We then considered enforcement trends. The total number of fines is going up; the maximum under the DPA is £½ m, the maximum under the GDPR will be €20m or 4% of global turnover. Today the ICO can fine under two laws, the Data Protection Act and the Privacy and Electronic Communication Regulation (PECR), which regulate Data Controllers and Processors and direct mailing houses respectively. The ICO have taken more interest in the DPA since they gained fining powers. This note looks at the record in court, the change in enforcement powers, and notes that the preponderance of fines have been levied due toinadequate technical protection.
Tag Archives: BCS
A presentation was made about the to be established Data Protection Officer, claiming to be informed by the EU’s advice on what the law means. We looked at whether a DPO is needed, the expertise and skills required, and the requirement for independence.
At the BCS legal day, a presentation was made entitled “Key Issues” which they started with a quote from Jan Albrecht MEP (the Rapporteur),
“[The] result is something that makes (as we intended from the beginning) everybody equally unhappy, but at the same time is a huge step forward for all sides involved.
Jan Albrecht MEP”
It is hoped that business opportunity will be created by a harmonisation of regulation across Europe with a goal of improved privacy for its citizens. The harmonisation is constrained by the Restrictions Article, which excludes areas of law from the Regulation and creates nationally authored variances.
I attended the BCS ISSG Legal day where the priority was the coming General Data Protection Regulation. I believe that the day was held under Chatham House rules, which means that comments cannot be attributed. I prefer to work on more open terms; it allows me to attribute credit to those who have informed me or changed my mind but the notes have been anonymised. The running order has been changed to make the story better and to conform to my preferred priority order, of principles, rights, obligations and enforcement. The day consisted of two presentations, entitled “Key Issues”, “the Data Protection Officer” and one on trends in enforcement. I have written these notes over the last week, and backdated them to the day of occurrence. These are a bit less polemic than my recent articles here, but for various reasons I have been reminded that that’s how they once were; I hope these articles are useful to my more technical readers. Some of the discussions and issues may interest those that follow me for politics.
Yesterday, attended a session convened by the BCS North London branch, called “Data Privacy – How Private is IT?” The presentation was given by two PWC staff members in two parts, the first was a forward looking review at the proposed EU Data Protection Regulation by Kyrisia Sturgeon and the second part a scenario based exploration of good data protection practice led by Pragasen Morgan. To me the coming key changes in the law are that all companies will need to have a qualified data protection officer, and it implements a right to be forgotten, or more accurately a right to be unindexed.
I actually got the BCS EGM last Thursday. I think it important, as is IT professionalism in the UK, but I am not sure that last week was a beacon for the values most of us would hope for. The meeting’s atmosphere was a nexus of CPSA annual conference, “back to the future” and “The History Man”. I tweeted that it reminded me of Camden Labour party which I was a member of during the 80’s, but that’s deeply unfair. While local Labour Parties and conference have been known to over indulge in the procedural, it was much more reminiscent of CPSA. The Camden party that met around the Finchley Road area in the early ‘90s was one of the most politically educated and broad based branch parties I have been to; almost certainly helped by the fact that no faction had a majority.
So first matter of debate, a 50 minute point of order on whether the President of the Association, Elizabeth Sparrow should chair the meeting. Her right to cast discretionary proxies was also challenged. This sort of stuff is deeply unattractive to the non-aligned, although I am not sure how many of them there were. I know that I went to listen to a discussion on the future of the BCS and IT professionalism in the UK and had not made up my mind on how to vote, although I was predisposed towards supporting the leadership and the transformation programme. I don’t need to know more about stitching up meetings, and I am not sure the BCS Leadership do either.
Now, given that the first motion was a no-confidence motion in the Board of Trustees, I think it questionable that since the President is a member of Board that she should have chaired the meeting, or certainly the debate on that motion however the rules make it clear that if present the President shall chair the meeting, and so she did.
Having been deeply impressed by the opening scene from the TV series of Malcolm Bradbury’s “The History Man”, I have a theory that the academics present from their organisations and trade unions bring a ready and handy knowledge of proceduralism to the table, one that (some of) the business people find themselves lost in. Everyone needs to remember that there is a debate around ideas of substance, and that rule No. 1 is that,
Those ideas with membership support will win in the end
So what was the debate about? I am still not sure. It seems that it boils down to two things,
The transformation programme, which is about establishing the BCS, or the “BCS, the Chartered Institute for IT” as the premier guardian for IT professionalism in the UK, and maybe elsewhere needs greater financial transparency than it has today, although the first speaker, Ken Olisa, against the requisitioned motions presented a long list of financial reports made to the Board of Trustees. I think some people’s expectations of where we can go are … » Read more …