Key themes from the Clue User Conference 2021
Over 250 delegates from more than 70 organisations attended this year’s Clue User Conference in-person at Stamford Bridge, home of Chelsea FC, and remotely online.
The conference was held under the Chatham House rule, hence why some individuals and organisations have not been named.
One of the highlights of the day was the case studies session, in which three Clue users described their operations and how they use Clue to help counter threats. The International Tennis Integrity Association (ITIA) is at the forefront of global sports integrity investigations, investigating match fixing across the world of professional tennis, which equated to over 100,000 matches per year before the global Covid pandemic.
Delegates heard the details of a match-fixing investigation, the complexities involved in identifying suspicious activity, including the multitude of data sources used, the network of organisations collaborated with to build the case and achieve a successful outcome, and how Clue is integral to ITIA intelligence operations.
From protecting sports integrity to preventing animal cruelty, the League Against Cruel Sports (LACS) then described how they use Clue to manage intelligence using the National Intelligence Model and provide stakeholders across the organisation with a regularly updated view to agree priorities.
The presenter described how the LACS share data with other organisations dedicated to animal welfare, and prosecuting authorities. The importance of data standards was highlighted as part of effective operations to manage the breadth of data held in the information registers in Clue, including historic data, and how this contributes to GDPR compliance.
The ability to identify links between people associated with different cases, mapping and charting functionality, managing evidence, preparing reports to submit to the police, and tracking cases and outcomes using Clue were all highlighted. Combatting fraud in the UK’s largest employer was the focus of the final case study delivered by representatives from the NHS Counter Fraud Authority (NHSCFA).
Gareth Oldale, Partner, TLT LLP presented ‘Current trends and challenges in data’ on the premise that data is both the biggest opportunity, but also the biggest challenge ahead for Clue users.
The first challenge discussed was the complex area of international data transfers in which different considerations are needed when transferring data to and from the EU compared to other countries, including whether there is an adequacy decision in place, the need to undertake a transfer risk assessment, and considering the protections for the rights and freedoms of data subjects were commented on, as was legislative change which was considered likely to continue at pace.
On data sharing, delegates heard about the need for data controllers to know and document their lawful basis for sharing data, having clarity about the roles of the parties, the purpose for sharing data, the duration of data sharing, review periods, what data will and will not be shared.
Data is both the biggest opportunity, but also the biggest challenge ahead for Clue users. In closing, the need to protect against the rise in data breaches due to cyber-attacks, particularly ransomware, was highlighted, and it was commented that effective management and use of data can help organisations to demonstrate legislative compliance and realise the value of their data.
Conversations with Clue customers often include challenges related to data quality, data standards, and data interoperability, and the conference included a panel discussion featuring representatives from the British Council, Three Mobile, TLT LLP, and an independent safeguarding expert to explore some of these issues.
A desire to share data with the right legal basis to disrupt criminal activity was expressed, but it was commented that technology, the risk appetite of partners, and different interpretations of legislation can be barriers.
It was noted that the situation can be further complicated when operating internationally because of the need to keep abreast of local laws to collect and share data, issues surrounding collection of digital forensic evidence and varying levels of organisational willingness to collaborate in different countries.
There was acknowledgement that willingness to share between corporate entities and law enforcement can be impacted by over-stretched law enforcement resources having to prioritise violent crime over lower physical harm crime, such as fraud.
A need for collective corporate and political will and having appropriate data sharing agreements in place was said to be needed to move towards an environment where more effective collaboration could be achieved. Comment was made that care is needed when re-purposing data sharing agreements and that the lawful basis for processing the data must be considered, which may for example, relate to a different part of the Data Protection Act.
However, effective use of template documents was commented on as a time-saving mechanism which can expedite data sharing. GDPR should not inhibit data sharing. The panel concluded with delegates hearing that GDPR should not inhibit data sharing if organisations ensure that they comply with data protection legislation and are able to justify why data is being shared.
The panel discussion was followed by the hotly contested Clue Awards. Find out who the winners and runners up were.