Digital leaders from across the North West came together in Manchester to discuss the issue of privacy and security online and where individual responsibility ends and corporate responsibility takes over. Nathan Rodgers, Local Government Director at General Dynamics Information Technology (GDIT) and Nick McAlennan, Media Law and Reputation Management lawyer at JMW Solicitors LLP represented each side respectively in a debate hosted by Kevin Harrington who chaired the meeting on behalf of Digital Leaders North West.
Nick initiated the discussions with a view of privacy driven from the perspective of the individual, or the “data subject”. From a media law perspective, recent cases associated with phone hacking, misuse of personal information, super injunctions and data leaks have brought the subject into the public arena and mainstream media. With complex data protection laws, the legal and commercial implications an organisation can face when getting this wrong are far from clear. Recent cases do indicate an increasing risk (and therefore cost) associated with not having adequate policies and procedures in place. The prevalence of class action cases (or group litigation) in the U.S. is crossing the Atlantic with a recent notable high profile case now progressing to the Supreme Court in the U.K. This signifies a changing landscape and as a result, legal interpretation of personal data is changing. With a possible fine of 4% of global revenue associated with data breaches or negligent data security protocols, now would certainly be a good time to review your data security.
As the risk associated with poor, or even negligent, data security policies increases, there could be an assumption that someone needs to take responsibility for the issue. Nathan Rodgers, GDIT’s Local Government digital transformation lead suggested that who owns this responsibility is far from clear cut. Traditionally, I.T. (either departmentally or individually) owned this risk. With the proliferation of data sharing, cloud based services and digital platforms, this preconception has all but disappeared. Inevitably, there is now a level of responsibility at an individual level. Technology can restrict, control and limit access to all but a handful of hackers worldwide. So after an organisation has built the most robust, secure and bullet-proof systems, what could possibly go wrong? The answer is… you. You, the individual, as either employee, consumer, data subject or contractor are the most likely to be the weakest link in any organisation.
Having established that you (or any person in fact) are the most likely route through which unauthorised data or information will leak, what can an organisation do to prevent this from happening?
The discussion was broad ranging and suggestions included:
- Employers seeking appropriate insurance cover.
- Better formalised education for employees about their information security responsibilities.
- Reviewing employment contracts to ensure responsibilities relating to data protection are included.
- Tightening the organisational approach to penetration testing.
- Reviewing what type of data you do actually need to keep as an organisation.
- Improved standards on data protection – self-assessment for organisations is a good place to start.
- Giving consumers more choice about the data they make available and to whom they make it available.
Please note that we would always suggest you seek expert advice on the issues raised above.
This discussion continues on the Digital Leaders North West Knowledge Hub Group but feel free to contact Nick McAleenan or Nathan Rodgers directly and they would be happy to talk about your individual requirements.
For those who want to research the subject in greater detail, we would suggest the Information Commissioner’s Office website and please feel free to register to receive GDIT’s free Digital Transformation White Paper here.
Our thanks to James Brayshaw, Managing Director, Winshaw for this blog.