The DOBlog

Category: Politics & Culture

  • Dublin Web Summit, Data Protection, Data Quality, and Brand

    The KoolAid is being quaffed in great quantities this week in Dublin. And, having run national and international conferences in the Data Protection and Data Quality fields, I have to respect the achievement of the organisers of the Dublin Web Summit for putting together an impressive event that showcases the level of innovation and thought leadership, and capability in web, data, and all things tech.

    Yes. About that “thought leadership”…

    Data Protection

    Today’s Irish Times Business Section carries a story by Karlin Lillington about things that have been happening with her personal data at the Web Summit. An event she is not attending and has not registered for but for which she:

    • is registered as an attended
    • is listed on the media attendees list
    • has had her contact details distributed to sponsors and companies attending the event
    • has had her details shared with a social networking application that has pulled data from her Facebook profile

    In addition, she highlights that a list of ALL attendees is being distributed by the organisers if you request it through their Facebook page, but there is no opt-out for being included on this list and nothing in your registration that informs you that this will be happening.

    Emails are being sent out without people having opted-in, and not every email that is being sent out has the required opt-out. And I suspect that that may be the tip of the iceberg.

    Karlin reports that there have been complaints filed with the ODPC. My twitter stream this morning confirms that there are a number of people who I follow who have complained about how their data has been used. Many of these people would be the kind of people who you’d like to see fronting the thought leadership and innovation in web and data stuff, and they are irked at how their data is being abused.

    The DPC apparently has had previous complaints about Web Summit and has engaged with them in an “Advisory Capacity”. In my experience working with clients who have been subject to Data Protection complaints and have been investigated by the DPC, that is the Data Protection equivalent of “helping the police with their enquiries”. Web Summit has been handed rope. They have been guided and advised as to what needs to be done to be compliant (in keeping with the gummy tiger provisions of Section 10 of the Data Protection Acts which require the DPC to seek amicable resolution first and to focus on encouraging compliance rather than punish breaches).

    Dublin Web Summit has chosen, whether through a deliberate decision or a series of ego-driven and ignorance fuelled errors of judgement to ignore the advice of the DPC and continues to act in a manner that flouts the Data Protection rules that (and here’s the kicker) are not ‘nice to have’ but are guaranteed under Article 16 of the TFEU and have been subject to a number of recent tests at Circuit Court and High Court.

    Basically this is a Data Protection cluster f*ck of the highest order that illustrates one of the key problems with the “Innovation culture” in Ireland and, on the part of Government, either a blatant hypocrisy or a sociopathic ability to hold multiple contradictory positions at once. We want to promote Ireland as a great place to do business with web and data. And we want to be seen to be a bastion of increasingly responsible governance and regulation (after all, we’ve learned the lessons of the financial services collapse right? That one where we had  a Regulatory regime that was of so light a touch it could earn extra pin money touting for trade along the canal.) But for feck’s sake, don’t let the LAW get in the way of the use of TECHNOLOGY.

    Dublin Web Summit has almost certainly breached the Data Protection Acts in a variety of ways. Given that many of those breaches would appear to have been taken AFTER the DPC had given advice and guidance on what not to do. So the Web Summit organisers might want to check section 29 of the Data Protection Acts (never used, but there’s always a first time).

    Data Quality

    Data Protection and Data Quality go hand in hand. Heck, the principles for Data Protection are referred to in Directive 95/46/EC (and a variety of other places) as “Principles for Data Quality”. But on a more practical level, the approach the Web Summit has taken to obtaining and gathering their data and putting it to use has created some Data Quality problems.

    Take Karlin for example.Her contact details have been included on a media contact list for the event, touting her as someone from the media who is attending. A variety of sponsors and exhibitors at the event have apparently contacted her looking to meet at the conference. I’m guessing they’re a bit surprised when a leading tech journalist tells them she isn’t attending the event and won’t be able to meet with them.

    Also, eyeballing the “media list” I’ve found:

    • Duplicate entries (suggesting the list was created from multiple sources)
    • Organisations listed that might not be media organisations but are possibly service providers interfacing with media (new media/old media)… so VENDORS.

    The categorisation of organisations is hair splitting on my part, but the duplicate entries on a list that was being circulated to sponsors and exhibitors is indicative of a lazy and careless approach to managing data.

    How many of the people on the list are actually attending? And if you are counting the number of people attending from an organisation, are you allowing for duplicate and triplicate entries? If you are a marketing manager from a company who is ringing all these media people only to be told that they are either not attending or that they are not actually covering the tech aspects of the event but are (heaven forfend) actually exhibiting at the event yourself, how much will you trust this list next year? Will you be happy to pay for it?

    Never mind the quality, look at the tech!!

    Brand

    And this is where we come to the brand aspect of all of this. The Web Summit has made basic mistakes in Data Protection compliance even when presented with advice and guidance from the DPC. With regard to their Presdo social networking application, there are examples of it being used in data protection compliant ways (Karlin cites the le Web conference which used the same application but presented people with a code they could use to confirm their consent to their personal data being accessed and shared).

    But Dublin knows better. Dublin is the go-getter innovator. Rules schmules, Indians Schmindians.

    Which is a mantra that has disturbing echoes in the recent history of the European Economy. So it is a mantra we should, as thought leaders and innovators, be trying to distance ourselves from as much as possible. By showing how we can design privacy into everything we do in web and data and pushing the innovate envelope in ensuring balance.

    But here’s my fear. EI and the Government don’t get this. I am not aware of ANY EI incubator programme [Brian Honan informs me that Blanchardstown and Dundalk IT have had him in to talk to programmes] that provides training or briefings on Data Protection (Wayra does. I recently provided some content to help).

    My company has submitted proposals to various government backed training programmes for On-Line business, and I have got letters back telling me that Data Protection is not relevant.

    Everyone seems happy to touch the hem of the prophets of the Web and drink hungrily from the Kool Aid, repeating the mantra “Rules Schmules, Indians Schmindians”. But it is worth remembering the origins of the phrase “Drinking the Kool Aid” (hint: it didn’t work out well for the first group to do it).

    The Data Protection world globally is in a state of rapid evolution. Those who ignore the help and advice of Regulators invite penalties and brand damage. It  is time that the thought leaders of our web economy stepped back and actually thought about how they develop their brand and build trust based in the personal data economy.

    Koolaid from the Floor [an update]

    I made the mistake of watching twitter streams from the Dublin Web Summit. The KoolAid was gushing. Lots of great ideas and interesting innovation but not a single person seemed to be addressing the gorilla in the room that is Data Protection and Privacy.

    Yes, Social Engagement is important. Yes it is important to build trust and engagement with your brand. But as W.Edwards Deming famously said:

    You can’t inspect quality into a product, it’s there from the beginning.

    In other words, if you don’t start off by respecting your customers and their privacy rights, you will leave a bad taste in your customer’s mouths and sour your brand.

    That’s the weedkiller in your web branding koolaid. Drink with care.

  • Lego System and the Value Delivery System

    I love Lego. The fact that my Facebook avatar is a sinister looking “Liago” man from a Chinese clone of the famous Lego System is a little personal in-joke (and I’d love to see what their facial recognition makes of that). But I also love my daughter, who is bright, imaginative, and creative. And I hate to see anything that might curtail that and box her thinking into a gender-appropriate bucket that she might struggle to climb out of in years to come.

    That’s why I hate the fact that ‘girls’ toys are all pink. I’ve given up to an extent on the battle against all girls’ clothes being default pink. Everyone seems to think this is the way it has always been, but no it’s not. It’s new, and it has been the other way around as well. Here’s a quote from an article in the Smithsonian Institute’s magazine:

    For example, a June 1918 article from the trade publication Earnshaw’s Infants’ Department said, “The generally accepted rule is pink for the boys, and blue for the girls. The reason is that pink, being a more decided and stronger color, is more suitable for the boy, while blue, which is more delicate and dainty, is prettier for the girl.” Other sources said blue was flattering for blonds, pink for brunettes; or blue was for blue-eyed babies, pink for brown-eyed babies, according to Paoletti.

    In 1927, Time magazine printed a chart showing sex-appropriate colors for girls and boys according to leading U.S. stores. In Boston, Filene’s told parents to dress boys in pink. So did Best & Co. in New York City, Halle’s in Cleveland and Marshall Field in Chicago.

    But Lego is supposed to be different. It is supposed to allow children to think outside the box (literally as well as metaphorically). My fondest memories of childhood centre on a massive 30 litre white bucket that my grandmother bought at a time before my memory which was filled with every piece of Lego bought for my uncles, for me, my brothers and which did the rounds of ALL my cousins.35 year old Lego being played with without prefixed form or format, constrained only by our imaginations and the laws of physics, whether we were boys or girls (I’ll admit – mostly boys, but that just makes my next point more important as I do have some girls in my extended family).

    New Lego is shit. More precisely: New Lego for Girls is shit. Sexist, insulting, degrading shit. It is so shit that I will not let it in my house. Ever. Here’s why:

    Lego Friends–Silly imagination retarding lego playsets for girls.

    So.. gone are the fun Lego person minifigures, replaced with anatomically approximate figurines with long hair. Who go shopping. And hang out with their friends. And have handbags and Beauty parlours and cake shops.

    Jebus. There’s no need for any small girl to risk burning out a brain cell engaging in that ‘imagination’ thing. Keep your brain inside the small box that society is creating for you, accept the parameters and all will be well. Compare to the style of the ‘boys’ Lego (which is a slightly formulised version of the Lego I love)

    Lego that makes you think about what might be possible….

    Yes. I’m guessing the Astronaut is a boy. (I secretly suspect girl astronauts wouldn’t have sent a broken satellite into space or would have been more careful with the fragile bits when it got there).

    Lego say that their product design is based on market research and studying what girls play with. This is a mistake. This basically means that their research has essentially asked questions like:

    • “How have different genders reacted to mass market indoctrination by other toy manufacturers who are creating pre-assembled play sets? ”
    • “When faced with a choice of toys in pink, pink, or pink that establish certain female gender roles, do girls choose the astronaut (who is not an option they can chose)”

    Which, unsurprisingly has left them with the answer that girls like pink, want to have a beauty parlour, and the only space they are interested in is the one where they will be building their beauty parlour.

    This inevitably has lead Lego to creating a range of products that women find sexist and demeaning and men find to be a heretical travesty of the concept of Lego as we know it.

    What might they have done differently?

    A few years ago my friend and mentor Andrew Griffiths introduced me to the concepts and principles of the Value Delivery System, as developed by Michael Lanning at McKinsey and subsequently refined by Lanning in his own consulting work. Andrew helped knock some corners off the concepts when he was in McKinsey and gave me a first-hand insight into the power of the method.

    (Incidentally, the term “value proposition” in marketing comes from this Value Delivery System but is used today with a meaning that is less than that which Lanning first promoted it.)

    Key to the Value Delivery System method that Lanning developed is the idea of the Key Resulting Outcome that the customer wishes to have. Once that is identified, the organisation can determine how to deliver that Key Resulting outcome using their products and services. In his book, Lanning cites the development of the Polaroid Instamatic camera as a good example of a Key Resulting Outcome triggering innovation. The inventor, Mr Land, was taking photographs at his daughter’s birthday. She apparently had a tantrum when he told her she couldn’t “see the photographs now!!”, which sparked the development of a technology that shook up photography and related industries (like pharmacies and camera shops) for nearly five decades.

    I often work back from what a company is delivering through or with data to identify the Key Resulting Outcomes they are giving their customers – as a way of triggering debate about Information Strategy (a cheeky adaptation of Lanning’s method). Applying that approach to Lego’s #NewLegoforGirls I have determined that Lego believes that Parents and Children:

    1. Want imaginations constrained with pre-formed Anglo-European/Anglo-American gender roles and lifestyle expectations. Girls shouldn’t worry about being astronauts because they can own a cake shop instead.
    2. Want clear demarcation in play and interaction between children of different genders. After all, Astronauts don’t get their hair done at the salon and don’t go for cakes at the coffee shop. They’re too busy fighting aliens and fixing satellites.
    3. Want girls to identify from an early age with female body shape identity and “gender appropriate”clothing and colours (like pinks). So the “Lego Friends” figures have curves and bumps and boobs and long hair, while the traditional Lego MiniFigures have comical faces painted on, but remain blocky and androgynous apart from that (yes.. I know the minifigures have ‘wigs’ with long hair and can have bodies made with painted on dresses as much as painted on uniforms but…they’re not as ‘in your face’ about it).

    Frankly, the Key Resulting Outcomes I actually want from toys for my daughter are:

    1. Stimulate imagination and creativity
    2. Promote group play and interaction, so that skills of cooperation and planning can be developed
    3. Allow her freedom to imagine herself in any role/job/scenario she may want, whether that’s cake shop owner or astronaut
    4. Provide a format and system within which the gender biases and cultural short-hand of the marketing departments of other lazy toymakers can be set aside and open explorative play and imagination can be developed.

    Like in the old days. The way Lego used to be. Right now I fear Lego may be facing a “New Coke” moment. Parents (and dare I say it, grandparents who fought the feminist battles of the 1970s and 1980s) are sick of society and toy makers being lazy and putting the imaginations of children into boxes that are shaped by relatively recent colour charts (1940s) and ridiculously inane and sexist stereotypes of gender roles and possibilities.

    Lego should be about possibility, not pink. That is the Value that the Lego System should be delivering.

    When my daughter plays with Lego, I want her to feel free and encouraged to imagine the day she opens her Beauty Parlour/Cake Shop.

    On Mars.

    After she’s led the first successful manned mission there.

    As an Astronaut.

  • Support your Local Sheriff–why the DPC needs us to help them help us.

    Problem Statement

    The Irish Government is tripping over itself to win FDI from the new ‘Big Data’ enterprises. Whether it is promoting Ireland as a perfect location for Data Centres (it is, apparently we’re in a temperate Goldilocks zone) or chasing flagship investments in European headquarters for companies such as LinkedIn, Facebook, Zynga Games, Twitter, not to mention the pursuit of “home grown” ‘Big Data’ firms or the development of long term residents like Apple or Amazon from ‘box packers’ or call centres to foot prints of ‘Big Data’ behemoths, the Government can’t help itself.

    And why would it. These organisations bring needed jobs, needed credibility to the Irish Economy, and much needed positive headlines for beleaguered politicians.

    Of course there is a catch. A small problem. Actually two small problems.Well actually one problem but one that is so small but so significant that it is worth mentioning twice:

    Our Data Protection Commissioner is chronically understaffed and, in my view, may lack skills and experience necessary to engage with and properly enforce EU Data Protection regulations.

    If the Government is viewing “Data” and its related services as the “New Finance” they are showing precious little evidence of having learned from the failures of the past and I increasingly believe we are facing a scenario where either

    1. A major Data Protection scandal sweeps across big name players in Ireland and the DPC is wholly overwhelmed and cannot respond appropriately.
    2. Once new EU Data Protection Regulations are in place, we find ourselves in the eye of a major Data Protection issue and the Irish DPC finds himself with no option but to cede responsibility for the investigation and enforcement to another EU Data Protection Authority under the enhanced co-operation protocols in the revised Data Protection Directive.

    (more…)

  • An open letter to Viviane Reding

    Dear Commissioner Reding,

    I’m writing to you as an EU Citizen who is passionate about data, is use, its quality, and its protection. I’m not writing to you as the Managing Director of a company that offers Data Protection training and consulting services, but in the interests of transparency I think it best to disclose that that is my day job.

    I am writing to you about the new Data Protection Regulation. In particular I’m writing to you about the penalties contained in the current draft proposal. Frankly I think they suck. I don’t think they’ll have the effect that you think they will have. I’m basing my opinion on a number of bases:

    1. I have worked in Regulatory Operations in a Regulated industry that you are familar with, telecommunications.
    2. I’m a keen student of human psychology and economics, particularly the psychology and economics of risk and reward.Understanding this “theory of psychology” is important in the world of Information Quality.
    3. I like to observe and learn from other industries and areas of life to see what can be applied to improving quality systems for and the governance of information.
    4. I’m the parent of a toddler. This might not appear immediately relevant but, in the context of Data Protection, my immediate experiences dealing with a stubborn personality in development who is programmed to push boundaries and infuriate me with apparent disregard for the standard of behaviour expected of her all too often find their parallels in the management teams and staff of organisations I’ve worked with.

    Taking these elements together I am afraid that 5% of Global turnover will not work as a penalty. It’s a great soundbite but will, in practical terms, amount to little more. There are a few reasons for this.

    (more…)

  • Correction from Irish Examiner re: Vatican Closure

    After some toing and froing and an email trail that included quotes from the Chairman of TCH (the parent company of the Irish Examiner) at #mediv2012 I finally got clarification from the editor of the Irish Examiner of their Vatican Embassy story (soon to be corrected on-line), which I first blogged about on the 19th of January.

    At my suggestion, Dolan O’Hagan (the editor) provided the text of the clarification (which ran in the print edition two weeks ago but never made it online until today) for me to post here to close the loop so to speak. I’ve made the font bigger for the quote so that the text can be more clearly seen.

    In an article published on January 16 headlined "Public decries closure of embassy to the Vatican" it was stated in the opening paragraph that  the embassy closure "was met with overwhelming opposition from the public with over 93% criticising the move".
    The Irish Examiner would like to clarify that it was, in fact, 93% of those who had written to the Dept of Foreign Affairs in the immediate aftermath of the announcement who had voiced opposition to the move – a fact reflected later in the story but not in the opening paragraph due to a copy review error.

    While I differ slightly on the claim that the latter part of the story reflected accurately the level of actual uproar about the Vatican closure (I feel that the section in question required some close reading to understand the actual sample size involved which the 93% referred to), I welcome the statement from the Irish Examiner that does go a substantial way to clarifying the issue. I look forward to seeing the promised amendments and clarifications in the on-line edition soon, and once that happens I’ll be gladly closing my complaint with the Press Ombudsman.

    Of course, there is an important lesson for anyone producing information that is distributed through multiple outlets – an error may need to be corrected in a timely fashion in multiple locations. As such you will need to know when and where that information was disseminated and what control you have over getting the facts corrected.

    (Indeed, under the Data Protection Acts if a Data Controller is informed of an inaccuracy in personal data they have to inform anyone they shared that data with in the previous 12 months who in turn must notify anyone they shared it with etc. Frankly it’s turtles all the way down until the data universe is as correct as it can be made).

    Now my hope is that, with the correction on the part of the Irish Examiner, the other publications which picked up the 93% rallying cry will in turn correct their copy so that it reflects the reality of the situation, not hyperbole caused by an error in review.

  • SOPA, Irish political debate, and keyboard warriors

    I work in a knowledge-driven sector (consulting and training). I have written two publications that have ISBN numbers, which makes them books I suppose. They were each over 100 A4 pages long. I’ve written hundreds of blog posts and articles over the years and have a large external hard drive filled with every presentation I’ve given in my topic area (Information Quality, Data Protection, Data Governance) over the past number of years.

    In my professional capacity I am a member of a number of professional associations and have a number of professional certifications, all of which have an ethics element which, amongst other things, requires me to respect copyright and to give credit to the works of others when I am using them.

    As a presenter I’ve experienced flying in economy class to far flung places to see the person in front of me on the agenda ripping off the presentation I was just about to give because he’d come into possession of an earlier version of my slides from a previous event (in that case I just changed my presentation and explained to the audience why while the guy sat in the front row looking for an emergency exit – perhaps repeatedly saying how much I agreed with his points might have been laying it on to thick).

    But the SI that is about to be signed into law is just nuts, aimed solely in my opinion at propping up a dying business model in which KPI indicators that were perfectly valid 10 years ago are falling and rather than pull the levers and turn the knobs in their own business model and evolve, an industry lobby is seeking to pull levers and turn knobs in society as a whole and create a time machine that puts the smoke of 20 years of technology evolution back in the bottle.

    I teach and consult on-site with clients. I have also been published in dead-tree formats. e-learning and on-line tutorials and coaching, blogs, internet based publications, e-books all challenge that business model. So is my response to lobby hard for legislation and burn cash in litigation to reverse the universe? No. I’m not a moron. I embrace the opportunities for new business models that the Web provides. I look to build a Platform Business (to borrow from my friend Phil Simon) and I seek to develop new ways to distribute and monetise my services and my knowledge. (So expect to see some things developing from my business over the next few months)

    That the Irish Music Industry has strong armed the Government into rushing bad law in in a bad way is irksome in the extreme. That a mortally wounded industry has been able to bully (and yes, I do feel that the approach taken amounts to bullying) a Government into bringing in legislation of a kind that a vibrant and growing industry sector (that would be the Interwebs and Cloud) had lobbied and campaigned against successfully in the US only a few weeks ago galls me. That it is happening when the legal position in Europe has evolved and the clear message from TWO EU Commissioners (including the Vice-President of the Commission) is that Internet Blocking is not an option in Europe (ergo the Commission would be unlikely to penalise Ireland for not having it in place) just sickens me.

    But what really sticks in my craw is the pantomime of a Dail debate that we saw last night which makes a mockery of parliamentary democracy in this country. A debate where a perfectly workable alternative piece of legislation that achieves largely the same objectives while balancing the needs and interests of the ISPs (who were NOT consulted or engaged with when the original SI was being prepared) was basically ignored.

    The debate highlighted how out of touch with their electorate the Government is. Dismissing people who WRITE to you as “key board warriors” is insulting and disingenuous to say the least. I am a keyboard warrior and proud of it. I use my keyboard to effect change in organisations, educate and inform. It is my TOOL. Just as my grandfathers’ tools were pens and typewriters (for one) and trowels and plaster (for the other). My keyboard (and my website) is my own personal printing press with a scope, scale, and reach that Guttenberg could never have imagined.

    Bad law, introduced badly, by people who don’t grasp the basics of what they are seeking to regulate and control, with an arrogant dismissiveness of comment and debate from the political class (with notable exceptions) has the makings of a total trainwreck.

    As an aside, when I first raised concerns last year about the Fine Gael website I was dismissed  as being “only a blogger”. This keyboard warrior was right, so the track record of arrogant dismissiveness from Government parties has not been good on things internet related.

    So I contacted my Government party TDs by phone this morning to express my dissatisfaction. If my keyboard won’t be listened to then I’d better start using my voice.

  • While we’re all fired up about protecting rights..

    Hey you #stopsopaireland people, I’ve got a favour to ask. It’s not a big one. It will take you 30 seconds to do but it may help to make your life a little better

    The 30 seconds kicks in as soon as you’ve finished reading this post.

    The discussion around #stopsopaireland has focussed on the impact that internet blocking would have on fundamental rights of freedom of expression, and the EU legislative and policy frameworks and case law that exist to support that right and ensure it is protected in a balanced way.

    There is another right that is important. The right to Privacy. In particular the right to Personal Data Privacy which is set out in Article 16 of the Lisbon Treaty. It is this Article that provides the basis for the EU’s Data Protection regime, changes to which were announced on Wednesday. Those changes will take a number of years to come into affect, assuming they are not bastardised and watered down beyond all recognition by national parliaments or the European Parliament responding to lobby groups.

    But a functioning Data Protection framework is in existence day and it is policed in Ireland by the Data Protection Commissioner. Already this year they have engaged with the Dept of the Environment regarding the Household Charge database and with Dublin City Council regarding the transfer of personal data from Dublin City Council to a private company. And let’s not forget their audit of Facebook last year. And that’s just the high profile stuff that gets in the media. In my professional context I’m aware of the significant number of complaints they help people with each year as they strive to promote compliance with the Data Protection Acts in an increasingly complex information management environment and a financial culture where organisations and governments are trying to to less with more and often cutting the wrong corners in the process.

    The Office of the Data Protection Commissioner serves the individual citizen, helping them with advice regarding their rights and acting to investigate and prosecute breaches of those rights. They also serve the Organisation (be that a Government department, a large multi-national, a local football team, or a student company selling jumpers on-line) providing education and advice (when asked) as to what steps should be taken to ensure the right balance is struck between the goals of the organisation and the rights of the individual. They don’t deal with just one sector of the economy. Anywhere personal data is being processed they have a role to play.

    Saturday 28th January is World Data Privacy Day. It is one day in the year where Data Privacy is celebrated. Companies and regulators around the world have planned activities and events to celebrate the day (see here and here), but in Ireland it seems to be just another Saturday. Some of you might say that the Data Protection Commissioner should have lead the charge on this but, to be frank, they are under resourced in terms of numbers and budget and need to prioritise their efforts and energies to dealing with the actual and alleged breaches of people’s rights that come through their inbox every day.

    So, to celebrate World Data Privacy Day 2012 I’m asking you to write an email to your TD, Minister, or other elected official asking them to comment, tweet, or in some other way make public

    1. Their support for the principles set out in the Data Protection Acts and the proposed revised EU Regulation on Data Protection
    2. Their commitment to ensuring the Office of the Data Protection Commissioner is properly funded and resourced to allow it to execute its duties under the Acts and the Lisbon Treaty in an effective and truly independent manner.
    3. What one thing they will do by January 2013 to improve their personal knowledge of the Data Protection regulations.

    I’ve even put sample text below so you can just cut and paste it. You can use the great contact form at Contact.ie to bulk contact your elected representatives (while you are there, why not donate to support the site), or you ca nmake the message personal and send it yourself from your own computer/phone/device/smoke ring maker. Heck, if you want to phone them or tweet them directly about this fire ahead.

    +++ email text

    Dear Sir/Madam

    I write to you on the occasion of World Data Privacy Day, which is being celebrated globally on Saturday the 28th of January (mark your diary, it’s the same day next year).

    Personal rights, particularly personal rights in relation to information and personal data, have been in the media a lot this past month. Much of the coverage could have been avoided had proper attention been paid to the requirements and obligations under the Data Protection Acts 1988 and 2003 which apply equally across a wide range of industry sectors, including Government

    To celebrate World Privacy Day I would ask you to consider issuing a statement either by traditional press release, a blog post, or a tweet, that will tell your electorate where you stand on the following questions:

    1. Do you support the principles set out int he Data Protection Acts and in the proposed revised Regulation on Data Protection announced this past week by Vice President of the European Commission Viviane Reding?
    2. Are you committed to  ensuring the Office of the Data Protection Commissioner is properly funded and resourced to allow it to execute its duties under the Acts and the Lisbon Treaty in an effective and truly independent manner, as is required under EU Directive and the Lisbon Treaty?
    3. What one thing will you do by this time next year to improve your personal knowledge of the Data Protection regulations.

    Of these three questions, the second is one I feel is important.  Personal data is the currency of the new economy and it is a valuable commodity. The Regulator for the Personal Data Industry is the Data Protection Commisioner. One of the key lessons of the Financial crisis is that for a Regulator to be effective they must be correctly resourced and independent of Government or industry influences.

    I appreciate your time on this and look forward to seeing your press release, blog post, or tweet expressing your support for #DataPrivacyDay, the principles of Data Protection, and the office and role of the Data Protection Commissioner.

    ====ends===

    If you get responses please post a comment below so I can see what uptake (if any) there has been from our political classes.

     

     

     

  • New rules, Old roots, Old attitudes

    So, today the European Commission is announcing new rules for Data Protection and Privacy in the EU (and the EEA countries and those countries seeking accession to the EU). There is hype and hoopla about the rules and what they mean, particularly for organisations conducting business on-line, companies based outside the EU selling into the EU, standardisation of penalties, and realignment and consolidation of the Regulatory and Enforcement regime.

    Oh yeah, and it is being done by Regulation which means the rules will be the same across the EU.

    But at its heart the fundamental principles remain the same. Organisations who seek to process personal data of individuals need to make sure that the ‘deal’ is fair. After all, to paraphrase Commissioner Reding’s comments at the DLD conference in Munich earlier this week

    Personal information is the currency of the Information Age

    And as with all markets where items of value are traded, checks and balances need to be in place to ensure the asset is valued appropriately and treated with care. Hence the focus in the new Regulation on concepts such as Privacy by Design, ensuring appropriate training of staff, specific requirements re: organisational governance and internal controls and clarity of documentation about the meaning, purpose, and methods of use of personal data. There is an economic trade off required to obtain the thing that is of value. That trade off is good management of Personal Data through the life cycle of the Information Asset.

    As a Data Governance and Information Quality guy I’m glad to see that the legislators in my third area of passion have finally caught up with the need to ensure organisations have defined Quality Systems with defined decision rights and accountabilities over Information as an Asset.

    So, while many of the rules are new, their roots are old. Based on my reading of the version of the Regulation that was leaked just before Christmas revealed a Regulation with one foot in the camp of Fundamental Human Rights (and the trade offs that need to be made there for economic activity to take place) and the other firmly in the camp of Quality Management practices and principles, with a clear focus on creating a Constancy of Purpose in management towards the goal of striking a sensible balance and ensuring a fair deal in the processing of personal data.

    And that is where the problem begins.

    There is a window now for national governments and the European Parliament to make contributions to the Regulation. Many in national government and the EP will make sensible contributions that will evolve the framework and make it easier to implement in practice.

    However, in a month where one Government Minister acted in blissful ignorance of the Data Protection Acts one week, another flew a policy kite that would require an illegal extension in scope of the database being built by the first Minister, and where the unelected officials of the largest City Council in the country appear to be unable to point to the legitimate grounds on which they transferred the personal data of over 100,000 residents to a private company, I hold out little hope of sensible debate and dialogue from the Irish body politic.

    In a month where we greeted the year (for the second year in a row) with a story about poor planning of projects involving personal data (both under the stewardship of the same person) I hold out little hope of sensible engagement from the Irish body politic.

    And in a month where the reversal of a bad law to control copyright on the Internet (SOPA) after leading websites across the world “went dark” we find a Junior Minister of the Government, in the Department that is in charge of attracting and retaining exactly those companies who opposed the US law, seeking to implement a similar law by Statutory Instrument with no debate or discussion, even after the legal position and EU policy position has changed in relation to Internet blocking, and only the opinions of the dying industry this law would protect seem have been sought in advance, I hold out little hope for the Irish Body Politic not to make an arse of this.

    And as for the Irish media… with a few notable exceptions the absence of attention to Data Protection issues (except where it involves embarrassing a Government Minister and the copy can be lifted from this blog) is staggering. So yet again I hold out little hope of sensible engagement.

    Adapting to the new Data Protection landscape will require individuals to change their mind set. But I fear that the entrenched attitudes in the body Politic and the traditional media may be such that Ireland (the little nation that faced trade sanctions in 2003 for not implementing Directive 95/46/EC by 1998 as we were required to) will fail to step up to the plate and drive the change in thinking and attitude necessary to achieve sustainable and sustained change in Data Protection practices in Ireland.

    W. Edwards Deming wrote in his famous 14 Points for Transformation that it was essential for the transition that organisations “Institute Leadership”. I see precious little leadership in this area from our politicians and only dazzling pin-pricks of illumination from the main stream media. So I must keep my hope guarded in the face of the likely knee jerk reactions against the changes and the almost inevitable white noise of ignorance until the Regulation passes into law with a direct effect sometime in 2014.

    Prove me wrong. Please.

  • Lies, damned lies, and statistics

    On Monday the 16th January 2012 the Irish Examiner ran a story that purported to have found that 93% of the Irish public “decried” the decision of the Minister for Foreign Affairs to close Ireland’s embassy in the Vatican City State. The article detailed how they had undertaken a review of correspondence released under the Freedom Of Information Act which showed that 93% of people in Ireland were against the closure. To cap it off, the article was picked up in the Editorial as well.

    Except that that isn’t what they had uncovered. The setting out of the statistics they had found in the sensationalised way they presented them was a gross distortion of the facts. A distortion that would, to paraphrase Winston Churchill, “be half way around the world before the truth had its boots on”).

    Demotivational poster about data

    What they had uncovered is that of the 102 people who wrote in to the Minister for Foreign Affairs about the issue, 93% of them expressed a negative opinion about the closure. The population of Ireland is approximately 4.5 million people. 95 people is closer to 0.000021%. While I may not have the academic qualifications in Mathematical physics that my famous comedian namesake has but I know that 95 people (that’s 93% of 102) is slightly less than 93% of the Irish public

    Or, to put it another way, significantly and substantially below the statistical margin for error usually applied in political opinion research by professional research companies.

    Or to put it another way, over 99% of the population cared so little about the closure of the Vatican Embassy that they couldn’t be bothered expressing an opinion to the Minister.

    Of course, the fact is that there were letters written about this issue. And the people who wrote them were expressing their opinion. And 93% of them were against the closure.  In fact, in defending themselves on Twitter against an onslaught of people who spotted the primary school maths level of error in the misuse of statistics in the article, the Irish Examiner twitter account repeatedly states that (and I’m paraphrasing the actual tweets here slightly) “for clarification we did point out that the analysis was based on the letters and emails”. But it is inaccurate and incorrect to conflate the 93% of negative comment in those letters to the entire population as the sample size is not statistically valid or representative being

    1. Too small (for a statistically valid sample of the Irish public you would need between 384 and 666 people selected RANDOMLY, not from a biased population. That’s why RED C and others use sample sizes of around 1000 people at least for phone surveys etc
    2. Inherently biased. 93% of cranky people were very cranky is not a headline. The population set is skewed towards one end of the distribution curve of opinion you would likely find in the wider population.

    Then today we see a story in the Examiner about how Lucinda Creighton, a Junior Minister in the Dept of Foreign Affairs is backing a campaign to reopen the embassy because

    there’s a very strong, and important and sizeable amount of people who are disappointed with the decision and want to see it overturned and who clearly aren’t happy

    What? Like 93% of the Public Lucinda? Where is your data to show the size, strength, and importance of this group? Have you done a study? What was the sample size?

    As a benchmark reference for what is needed for an Opinion Poll to validly represent the opinions of the Irish Public, here’s what a reputable polling company says on their website:

    For all national population opinion polls RED C interview a random sample of 1,000+ adults aged 18+ by telephone. This sample size is the recognised sample required by polling organisations for ensuring accuracy on political voting intention surveys. The accuracy level is estimated to be approximately plus or minus 3 per cent on any given result at 95% confidence levels.

    Anything less than that is not statistically valid data and can’t be held out as representing the opinion of the entire public.

    As an Information Quality Certified Professional and an active member of the Information Quality Profession on an International level for nearly a decade I am ethically bound to cry “BULLSHIT!!” on inaccuracies and errors in  information and in how it is presented. The comments from Ms Creighton are a good example of what that is important in the Information Quality and wider Information Management profession. If bullshit analysis or analysis based on flawed or inherently poor quality data is relied upon to make strategic decisions then we invariably wind up with bullshit decisions and flawed actions.

    And that effects everything from conversation with family, chats in the pub, business investment decisions, political decision making, through to social policy. Data, Information, and Statistics are COOL and are powerful. They should be treated with respect. People publishing them should take time to understand them so that their readers won’t be mislead. And care should be taken in compiling them so that bias does not skew the results.

    So, having had no joy or actual engagement from the Irish Examiner on the issue I forwarded my complaint to the Press Ombudsman yesterday pointing out that the article would seem, based on the disconnect between the headline, the leading paragraph, and the general thrust of it, to be in breach of the Code of Practice of Press Council of Ireland.

    I just hope they can tell the difference between lies, damned lies, and fudged statistics. (This Yes Minister clip about Opinion Polls shows how even validly sampled ones can be biased by question format and structure in the survey design).

  • Information Quality Change – the Doctor Who effect

    I’m a big science fiction fan. I make no apologies about this fact. One of my favourite science fiction characters is The Doctor, the lead character in the

    The 9th Doctor outside his Tardis
    The 9th Doctor

    BBC’s iconic series of the same name. In a genre that often falls for the easy charms of technology to drive a story, The Doctor (a 930 year old, two-hearted time travelling Time Lord from the Planet Gallifrey) invariably highlights and thrives on the Human Factor – the innate potential, ingenuity and power of the human beings (a lesser species) who he befriends, protects, and travels with.

    Over the years I’ve tried to adopt and adapt some of the principles of The Doctor’s approach to leading Information Quality and Governance change projects:

    There is nothing that can’t be solved by confectionery

    The good Doctor in a number of his incarnations (4th, 6th, 7th, and 8th as memory serves)  was renowned for, in moments of high tension, proffering some confectioneries (specifically Jelly Babies) to help lighten the mood and distract thought. They were an incredible tool that enabled him to befriend others and buy time to develop cunning plans. Doctor Who Jelly Babies (video montage)

    The key lesson is that it is often useful to have a “quirky” way to break down barriers and get conversations going. The Doctor has Jelly Babies. I’ve used various props. Kathy Hunter of DQM Group made extensive use of home baked cakes and biscuits when she was in a previous role to help open conversations.

    It’s Bigger on the Inside

    The Doctor’s space ship/time machine is a Blue Box. It is a Blue Box because the advanced circuitry that let it change appearance to blend in in different timelines got stuck on “Blue Box” on a trip to London around 1963 (the year the series was first broadcast). The thing about the Blue Box is that it is “bigger on the inside”, a fact that The various companions’s to The Doctor remark on whenever they enter the Blue Box for the first time. Bigger on the Inside (Youtube) . Invariably, The Doctor takes the surprise in his stride, often forgetting how big a shot it is to people when they see the size of his Blue Box for the first time.

    The Doctor’s Blue Box is called the TARDIS, which stands for Time and Relative Dimensions in Space. By being able to engineer time and space The Doctor’s race, the Time Lords could build infintely large space craft that could fit into a small space (like the back of a props van on a TV show).

    What’s the parallel with Information Quality? Well, those of us who have worked in Information Quality often forget that it is a discipline that is very much “bigger on the inside”. When people look at Information Quality from the outside, they might be forgiven for thinking that it has the general dimensions of a Blue Box (so to speak) and it is only when they venture inside that they realise there’s more to it than meets the eye. If your perception of IQM is that it is Data Profiling and some Cleansing, it can be quite a shock when you uncover the Change Management challenges, the human psychology issues, and the legal and regulatory issues that can affect Information Quality strategies.

    Often we hard-core practitioners take it for granted that its is bigger on the inside, because we’re on the inside looking out.

    People First, Technology Second

    Quite apart from the long running love affair The Doctor has had with the Human Race, every adventure winds up with The Doctor being outrageously brilliant as a Time Lord, but more importantly inspiring and encouraging brilliance in his Companions and others around him. Whether it is calling in favours from old enemies (in return for some jelly babies perhaps) or rallying demoralised troops in the face of battle or unnatural enemies, The Doctor puts people first, often appearing willing to sacrifice himself to protect others.

    Technology is applied in innovative and outlandish ways to meet the objective of protecting people. Even The Doctor’s trusted sonic screwdriver is not used as a tool in its own right but as a means of enabling things to happen and for information to be gathered to support decision making.

    From an information quality management point of view it is important that we remember this lesson – the technology should not dictate the solution and, ultimately, it is people who are the brilliant and innovative sources of solutions to problems. A Data Profiler will tell you that the data looks broken. A human being will figure out the best solution (new business rule, new tools etc).

    In short, to paraphrase The Doctor: “People are FANTASTIC!!”

    Conclusion

    I’m very much of the view that we can learn a lot from arts and literature about ourselves and who we can aim to be in how we approach things. Science fiction TV programmes are no different to the works of Shakespeare in this regard. Perhaps we can achieve more sustainable successes in our Information Quality travels by learning some lessons from The Doctor:

    1. Everybody likes Jelly babies – (what is your equivalent?)
    2. Not everyone can see that this is actually Bigger on the Inside… and when they step into the world of Information Quality it can be a bit of a shock to the system.
    3. Technology doesn’t fix things. People fix things, occasionally using technology to get there. Remember that people are FANTASTIC!!