GDPR Post-Brexit

In case you missed this, some further impact of Brexit relating to Personally Identifiable Information and the GDPR. The European Data Protection Board has released a dry one-pager, with significant impact for those of us concerned about #dataprotection https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_statement_20201215_brexit_en.pdf Facebook already has plans to weaken UK data protection, classifying us like California, not the EU, for data protection purposes. The clock is running, because our current Data Transfer and Protection protocols have been deemed "Adequate" only until 30th June 2021, by which time the EU will have made a final decision on the adequacy of the UK's arrangements for data. ...
Read More

Morrisons Lose Data theft appeal

A recent ruling has made Morrisons vicariously liable for the rogue behaviour of an employee who stole over 100,000 employee payroll records. Andrew Skelton was a senior auditor for Morrisons at the time of the data breach.  He had recently been officially warned about using corporate mailroom facilities for sending personal ebay packages. Mr Skelton was sentenced to eight years imprisonment in July of this year for the data breach. A couple of interesting points stand out from this landmark judgement, which went all the way to the UK Court of Appeal, where the original ruling was upheld against Morrisons: Firstly, the intent of the records theft was irrelevant - it didn't matter whether the motive was personal gain for the data thief, or reputational damage caused to Morrisons. Secondly, the Information Commissioners Office had originally found that no action was required under the Data Protection Act 1998 - the relevant legislation in force at the time of the offence: it took a class...
Read More

User-centricity; the new focus for IT service provision

We've spent the last couple of months exploring some of issues of concern to IT functions in the legal sector. Here are some of them: Legal firms are very acquisitive, and usually expand through mergers or wholesale onboarding of another firms' sector practice. This means that large cohorts of devices, networks, associated data and systems often need to be incorporated, merged, or at least coherently managed. The lack of availability of a service or source of information can vary from the trivial/inconvenient, through to reputationally harmful and up to being critically damaging to the legal firm. The move towards the cloud-like service provision is especially complex for legal IT service leaders: clients often mandate the collaborative systems to use, and have their own policies for data location, collaboration and access. IT (especially the helpdesk) are often seen as a necessary evil, and not particularly helpful in resolving an IT issue. This is a painful fact to IT support managers, who may be incentivised through...
Read More

Your life in the ether…. Record Management Online

Memory is the treasury and guardian of all things. Marcus Tullius Cicero You may find some of the ideas suggested eight years ago interesting, and maybe still valid with the advent of GDPR. This was an idea for storing and managing all information - personal or corporate - in the cloud, using the very powerful HP RM (record manager) engine as a basis. The original is here  - apologies for the loss of images, which used to be in there. Your life in the ether.... Record Management Online November 03, 2009 HP Records – Record Management in the Cloud Record Management for the home, for small business, and the enterprise idea qualification Reach: How many people would this idea affect? - all those who, in their professional and personal lives, have a need for long term organisation, management, and eventual disposal of their critical personal or corporate information In other words, simply put - records. Depth: How deeply are people impacted? How...
Read More

“Zap My Data” …A $5000 dollar browser app that could break the internet?

A $5000 dollar browser app that could break the internet? What if, as part of the GDPR process currently generating so many dramatic headlines, someone developed a browser app that could automatically send a request for the return of all your personally identifiable information held by a site owner at the press of an orange button? Mock up showing request, delete buttons.. other websites are available! Behind the red button would be a request to be forgotten by the data owner and all associated information processors. I'll bet not many of these data aggregators would be geared up to handle that... Google are though... Embellishments could include a dashboard showing non-respondents in order of delinquency, with the option to alert the appropriate Data Protection Authority.  Robotic Process Automation (RPA) could be used to harvest the database of email contacts for each site, as well as storing the text content for the equiry/delete orders. Of course someone may have already developed this - if so, let...
Read More