Wednesday 10 September 2003

0730 - 0900 Registration 0900 - 1030 Welcoming Address, Welcome to Country Ceremony and Opening of Conference - More Info >> 1030 - 1100 Coffee Break 1100 - 1230 Plenary Session A "Regulating Privacy: what others are doing" More Info » 1230 - 1400 Luncheon 1400 - 1530 Plenary Session B "Building Community Trust: a practical perspective" More Info » 1530 - 1600 Coffee Break 1600 - 1730 Parallel Sessions Parallel Session 1 " Privacy Laws: practical effect on global businesses and consumers" More Info » Parallel Session 2 " People: organisational structures and incentives to support privacy" More Info » Parallel Session 3 " Technology: supporting a culture of privacy in your organisation" More Info » 1900 - 2330 Conference Dinner: The Tumbalong Ballroom (Conference Venue)

Thursday 11 September 2003

0800 - 0900 Registration 0900 - 1030 Plenary Session C "A Safe and Open Society" More Info » 1030 - 1100 Coffee Break 1100 - 1230 Parallel Session 4 More Info » "Legal Issues: open justice, forgiveness, compassion, context, proportionality” Parallel Session 5 More Info » "Law enforcement with respect" Parallel Session 6 More Info » "A Safe and Open Society: the role of privacy regulators" 1230 - 1400 Luncheon 1400 - 1530 Plenary Session D "Identity and Privacy: who wants to know and why?" More Info » 1530 - 1600 Coffee Break 1600 - 1730 Parallel Sessions Parallel Session 7 More Info »  Resources » "Communicating important privacy information - issues, and recent initiatives aimed at doing this more effectively" Parallel Session 8 More Info » "Is my privacy the same as your privacy?" Parallel Session 9 More Info » "Identity: now you see it; now you don't"

Friday 12 September 2003

0900 - 1030 Communicating important privacy information – report on progress to a resolution by Commissioners Key Note Address More Info » 1030 - 1100 Coffee Break 1100 - 1230 Plenary Session E "Taking privacy to the people" More Info » Closing Address More Info » Promotion of the 2004 International Conference 1230 - 1730 Closed Session of Data Protection & Privacy Authorities (by invitation only) Data Protection & Privacy Authorities only: 1230 - 1400 Luncheon 1400 - 1530 Closed Session 1530 - 1600 Coffee Break 1600 - 1730 Closed Session

Members of the Program Committee

The program for the Conference has been drawn up in consultation with a small, informal international advisory board. The members of the board were drawn from the corporate sector, privacy advocates and Privacy and Data Protection Commissioners. We would like to extend our thanks to those members for their valuable input to the program.

Opening of Conference

Mr Malcolm Crompton, Federal Privacy Commissioner, Australia

Download Malcolm Crompton Welcome Speech

Prof. Fiona Stanley AC , FAA, FASSA, MSc, MD, FFPHM, FAFPHM, FRACP, FRACOG, Hon DSc, Australian of the Year, Chief Executive Officer Australian Research Alliance for Children and Youth,Australia

Fiona Stanley Presentation (173 Kb Presentation)
Fiona Stanley Presentation Slides (834 Kb Presentation Slides)

Plenary Session A "Regulating Privacy: what others are doing"

Date Wednesday 10 September 2003
Time 1100 - 1230
Room Tumbalong Auditorium

Chair: Stefano Rodotá, President, Data Protection Commission, Italy
Speakers:
Mr Raymond Tang, Privacy Commissioner for Personal Data, Hong Kong
Prof. Allan Fels AO, Dean of the Australia and New Zealand School of Government

Aims to broaden the view outside our particular privacy perspectives and also helps to set the scene for the Conference. Includes a survey of various privacy initiatives around the world, with particular reference to the Asia-Pacific region. Also looks at the way in which privacy laws and other laws interact with each other and how these laws may impact on the roles of all regulators including Privacy Commissioners, for example, in protecting consumer rights and interests.

Mr Raymond Tang Speaker Presentation (223 Kb Microsoft PowerPoint Presentation)
Professor Allan Fels Speaker Presentation (83 Kb Microsoft Word Presentation)
Professor Allan Fels Speaker Presentation (83 Kb PDF Presentation)

Plenary Session B “Building Community Trust: a practical perspective”

Date Wednesday 10 September 2003
Time 1400 - 1530
Room Tumbalong Auditorium

Chair: Dr.José Luis Piñar Mañas,Spanish Data Protection Commission,Spain
Speakers:
Mr Jeroen Terstegge, Legal Counsel Privacy and Data Protection Law, Philips International, The Netherlands
Mr Michael Mitchell, Chief IT Architect and Planner, Qantas, Australia

Explores the pivotal role of trust in the relationship between customers and large entities that collect and hold significant sets of personal data. Takes a look particularly at the practical steps organisations can take to develop and achieve community trust, the session involves discussion about organisations' relationships with their communities. How does investment in this area affect community perception, the trustworthiness an organisation strives for, and ultimately their place in the market? Privacy can form a valuable part of the 'value add' an organisation brings to its products and services, including the emerging technologies it sponsors, as well as its finished products. The overall aim being that peoples' personal information is managed carefully, respectfully, with confidence and is essential for doing good business!

Mr Jeroen Terstegge Speaker Presentation (3.68 Mb Microsoft PowerPoint Presentation)
Mr Jeroen Terstegge Abstract (35 Kb Microsoft Word Presentation)
Mr Michael Mitchell Speaker Presentation (1.18 Mb Microsoft PowerPoint Presentation)

Parallel Session 1 “Privacy Laws: practical effect on global businesses and consumers”

Date Wednesday 10 September 2003
Time 1600 - 1730
Room Tumbalong Auditorium

Chair: Mr Reijo Aarnio, Data Protection Ombudsman, Finland
Speakers:
Mrs Pamela W.S. Chan, Chief Executive of the Hong Kong Consumer Council
Mr John Mendoza, Chief Executive, Australian Sports Drug Agency, Australia
Madame Ariane Mole, Partner Cabinet Alain Bensoussan, France

Increasing globalisation has brought with it new challenges for businesses in the handling of personal information across borders. This session looks at the way differing privacy laws between jurisdictions are affecting the way we do business. We will hear from consumer, business and non profit perspectives on this topic, with the overall focus on how the disparity in national privacy laws is being dealt with practically. We will also explore the impact of these different approaches to data protection on privacy generally.

Mrs Pamela W.S. Chan Speaker Presentation (143 Kb Microsoft PowerPoint Presentation)
Madame Ariane Mole Speaker Presentation (616 Kb Microsoft PowerPoint Presentation)
Mr John Mendoza Speaker Presentation (8.34 Mb Microsoft PowerPoint Presentation)

Parallel Session 2 “People: organisational structures and incentives to support privacy”

Date Wednesday 10 September 2003
Time 1600 – 1730
Room Tumbalong Meeting Room 1

Chair: Orson Swindle, Commissioner, Federal Trade Commission, United States of America
Speakers:
Mr W. Peter Cullen , Chief Privacy Strategist, Microsoft Corporation formerly Corporate Privacy Officer, Royal Bank of Canada (RBC) Financial Group, Canada
Ms Anna Fielder, Director, Office for Developed and Transition Economies, Consumers International, United Kingdom
Ms Barbara Lawler, Chief Privacy Officer, Hewlett Packard, United States of America

Explores how best practice approaches to handling personal information can help create an organisational culture of respect for privacy as an integral part of client service and how pro-active information privacy practices can positively impact the bottom line. Perspectives on how well business is integrating privacy management strategies into meeting consumers' expectations. The emphasis will be on lessons learnt; what went well; what could have been done differently or better. Importantly, we will also hear a consumer perspective on the technology used to support a culture of privacy in different organisations.

Mr W. Peter Cullen Speaker Presentation (6.93 Mb Microsoft PowerPoint Presentation)
Ms Anna Fielder Speaker Presentation (286 Kb Microsoft PowerPoint Presentation)
Ms Barbara Lawler Speaker Presentation (1.81 Mb Microsoft PowerPoint Presentation)

Parallel Session 3 "Technology: supporting a culture of privacy in your organisation"

Date Wednesday 10 September 2003
Time 1600 – 1730
Room Tumbalong Meeting Room 2

Chair: Mozelle Thompson, Commissioner, Federal Trade Commission, United States of America
Speakers:
Dr Brian Richards, Chief Information Officer, Health Insurance Commission, Australia
Mr Charles Britton, Senior Policy Officer, IT and Communications, Australian Consumers’ Association, Australia)
Ms Harriet P. Pearson, Vice President, Workforce Effectiveness & Chief Privacy Officer IBM Corporation, United States of America

Discusses how organisations that collect and hold personal information make practical use of different technologies to manage personal information, including the development of stringent policies, procedures and deployment of technologies (for example authentication/security mechanisms using cryptography such as PKI). Again, the emphasis will be on lessons learnt; what went well; what could have been done differently or better. Importantly, we will also hear a consumer perspective on the technology used to support a culture of privacy in different organisations.

Dr Brian Richards Speaker Presentation ( 534 Kb Microsoft PowerPoint Presentation)
Mr Charles Britton Speaker Presentation ( 104 Kb Microsoft PowerPoint Presentation)

Mr Charles Britton Paper ( 83 Kb Microsoft Word Presentation)
Ms Harriet P. Pearson Speaker Presentation ( 4.58 Mb Microsoft PowerPoint Presentation)

Plenary Session C “A Safe and Open Society”

Date Thursday 11 September 2003
Time 0900 – 1030
Room Tumbalong Auditorium

Chair: Michel Gentot, President, Commission Nationale de l’Informatique et des Libertés, France
Speakers:
The Hon. Nuala O’Connor Kelly, Chief Privacy Officer, Department of Homeland Security, United States of America
Mr Cédric Laurant, Policy Counsel, Electronic Privacy Information Center, United States of America

Draws out the new challenges to societies throughout the world raised by recent security concerns, challenges that have extended to imperatives for improved identification systems and greater data collection and analysis. In addressing these concerns, societies will want to consider how best to maintain the structures, principles and freedoms they hold dear, such as openness, legal principle, and respect for the dignity and privacy of individuals. How should governments assess what levels of privacy and security are appropriate, or demanded by citizens? To what extent need protecting national security and protecting privacy be at odds with one another?

Mr Cédric Laurant Speaker Presentation (301 Kb Microsoft PowerPoint Presentation)

Parallel Session 4 "Legal Issues: open justice, forgiveness, compassion, context, proportionality”

Date Thursday 11 September 2003
Time 1100 – 1230
Room Tumbalong Meeting Room 1

Chair: Mr Paul Chadwick, Commissioner, Office of the Victorian Privacy Commissioner, Australia
Speakers:
Prof. Marcia Neave AO, Law Reform Commissioner, Victorian Law Reform Commission, Australia
Prof. Dennis Pearce, Emeritus Professor, Australian National University, former Chairman, Australian Press Council, Australia
Prof. Iain Currie, University of Witwatersrand, Johannesburg

Discusses whether inherent privacy protection afforded by difficulty and cost has been lost with the development of readily available and affordable surveillance equipment, electronic data processing and the Internet. Such technology is being overwhelmingly embraced by individuals, public sector and private sector organisations as a way of meeting obligations of transparency. This session will discuss the availability and accessibility of certain personal information and asks whether accountability in decision-making necessarily involve identifying individuals without limitations. Is it right that our mistakes are on record for the whole world to see, forever? Are we losing compassion and forgiveness? The session will also address the issue of regulating access to personal information and recognising differences in classes of information whilst achieving proportionality between public interest and privacy interests.

Prof. Marcia Neave AO Paper (64 Kb Microsoft Word Presentation)

Prof.Dennis Pearce AO Paper ( 88 Kb Microsoft Word Presentation)

Prof. Iain Currie Speaker Presentation ( 88 Kb Microsoft PowerPoint Presentation)

Parallel Session 5 “Law enforcement with respect”

Date Thursday 11 September 2003
Time 1100 – 1230
Room Tumbalong Meeting Room 2

Chair: Mr Peter Shoyer, Information Commissioner, Office of the Information Commissioner of the Northern Territory, Australia
Speakers:
Christine Page-Hanify, BSc FAICD Senior Business Consultant, Teradata, a Division of NCR, Australia
Mr Cameron Murphy, President, NSW Council for Civil Liberties, Australia
Ms Florence Audubert, Attachée Juridique, Interpol, France
Download Annual report 2002 CCF-Conference Website (360Kb)

Discusses achieving law enforcement without inappropriate compromise of individual privacy and achieving the balance where this is not possible. The speakers come from diverse backgrounds, including law enforcement, business and a consumer/individual representative. Such a combination will also draw out what is and what is not working in terms of law enforcement and protecting individual privacy.

Ms Christine Page-Hanify Speaker Presentation ( 2.11 Mb Microsoft PowerPoint Presentation)

Ms Florence Audubert Speaker Presentation (41Kb Microsoft Word Presentation)

Ms Florence Audubert Speaker Presentation (18 Kb PDF Presentation)

Parallel Session 6 "A Safe and Open Society: the role of privacy regulators"

Date Thursday 11 September 2003
Time 1100 - 1230
Room Tumbalong Auditorium

Chair: Mr Paul Thomas, President Commission de la protection de la vie privée, Belgium
Speakers:
Mr Joseph Meade, Data Protection Commissioner, Ireland
Prof. Graham Greenleaf, University of New South Wales, Australia
Chief Jeff Tunks, Deputy Director, NSW Police, Legal Services

Develops ideas introduced in Plenary Session C on a 'Safe and Open Society'. Will provide insight into the privacy regulator's contribution to our modern environment. Each speaker will offer their unique perspective about the practical implications of privacy regulation on the everyday experiences of individuals. This session will identify the ways that privacy regulators enhance the secure and accountable society. It will also consider how privacy regulators work in conjunction with law enforcement agencies in achieving a society that is both safe and open. Professor Graham Greenleaf's presentation will include feedback from a session at the 'Surveillance and Privacy in 2003' conference titled 'Privacy Commissioners after 30 years - A critical reassessment.

Prof. Graham Greenleaf Speaker Presentation (540Kb Microsoft PowerPoint Presentation)
Mr Joseph Meade Speaker Presentation (112Kb Microsoft PowerPoint Presentation)
Mr Jeff Tunks Speaker Presentation (37.5 Kb Microsoft PowerPoint Presentation)

Plenary Session D “Identity and Privacy: who wants to know and why?”

Date Thursday 11 September 2003
Time 1400 - 1530
Room Tumbalong Auditorium

Chair: Dr. Hyu-Bong Chung, Secretary-General, Personal Information Dispute Mediation Committee, Korea Information Security Agency
Speakers:
Ms Carol Coye Benson, Partner, Glenbrook Partners, United States of America
Mr Tim Dixon, Consultant, Baker & McKenzie, Australia
Ms Jennie Granger, Second Commissioner, Australian Taxation Office, Australia

Explores the trend towards greater identification, canvassing the business, consumer/citizen and government imperatives. Businesses, governments and to a lesser extent consumers, seek effective identification systems. The session is intended to recognise the potential tensions between privacy and identification and look at how identification might be managed in a more privacy protective way or even improve privacy. The session will discuss the need to develop models of identification that meet all the objectives, but especially allowing individuals to retain some control over the personal information.

Ms Carol Coye Benson Speaker Presentation (826 Kb Microsoft PowerPoint Presentation)
Mr Tim Dixon Speaker Presentation (3.74 Mb Microsoft PowerPoint Presentation)
Ms Jennie Granger Speaker Presentation (132Kb Microsoft PowerPoint Presentation)

Parallel Session 7 "Communicating important privacy information - issues, and recent initiatives aimed at doing this more effectively"

Date Thursday 11 September 2003
Time 1600 - 1730
Room Tumbalong Meeting Room 1

Chair: Dr Alexander Dix, Data Protection and Access to Information Commission, Brandenburg, Germany
Speakers:
Mr.Marty Abrams, Hunton & Williams, United States of America
Mr.Rigo Wenning, W3C/ERCIM, France
Ms.Dale Skivington, Eastman Kodak Company, United States of America
Cédric Laurant, Electronic Privacy Information Center, United States of AmericaTBA

Discusses in a workshop format issues relating to the effectiveness of privacy notices and canvasses the work of privacy and data protection commissioners, regulators and others to improve the communication of privacy information in a global context. Many jurisdictions require agencies and organisations to provide detailed privacy notices to consumers but questions are often asked about how effectively they communicate to consumers. For example, the European Commission Directive 95/46/EC requires detailed notice and so does key legislation in the United States (for example, HIPPA and GLB legislation). In Australia, the introduction of private sector legislation has resulted in organisations producing lengthy and often incomprehensible notices which it seems few people may read or understand. This suspicion is supported by a range of research, including that recently conducted by the Annenberg Public Policy Centre at the University of Pennsylvania, which showed that 57% of respondents thought that the presence of a privacy policy on a website meant that it would not share their personal information. Eighty-six per cent of respondents agreed that standardising privacy policy formats would help protect personal information.

A resolution about this issue is being proposed to the closed session of Data Protection and Privacy Commissioners on Friday afternoon. There is more information about the resolution and also about recent research and initiatives in this area on the privacy notice resolution resources page of this conference website.

Mr Marty Abrams Speaker Presentation ( 485 Kb Microsoft PowerPoint Presentation)

Mr Rigo Wenning (28 Kb Microsoft WordPresentation)

Ms Dale Skivington Speaker Presentation ( 164 Kb Microsoft PowerPoint Presentation)

Mr Cedric Laurant Speaker Presentation (24Kb Microsoft Word Presentation)

Parallel Session 8 "Is my privacy the same as your privacy?"

Date Thursday 11 September 2003
Time 1600 - 1730
Room Tumbalong Meeting Room 2

Chair: Stephen Lau, Chairman, EDS Hong Kong
Speakers:
Ms Dawn Casey, Director, National Museum of Australia, Australia
Prof. David Weisbrot, President, Australian Law Reform Commission, Australia
Ms Sally Sinclair, Chief Executive Officer, National Employment Services Association, Australia

In societies with liberal democratic values, generally speaking, the role of privacy regulation has been to protect the privacy of the individual. As we commence the 21st century, there is increasing recognition of alternative views about the importance of the individual in society. Significantly different cultural and societal values command acknowledgment in those same societies. The 'New Genetics' compel a searching assessment of the information contained in the smallest bodily sample. This Session will canvass these issues and explore how the practical questions of appropriate privacy regulation might be resolved.

Ms Dawn Casey Paper (53Kb Microsoft Word Presenation)

Prof. David Weisbrot Speaker Presentation ( 1.85 Mb Microsoft PowerPoint Presentation)
Ms Sally Sinclair Speaker Presentation ( 344 Kb Microsoft PowerPoint Presentation)

Parallel Session 9 "Identity: now you see it; now you don't"

Date Thursday 11 September 2003
Time 1600 - 1730
Room Tumbalong Auditorium

Chair: Chair: Sigrún Johannesdottir, Privacy and Data Protection Authority, Iceland
Speakers:
Mr Ken Anderson, Director of Legal Services, Information and Privacy Commissioner of Ontario, Canada
Dr John Joseph Borking, Director of Borking Consultancy, The Netherlands
Mr John Grimes, Director, Strategic Development, Argus Solutions, Australia

Discusses how identification and authentication can be achieved without invading privacy. Find out how people around the world are trying to achieve this. It will cover how the principles of privacy enhancing technology can be applied, recent work towards criteria for privacy testing and evaluation, and the insights and challenges faced by a biometric application in attempting to address privacy. Over the last couple of years general interest in identifying and authenticating people's identity has grown. Technological developments such as biometric technologies offer the means to do this.

Mr Ken Anderson Speaker Presentation (4.17 Mb Microsoft PowerPoint Presentation)
Dr John Joseph Borking Speaker Presentation (439 Kb Microsoft PowerPoint Presentation)

Dr John Joseph Borking Paper (822Kb Microsoft Word Presentation)
Mr John Grimes Speaker Presentation (8.81 Mb Microsoft PowerPoint Presentation)

Communicating important privacy information – report on progress to a resolution by Commissioners

Chair: Mr Malcolm Crompton, Office of the Federal Privacy Commissioner, Australia

Key Note Address

Date Friday 12 September 2003
Time 0930 - 1030
Room Tumbalong Auditorium

Chair: Mr Malcolm Crompton, Commissioner, Office of the Federal Privacy Commissioner, Australia
Speakers: The Hon Daryl Williams AM QC MP, Commonwealth Attorney-General, Australia

Mr Malcolm Crompton Key Note Address (322 Kb Microsoft PowerPoint Presentation)
The Hon Daryl Williams AM QC MP Speaker Presentation (80 Kb Microsoft Word Presentation)
The Hon Daryl Williams AM QC MP Speaker Presentation (156 Kb PDF Presentation)

Plenary Session E “Taking privacy to the people”

Date Friday 12 September 2003
Time 1100 - 1150
Room Tumbalong Auditorium

Chair: Mrs Pamela W.S. Chan, Chief Executive of the Hong Kong Consumer Council
Speakers: Mr Richard Thomas, Information Commissioner, United Kingdom

Invites the Conference to consider one of the most challenging and vital tasks in privacy regulation, getting the privacy message out to the individual. In keeping with the practical and inclusive theme of the Conference, the closing session aims to set out some of the challenges faced by regulators in meeting peoples' privacy concerns - with particular reference to the United Kingdom experience - and to address and explore ways of getting key privacy messages 'out there'.

Mr Richard Thomas Speaker Presentation (1.97 Mb Microsoft PowerPoint Presentation)

Closing Address

Date Friday 12 September 2003
Time 1150 - 1220
Room Tumbalong Auditorium

Chair: Mrs Pamela W.S. Chan, Chief Executive of the Hong Kong Consumer Council
Speakers: Mr Peter Hustinx, Chairman, Dutch Data Protection Authority, The Netherlands

The Conference in review. What practical privacy lessons can public and private sector organisations take away with them? What are the key messages for data protection commissioners? What might the future hold for the privacy protection of the individual?