Wednesday 6 July 2011

Privacy: the buck stops where?

Privacy is a red hot issue in the UK this week. I’ve never known a time when the issue has had so much attention, focused on both by the media and the politicians in Parliament. Even at the very moment the Information Commissioner was discussing his 2010/11 Annual Report, published today, in a webinar rather than a press launch, no doubt to large numbers of eager viewers, politicians in an emergency Parliamentary debate were referring to his predecessor’s “What price privacy” report, published in May 2006. And also to his predecessor's “What price privacy now” report, published six months later.

This week I’ve been waking up to the privacy issues by listening to the Today programme on Radio 4, and then getting ready to sleep by watching the latest privacy story on the Newsnight programme on BBC 2. And it's dominated the reporting on BBC News 24.

And last night’s mashup event held at the offices of the GSM Association in Central London, drew a good crowd to consider the world of mobile privacy. It focussed on what giving the user control over their privacy means, and looked at how companies are going about this, who is leading the way and who is just trying to exploit you.

When will it end?

And what is to be done?

My thoughts on this issue were printed in a conversation I recently had with a journalist and reported in the 22nd June edition of SC Magazine. I was commenting on remarks made by former Head of Enforcement at the ICO, Mick Gorrill, on whether someone should be employed as a full time data security “champion”. Mick said “You should have someone nominated for data security, as if you have accountability you will take notice of what the ICO is saying and put policy and procedure into place.”

I was reported (correctly) that I believed what Mick meant was regardless of the size of the operation, a business owner needs to make sure that there is a line of accountability for all elements of the enterprise.

As far as I was concerned, I I did not find that the concept of a team sharing responsibility works particularly well , as I prefer the concept of individual accountability, as you need to know who can make decisions when there is a difference in views.

Here are some of my quotes:

“When things go wrong, it is helpful to know who has previously had responsibility delegated to them to ensure that whatever went wrong shouldn't have gone wrong.”

“Auditors use the phrase ‘what gets counted gets done'. I think we should start to use the phrase ‘the person accountable for ensuring the good-working of this system is…'. Once individuals take personal responsibility for processes, they tend to look after them.”

Other people who were interviewed seemed to support my remarks.

I’m fortunate, I suppose, in that my privacy has rarely been breached in a manner that has profoundly affected me. But when it has happened, I’ve been bitterly upset and have really felt let down. If I share a confidence with someone I expect it to remain confidential. And, when people share their coincidences with me, I try my hardest to respect them. This means that I also temper my behaviour to ensure that I don’t misbehave (too much). But I am human – and ready to apologise for my mistakes.

Co-incidentally, today I was sent a copy of the official summary of an event I had attended a couple of months ago (and blogged about on 22nd May). The impressive introductory blurb to the summary explained that “We are at a critical point in history where the conflict between information security, privacy, freedom of information, legislation, regulation and the evolving use of IT and communications technologies is becoming visible. This could well be due to a lack of understanding of the key issues by all parties.

This being the case, it is our collective responsibility as policy makers and information security professionals to cultivate a greater understanding of the key issues faced by information stakeholders and owners. Dtex Systems recently brought together some of the UK’s leading professionals to openly discuss the issues facing public and private sector organisations, the media and regulators, to consider the implications on individuals, organisations and the media.”

And, much to my surprise and delight, prominently featured in one of the principal images of the event was ... yours truly !