Webinars      Login/Register      Cart

InfoGovANZ

Information Governance Think Tank

Featured

Adapting to Technology – Andrew King

by

As we put 2020 behind us and look forward to 2021, we reflected in an interactive virtual discussion forum on the key IG learnings from the past 12 months and the insights and actions we now need to be taking to make the most of the opportunities and challenges on the road to recovery in 2021.

We’ve seen the different ways governments have responded to the COVID-19 pandemic and the results in managing the pandemic. Similarly, organisations have had to adapt to the changes and, in particular, to faster digital transformation. Robust governance of organisations and of information has never been so important. Increased cyber risks and the importance of access to real-time and accurate data for decision-making, both at the board level and throughout the organisation, are now critical issues.

Our expert panel included InfoGovANZ Advisory Board member Andrew King, founder and Strategic Advisor of E-Discovery Consulting, where he independently advises law firms on legal technology and eDiscovery. Andrew is an expert in all aspects of the electronic discovery process and has considerable expertise in the project management of major eDiscovery projects in data/document intensive disputes and litigation.

Andrew is one of the architects of the New Zealand High Court discovery rules and has over 15 years of experience managing and advising on discovery projects for law firms, government agencies and corporate organisations. Prior to establishing E-Discovery Consulting, Andrew worked for 10 years at multinational law firms in London and for over two years at a leading New Zealand law firm.

Andrew is the founder of New Zealand's premier legal technology event - LawFest NZ, which provides a platform to encourage greater adoption of technology by lawyers and their firms. He is also committed to industry development and raising awareness of eDiscovery and legal technology through his NZ E-Discovery Blog.

Andrew’s insights:

  • For some, the disruption of COVID-19 was the catalyst for change that many resisted for so long. Those that were reluctant to innovate or invest in technology now appreciate why they need to and the value of investing further going forward.
  • Overnight, technology became a lifeline as everyone had to work differently – and remotely. Barriers to change quickly disappeared, as many were forced to make changes within weeks that previously may have taken years to implement. Unsurprisingly, many that had not previously innovated or leveraged legal technology struggled, with some battling to even enable their staff to work from home.
  • Even though some courts closed, or transitioned virtually with eDiscovery, those that had access to cloud solutions were able to seamlessly conduct eDiscovery, with remote review being possible wherever your location. The experience of COVID-19 has demonstrated how essential it is to have access to your eDiscovery tools, no matter where you are physically located.
  • While 2020 reinforced why we need to innovate and leverage technology, the focus for 2021 is how we can go about this. As the pandemic accelerated the rate in which firms have been adopting technology, there is now the opportunity to continue the adoption – and clients will now expect this!
  • The volumes and sources of data will continue to evolve, so it is important to adapt with this and not be tied to traditional practices.  The adoption of Zoom, Microsoft Teams and other collaboration tools will present new data sources and challenges for the eDiscovery process.

Considerations for leaders

  • With today’s proliferation of data volumes in eDiscovery, it is important not to focus solely on the technology itself, but to be smarter in how eDiscovery is approached, together with continuing to refine and improve how you approach the process. This requires considerably more work earlier in the discovery process to prevent the cost and burden from spiralling out of control. The time invested at the outset could save you thousands down the track and lessen the burden.
  • Remain curious and open to change and always look at how you can do this better.

You can read the insights from the rest of our expert panel in our InfoGovANZ Key Learnings from 2020 – Action and Insights for 2021 Report. The report was developed from a virtual forum discussing the impact of COVID-19  and IG implications for organisations on data, access to information, trust, transparency and accountability, cybersecurity, global privacy regulatory developments, eDiscovery, ethics and artificial intelligence.

You can also watch the recording of the 28 January 2021 webinar here.

Privacy Developments in ANZ – Daimhin Warner

by

As we put 2020 behind us and look forward to 2021, we reflected in an interactive virtual discussion forum on the key IG learnings from the past 12 months and the insights and actions we now need to be taking to make the most of the opportunities and challenges on the road to recovery in 2021.

We’ve seen the different ways governments have responded to the COVID-19 pandemic and the results in managing the pandemic. Similarly, organisations have had to adapt to the changes and, in particular, to faster digital transformation. Robust governance of organisations and of information has never been so important. Increased cyber risks and the importance of access to real-time and accurate data for decision-making, both at the board level and throughout the organisation, are now critical issues.

Our expert panel included InfoGovANZ International Council member, Daimhin Warner, who is a Director of Simply Privacy, a NZ consultancy providing privacy advice, strategy and training to business and government, and NZ Country Leader for the International Association of Privacy Professionals (IAPP). He’s a privacy professional with over 15 years' privacy and related experience in both the public and private sector.

Daimhin worked with the Office of the NZ Privacy Commissioner for 7 years, ultimately managing the Commissioner's Auckland Investigations Team. Daimhin then moved to NZ’s largest life insurer, where he created and headed a Privacy Team and programme, before co-founding Simply Privacy in 2015.

Daimhin’s insights:

The evolution in global privacy regulations will continue - since the EU’s GDPR, we witnessed the phenomenon of ‘GDPR-isation,’ the development of myriad privacy laws around the world intended to meet or exceed the high-water mark set by the GDPR.  Examples include India’s upcoming Personal Data Protection Act, Brazil’s General Data Protection Law, and, of course, the UK’s GDPR (designed to mirror the EU’s GDPR post-Brexit). This explosion of privacy regulations is essential for the maintenance of a functioning global economy, fuelled by the sharing of personal information across borders.

 

In NZ

  • ANZ was no exception - the NZ Privacy Act 2020, which commenced in December 2020, moves NZ further along the regulatory spectrum, introducing mandatory privacy breach notifications, limitations on cross-border data transfers and extraterritorial effects, and providing the NZ Privacy Commissioner with increased enforcement powers. 2021 will be all about the bedding in of this new Act.
  • We will see increased enforcement action from the Privacy Commissioner as he flexes his new regulatory muscles - importantly, we will also learn in 2021 if NZ has retained its EU Adequacy status. This coveted status means that organisations in the EU may transfer personal information to NZ organisations in compliance with the GDPR without having to put any other measures (such as Standard Contractual Clauses) in place. This is critical to NZ’s rapidly growing community of innovative start-ups and the software as a service (SaaS) products they develop for a global market.

And in Australia

  • The Australian Privacy Act 1988 is under review, with lawmakers considering a host of major changes intended to bring the Australian law up to global standards.  Possible amendments will include removing the somewhat unbelievable small business and employee exemptions, thereby broadening the reach of the law to cover most, if not all, organisations and individuals in Australia.  The review will also reflect on the operation of the mandatory breach notification regime introduced in 2018 to ensure it is meeting its objectives. We can expect an update in the coming months, reflecting submissions received from public and private sector agencies across the country.
  • In both Australia and NZ, we are also likely to see further developments in the areas of data portability (referred to this side of the world as the ‘consumer data right’), ethics in AI and algorithms, indigenous approaches to privacy (led by efforts to better understand and address Maori data sovereignty in NZ), and the regulation of big tech companies, such as Google and Facebook.

Actions for leaders:

  • Organisations and the experts supporting them need to learn the new laws and ensure your processes and procedures comply.

You can read the insights from the rest of our expert panel in our InfoGovANZ Key Learnings from 2020 – Action and Insights for 2021 Report. The report was developed from a virtual forum discussing the impact of COVID-19  and IG implications for organisations on data, access to information, trust, transparency and accountability, cybersecurity, global privacy regulatory developments, eDiscovery, ethics and artificial intelligence.

You can also watch the recording of the 28 January 2021 webinar here.

Hindsights and Insights Report – Information governance reflections on 2020 and insights for 2021

by

As we put 2020 behind us and look forward to 2021, we reflected in an interactive virtual discussion forum on the key IG learnings from the past 12 months and the insights and actions we now need to be taking to make the most of the opportunities and challenges on the road to recovery in 2021.

The forum featured leading expert practitioners sharing their experiences and views for the year ahead including Susan Bennett, Sarah Auva’a, Ronke Ekwensi, Sonya Sherman, Dr Peter Chapman, Aurelie Jacquet, Richard Kessler, Bryn Bowen, Andrew King, Daimhin Warner, Dean Gonsowski and Enzo Lisciotto.

You can read the insights of our expert panel in InfoGovANZ Key Learnings from 2020 – Action and Insights for 2021 Report, which is available for download here.

The recording of the webinar on InfoGovANZ Key Learnings from 2020 – Action and Insights for 2021, which took place on 28 January 2021, is available for download here.

Cyber Risk Management and the Value of Cyber Insurance

by

The technology revolution has created unprecedented developments in the way that business is transacted, how information is obtained, how we communicate with each other and how data is sourced and stored.

The reality of these developments has also lead to unparalleled increases in the ability of criminals to act in a digital environment rather than in the physical world and cyber crime has never been more financially rewarding.

Cyber risk and cyber exposure exists for every business that uses technology and connects to any form of information systems and networks. Size of business, industry factors and reliance on technology for critical operations can increase cyber risk vulnerability, but no business is immune.  Managers are faced with the challenge of protecting against cyber risk and implementing strategies and procedures to safeguard against the potential loss and damage suffered in a cyber event.

Cyber risk management is a holistic approach to evaluating and measuring the potential impact of cyber threats and strategically establishing a set of actions,  policies and tools to combat and manage these so as to minimise the potential business impact.

In creating a risk management profile, an organisation can chose to take steps to minimize the risk, can seek to transfer the risk or can accept the risk and prepare to deal with it.

The most effective way to transfer cyber risk is by purchasing a specific stand-alone cyber insurance policy. 

Cyber insurance is necessary because other traditional insurance policies are not designed to respond to the new technology threats. The benefit of cyber insurance is that it provides specific support in covering expenses incurred due to a cyber event and also assists in guiding incident response and ongoing risk mitigation practices.

Most cyber policies provide two types of basic cover – first party cover for the insured’s own financial loss arising from the cyber event and third party liability cover for any liability the insured has to others arising out of the cyber event. The vast majority of cyber claims will fall within the first party cover section of the policy – but it is important to ensure you are covered for both .

Unlike other traditional policies, cyber insurance policies are often segmented and consist of a number of different kinds of coverage areas.

Typical first party insuring coverages usually include:

  1. Incident Response: This would generally cover the expenses incurred in responding to the incident such as hiring an Incident Response Manager, an IT forensic specialist or getting legal advice relation to data breaches or regulatory requirements.
  2. Cyber Extortion: This will cover money paid to a cyber criminal trying to extort money from the insured by threatening to expose or destroy data after having infiltrated the insured’s information systems.
  3. System Damage and Data and System Recovery: The cost of repairing damage to systems, data and applications which have been damaged due to a cyber event
  4. Business Interruption: This coverage will reimburse the business for the loss of profits or the increased cost of working due to the cyber event and the interruption to normal business operations.

Third party coverage can include:

  1. Privacy and Network Security Liability: This would cover loss caused to a third party by the transmission of malware to a third party’s information systems or when the data of another is breached.
  2. Media Liability: Covers third party claims for defamation or breach of intellectual property rights and other improper online media activity.
  3. Regulatory Fines: This would cover penalties or fines imposed by a Regulator due to a data breach

A series of additional coverages can also be purchased for extra premium.  Some of these might be: coverage for betterment costs to IT systems,  cover for telcom fraud, reward expenses coverage and extended incident response coverage.

Every insurer offers different coverages and extensions in their cyber insurance policies and it is important to review the terms and conditions and ensure your business has the specific cover it needs.

Cyber attacks can result in devastating damage. Cyber insurance is a great first step in helping manage cyber exposure and transferring some of that cyber risk to others.

 

Author

As founder and CEO of Cybersafe Legal, Gillian Collins relies on her extensive experience working in the corporate sector utilising both her legal and insurance skills.

In recent years Gillian has developed a deep and enduring interest and curiosity for cyber risk, cyber insurance and information security. She has studied cybersecurity through the Kennedy Business School at Harvard University and now offers recognised expertise in cyber awareness programs, cyber insurance, cybersecurity risk mitigation and incident response and corporate governance.

Ethics & Implementing AI Responsibly – Aurelie Jacquet

by

As we put 2020 behind us and look forward to 2021, we reflected in an interactive virtual discussion forum on the key IG learnings from the past 12 months and the insights and actions we now need to be taking to make the most of the opportunities and challenges on the road to recovery in 2021.

Our expert panel included InfoGovANZ International Council member Aurelie Jacquet, who works on leading global initiatives for the implementation of Responsible AI with both the International Standards Organisation (ISO) and the Institute of Electrical and Electronics Engineers (IEEE).

With ISO, Aurelie is the chair of the Standards Australia committee representing Australia at the international standards on Artificial Intelligence. With the IEEE, she is an expert for the Ethics Certification Program for Autonomous and Intelligent Systems, and leads the work stream on Dignity and Agency as part of IEEE’ s Digital Inclusion, Identity, Trust, and Agency (DIITA) program.

She is also a member of the European AI Alliance and a member of the editorial board of Springer’s new Journal AI & Ethics.

Aurelie’s insights:

Aurelie Jacquet
  • In the past few years, there has been a proliferation of AI ethics principles developed by many different actors (e.g., private companies, governments, intergovernmental organisations, civil society, etc.) that has mostly helped with:
    • Defining a north star for the adoption and use of the powerful technology that is AI;
    • Identifying the level of commitments/expectations of the various actors; and
    • Identifying areas of consensus.
  • When considering a technology such as AI, predicted to add $15 trillion to the world’s economy[1], form a part of our everyday life and is the subject of global governance efforts[2], identifying areas of consensus is a valuable exercise. In January 2020, to uncover these areas of consensus, the Berkman Klein Center created a visualization tool called ‘Principled AI’.[3] (As a result of this exercise, they “uncovered eight key thematic trends: privacy, accountability, safety and security, transparency and explainability, fairness and nondiscrimination, human control of technology, professional responsibility, and promotion of human value.”[4]
  • There are growing concerns that “principles alone cannot guarantee ethical AI.”[5]  In his article, Brent Mittelstadt, Senior Research Fellow at the Oxford Internet Institute, challenges whether ethics principles are appropriate for AI, and explains that “the real work of AI ethics begins now: to translate and implement our lofty principles and, in doing so, to begin to understand the real ethical challenges of AI.”[6]
  • 2021 is likely to be a year focused on operationalising AI principles, but also a year where we see more often ‘AI in court,’ reminding us that decisions automated by AI are still subject to existing laws. Even if the AI model used is a black box, organisations still need to demonstrate that the recommendations or decisions made were reasonable and in compliance with the applicable laws. To quote the Australian Human Rights Commission, "any business should ensure that its decision-making is fair, accurate and avoids bias or discrimination.  This proposition should be equally true for decision-making that uses AI systems.”[7] The reminder that AI is not lawless came as early as January this year when an Italian court found that Deliveroo's rider-ranking algorithm was in breach of local labour laws as the algorithm would penalise riders who cancelled pre-booked rides less than 24 hours even in circumstances where riders are sick or had to attend to an emergency[8]. This case reemphasises the need for organisations to ‘build in compliance,’ especially when it can be a costly exercise to retrain machine learning models.

Actions for leaders:

  • To implement AI responsibly in 2021, while technical requirements, such as data quality and model performance remain essential, focus strongly on broader organisational processes and controls, such as reviewing the adequacy of existing governance processes, embedding dynamic risk management and impact assessments to ensure better oversight of AI, mitigating risks and achieving compliance by design.

Given the expected ongoing complex and uncertain operating environment in 2021, robust information governance is needed to provide a system for the effective control and management of information assets to enable access to real-time and accurate information, as well as optimise data assets and value-generating activities while minimising risks.

You can read the insights from the rest of our expert panel in our InfoGovANZ Key Learnings from 2020 – Action and Insights for 2021 Report. The report was developed from a virtual forum discussing the impact of COVID-19  and IG implications for organisations on data, access to information, trust, transparency and accountability, cybersecurity, global privacy regulatory developments, eDiscovery, ethics and artificial intelligence.

You can also watch the recording of the 28 January 2021 webinar here.

 

References

[1] “AI Will Add $15 Trillion To The World Economy By 2030,” Frank Holmes, Forbes, published 25 February 2019
[2] “AI & Global Governance: Using International Standards as an Agile Tool for Governance,” Peter Cihon, UNU-CPR Centre for Policy Research, published 8 July 2019
[3] “Principled Artificial Intelligence, Mapping Consensus in Ethical and Rights-based Approaches to Principles for AI,” Jessica Fjeld, Adam Nagy, Nele Achten, Hannah Hilligoss, Madhulika Srikumar, Berkman Klein Center, published 15 January 2020.
[4] Ibid 2
[5] “Principles alone cannot guarantee ethical AI,” Brent Mittelstadt, Oxford Internet Institute, University of Oxford, Article in Nature Machine Intelligence, published in November 2019
[6] Ibid 4
[7] “Businesses warned AI use risks breaches of anti-discrimination laws,” James Eyers, Australian Financial Review, published 24 November 2020
[8] “Italian court rules against “discriminatory” Deliveroo rider-ranking mechanism,” Natasha Lomas, published 5 January 2021 Techcrunch

Cybersecurity & IG Insights – Dr Peter Chapman

by

As we put 2020 behind us and look forward to 2021, we reflected in an interactive virtual discussion forum on the key IG learnings from the past 12 months and the insights and actions we now need to be taking to make the most of the opportunities and challenges on the road to recovery in 2021.

We’ve seen the different ways governments have responded to the COVID-19 pandemic and the results in managing the pandemic. Similarly, organisations have had to adapt to the changes and, in particular, to faster digital transformation. Robust governance of organisations and of information has never been so important. Increased cyber risks and the importance of access to real-time and accurate data for decision-making, both at the board level and throughout the organisation, are now critical issues.

Our expert panel included InfoGovANZ Advisory Board member Dr Peter Chapman who brings expertise in cybersecurity and Information Governance. He is currently a Director in the KPMG Forensic Technology practice and his previous employment includes positions as a Director leading the Sydney Forensic IT practice of PricewaterhouseCoopers, and Acting Sergeant in the NSW Police High Tech Crime Unit.

Peter’s insights:

  • Massive social and political upheaval across the globe, combined with equally large changes to our standard business processes, created a perfect storm scenario for cybercrime and data breaches by well organised cybercrime gangs, as well as nation-state actors.
  • Many are predicting that even post-COVID, we will see knowledge workers increasingly working from home, effectively flipping the concept of ‘BYO device’ on itshead. Organisations now need to be aware of home working environment security as much as BYOD issues.
  • The good guys are currently losing the battle for online security –we have seen the rise of ‘malware-for-hire', more targeted ransomware attacks and highly sophisticated attacks on the ‘supply chain’ of software updates (SolarWinds) –demonstrating that not even the experts (FireEye) and ‘secure’ government agencies are immune from such threats.

Actions for leaders

  • Be realistic about cyber-based threats and consider breaches as a question of ‘when’ and ‘what’ rather than ‘if.’ What changes do you need to make, with regard to your core Internet operations and approaches to technical data management, to significantly reduce this threat? (for example, TimBerners-Lee idea of ‘data-pods’ and decentralisation).
  • Ensure your organisation has really covered the basics of data management (what do we have, where is it, who has access, how is it protected and when do we get rid of it). Given the current state of play, holding onto sensitive data unnecessarily may end up being more damaging than not having access to that data in the first place.

You can read the insights from the rest of our expert panel in our InfoGovANZ Key Learnings from 2020 – Action and Insights for 2021 Report. The report was developed from a virtual forum discussing the impact of COVID-19  and IG implications for organisations on data, access to information, trust, transparency and accountability, cybersecurity, global privacy regulatory developments, eDiscovery, ethics and artificial intelligence.

You can also watch the recording of the 28 January 2021 webinar here.