CILIP Data Protection Conference

Wednesday 21 May

Agenda

Programme Overview

Keynote | The evolving role of data protection in AI governance

Data protection in the public sector

Changes to data protection and privacy legislation

Sue White, Information Governance Manager, Naomi Korn Associates

Join us for an insightful session where we delve into some of the changes proposed by the Data (Use and Access) Bill and consider how these might affect data subjects, organisations and data protection professionals. Our presenter will select some of the relevant and interesting changes proposed by the new Bill, as it progresses through Parliament, and highlight how these might impact upon data protection practices and considerations.

Children as (copy)rights holders: canaries in the coal mine?

Jen Persson, Founder and Director, Defend Digital Me

Schools are sold tools including AI to support teaching and steer learning pathways, in biometric cashless payment systems, for classroom management and surveillance in always-on 360° HD cameras that sit in the ceilings of libraries and classrooms with studio quality microphones. Schools also routinely use social media, posting pupils' photos online, but as data scraping has become normalised "despite legal challenges”as the standard way of collecting vast amounts of data from any available websites, including from UK schools and local newspapers, what does this mean for the children whose faces are now being unknowingly used to build AI models and whose control of their biometric identity is lost forever with the risk of image misuse? What would safe practices and policy look like?

The rapid recent growth in access to generative AI like ChatGPT and DALL-E has made questions more urgent over how schools manage plagiarism, copyright and authenticity. But how about pupils' own work and data in the classroom and assessments? How is pupil data being repurposed for the development of AI products including LLMs in practice, and what should be happening? What role does copyright law play when protecting pupils work and associated intellectual property rights? What does this mean for learners and staff in practice, or for employers? This talk will address recent events in local and national use of children's data and content when it comes to training large language models, and schools responsibilities to rights holders. 

Improving project and programme delivery through Information Governance training and professional development

Catherine Cooper, Senior Information Governance Officer, Digital Notts

This session will explore a case study of best-practice learnings from Digital Notts'  Integrated Care System. Experience across multiple different programmes and projects across the Nottingham and Nottinghamshire Integrated Care Board (ICB) and Integrated Care System (ICS) partners identified that there were several, linked issues with getting projects off the ground from an Information Governance (IG) perspective, such as: 

• A lack of awareness of the multifaceted nature of IG within project or programme teams 
  
• Project Managers having a lack of confidence when it comes to discussing the use of personal data with suppliers 
• Perception of IG being a tick-box exercise which could lead to more risk being held by a project than was necessary. 

This experience lead to the creation of an interactive and engaging 1.5 hr session for Project Managers that upskills them in the basics of UK GDPR and progresses their understanding from the National Data Security Awareness Level 1 e-learning or a local equivalent. This session will give an overview of what that training looked like and will share the feedback and evaluation of that training pilot.  

Lightning Talk | Data Protection, DPIAs, and the Developing Role of the School Librarian

Charlotte Smith, School Librarian, The King's School

Not traditionally known for their role within data protection and data privacy, school librarians are increasingly being asked to work alongside IT and Administration colleagues within their educational context in order to provide specialised and tailored services. 

This session will dive into my own experiences during the last year, when I was asked to conduct DPIA assessments for a new anti-plagiarism service and for a changing sing-on model to one of our databases. Although schools provide mandatory data protection training to all staff, preparing DPIA paperwork was a step up for me in terms of knowledge and skills, and working with IT colleagues had its positives as well as its challenges. I would like to share these experiences while raising the profile of school librarians as data protection practitioners, a role in which they are increasingly being expected by senior colleagues to become experts.  

Lightning Talk | Trusted Third Parties? Supplier contracts and due diligence  

Data controllers often assume that if their suppliers mess up and cause a data breach, then it will be the suppliers 'in the dock' with the ICO or those claiming compensation for breaches. 
 
However, data protection law is structed in such a way that the buck - almost always - stops with data controllers (even when a supplier messes up). 
 
This session will examine the liabilities and risks for controllers, how to conduct good due diligence on suppliers, and some contract terms to be aware of to protect yourselves. The session will consider some well-known incidents as examples.

Lightning Talk | Making Work Experience Work For You 

Sarah White, Head of Information Governance, Herts Urgent Care (HUC) Ltd

This lightning session will give a brief insight into HUC's work experience placement program and how this has been tailored from an IG and Records Management perspective to support staff, the public and the students at every step of the way. HUC are a primary and urgent care healthcare provider that are a not-for-profit Social Enterprise. However, their work experience program could be tailored to any any sector and skill level. Their program has evolved over a number of years to provide a fun and functional engagement session on topics dear to our hearts that can sometimes be overlooked! 

Sarah has been working in IG for nearly fifteen years and is passionate about the delivery of information governance services within primary care and urgent care health settings. She is an active member of local and national IG communities across a variety of sectors and is keen to share knowledge and support with data privacy professionals.  

Lightning Talk | Implementing Data Governance: People, Process and (a little) Technology

Steph Calley, Head of Data Governance, University of Bath

A strong data governance framework starts with people, and a big culture change. Data is a shared asset, not a siloed resource, and this requires a change in mindset. Executive sponsorship is necessary to champion it, but the real work happens on the ground. 
 
Engaging stakeholders from across the organisation - and giving them the skills, tools and confidence to be Data Stewards - is your biggest challenge, and the best reward. They will ensure that data quality is defined, measured and improved, and populating the business glossary will ensure a shared vocabulary to improve communication and understanding across teams. A process map never goes far wrong either. 
 
Data governance is a long and slow process, but there are some quick wins. Identifying pain points (like data quality issues) and resolving them builds momentum and trust in your framework. 
 
Finally, while technology can support, it is not the be all and end all. Implementing processes and fostering a community of practice is far more impactful than deploying the latest tools. Technology should enhance (but not replace) the efforts of your stakeholders and their well-designed processes. 
 
By focusing on culture, influence, and incremental progress, organisations can create a Data Governance Framework that drives business value and ensures long-term success. 

Lightning Talk | Enhancing Transparency and Trust: Data Subject Rights and the Role of Data Protection Officers in AI and Data Handling     

Adamu Habu, PhD Researcher, University of St Andrews

This session will begin with an introduction to data subject rights and their applications before moving into a discussion on the challenges faced in exercising these rights, and insights from data protection officers on how to improve transparency in data handling.  

Bundle and save!

Book to attend both the CILIP Copyright Conference and the CILIP Data Protection Conference and receive 25% off!

Register

Venue

Online via Zoom 

In association with: