Trust Economics

The Office of the UK Government’s Information Commissioner has released a press release to coincide with a speech given by Information Commissioner Richard Thomas. The speech highlights some views towards the handling of personal data within organisations.

Two opinions expressed by Mr. Thomas are especially pertinent to Trust Economics:

• Top-level directors should take more responsibility for the protection of personal data held by their organisation within databases etc. This includes demanding that appropriate data security policies be put in place, that privacy be built into software applications used within the organisation, and that employees be suitably trained to manage data security risks. In relation to Trust Economics this implies both that workable policies be enacted, and; that in a general sense, company staff be educated not only in how to interact with the security controls that protect the data they work with, but also in the procedures to follow when those security controls fail (some activities have possible negative consequences that make them seem ‘risky’ in the first place). Mr. Thomas asks “How many staff do not tell their managers when they have lost a memory stick, laptop or disc?” – just as it is important to learn from reported data breaches, it could be equally of use to glean an understanding of the behaviour and working culture that promotes silence on the subject in so many cases.

• An increased capacity to store personal data can have its own associated risks (to the degree that Mr. Thomas refers to information as a “toxic liability”). With this it could be argued that organisations should develop a greater awareness of what their system users are capable of achieving with the data that they have access to. Instead of securing data to the point of making interaction with it impossible, organisations should seek to allow potentially productive access to personal data only if and when necessary, and when it is necessary, it is important to have an informed understanding of what an employee can then do with that data (and just as importantly how and why they may do what they do).

There is also a BBC article that discusses Mr. Thomas’ speech.