Thursday 15 March 2012

ISEB Accreditation: Chapter 3

The fifth formal day of the course of instruction that ought to lead to my ISEB qualification has been completed. Just the mock, and then a whole day’s tutorial, then the actual exam. Roll on the end of April. Then I need to ask myself what to do with the 4” (10cm) pile of notes that course presenters Chris Pounder and Sue Cullen have so lovingly prepared, distributed, and let me scrawl all over. I think I know just the place for them, but first I had better pass the exam.

To describe the course so to someone who has not considered taking the ISEB qualification before is not easy. After all, why would anyone want to give up a significant portion of their private life for a few months to take it? Well, first they had better be a dedicated data protection professional. Second, they ought to be astute enough to realise that about the only thing no Member State has criticised the European Commission about in that Regulation is the way it will significantly raise the profile of data protection officers in future.

The more responsible data controllers will be obviously feel obliged to employ people who have an appropriate qualification. And the really good news is that, if we play our cards right, the law will compel them to employ/engage someone, so the head hunters should be out in droves, linking-in with people who have suddenly become endowed with some very marketable skills.

This could become a problem for those companies whose salary structures are such that they find it hard to pay market rates for (anyone, let alone) qualified data protection professionals. And, if the ludicrous fining proposals in that Regulation manage to become law, the pressure on salaries can surely only be in one direction. Data protection officers could be as eagerly sought after as members of that popular boy band. I do hope that public sector organisations won’t find it too hard to recruit and retain the right people. Presumably, our head hunter chums will be causing a few headaches in the Information Commissioner's Office’s Human Resources team too, when it becomes clear that former ICO staff are even more highly prized than they currently are.

But I can’t think too far ahead. I can barely think at all, right now. My mind is stuffed with concepts like the subject information provisions and the non-disclosure provisions. And also trying to distinguish between Article 7 rights, Section 7 rights, Principle 7 issues, and Schedule 3 (7) conditions. Oh yes, I’m also trying to get my head around the distinction between the grounds for processing in Schedules 2 and 3 and the non-disclosure exemptions. And understanding how the law of confidence potentially interacts with the First Data Principle.

And it goes on. And on. And on. It’s not a doddle. You have to seriously know your stuff.

Whoever finally gets certified really deserves a badge to wear as a talking point so that they can tell anyone who asks just what they’ve had to go through. The International Association of Privacy Professionals confers on appropriately certified IAPP/E professionals the right to wear a badge emblazoned with the letter “E”. I think that the British Computer Society ought to confer an equivalent tight on appropriately certified ISEB professionals a badge too.

And what should it say?

If I had my way, it should simply say “£”.

Plagiarism Disclaimer:
Peter Fleisher from Google has also been warning in his personal blog that there are not enough experienced data protection officers to meet the impending legal requirements and that more need to be trained. He might have said it first, but I wasn’t aware of that until I was about to publish this blog today.