Friday, 12 October 2012

A very close call with the NCO

I had a very close brush with the NCO a few days ago. You see, I was carrying some documents home in my case. Yes, they were sensitive papers. Nothing to do with sensitive personal data, it was all about another project I’m currently working on.

Anyway, en route home, I popped into a tie shop, bought a couple, had them bagged up, and took them with me.

There was an “incident” on the train between Moorgate and where I usually get off. Some old gent got on the train, with his pipe still lit, but concealed in his hand. The fellow passengers couldn’t see the smoke, but we all began to smell it.

And you could smell the fear spreading in the carriage too. As soon as we could, each passenger (other than the old gent with the pipe) found an excuse to leave the carriage – and it was only after I saw the train pulling away from my station that I realised that my newly bought ties were taking a trip of their own up to Stevenage. I hadn’t been thinking properly. My concentration had lapsed.

Thank goodness I didn’t have to report the loss of the ties to the Neckwear Commissioner’s Office. I would have been stuffed. After all, I had given myself no training about how to carry ties home safely, and certainly had never written a policy document on the dangers of carrying such objects.

Then I thought to myself, wow – there aren’t many people I know who have received training in carrying paper files, either. It’s a bit like lunch – you instinctively know what to do around noon, you don’t need a policy document to tell you how to able over to the canteen, to eat nicely and to keep your mouth closed while chewing.

Perhaps I should carry out a survey – how many data controllers really, honestly, have developed training packages on the safe transportation of manual records? Not that many, I presume. But, given a recent ICO fine of £70,000 to a social care charity for mishandling papers relating to the care of four young children, I expect a lot more people to take a renewed interest in trying to document the very basic tenants of data protection around their organisation.

Who needs to worry about the DPA dangers of cloud computing, etc, when there exists the ever present danger of leaving sensitive documents outside someone’s front door?

If I were to have a wish that could come true, I would wish that next year could be called the year of data protection basics. Let’s all try to get the basics right, before turning our minds to any of this new fangled stuff. Like cookie compliance. Or getting a project off the ground to begin to assess the costs of the ever changing proposals in the General Data Protection Regulation thingey.

Come to think of it, it must be about time we heard some more from our chums in Wilmslow, reporting on the current state of cookie compliance. “We use cookies – get over it” seems to be the most common way of complying, these days. Or am I getting too cynical? Perhaps there are some webmasters around, waiting to unleash even more wonderful cookie explanations, with brilliantly inventive ways of enabling people to object to cookies and still receive oodles of stuff for free.

When I see any, I’ll let you know.


Image credit: