On Release Management

On Release Management

I wrote a piece on Release Management on my LinkedIn Blog. I talk about the minimum properties of a change control authorisation system, the minimum evidence required before agreement can be issued, the need for emergency change control process, the need for post implementation reviews, treating failures as incidents and applying problem management tools to them, and ensuring that there is an appropriate segregation of duties.  …

Do victims of a cyberbreach need to prove harm?

Do victims of a cyberbreach need to prove harm?

I have just posted to my linked in blog, on the reference from the Austrian courts as to whether victims of a data breach need to prove harm for compensation.

The Advocate General is not so sure, although on my CIPP(E) course the instructor was clear; a breach of rights is a harm.

I look at the GDPR, the DPA 2018, which confirms that in the UK, ‘“non-material damage” includes distress.’.

I conclude by noting that, “My experience in tracking the citizen’s panels of the Conference on the Future of Europe (CoFoE) is that Europe’s citizen’s, the children and grand children of facist and stalinist societies are looking for greater enforcement, not less.” Politicians in the EU are under pressure to go in the other direction.  …

Technology lessons

Technology lessons

It seems the police have found insufficient evidence to prosecute Boris Johnson for misconduct in a public office with respect to his alleged relationship with Jennifer Arcuri and decisions taken by the Mayor's Office to support her business. His day-time visits to her home, presumably during working hours, were, it seems, for 'technology lessons'. It seems that some emails seem to be unavailable, possibly in contravention of the Mayor's statutory record keeping rules and duties. The rest of this blog looks at alternative legal approaches to investigating if wrong doing has occurred. It looks at how good good IT Security controls are needed to allow essential audit questions to be answered.

Google, the GDPR and Brexit

Google, the GDPR and Brexit

Google are going to move their UK users data from Ireland to the USA. I wrote a little note on my linkedin blog. I headline it as

Google are moving UK data from Ireland to the US … what does this say about UK/EU/US dataflows and ompliance with the GDPR and the world’s data protection laws.

I also point out the need for robust legal redress to comply with the GDPR, which the UK and USA may not meet and that the UK will lose access to the US Privacy Shield arrangements. I note that the UK will lose its member state privileges and powers under the GDPR when the transition period ends and that RIPA 2016 and the immigration exception of the DPA 2018 may cause the Commission some problems with respect to “Adequacy”.

I note that model clauses and binding corporate rules will remain in place and I wonder if this is a business opportunity for a European based phone operating system author as people choose to withdraw from Android? Nokia? Canonical? …

HRMS, a distressed purchase?

I was provoked by this on Hackernoon, and wrote a little piece on HRMS systems. I have just come back from a Trade Union course on Employment Law and wonder whether the US based systems built for Silicon Valley behemoths are suitable for UK based SMEs. I reference the Gartner MQ which seems to have come on in the last two years; google it, you can get to see it from one of the companies in the top right quadrant but I like their functional breakdown.

I state that a “person” data model is key and finish with the following quote,

HR functions need to define their mission statement, somewhere between “stop the staff suing us”, and “delivering a self-actualising company”; only then can the needs of the software be defined and developed, bought or rented.

 …

Banks Eh?

Banks Eh?

Have you got outraged over FATCA yet? Over the last quarter, I have received several pieces of correspondence from different banks asking me to certify that I have no income that the US Government might be interested in. It goes to show just how poor, the Banks’ whole person/customer knowledge is. …

The customer is, and shall be king

I have posted an article on my linkedin blog, which looks at the future of banking technology particularly as it applies to their technical debt in the data centre. It argues that customer intimacy is key. I say,

So the incumbent players have to re-modernise their systems, build fit for purpose customer relationship management systems i.e. KYC and cope with the business disruption that new software driven competitors are developing, on top of which margins in retail financial services are very low.

 …

Have the US killed their cloud business?

As the proof that Governments are spying on social media users is found, we should all take measures to make it hard. I am sure that they’ll try and outlaw encryption next, but they might have a problem with that since it’ll kill e-commerce. Talking of killing e-commerce, a number of commentators, including David Kirkpatrick posting at linkedin are asking if this will cause Europeans and their Governments to withdraw from the US cloud providers.

The Swedish Government, for instance have already decided to abandon Google’s web services. …