Sunday, April 11, 2010

House of Commons Justice Committee Related to The European Union's Data Protection-Retention Directives

In the first week of January this year, (a link to video of Parliament online, please forward to about half way through), the United Kingdom's Information Commissioner Christopher Graham spoke in the Wilson Room for the House of Commons Justice Committee. He was flanked by Stephen McCartney, Head of Data Protection Promotion, from the Information Commissioner’s Office. As mentioned in a previous post just last month, the ICO has been lobbying extensively for fines to deter serious data breaches - and it gives the impression of working quite well, since on their front page, the ICO "expects its new power to issue monetary penalties to come into force on 6 April 2010, allowing the ICO to serve notices requiring organisations to pay up to £500,000 [$1M approx.] for serious breaches of the Data Protection Act." In other words, HUGE fines: finally some real deterrents to the list brokers/reseller industry.

In the Committee, it was being recommended that the European Union enforce data protection, but not to jump into it without a comprehensive approach, in other words, reculer pour mieux sauter as Mr Graham states; take a step back first, analyse the nuances/realities of how data is exploited, and then codify the law fittingly. The HOC Justice Committee met to avoid the patchwork of current legislation involved, as well as taking into consideration the fact that [Roman and Napoleonic Civil] Codified Law are very different from Common Law practiced in Great Britain. Civil versus Common Law have very different approaches to managing data too, the former being considered in Common Law countries as unnecessarily pragmatic – too literal, too much bureaucratic overhead, whilst Canada and the United States tend to take too much of a freely flowing data approach without thinking of privacy and security considerations from the onset. In fact, the European Commission went to the extreme as to sue Sweden for its lack of action regarding the E.U. Data Retention Directive.

The Face of Data Protection in the United Kingdom: Christopher Graham - see him at the Data Protection Officer Conference on March 3rd, 2010

As one can see in the video footage (forward to 26 minutes), Information Commissioner Graham is a man of candour as was his Grandfather Lance. Sir Lancelot Graham was known as idealistic, indefatigably hard-working and self-disciplined. He was not only a Governor of Sind (Pakistani province where Karachi is the capitol) before the partitioning of India, but also President of the Commonwealth Society.

It is clear action must be taken to discourage serious breaches of the Data Protection Act, but one of the first fundamental questions (referred to in the List of Data Protection Principles), as mentioned by Mr Stephen McCartney, Information Commissioner Graham’s experienced colleague, should be what is the data being used for? Ultimately the goal is to prevent carelessness (i.e. not encrypting, or at the least putting a password on a backup placed on easily readable media) with respect to the management of personal data within organisations, a space where the ICO has been very active lately, and even provides A Guide For Data Protection in Plain English on its site.

In sum, in the European Union, there is a need to clarify laws that are related to the management of information, and it is great to see Information Commissioner Graham giving guidance openly. We have to treat Data as the precious resource it deserves in our information-based society, merely because its mismanagement can cost us all, and not just in the E.U. With respect to a certain pension fund data management disaster I witnessed firsthand, it led, in part, to the loss of billions of dollars.

Data Stewardship and the Promotion of Data Protection – Are You Vigilant Enough to Stop A Trainwreck?

If you are asked to be a Database Cop, and you follow the code of ethics of your organisation, especially a public organisation (i.e. working by the book), erstwhile assuming that you are in a hostile environment, rampant with Workplace Bullyingwhen, or better yet, where is a DBA supposed to stop when protecting public data? I am very passionate about our job as protector of the data - and for more on this subject, please read Brad McGehee’s DBA Code of Conduct because if you see multiple faults, and maybe four as I did, then you should do all you can to avoid a trainwreck for your respective organisation because just like an Airplane, it could only take two chains of error before the plane hits the ground. Brad lays out a clear path to follow. Also, pay special attention perhaps to my comment at the end which is in reference to the two government organisations who are working on my behalf (and provided with stacks of evidence also, being as municieux as a DBA should be) to take judicial action in opposition to our state pension plans’ violation of both Federal and Provincial laws, followed by Human Rights violations.
Much of my negative energy from that disastrous experience (a bit like what Canadian Diplomat Colvin is living through now perhaps, to the extreme of Prime Minister Harper proroguing parliament to conceal the issue during the Olympics, as well as extend our MPs holidays) has been vented out within the scrolls of this blog over this past year employing altruism, introspection and sublimation, both mature Defence Mechanisms. The latter, I was informed of only just recently, certainly makes judging specific psychological behavioural traits. The hundred-twenty thousand plus visitors are appreciated I might add with a kind gesture (Cum numine benigno). Further, your comments are welcome (although frightenting scarce on the Blogger version), or you can just stop on by as I shall continue to use digital photos for eye candy too. The real world isn't so beautiful, but at least I can maintain my idealism through photographs!
Microsoft has just showed their appreciation earlier this year by passing on the Most Valuable Professional Award for SQL Server. I have to admit that I thought it just slipped by since I didn't hear from my gracious guide, Simran Chaudry, MVP Lead for Canada, until I finally got around to catching up with my e-mail inbox flood. I have needed some downtime after travelling three times within the past month or so - first of the three trips was to Cambridge as you can see below. There was lot of family to catch up with there, plus with the Simple Talk editors at a certain famous Dim Sum place on Regent Street.

Some tasks can seem endless and require years to do, but they have to be done (or so they told themselves while working on this King's College Chapel Cieling).

Next up...The face of data protection in the United Kingdom: Chris Graham, and his recent Parliamentary Committee Hearing.

Interesting Data Stewardship References, if the subject interests you: