Thursday, 18 October 2012
Hooray – more data protection compliance diagrams
So today, I present to you, a data protection compliance diagram which has been kindly supplied by Alexander Alvaro, MEP, a Vice-President of the European Parliament. You’ve probably heard of him. He’s quite influential in German data protection circles.
Anyway, his latest wheeze, in his own words, is as follows: “I have developed the concept of “Lifecycle Data Protection Management (Lifecycle DPM)”, based on a simple stick and carrot principle: Invest from the outset in a sustainable data management framework, follow it up with a comprehensive compliance mechanism and you will be rewarded with an effective implementation and enforcement architecture.”
For those of us that like carrots and sticks, all we need (if we are allowed) is to use Google's mighty search machine to locate a document that goes under the snappy title of “Lifecycle data protection management – a contribution on how to adjust European data protection to the needs of the 21st Century.”
Are you still with me?
Anyway, for those that are really keen to be on the ball, here is a set of the latest privacy icons that responsible data controllers could use when tempting potential customers with their irresistible wares.
The snag is, what happens when you are honest about your intentions, or capabilities, with regard to each of these icons? For a number of the (extremely honest and reputable) companies I have had the pleasure of getting to know, I really doubt if their privacy policies would have achieved more than 1 tick (or perhaps 2 ticks) in the relevant icon boxes. So, if every data controller (for perfectly legitimate reasons) is always going to feel forced to provide their potential customers with a sea of red crosses when they use these icons, I can’t really see the concept taking off too readily.
What do you mean a sea of red crosses?
Well, What happens when data collected and processed for a controller’s legitimate business needs just might need to be acquired by a law enforcement agency for law enforcement purposes? Or when personal data in paper files can’t be encrypted?
How many ticks does that leave you with, then?
Anyway, let’s look on the bright side. It is a nice try – and it makes a great slide for a data protection PowerPoint presentation.