What do you need to post a job? As a bare minimum, I need the job title, the salary or salary range and a link to how to apply. I know some recruiters don't specify the employer up front and I don't see that as a dealbreaker; the same goes for closing date. I'd much...
No accountability
In February, the Information Commissioner issued a bewildering press release headlined “Information Commissioner's Office calls for accountants to play their role in SMEs data protection compliance”. Like many in the DP sector, my instinctive reaction was “what...
Still not dead
Today, I turn 50. I can’t tell you how I feel about this because I wrote this post in advance and I plan to just publish and move on, either in good spirits or morosely contemplating my mortality. If you’re reading this, Mission Accomplished either way. Originally, I...
Strictly necessary
The most important word in data protection is ‘purpose’. Everything stems from the purpose for which you’re using the data. The data subjects, the data itself, the lawful basis, and everything else comes from this. It’s impossible to decide whether processing is...
Livin’ on a prayer
It seems like years, but about a month ago, the Secretary of State for Digital, Culture, Media and Sport gave a speech at the Conservative Party Conference. Michelle Donelan, who is at the time of writing still in post, announced that the government was still intent...
Waiting for Godawful
Ever since the ICO published its International Data Transfer Agreement at the start of the year, the UK Data Protection community has waited patiently for the accompanying guidance that the regulator said would be forthcoming. The IDTA is a technical and confusing...
Funny Money
In two high-profile speeches in July, Information Commissioner John Edwards made a bold claim, unlike any I’ve heard from previous Commissioners. He told the Data Protection Practitioners’ Conference: “I’ve challenged my team to save business at least £100 million...
Self-own
There’s a post on the ICO website that is supposed to be “A day in the life of the ICO’s information management team” – it is in fact a plug for the accountability framework. It contains a specific claim that ICO has subsequently circulated on social media: “we must...
Back to Black
I have what a lot of people would call a blacklist. I call it a blocklist because I can’t shake off the sense that ‘blacklist’ is a racist term. Our language is often coded in ugly ways, and ‘blocklist’ does the job. I maintain a list of people and organisations I...
ICO DPIAs (part one, published on 24/12/2021)
Framework for auditing AI systemsIntroduction of an IT helpdesk ticketing SaaSCyber EssentialsFee recovery process for non-payment of DP feesEquality, Diversity and Inclusion Audit of the ICO by third partyProcess for ICO marketing emailsICO use of Google...