In my rant against Data Protection and Information Assurance snake-oil yesterday I forgot what is by far the best, cheapest and most authoritative source of good advice: the Information Commisioner’s website.
I have now added a P.S. to yesterday’s entry pointing out the wealth of guidance available on the Information Commisioner’s website.
I never cease to be amazed how much expensively developed “guidance” is actually contrary to that on the website of the Information Commisioner’s office.
I have yet to find anything that makes good business or social sense that is forbidden – provided you give a “plain english” explanation of what you are doing and why. This is particularly so when “data protection” is cited as an excuse to fail to help with action against fraud or impersonation or to fail to share information in the interests of customers who have given explicit and voluntary consent.
The exceptions are in the public sector where there is a jungle of other legislation going back to 1917 that makes sharing mandatory or compulsory, regardless of consent – but there are some obvious (albeit not to those running command and control systems) ways round – such as contracting to third parties who run consent-driven sharing services. But that is another blog.