Author: Siobhan King

How important is privacy really for Google?

Posted by on in Uncategorized

Each action we take on online platforms is commodified; actions are translated into data of monetary value for tech giants such as Facebook, Google and Apple. Privacy concerns not just the the data we keep online, but every action we take as well. This puts privacy, which is valued by the individual in direct opposition to profit, especially for Google which I have argued for decades is an advertising platform first and foremost, and a search engine second. So last week when the headline “Google to give people more power over their personal data” appeared in the Guardian, I read on with hesitancy. How much do Google developers really care about Privacy by Design?

Last month Apple introduced greater controls to app tracking, which at face value seems like a strong commitment to Privacy by Design. However, on learning that allowing users to turn off app tracking has a significant impact on competitor Facebook, I can’t help but be skeptical that corporate competition is the underlying motivation for this. Facebook is predictably vehemently opposed to turning off app tracking and is now presenting itself as an unlikely champion of small business.

In the context of all of this, what is Google proposing to offer consumers in terms of privacy? To be honest, on reading a summary of the developments proposed at last week’s conference I was slightly underwhelmed, as Google is limited to how much privacy tracking they lose without impacting their advertising business. The one area of interest for me was the discussion of subscription services where, like with YouTube, users pay for ad-free content. This may be inevitable should Google make a serious commitment to Privacy by Design.

It seems the old adage “If the service is free, the product is you” could never be more true.

Join us at CHARM

Posted by on in Information Management
Metataxis will be attending the next CHARM(Charities Archives and Records Managers Group) meeting along with Caroline Sampson from The National Archives to talk about the new recordkeeping guidelines developed for the charities and voluntary sector. Focussing particularly on full lifecycle management, the Management Framework for Retention and Transfer has been developed specifically for the charities sector.

Metataxis has been pleased to work in collaboration with The National Archive to develop the Framework in close consultation with professionals from the charities and voluntary sector. The project to develop the Framework gave us numerous opportunities to have lively and informative discussions about retention, transfer and general information management practice with many working in the charity sector. So, we are very much looking forward to attending the next CHARM meeting on the 10th of October. If you wish to attend visit the CHARM website to contact the organisers.

How Marie Kondo is like a ROT analysis

Posted by on in Information Management

Redundant. Obsolete. Trivial.

Love it or hate it, much column space has recently been given to discussion of Kondo’s Netflix show “The Life Changing Magic of Tidying Up”.  From angry flame out wars over the immorality of destroying books, to the Millennial-blaming accusations of curatorial-consumerism, Marie Kondo is the home organisation consultant everyone is talking about. While “sparking joy” might be a little too esoteric an approach to your information, the idea of rationalising your systems and file shares this way is very similar.

If you are working with a messy, bloated system where categories are blurred, a ROT analysis can help to sort through what needs to be kept and how things should be organised. So what is ROT?

Redundant

Redundant information often involves duplication. Duplication of documents and folders is common when folder structures have not been centrally managed. There may also be multiple versions of documents with minor variations that are no longer needed.

Obsolete

Some information you hold will inevitable be out of date, whether this is because it relates to a business activity you  no longer undertake, because it has been superseded or is incomplete. Obsolete data may include technical guides for products and services no longer offered, past procedure manuals or old contacts lists that have not been kept up to date.

Trivial

Trivial material will be of very low level value to the organisation. While this data might be valuable to one individual for a very short period of time, they do not provide much in terms of business insight or compliance evidence. Examples of records of trivial value are meeting room bookings or personal daily to do lists.

From watching “The Life Changing Magic of Tidying Up” you get the sense the Kondo method is labour intensive. This is true also of a ROT analysis. There are tools that can help you along the way, but ultimately you will not be able to escape having to make decisions about what to keep and where. And if you want to  prevent ROT from building up again, it is best to have a plan for how to manage information going forward.

If you want to  know more about how to conduct a ROT analysis, what tools can be used to conduct a ROT analysis, or how to set up an Information management programme to prevent ROT accumulating in the first place, get in touch with us.

Metataxis has years of experience as information organisation consultants, pragmatic about coming up with scalable solutions that suit your requirements, and we won’t make you ask if your information ‘sparks joy’ – unless that’s what you want.

shutterstock_99177344

Deal or No Deal: GDPR after Brexit

Posted by on in GDPR, Information Governance

UK Inadequacy?

Late last week the government issued a formal statement about the position of the UK in relation to GDPR in a no deal scenario. As expected conditions for the flow of data between the UK and the EEA are a primary concern in this situation. Transfers of data outside the EEA must be safeguarded. Of all the safeguards available, the ideal for the UK is to gain adequacy status.

Regardless of Brexit, it can take some time for the EC to review whether adequacy status may be granted. Earlier this year the Information Commissioner Elizabeth Denham spoke in Select Committee about the need to seek a ruling about adequacy sooner rather than later to ensure a smooth transition. and also expressed doubts about whether the UK may attain adequacy.

There are some impediments to UK adequacy, namely the so-called Snooper Charter which has been challenged by the European Court of Justice (ECJ). The ECJ has ruled that the “general and indiscriminate” retention of electronic communications allowed under the Charter to be illegal.

Also, once the UK leaves the EU, it will no longer be covered by the EU-US Privacy Shield provision for transfer to the United States. There is concern that any data sharing agreement between the US and UK will not be robust enough to satisfy European requirements.

To be fair, this was always going to happen. With Brexit, the UK was always going to have to come up with a strategy for data sharing across the EEA. But a no deal outcome may accelerate the process, meaning this must be dealt with sooner rather than later.

Without the certainty of an adequacy ruling any time soon, government advice is to begin preparing  for the use of Model Clauses and Binding Corporate Rules (BCR) to manage data transfers to the UK. Each of these may involve quite a lead in time for organisations to set up, so the time to act is now.

Uncertainty and Risk

What does that mean for organisations in the UK that rely on GDPR to support free flow of information within the EEA? It’s a risk, and one you should be ready for. While there is uncertainty about the future of data transfer arrangements between the EEA and the UK, it is worth beginning to prepare for the worst.

How do you prepare? The first step is a risk assessment. Organisations that have already worked to comply with GDPR will have a head start, as they will understand their data flows and have a strategy to employ safeguards to transfer. In effect, those who have records of processing and GDPR action plans will have already completed much of the analysis they need to pinpoint areas that need to be addressed.

If you haven’t done this already, and you do share personal data with the EU, understanding where your personal data is, where it comes from and where it is sent is now urgent.

With the future so uncertain, and such a high noise to signal ratio on the topic of Brexit in the media it is so tempting to switch off and pretend it is not happening. But for UK businesses sleepwalking into a no-deal/no data situation is not an option. If not already started, risk assessment, mitigation and safeguard arrangements need to start now.