Monday 30 July 2012

What is the right data protection qualification?

I’ve just been reading the PDP’s press release announcing a record increase in newly qualified data protection professionals. The blurb explains that the DPD’s Practitioner Certificate in Data Protection gives organisations the ability to demonstrate commitment to protecting customer and employee information in this increasingly challenging area of legal compliance.

Congratulations to all involved.

The only thing that’s concerning me is that the UK now boasts (at least) 3 different organisations setting privacy qualifications, but I’m not sure where I can turn to obtain any independent advice as to what would be the most appropriate (or easiest or cheapest)qualification for a data professional to obtain.

My qualification, the ISEB Certificate in Data Protection, offered by the British Computer Society, was hard work, as it required me to take a really deep look at the Data Protection Act as Parliament and British Courts intended it to be, and to be very mindful of the occasions when the ICO’s compliance advice strayed past the legal minimum and into the realm of best practice. Of course, there’s nothing wrong with best practice. But it is not the legal minimum.

The DPD qualification, according to a footnote in the press release, is accredited by The Law Society, The Bar Council, and was devised in conjunction with the Information Commissioner’s Office. Clever use of the phrase “devised in conjunction with”. It doesn’t claim that staff from the ICO currently seek DPD accreditation.

And then there’s the qualification offered by the Association of International Privacy Professions, of potential interest to privacy officers working for international groups of companies. This is the qualification for those who apparently need to show that they really know their stuff about comprehensive principles-based framework, pan-European and national data protection laws, the European model for privacy enforcement, key privacy terminology, and practical concepts concerning the protection of personal data and trans-border data flows.

Not having carried out any significant research into the PDP and IAPP qualification (yet), I simply don’t know of the extent to which they supply data protection officers with the practical tools that are necessary to help them do their jobs. Many of us practitioners know what most of the laws (we need to know)state, but the critical thing to know, surely, is the extent to which particular laws are enforced, either by regulators or others, in particular circumstances, and that the consequences are likely to be if data controllers, for various reasons, breach any of the principles.

And where will I find this from? Perhaps our chums at Which? might commission a guide to Professional Data Protection Qualifications, to get some dispassionate advice out there for the benefit of increasing numbers of people who sense that they need to obtain some form of qualification, but are unsure which, and how much effort would be required to get it.

No-one wants to be sold a pup – unless he looks as endearing as the dog in today’s picture.


Image credit: