Eye Tea

A quick plug.  I’m doing a session at this event on Tuesday 26 January (London) and Wednesday 3 February 2010 (Manchester).  The conference is about using customer profiling to understand customers’ wants and needs better.  The Tenant Services Authority is pushing for landlords to do profiling, and the TSA will be presenting at the conference.  Social landlords, it would be great to see you there.  If you can’t make it, feel free to contact me to get the guts of what I’m saying at the event.

Event flier: http://www.hqnetwork.org.uk/scripts/get_events?file=2087

Bookings for London: http://www.hqnetwork.org.uk/booking_form.php?selected_id=647

Bookings for Manchester: http://www.hqnetwork.org.uk/booking_form.php?selected_id=648

Okay, let’s be polemical.

Data protection in the UK is benign. For the average organisation that gets routine compliance wrong but doesn’t mean to, you don’t get into trouble as such.  You get told how to comply, and as long as you do as you’re told there’s no talk of criminal offences. You could almost make it your compliance strategy to wait for customers to complain then let the regulator tell you what to do.  Customers have the right to compensation in some cases, but it’s small stuff and rarely goes to court. You can get named and shamed on the regulator’s website, but so what? It’s a rare case that causes major reputational damage and makes the national news headlines, and you can ride out stories in local news and sector/ trade publications.

The thing is, you pretty much can run your compliance strategy like that, and I think many organisations do.  I don’t imagine that it’s driven by cynicism.  It’s just what it ends up looking like if you don’t put enough resources into data protection compliance.  And with plenty of other calls on your cash and time, why would you ?

I think there’s quite a good business case for good data protection compliance, although I’ll write about that another time.  What interests me today is why DP compliance gets neglected.

My guess is, not many people know how to do compliance simply and cost-effectively, without making a business out of it.  The law and regulators’ guidance are pretty complicated.  They offer high level principles and really specific guidance and case studies, and not much in between.  You could be forgiven for not even bothering to make a start, let alone boil it all down into a simple, effective system.  I like the BSI’s new standard on data protection but I think it’s complicated and can’t yet be certified.  Ditto the information governance standards.  So far as I can tell the regulator hasn’t issued similar standards guidance, which I find a bit surprising.  Which leaves us all … not doing too well at DP compliance.

What’s prompted me to think about this is news this week about new powers for the regulator.  (See the “News” links, below.)  I need to spend time getting to grips with guidance on the new powers, and I’ll be watching the first few decisions carefully, but it looks like time is nearly up for relaxed or cynical approaches to compliance.  These features caught my eye:

• You get penalised if the outcome of a breach is serious, or likely to be, and the breach and outcome were foreseeable but not managed as such.  That puts virtually any business in the frame, and pushes organisations to put effort into DP risk assessment.
• Penalties will be used to neutralise commercial benefit.  There’s a commercial benefit to slack compliance.  Are we looking at that kind of compliance saving being charged in the end, by the regulator?

I’m surprised to see the regulator’s practice notes are treated as a benchmark in the guidance.  I find that difficult, because the recommendations do not cover all sectors or DP issues, and they’re not always easy to apply in practice.  Humph.   If you can build a business case for it, the on-the-shelf solution is British Standards compliance (which gets several endorsements in the guidance).

So we all need simple, quick, cost-effective ways of achieving compliance without a huge increase in the legal or consultancy bill, or the payroll of your compliance department.  If you think you’ve succeeded in setting up a great personal information management system, leave a comment, let me know.  I reckon I’ve got good solutions and I’d be happy to share ideas.

News: http://www.ico.gov.uk/upload/documents/pressreleases/2010/penalties_guidance_120110.pdf

BSI survey: http://www.bsigroup.com/About-BSI/News-Room/BSI-News-Content/Disciplines/Information-Management/BS-10012-publication/

BSI standards: http://shop.bsigroup.com/en/Browse-by-Subject/Data-Protection–Freedom-of-Information/?t=r

Technology blogs and news recently have given lots of coverage to the international Consumer Electronics Show 2010, in Las Vegas, which closed yesterday.   We’re into technology for business rather than consumer gadgets on this blog, and that’s why a new offering called LightTouch(TM) from Light Blue Optics particularly caught my eye.  Have a look at the images in this slideshow.

There are some cracking opportunities for businesses in the sectors I work for.

• Retail – In-store brochures for customers to search.  You could advertise related or similar items that you sell, by projecting images next to a static display.  You could tell customers whether the item is in stock or can be ordered.  You could tell customers where to get the item they want, on the shop floor.
• Coffee shops and pubs – give customers something to do.  You could provide board games, gambling, or perhaps today’s newspapers or website access.   If you want to focus on the professional market you could offer business information and email or other simple applications.  Provide them for free to encourage visitors; or pay-per-play to generate revenue.
• Food outlets – provide the menu.  No more tatty-looking or dirty menus.  Customers don’t have to wait to order what they want.  Waiting staff are freed up to concentrate on delivering food and service.

So what’s my quick legal assessment of those ideas?  For the on-the-wall catalogue and on-the-table menu, the images you use will come from your photographer or the supplier; in each case you need their permission to use the image.  In the coffee shop/ pub example, you need a gambling licence for gaming, and you might need permission to use or replicate popular board games.

This technology also gives you an opportunity to profile customers’ behaviour or get their personal details, to provide you with business planning data or possibly revenue from selling the information.  There’s a bit of data protection compliance to deal with here – nothing insurmountable, but there’s plenty of scope for red faces and public censure for those who don’t bother.  There must be loads of other business models that could use this technology.  Any ideas?

See Light Blue Optics website: LightTouch(TM).

Happy New Year and welcome to the first post on our blog. Ever!

You probably don’t remember Steve Taylor’s album, I Predict 1990. I’m not sure that I should, either, and I’m not recommending it. But it came to mind as we turn another decade and I fell to thinking about what’s on the way. Here’s what’s on my radar for the year.

• Remarkable things in IT For (s)he who seeks, I see the price of IT plummeting, and some impressive internet-based services.  On the internet I predict more sophisticated data sharing built on XML and mash-ups.  We also hope to see smarter IT procurement, through buying groups, and re-use of existing IT, both of which we have seen used to great effect particularly in the public sector in the noughties.  2010 will show us the way forward for business IT, just as we (hopefully) emerge from recession.
• Green goes commercial Kyoto comes to town this year when the UK’s carbon trading system gets going.  The Carbon Reduction Commitment will apply to big electricity users.  If that’s you, you should already be taking action.  I expect the risk of penalties will drive deeper investment in carbon-reducing measures like insulation, building management systems, and new sources of heat and power.
• Legal services on the move Within 2 years the first wave of supermarket law and outside investment in law firms will hit.  The sharpest law firms will shift on how they deliver legal services, and pricing.  2010 should see the beginning of significant change.
• Public sector IT gets smarter The public sector is grabbing the concept of cloud computing with both hands and I will be keeping a close eye on it this year.  Recent announcements suggest that using IT to make data accessible to Joe Public, and to improve data sharing between organisations.

What do you think?