Sunday, 3 July 2011

Even Sir Francis Drake had some sensitive personal data

Off to Plymouth today to prepare for a business meeting tomorrow. First stop though was a trip to that glorious institution, the Plymouth Gin Distillery. You can pay £6 to tour the site and sniff the aromas straight from the still, in continuous use since 1793. Brilliant value. Later, I headed to the famous Plymouth Hoe (a Hoe is an ancient term for a high ridge), and saw two monuments to Sir Francis Drake. The first (pictured) commemorates his voyage around the globe – the first by an Englishman - sailing out on December 13 1877, and returning on the famous Golden Hind, on April 4 1581. The second, a much larger edifice, stands a hundred yards away, and marks that fateful day on 19 July 1588 when the Spanish Armada were first sighted on the horizon, and Drake’s bowling match on the Hoe had not yet finished. The golden letters etched on the monument describe what happened next: “He blew with his winds and they were scattered”.

I like Susan Drake’s description of the man. Apparently, Francis: "was no paragon. He was very human with his faults and failings. Drake was ruthless, vainglorious, an attention seeker and tended to boast. On some of his voyages, he was accused as being too fond of his own ideas and uncollegial". But ... "We should admire his patriotism, his loyalty to his country and his affectionate attachment towards his town of Plymouth. Drake was always the first to make financial donations towards public projects. His care extended beyond the grave, since he made Plymouth and its poor beneficiary of his will".

Have I got anything in common with Francis Drake? Not really – not much more than the fact that we were born within 15 miles of each other, and I quite like my own ideas, too. And he did know something about data protection - Queen Elizabeth I ordered all written accounts of his voyage around the globe to be considered classified information, and its participants sworn to silence on pain of death; she intended to keep Drake's activities away from the eyes of the Spanish, who were not on the best of terms with her.

It might have been “sensitive” information then, but it certainly isn’t now. It’s not the category of the information; it’s the context in which it was being used (or likely to be abused) that is important.

If the forthcoming review of the Data Protection Directive decides that an individual’s location information should be elevated to the status of sensitive personal data, then it won’t be the first time that location information has been considered to be worthy of greater protection. But when you add where someone is, or they have been, and what they have spent, and what they earn, together with the usual list of stuff which is considered to be sensitive, we’ll soon be reaching that tipping point – where almost everything is sensitive. And if almost everything is to be treated as being sensitive, it really means that nothing is sensitive. The longer the list of stuff that individuals are supposed to give their explicit consent to, before anyone else processes it, the greater is the chance that people will not actually realise what it is that they are consenting to.

Many of us, when we surf the internet, just want a service. We expect to be presented with a list of terms and conditions and we expect to click the “accept” button without reading them so we haven’t really got a clue as to what it is that we have really consented to. But, for the most part, it is of absolutely no consequence as nothing harmful happens. Welcome to the real world. Bad guys may be out there; but generally, they’re not.

Wouldn’t it be refreshing to see a new concept of sensitive personal data – one where the context of the information is more important than the category of the information?

We may get there sometime, but probably not anytime soon.