Latest action from Data Protection Commissioner highlights value of Planning for Protection
The announcement today that the Data Protection Commissioner has written to three VECs to address concerns regarding the handling of personal data serves to emphasise the need for Data Controllers to ensure they are planning for protection and thinking ahead as to how their information assets will be shared, disclosed, secured and protected. This is not a technology solution, but requires Data Controllers to ensure they plan properly and execute those plans consistently.
"It is essential that Data Controllers invest time in planning what information they will need to achieve their goals. These plans need to address the 'what', 'why, 'how' and 'who' of what information needs to be captured, why it is needed, how it will be used and kept secure and who will have access to it", says Daragh O Brien, a leading Information Management consultant and founder of Castlebridge Associates.
"It is clear from the VEC examples today that the execution of this plan needs to be consistent, right down to the wording that is being used in forms and the policies that are put in place to manage the information once it has been captured", he adds.
Daragh goes on to say that the other important lesson from today's headlines is that even if your organisation is not intending to share data in a manner which would be inappropriate, if your front-end processes, staff, or forms give the impression that you might you equally face damage to your reputation by being the subject of a news headline.
"The carpenter's rule of 'Measure Twice, Cut Once' is a good guide for Data Protection Planning and how to avoid embarrassment or penalties arising from careless management of personal information".
#444444;">
About Castlebridge Associates
Castlebridge Associates is one of Ireland's leading specialist Information Management consultancies providing a range of services in the areas of Data Protection, Information Strategy, Information Quality, and Data Governance.
Amongst other services, we provide coaching, bespoke training, mentoring and consultancy services for Data Protection, focusing on the practical application of the 8 Principles and how they can enable business success and trust.
Organisations looking to improve their internal skills and awareness in these increasingly important areas should contact Castlebridge Associates to learn more about how we can help you maximise the benefits from the information that fuels your business: #660403; text-decoration: none; padding: 0px; margin: 0px; border: 0px initial initial;" href="http://castlebridge-associates.com/forms/contact-us">http://castlebridge-associates.com/forms/contact-us
Data Protection BootCamp in Athlone 29th July - see http://eventelephant.com/dataprotectionbasicsbootcamp for details!
Castlebridge Associates' founder Daragh O Brien is a noted figure in the field of Information Asset Management world wide with a number of articles and publications to his name.
Contact us at #660403; text-decoration: none; padding: 0px; margin: 0px; border: 0px initial initial;" title="http://castlebridge-associates.com" href="http://castlebridge-associates.com/">http://castlebridge-associates.com, twitter.com/cbridgeinfo or phone +353 539100049
About Daragh O Brien
Prior to founding Castlebridge Associates, Daragh O Brien lead a Compliance team in a leading Irish telecommunications firm. Prior to that he held strategic and operational responsibility for Single View of Customer strategy and execution. In each role he was a Champion and evangalist for the value high quality information through well defined and controlled processes.
He is a Fellow of the Irish Computer Society, a Founder member of the International Association for Information & Data Quality and a tutor on the Irish Computer Society's Data Protection Certificate. He co-founded and leads the ICS Information Quality Network.
He has been a keynote speaker, Chairman, and Panel participant at Information Quality and Data Governance conferences in Ireland, UK, Europe, North America, and Australia
Embarrassing Council Carelessness breaches acceptable Data Protection Standards
Personal data is held on trust by Data Controllers and appropriate standards of care must be in applied when engaging in any processing of personal data. While it is distressing for the individuals whose data is inappropriately disclosed, Data Controllers must be conscious of the damage to reputation and customer confidence that flows directly from lack of awareness of and appropriate care and attention to Data Protection duties.
This evening's RTE news carried details of the inadvertent disclosure of personal data by two local government agencies through what is best described as careless action. Taken together, almost 1000 people's personal information (at a minimum their email address and the fact that they have registered as having a second property) has been disclosed.
Offaly County Council disclosed at least 650 email addresses while Cork County Council disclosed 200. Both incidents have been reported to the Data Protection Commissioner. However, it seems that in the case of Offaly County Council the report came from one of the affected parties, not the Data Controller.
"Anyone processing personal data must remember that they hold that data on trust and owe a duty of care to the subject of that data", says Daragh O Brien, MD of Castlebridge Associates.
He continues: "Associated with that Duty of Care is a need to apply minimum standards of care and engage in proper planning of policies, processes and procedures, as well as employing appropriate technologies to ensure security at all points in the information life cycle".
"Cutting and pasting email addresses into a To: field, or CC: field of an email exposes all such email addresses. The use of the BCC: field does not. The use of readily available email marketing tools to send targeted mailings provides an even more robust approach".
Councils and Councillors should take care to ensure that all staff and council officials are fully aware of their Data Protection duties and the practical steps and controls which can be put in place to ensure that trust can be maintained in how personal data is being processed by Local Government in Ireland.
#444444; ">
About Castlebridge Associates
Castlebridge Associates is one of Ireland's leading specialist Information Management consultancies providing a range of services in the areas of Data Protection, Information Strategy, Information Quality, and Data Governance.
Amongst other services, we provide coaching, bespoke training, mentoring and consultancy services for Data Protection, focusing on the practical application of the 8 Principles and how they can enable business success and trust.
Organisations looking to improve their internal skills and awareness in these increasingly important areas should contact Castlebridge Associates to learn more about how we can help you maximise the benefits from the information that fuels your business: http://castlebridge-associates.com/forms/contact-us
Castlebridge Associates' founder Daragh O Brien is a noted figure in the field of Information Asset Management world wide with a number of articles and publications to his name.
Contact us at http://castlebridge-associates.com, twitter.com/cbridgeinfo or phone +353 539100049
About Daragh O Brien
Prior to founding Castlebridge Associates, Daragh O Brien lead a Compliance team in a leading Irish telecommunications firm. Prior to that he held strategic and operational responsibility for Single View of Customer strategy and execution. In each role he was a Champion and evangalist for the value high quality information through well defined and controlled processes.
He is a Fellow of the Irish Computer Society, a Founder member of the International Association for Information & Data Quality and a tutor on the Irish Computer Society's Data Protection Certificate. He co-founded and leads the ICS Information Quality Network.
He has been a keynote speaker, Chairman, and Panel participant at Information Quality and Data Governance conferences in Ireland, UK, Europe, North America, and Australia
Continuing litany of errors raises question about the "Quality Culture" in the SEC
For the second year in a row the Leaving and Junior Certificate examinations have been plagued by avoidable failures in quality management. These failures, and the responses thus far from the State Exams Commission, raises questions about the "culture of quality" in the SEC. Castlebridge Associates echoes the comments of the Irish Second-Level Students Union, who have described carelessness by those who set the exams as unacceptable and easily avoided.
"If the SEC was developing software or building cars the level of avoidable bugs and defects they seem to encounter on a regular basis would be having a serious impact on their bottom line", says Daragh O Brien, CEO of Castlebridge Associates.
So far this year we have witnessed:
- 217 students in 16 centres being supplied with Leaving Certificate exam papers that had not been correctly printed and were missing questions, resulting in confusion about how to get the missing questions to the schools (with broken fax machines and over-active Spam filters frustrating many attempts to get the questions through) and inconsistencies in how additional time was allocated to students to allow them to finish their exams.
- 24000 students sitting the Junior Certificate (or some 42% of all students) found themselves unable to complete a question on their exam due to the figures provided for calculations being incorrect.
- National media have received reports of extensive errata sheets being produced in exams to provide corrections to errors in papers.
All of these are, ultimately, problems with the quality of information which give rise to difficulties for the "knowledge workers" of the future at a time of heightened stress and tension.
While "Zero Defects" in information quality is a challenging goal, it is an achievable one as countless case studies have shown. While there may be costs involved in preventing defects and detecting them earlier in the life cycle of an exam paper, these costs are almost always less than the costs incurred as a result of poor quality information escaping into the wild. In the case of State Exams, these "Costs of Poor Quality Information" might include:- Increased pressure on students as a result of exam strategy for tackling questions being overturned by the complete exam paper
- Increased costs of appeals and rechecks as students may feel aggrieved at marks they might receive if they were on the receiving end of the errors
- Lower levels of trust in the validity of grades as cynics might argue that a student only got their grade because "bonus marks" were awarded to compensate for avoidable problems with the exam paper.
- The SEC are quoted on national radio as saying that error rates are the same as in previous years.
- Examination of the completeness, consistency, and accuracy of questions to ensure they can actually be answered.
- Random sample checks on exam paper print runs to ensure that the complete, consistent and "answer-capable" questions are actually printed in the right order
#444444;"> About Castlebridge Associates
Castlebridge Associates is one of Ireland's leading specialist Information Management consultancies providing a range of services in the areas of Data Protection, Information Strategy, Information Quality, and Data Governance.
Castlebridge Associates' founder Daragh O Brien is a noted international expert in these fields with a number of articles and publications to his name.
About Daragh O Brien
Prior to founding Castlebridge Associates, Daragh O Brien lead a Compliance team in a leading Irish telecommunications firm. Prior to that he held strategic and operational responsibility for Single View of Customer strategy and execution. In each role he was a Champion and evangalist for the value high quality information through well defined and controlled processes.
He is a Fellow of the Irish Computer Society, a Founder member of the International Association for Information & Data Quality and a tutor on the Irish Computer Society's Data Protection Certificate. He co-founded and leads the ICS Information Quality Network.
He has been a keynote speaker, Chairman, and Panel participant at Information Quality and Data Governance conferences in Ireland, UK, Europe, North America, and Australia
Data Protection duties not optional
Today's announcement by the Data Protection Commissioner that a leading Irish printing firm has been required to register with the Data Protection Commissioner is a timely reminder that the duty to protect personal data being processed by any organisation is not optional.
The printing company #333333;">RR Donnelley Document Solutions was acting as a Data Processor for telecommunications providers who were Data Controllers. As such, under Section 16 of the Data Protection Acts 1988 and 2003, they were obliged to register with the Data Protection Commissioner.
While certain exemptions to the requirement to register with the Data Protection Commissioner exist, these are limited in their scope and are counter-balanced in the legislation by an equally clear list of activities which require registration.
"Today's announcement from the Commissioner is to be welcomed as it shows how important it is for organisations to make themselves aware of the exemptions to registration as well as the scenarios where registration would be mandatory", says Daragh O Brien, founder of Castlebridge Associates.
"Knowing your customer and how Data Protection regulations affect their processing of Personal Data is a key step in understanding your duties as a Data Processor", O Brien adds.
However, it is worth remembering that regardless of whether you are mandated to register with the Data Protection Commissioner or not, any organisation that is processing Personal Data must ensure compliance with the other aspects of Data Protection law.
About Castlebridge Associates
Castlebridge Associates is one of Ireland's leading specialist Information Management consultancies providing a range of services in the areas of Data Protection, Information Strategy, Information Quality, and Data Governance.
Castlebridge Associates' founder Daragh O Brien is a noted international expert in these fields with a number of publications to his name.
About Daragh O Brien
Prior to founding Castlebridge Associates, Daragh O Brien lead a Compliance team in a leading Irish telecommunications firm. Prior to that he held strategic and operational responsibility for Single View of Customer strategy and execution.
He is a Fellow of the Irish Computer Society, a Founder member of the International Association for Information & Data Quality and a tutor on the Irish Computer Society's Data Protection Certificate.
HSE Childcare crisis highlights value of Information as a fuel for effective decision making
The unfolding tragedy of children and young adults who have died in the care of the Health Service Executive has cast a harsh light on the failings of the system and, significantly, of the management and governance of critical information within that system.
Ultimately, Information is Fuel for decision and action in organisations so the awareness of the value of information and the effective planning, management, and governance of that Asset should be a critical management responsibility, particularly where the quality or availability of information can cost lives.
Data Protection
The claims by the HSE that they cannot provide data on children who have died due to Data Protection issues is, on the face of it, incorrect. The Data Protection Acts 1988 and 2003 provide protections to living individuals, a fact which is clearly highlighted in the HSE's own FAQ on Data Protection.
While there might be personal data relating to other living individuals contained in some of the files relating to children who have died in State care, such information should be readily identifiable and redacted.
It may well be that, depending on the specific issues in a given case, disclosures of some or all of this data to a Government Enquiry could fall within the scope of the various exemptions, specifically where the disclosure would protect the vital interests of the child in care.
Information Quality
It is clear that the HSE has a serious Information Quality problem. Information Quality is the degree to which information can be a trusted source for all required uses.
The issues which have been highlighted in recent days in the HSE raise a number of questions in the context of this definition relating to the completeness of information within files, the consistency of information across or between files, the accuracy of information, and the timeliness of information relating to the care of children by the State. The systems and processes in this area of the HSE appear to be a bottle neck to delivery of information which is accurate, reliable, and trusted.
Even when the HSE produces its revised figures on the number of deaths in care for the Minister, there may be challenges in restoring trust in that information.
It would seem at this stage that the HSE might paraphrase the "Rime of the Ancient Mariner" as they appear to have “Data, Data everywhere but not a drop of Fact”.
Action
These kinds of problems can be prevented. Preventing these kinds of problems has been shown by numerous studies across different industries to reduce costs in organisation by anything up to 30%. In industries as diverse as Pharmaceuticals and Telecommunications, organisations world wide daily reap financial, customer service and other benefits from high quality, well managed, trusted information.
There are established principles and best practices available for the management of Information through its life cycle. Effective leadership in the form of a clear strategy and vision, coupled with informed and aware management actions can improve the quality and effectiveness of information while contributing to cost reductions in the HSE. This should be recognised as a leadership challenge and opportunity for the relevant Ministers and management of the HSE and not another IT problem to be solved.
Where lives are at stake, Best Practice is the minimum benchmark that should be accepted.
About Castlebridge Associates
Castlebridge Associates has a range of training programmes and consulting services in the areas of Data Protection, Information Quality, Information Strategy, and Information Governance which we have developed with a strong emphasis on building awareness and internal capability to manage Information more effectively to achieve organisation goals and improve the quality of your Real Business Fuel.
Castlebridge Associates is a participant in the Enterprise Platform Programme in Carlow Institute of Technology.
About Daragh O Brien
Prior to founding Castlebridge Associates, Daragh O Brien worked for a leading Irish telecommunications company in a variety of roles relating to the strategic management of information in Customer Relationship Management and Regulatory Compliance.
He is a Fellow of the Irish Computer Society (http://ics.ie), a founder member and former Director of the International Association for Information and Data Quality (http://iaidq.org). He is a tutor on the ICS's Data Protection Certification course and sits on the Certification working group of the IAIDQ.
Daragh holds a degree in Business and Legal Studies from UCD and he has lectured on Legal Regulation of Information Systems on European Masters in Business Informatics in Dublin City University.
He is a frequent author, presenter, and media commentator in the areas of Information Quality, Data Protection, and Data Governance, and has chaired industry conferences in the US, UK, Ireland, and Australia. In 2008 his industry report "Defining and Executing an Effective Data Quality Strategy" was published by Ark Group in the UK.
He is available for media comment on topics related to Information Quality, Data Protection, and Information Governance.
