Fines, Enforcement and good faith

Fines, Enforcement and good faith

We then considered enforcement trends. The total number of fines is going up; the maximum under the DPA is £½ m, the maximum under the GDPR will be €20m or 4% of global turnover. Today the ICO can fine under two laws, the Data Protection Act and the Privacy and Electronic Communication Regulation (PECR),  which regulate Data Controllers and Processors and direct mailing houses respectively. The ICO have taken more interest in the DPA since they gained fining powers. This note looks at the record in court, the change in enforcement powers, and notes that the preponderance of fines have been levied due toinadequate technical protection. …

An overview of issues with the GDPR

An overview of issues with the GDPR

At the BCS legal day,  a presentation was made entitled “Key Issues” which they started with a quote from Jan Albrecht MEP (the Rapporteur),

“[The] result is something that makes (as we intended from the beginning) everybody equally unhappy, but at the same time is a huge step forward for all sides involved.

Jan Albrecht MEP”

It is hoped that business opportunity will be created by a harmonisation of regulation across Europe with a goal of improved privacy for its citizens. The harmonisation is constrained by the Restrictions Article, which excludes areas of law from the Regulation and creates nationally authored variances.  …

BCS Legal Day

BCS Legal Day

I attended the BCS ISSG Legal day where the priority was the coming General Data Protection Regulation. I believe that the day was held under Chatham House rules, which means that comments cannot be attributed. I prefer to work on more open terms; it allows me to attribute credit to those who have informed me or changed my mind but the notes have been anonymised. The running order has been changed to make the story better and to conform to my preferred priority order, of principles, rights, obligations and enforcement.  The day consisted of two presentations, entitled “Key Issues”, “the Data Protection Officer” and one on trends in enforcement.  I have written these notes over the last week, and backdated them to the day of occurrence. These are a bit less polemic than my recent articles here, but for various reasons I have been reminded that that’s how they once were; I hope these articles are useful to my more technical readers. Some of the discussions and issues may interest those that follow me for politics. …

Coming Privacy Law

Coming Privacy Law

Yesterday, attended a session convened by the BCS North London branch, called “Data Privacy – How Private is IT?” The presentation was given by two PWC staff members in two parts, the first was a forward looking review at the proposed EU Data Protection Regulation by Kyrisia Sturgeon and the second part a scenario based exploration of good data protection practice led by Pragasen Morgan. To me the coming key changes in the law are that all companies will need to have a qualified data protection officer, and it implements a right to be forgotten, or more accurately a right to be unindexed. …

BCS EGM 2010

I actually got the BCS EGM last Thursday. I think it important, as is IT professionalism in the UK, but I am not sure that last week was a beacon for the values most of us would hope for. The meeting’s atmosphere was a nexus of CPSA annual conference, “back to the future” and “The History Man”.  I tweeted that it reminded me of Camden Labour party which I was a member of during  the 80’s, but that’s deeply unfair. While local Labour Parties and conference have been known to over indulge in the procedural, it was much more reminiscent of CPSA. The Camden party that met around the Finchley Road area  in the early ‘90s was one of the most politically educated and broad based branch parties I have been to; almost certainly helped by the fact that no faction had a majority.

So first matter of debate, a 50 minute point of order on whether the President of the Association, Elizabeth Sparrow should chair the meeting. Her right to cast discretionary proxies was also challenged. This sort of stuff is deeply unattractive to the non-aligned, although I am not sure how many of them there were. I know that I went to listen to a discussion on the future of the BCS and IT professionalism in the UK and had not made up my mind on how to vote, although I was predisposed towards supporting the leadership and the transformation programme. I don’t need to know more about stitching up meetings, and I am not sure the BCS Leadership do either.

Now, given that the first motion was a no-confidence motion in the Board of Trustees, I think it questionable that since the President is a member of Board that she should have chaired the meeting, or certainly the debate on that motion however the rules make it clear that if present the President shall chair the meeting, and so she did.

Having been deeply impressed by the opening scene from the TV series of Malcolm Bradbury’s “The History Man”, I have a theory that the academics present from their organisations and trade unions bring a ready and handy knowledge of proceduralism to the table, one that (some of) the business people find themselves lost in. Everyone needs to remember that there is a debate around ideas of substance, and that rule No. 1 is that,

Those ideas with membership support will win in the end

So what was the debate about? I am still not sure. It seems that it boils down to two things,

The transformation programme, which is about establishing the BCS, or the “BCS, the Chartered Institute for IT” as the premier guardian for IT professionalism in the UK, and maybe elsewhere needs greater financial transparency than it has today, although the first speaker, Ken Olisa, against the requisitioned motions presented a long list of financial reports made to the Board of Trustees. I think some people’s expectations of where we can go are unreal. We will never have the right to determine who can practice in IT, and I question whether its right that lawyers and doctors have this privilege. I also think it important that professionalism is defined in an accountable way; it’s not good enough to allow adequacy and standards to be defined by employers through their hiring policies.

The transformation programme does not need to suppress volunteerism within the society.

This is a complaint made by many of the speakers in favour of the motions of no-confidence. (Is it true that the Leadership have replaced the bottom up doarchy based committee of specialist group leaders with an appointed Board with the powers to manage the membership of the specialist group leaders.) This argument is partly about money as well, as the BCS leadership is accused of insufficient investment in the specialist groups.

One speaker suggested that it’s not possible to do both, and the unspoken question is whether its possible to build a member organization that defines and encourages professionalism in today’s world without selling out in conflict of interests between individual practitioners, their employers and the public interest.

Another thing all members need to consider, is the huge numbers of thought leading computer and software engineers and IT practitioners who find the whole professionalism debate irrelevant and are members of no organisation, preferring corporate honourifics or second degrees as their badges of quality.

Anyway at the end of the debate, Gerry Fisher, a past president moved a 6 month adjournment, to allow a dialogue to occur, a dialogue with a no-confidence motion on the table. This was almost quite clever. It is a procedural motion, so the proxies can’t be used. Any dialogue would take place with the threat of no confidence in the Board of Trustees on the table. This might have passed if it had been voted on. I hadn’t expected to hear Citrine quoted at a BCS EGM. Unfortunately for the dissidents, unlike Parliament and the old Labour Party Conference, General Meetings are not sovereign. The BCS meetings like most civic society meetings must advertise their agenda to the membership, so they can mandate representatives, cast their proxy votes or decide to attend. The meetings can then only debate and vote the published agenda.  Sovereign meetings have a duty to obey the law which is why most organizations have protections built in to ensure that ultra-vires actions aren’t taken. In the case of the BCS, only the meeting’s presiding officer can adjourn the meeting, and since she choose not to, the meeting tried to proceed to a vote. This also provoked some points of order, specifically about the proxy form’s quick vote process. It was far easier to mark the ballot paper with an I agree with the leadership vote than to support the meeting requistioner’s motions. Those who find this offensive to their democratic values need to get out a bit more. Although while researching links for this article I came across a reference to Kate Losinka, a one time President of the CPSA in the 1980s trying to prohibit branch officer’s recommending of votes, which just goes to show how long this sort of shit has being going on.  This might be seen as a second attempt to rule the proxies out of order, but this was stamped on.

The votes in the meeting were finally cast and collected, and the Electoral Reform Society were sent away to count the votes. These have been published at the BCS page.

The Special Resolution, to increase the threshold at which EGMs can be convened was withdrawn after a series of anti-speeches including one that listed the thresholds of what might be considered peer organisations who all have similar EGM requisition thresholds, currently 50 members. I suggested that the threshold wasn’t the problem, there were many more problems and that any rule changes on EGMs needed to take on board electronic signatures and clearer meeting standing orders and have a clearer procedural resolution process. A member from the floor asked the top table to withdraw the motion, and they agreed (It might have been interesting to see if the proxies would have stayed loyal to the leadership on this issue, but I think a chance for all to rethink is a better one for the Society and the profession.)  I’d like to think I helped, but I think the killer speech was the list of other organisations and their rules.

One of the things I found interesting is just how hard it is to find links for the 70s/80s references I made in the first part of this article. Here’s what I got in the end;

  • From Humble Petiton to Militant Action, a history of the CPSA and its fractious internal politics. It doesn’t mention me.
  • The site of PFLCPSA, the CPSA’s version of private eye. This one does.
  • IMDB’s “The History Man”
  • Citrine’s ABC of Chairmanship, from Amazon, published by the Fabian Society , this is a 1982 imprint, first published in 1952.

  …