Why are so many privacy professionals driven to despair?
Don’t worry. It’s not that unusual for privacy professionals to
be driven to despair by the demands of their job. It’s just a mindset that most
of them go through when business “requirements” and legal “restrictions” continually
clash.
As Tom Fletcher, the UK’s former Ambassador to the Lebanon
recently put it: “You think you’re reached rock bottom – then you hear a noise
from below.”
But there is hope at the end of the tunnel. That mindset can pass,
to be replaced with a more productive phase of professional life.
Tom Fletcher recently blogged about the eight stages of his
(professional) life. Seduction. Frustration. Exhilaration. Exhaustion.
Disaffection. Infatuation. Addiction. Resignation.
He knew them all, often simultaneously.
I’ve known them, too.
The work of a privacy pro isn’t easy, when you’re dealing with clients
who have little concept of current data protection requirements, let alone the
added complexities that are being contemplated by those that are currently
negotiating the compromise text of the General Data Protection Regulation. But
why should the negotiators care about complexity? Hardly any of the people
currently involved in the tripartite discussions will ever have a job that
actually requires them to implement it. Many will simply move on to reaching
consensus in other policy areas.
Talking about it is not the same as doing it.
So, and as apparently happens so often with Lebanese politics, the tripartite negotiators
can needlessly overcomplicate issues with layers of conspiracy, creative fixes,
and intrigue. They can undermine leaders working in the national interest of
Member States, rather than the collective interest of the EU. And they can
proclaim that there is no substitute for this unrelenting, maddening, political
process.
Roll on 2016 when, in a fit of exhaustion, something will be
churned out of the EU’s legislative sausage machine, and hordes of consultants
can feast for years thereafter. Whatever finally emerges is unlikely to
significantly enhance the privacy of the average EU citizen – but it ought to
significantly enhance the bank balances of the armies of consultants who will
be called upon for guidance as to which elements of the Regulation should be
implemented, and how, and which bits can be safely ignored, and why.
But why do I care?
Simply because I care about the implementation costs. When most
small and many medium-sized businesses can barely begin to demonstrate
compliance with the current rules, my eyes roll when I think of the
difficulties that they will face in coming to terms with the new rules.
Of course the larger organisations will do what it takes to
remain on the right side of their regulators – assuming, that is, that the
regulators have a large enough stick to require compliance. Under-resourced regulators
will be left in the unenviable position of being held accountable for not
enforcing the new rules. They’ll be blamed for allowing some businesses
(and some public sector bodies, no doubt) to get away for years with shockingly
poor data handling standards.
Perhaps my current mood will improve when all the privacy pros return from
their summer holidays.
I do hope so.
Source:
http://blogs.fco.gov.uk/tomfletcher/2015/07/31/19389/
How to cope:
http://www.samaritans.org
http://www.martinhoskins.com
.
Posts
