and legal sessions I attended. Meaning that, while there is both constitutional and common law around privacy, there is still room for interpretation.
The legislation in BC is driven by some key principles of privacy governance – that the right information is gathered and used by the right person at the right time for the right purpose and in the right way. Practically speaking this means taking measures to ensure that you (as someone collecting personal information) only collect what you need for the purpose you need to collect it for, and only use that data for the purpose you collected it for.
Keynote: Richard Thieme
Richard Thieme did a good keynote on day one, although the title of his talk The Porous Borders of the Modern Imagination: Privacy, Trauma and Mass Media led me to believe there would be some critical analysis of the role of the mass media in shaping the narrative of security, privacy and state surveillance. It never materialized. But the keynote was enjoyable as Thieme provided some historical context around privacy that helped frame the themes of the rest of the conference for me. He also reminded me of how powerfully right McLuhan was when he said (to paraphrase), “we look to the future through a rearview lens”, and how that lens is both comforting and problematic.
Chantal Bernier (former Privacy Commissioner of Canada) introduced me to the international code of practice for personally identifiable information in public clouds, also known as ISO 27018 standard. It’s a fairly new standard from ISO, but I can imagine we’ll begin to see this certification being stamped on all manners of services from IT companies offering cloud services. I wonder if this standard may be under consideration by the BC government as they review the current FIPPA legislation?
The TPP and BC’s FIPPA
BC Privacy Commissioner Elizabeth Denham did touch on the current FIPPA review (which a number of educators and educational technology groups have contributed briefs to). The big point in Denham’s talk that jumped out at me was that she believes that the BC privacy laws around local storage of data will hold a trade challenge should the TPP and its clause on allowing the free flow of data across borders be ratified in Canada.
Sketchnoting my way thru the conference
I tried something different this conference. Rather than firing up my laptop and taking part in the backchannel (which, whenever I checked, was crickets considering there were something like 700 people at the conference), I decided to work on sketching some notes during the talks I attended. I have to say, I loved doing this. I found I paid closer attention to the speakers, and my brain had to work hard to try to organize concepts and thoughts on the fly. I can see the appeal and will definitely be using this again in the future.