Is your database really necessary?

My attention has just been drawn to an article on the value of regularly purging datafiles to cut cost, legal risk cost and enhance security and privacy. It reminded me of a very thoughful contribution to last year’s Parliament and the Internet Conference – on the need to pay more attention to disaggregation as one of the safest approaches to enhancing security. 

How can government and regulators claim to take Data Protection seriously when they demand that ever more be retained in case it might be needed?

Two or three times a year I am asked to speak on the politics of data retention. My first key message is that demands from bureaucrats to retain data that is of little or no value other than to would be fraudsters need to be resisted at every turn – on grounds of basic security – not “just” privacy.

My srcond is that most of the worlds criminals are now on-line and we need to do a much better job of co-operating to foil their attempts to victimise our families and businesses. That means not just resisting expensive, counter-productive, displacement activity, (like blanket data retention), but working together to actively identify and remove predators.

I am currently working on a briefing on “Who Polices the On-Line World?” as background for on of the session at the “Parliament and Internet Conference” on Octrober 16th. I am also part of the team looking at lead projects for the UK E-Crime Reduction Partnership, some of which will hopefully be ready for announcement. Suggestions would be most welcome.

In the mean time for those of you who feal trapped in a Kafkaesque world of computer-assisted lunacy, I remind you that the “Good Soldier Schwiek” (by Josef Hasek, another Czech like Kafka) was published before “The Castle” and “The Trial”. Schwiek, his World War 2 German counterpart, Gunner Asch, and their cold war US counter-part, Sargeant Bilko, all illustrate the means of surviving in a world where bureaucrats running their part of the army are more concerned to tick the boxes that to win the war. 

The task is to turn a vicious circle of expensive data protection for information that is of little or no value, into a virtuous spiral of in which you can routinely share accurate information with those you trust in accordance with the wishes of the customer/patient/client. The routines for this go back to ancient Sumeria. Bletchley Park is a monument to what heppens when bureaucrats trust in technology, rather than the humans it should be there to support..   

We need to reset political and regulatory agendas so that they encourage good practice based on experience of what works over time. On November 24th the EURIM Information Governance working group is organising a “Directors Round Table” to discuss what that means and how it can be acheived. The call for advance papers to help stimulate discussion will go out shortly. E-mail me care of [email protected] if you would like a copy.