It’s official. Destruction is nice. Or so says the new Section 46 Code of Practice issued this month:
Destroying information is essential to maintaining an effective information management capability, and means that authorities avoid the unnecessary financial burden of searching, maintaining and storing information that is no longer needed.
While this is what records managers have been saying to their colleagues in IT and governance for years, I don’t think I’ve ever seen it put quite so bluntly before.
The new Code of Practice is much more explicit than the previous 2016 version. Less space is given to discussing the benefits of following the Code (which in retrospect seemed a little redundant) making way for clearer expectations around governance arrangements. Good governance is key to any information or records governance programme, so I’m glad to see this is given greater prominence here.
The principles of good practice remain the same but the new Code of Practice provides much clearer descriptions of how these work in practice which is both welcome and daunting. At Metataxis we know that it’s a difficult task meeting obligations which are fine in theory but are difficult to achieve in the reality of your information environment. Find out how we can help you turn general principles into practice. Contact us today.
The long awaited decision regarding UK Adequacy was made end of last month, on the 28th of June. While the UK has achieved adequacy statement, there is something of a watching brief on this.
For the first time ever, the EU Commission has made Adequacy conditional. Unusual, but perhaps unsurprisingly the UK is subject to additional caveats. The Adequacy approval will only last a period of 4 years from date adequacy comes into force, and the EU Commission may intervene should there be any changes to UK legislation which will affect personal data processing. This so-called “sunset clause” means we be back here again in four years time (or sooner) if a political decision is taken to create a divergent data protection regime for the UK which doesn’t meet adequacy requirements.
What this decision does give UK business is some breathing space regarding cross border data processes to the EU. It means cross-border processing may continue without having to put additional safeguards such as standard contractual clauses in place. Although it does not mean this now means businesses can relax a little about meeting GDPR requirements! Adequacy is approved for nations that can demonstrate they have an equivalent data protection regime to the GDPR. The UK has done that for now, but given the caveats, it does feel almost like the UK is on some form of probation.
Each action we take on online platforms is commodified; actions are translated into data of monetary value for tech giants such as Facebook, Google and Apple. Privacy concerns not just the the data we keep online, but every action we take as well. This puts privacy, which is valued by the individual in direct opposition to profit, especially for Google which I have argued for decades is an advertising platform first and foremost, and a search engine second. So last week when the headline “Google to give people more power over their personal data” appeared in the Guardian, I read on with hesitancy. How much do Google developers really care about Privacy by Design?
Last month Apple introduced greater controls to app tracking, which at face value seems like a strong commitment to Privacy by Design. However, on learning that allowing users to turn off app tracking has a significant impact on competitor Facebook, I can’t help but be skeptical that corporate competition is the underlying motivation for this. Facebook is predictably vehemently opposed to turning off app tracking and is now presenting itself as an unlikely champion of small business.
In the context of all of this, what is Google proposing to offer consumers in terms of privacy? To be honest, on reading a summary of the developments proposed at last week’s conference I was slightly underwhelmed, as Google is limited to how much privacy tracking they lose without impacting their advertising business. The one area of interest for me was the discussion of subscription services where, like with YouTube, users pay for ad-free content. This may be inevitable should Google make a serious commitment to Privacy by Design.
It seems the old adage “If the service is free, the product is you” could never be more true.