How do
you know whether someone has an appropriate level of experience in data
protection?
This
question is becoming quite important, as a variety of organisations are
currently offering various types of certification of data protection
proficiency.
But are
these certificates actually worth much? What assurance do they give that the
bearer of the certificate is any good at applying legal principles in a manner
that is acceptable to an employer or to a regulator? Which is the best one?
Given
the increased level of public interest in data protection, I expect that it
won’t be too long before the spotlight falls on the training organisations that
currently operate in the UK. Does each organisation really offer the trainee an
adequate level of knowledge, and is the certificate that is subsequently
acquired of much practical use to a British data protection officer?
Yes,
employers like people who are qualified. But qualified in what respect? If they
are not careful, employers will just rely on the publicity that is churned out
by the certification providers. But publicity about how good their own certification
is cannot really be taken as a sufficiently objective measure.
What qualifications
really are appropriate? Those issued by the British Computer Society/ISEB? PDP?
Act Now? or the IAAP?
Here, there
might be a role for National Occupational Standards. These
are standards which describe what an individual needs to do, know and
understand in order to carry out a particular job role or function. As the NOS website helpfully points out, they
are:
"National because they can be used in every part of
the UK where the functions are carried out;
Occupational because they describe the performance
required of an individual when carrying out functions in the workplace, i.e. in
their occupation (as a plumber, police officer, production engineer, etc); and
Standards because they are statements of effective
performance which have been agreed by a representative
sample of employers and other key stakeholders and approved by the UK NOS
Standards Panel.”
Trainers in the policing and law enforcement area
have recently created a standard with the snappy title of “SFJ ZA11 Ensure organisational compliance
with Data Protection legislation”.
Perhaps
what we need is for more industries to create suitable standards, and then for
an independent regulator to assert whether the certificates offered by the major
training providers adequately meets these standards.
Otherwise, we might see training organizations taking
advantage of the growing fears that organizations have when they realise that
they need to get data protection right, by delivering inadequate training to
students.
If ever there were a need for regulation to protect
the public against dodgy standards, then perhaps there is a case for the data
protection training market to be more formally regulated.
Source:
http://nos.ukces.org.uk/about-nos/Pages/About-NOS.aspx
.
Posts
