Sunday, 28 October 2012

Memo to Helen Grant MP, our new Data Protection Minister

Dear Minister

Welcome to your new ministerial brief, which includes issues relating to data protection. The following guidelines may help you navigate your first few months in the office, as you settle in.

1. Trust your MoJ Data Protection Officials. I know that lots of civil servants get a bad press these days, but this small team is comprised of people who really are trying hard to find new ways of addressing the “consensus void” that has emerged as a result of new ideas proposed by the European Commission to update current data protection laws. For every proposal that has encountered some support, there is (basically) an equal and opposite view shared by a group of people who can get quite passionate and vocal.

2. Don’t expect to generate much press coverage. While every Minister is keen to engage journalists and be seen to be getting things done, this is one of those “worthy but dull” issues where the press only take an interest when something has gone horribly wrong. There are going to be very few incidents when you can expect any press coverage for an incident that has actually gone right.

3. Get over the fact that ever since data protection was invented, no-one has been able to come up with a simple concept of what personal data actually is. Your officials will gladly provide you with briefs that will bore you to death which explain why so many people have different understanding of what personal data is. The key point to remember is that if “it” (whatever is it) is determined to be “personal data”, the full weight of the law will apply. However, if “it” isn’t "personal data", then none of this law will apply.

4. Expect to meet lots of corporate privacy specialists who are keen to explain to their clients how to apply the current law in a range of circumstances that were never envisaged when the law was originally developed. This is not a comment on the quality of the then legislative drafting, it’s more a reflection on the speed of technological change which has and which will continue to occur. In areas of “social policy” like data protection, the speed of technology means that you can expect most of the laws to be out of date before they’ve even been implemented. This is why you need to think in terms of broad concepts, not details that, frankly, even most of these privacy specialists can’t fully appreciate the concepts of.

5. Don’t expect many of these privacy specialists to agree with each other. They tend to group themselves, though, as “pragmatists” (generally Data Protection Officers) and “anoraks” (generally legal advisors, who try as hard as they can to master all the details of their subject matter).

6. Expect to meet fewer privacy advocates – but what they lack in numbers they make up for in passion, determination, and media contacts. For these guys. Privacy (whatever that is) is a fundamental human right, and they are generally determined to ensure that individual tights trump the rights of collective organisations.

7. Try not to meet any representatives from these groups alone. Always ensure you have at least one policy specialist with you. This is not for personal protection, but because whatever you say is important (to them, anyway). The data protection community takes an unhealthily close interest in every data protection word uttered by any figure of significance. All of your utterances (public or private) will be blogged and commented on by a small band of specialists, who will analyse what was said and will compare it to every other utterance ever said by any other official (or regulator) to see if they can detect any signs of movement on anything.

8. Try to avoid using the following phrases:
a. Wow, this is boring.
b. We are committed to legislating to resolve this significant issue once and for all.
c. We are good Europeans, and will implement whatever has been agreed by the European Commission.
d. My officials will let you know precisely what this bit of the legislation means.
e. I have full confidence in ...

9. Instead, try to use the following phrases:
a. Trust me, I'm working as hard as I can on this.
b. ... to achieve a proper balance between the privacy needs of individuals, and the legitimate needs of companies who provide individuals with the services they rely on.
c. Data protection fines for charities and public authorities are a concept introduced up by the last Labour Government, so blame them if you think the outcomes have been a bit perverse.
d. I would hope that such advice could be provided by the Information Commissioner’s Office in due course.
e. Right, that’s enough. Who’s joining me in the bar downstairs for a drink?

Helen Grant MP has recently been appointed Parliamentary Under-Secretary of State, Minister for Victims and the Courts. Her responsibilities, in addition to data protection, are:
• Victims and criminal injuries compensation
• Courts, tribunals and administrative justice
• Women in the justice system, including women’s prisons
• Judicial policy (including diversity)
• Civil law and justice
• International business (non-EU)
• Law reform and sponsorship of the Law Commission
• Legal services and claims management regulation
• Coroner and burial policy
• The National Archives
• Devolution
• Sponsorship of the Office of the Public Guardian, Office of Court Funds, Office of the Official Solicitor and Public Trustee, and the Parole Board
• Better regulation and growth
• Sustainability
• Equalities
• Support to Maria Miller, Secretary of State for Women and Equalities.

Image credit: