Monday, 11 June 2012

Looking at good data protection

One of my nephews asked me a very challenging question during a family lunch over the weekend.

“What does good data protection look like?” he asked.

“Shut up and finish your trifle” I felt like replying – but I didn’t. It’s a question that I’ve been asked on more than one occasion, recently, so I’ve been developing an answer which I hope won’t sound too rehearsed each time that deceptively hard question is raised.

I must confess that, until very recently, I was not fully aware at the extent of public knowledge about data protection issues. You see, I’ve obviously led too sheltered a life. When you surround yourself with data protection professionals, and spend lots of time answering hard questions posed by people who need reassurance on data protection matters, you tend to forget what a small world this can actually be.

I’m now spending increasing amounts of time with people whom I might previously just have criticised as “not getting it”. I now need to spend far more of my time trying to paint a picture of what it is that good data protection standards will actually achieve, so that these people can do the maths for themselves and work out whether the investment needed to reach this standard will actually pay off.

Individually, we may feel worried about losses of personal information when responding to ICO surveys’ etc, but how many people actually do anything about it? How many of us have waited for an email from our chums at LinkedIn to advise us that, very regrettably, our passwords may have been compromised due to a recent security incident, so, as a precautionary measure, we should change the password? And how many of us have actually changed these passwords, regardless of whether we received an email?

And yet we are the privacy professionals. So when enough of us can’t get sufficiently concerned about our own security to carry out basic password-changing routines, we should hardly complain when the great unwashed haven’t the faintest idea about what good data protection actually looks like.

Anyway, as my nephew finished his trifle, I explained to him what good data protection looks like. He liked it. Both the trifle and my explanation. And then he spent the rest of the afternoon making funny images and playing games on my iPad, demonstrating a far higher level of technical proficiency on the thing than I’ve ever managed.

If you want to hear my explanation about what good data protection look like, it looks as though you’ve got two choices. You can either invite me to Sunday lunch, and slip the (data protection) question into the conversation, preferably as we’re enjoying our pudding. Or, you can pop along to one of the information governance networking events sponsored by the British Standards Institute and hear me talk about this very subject. I’ll be speaking at the BSI’s offices in Milton Keynes on 14 June and in West London on 3 July.

My next challenge will be to turn this explanation into a popular ditty, that can be sung to the tune of a well loved song. But I won’t work on that project that until I’ve had some audience feedback on whether what I see as good data protection practice is considered credible in their eyes.


Image credit: