SOCITM (Society of Information Technology Management)
|Printable version||E-mail this to a friend|
Councils should review information governance arrangements ahead of impending changes to data protection and online privacy laws
Socitm suggests that councils should look at the information governance arrangements they currently have in place and prepare for the enforcement of the new regulations that are likely to be in place from 2018.
Supplier organisations should equally be planning for more demanding compliance enquiries from their customers in local public service delivery, and from the citizen/business users of those services too.
In its new briefing, Data protection: <Control><All><Delete>?, Socitm sets out details of the forthcoming changes and warns that compliance with some aspects of the new legislative framework could be difficult. IT professionals are therefore advised to start work on getting their information governance functions prepared to update information strategies, so that they are compliant across the full information lifecycle from ‘create’ to ‘archive’ and ‘destroy’.
Key features of the changes are contained in:
- the draft European Data Protection Regulation that will replace the Data Protection Directive currently in place; and
- the new EU-US Privacy Shield replacing the Safe Harbor agreement of 2000 that was struck down by the European Court of Justice in 2015.
The Safe Harbor agreement, explains the briefing, bridged cultural and political differences between Europe and the US regarding online privacy. While the EU sees protection of personal data as a human right, America considers it mainly in terms of consumer protection. Safe Harbor allowed firms to transfer data from the EU to America if they self-certified safeguards equivalent to those required under European Data Protection legislation.
Legal action in the wake of the Snowden revelations challenged the degree of protection for citizens’ data provided by Safe Harbor. New measures giving foreigners’ data some legal protection have been put in place, but it is not yet known whether the European authorities will consider that US privacy protection is now adequate.
Operationally, says the briefing, it looks like the new EU-US Privacy Shield will be at least as safe as before for UK public services to use US cloud service providers.
The new European Data Protection Regulation, a draft of which was unveiled by the European Commission in January, will update the law to accommodate technologies and usage not known when the UK’s own Data Protection Acts were drafted in the mid-1990s. These technologies and usage include pervasive online business transactions, social media and cloud computing.
Key principles set out in the draft are to increase digital security for individuals; make the data protection legislation suitable for the digital age; and reduce bureaucracy.
Individuals’ are to get easier access to their own data and clear, understandable information about how it is processed; it will be easier for them to transfer their personal data between different service providers and, subject to circumstances, they will have the right to have their data deleted.
The new laws apply to companies based outside the EU that store and process the personal data of all those resident within the EU. National supervisory authorities will be empowered to enforce these laws, with the ability to impose significant penalties for non-compliance.
‘Accommodating the changes will be a matter of amending existing processes rather than inventing new ones’ says Dr Andy Hopkirk, Head of Research at Socitm. ‘Some of the changes could be onerous and problematic. For example, councils will need to be able to deal correctly and completely with ‘right to be forgotten’ requests - perhaps the single greatest challenge in an almost ubiquitously networked and distributed computing world.’
Data protection: <Control><All><Delete>? is available free of charge to Socitm corporate members and Socitm Insight subscribers at:https://knowledgehub.local.gov.uk/group/socitm-insight/library
Vicky Sargent, Socitm Press Office
Tel: 07726 601 139 email: email@example.com
Dr Andy Hopkirk, Head of Research at Socitm
Tel: 01604 709456 email: firstname.lastname@example.org
Latest News from
SOCITM (Society of Information Technology Management)
Leaders not managers are needed for the transition to digital: the good news is that they can be made says Socitm briefing01/12/2016 14:05:00
Leaders, not managers, are needed if local public services are to make the vital transition to digital. The good news is that with the right support, leaders can be developed rather than just emerging randomly.
National Cyber Security Strategy provides welcome boost for ongoing commitment of UK local authorities says Local CIO Council03/11/2016 15:15:15
The much anticipated five year National Cyber Security Strategy set out by the Chancellor recently provides a welcome boost for UK local authorities’ ongoing activities to keep their operations secure in an increasingly digital world.
Aylesbury Vale achieves transformation and £4m savings via ‘simplify, standardise and share’ approach says Socitm briefing26/09/2016 16:25:00
The impressive transformation achieved by Aylesbury Vale District Council, which has realised at least £4m in savings over five years, has been achieved through the ‘simplify, standardise and share’ approach advocated by the Local CIO Council.
Organisations that take the Simplify, Standardise and Share approach can avoid ‘delusions of transformation’ says Socitm23/08/2016 14:15:00
Local public service organisations that want to deliver real transformation, rather than just ‘e-enabling’ information and online transactions, should follow the ‘simplify, standardise and share’ approach set out in the recent paper published by the Local Public Services CIO Council (LCIOC) in collaboration with Socitm and SOLACE.
Blockchain technology could offer powerful opportunities for digitally-enabled councils says Socitm briefing03/08/2016 13:24:00
Blockchain technology – the same technology that enables Bitcoin, the digital currency – is set to disrupt many public and private sector business models, potentially shifting power away from current control centres and out towards service users.