I am a big fan of Bruce Hallas‘s The Analogies Project, and I’ve been promising him for a while that I will send him a proposal for a privacy analogy for possible inclusion in the Project. For the time being, and because I’m suffering from a bit of writer’s block on that piece, I’ll post a little – and obvious – analogy here.
The recent news that the Information Commissioner’s Office (ICO) had required Great Ormond Street Hospital for Children NHS Foundation Trust (“GOSH”) to sign an undertaking (to improve data protection compliance) made me think of the famous quotation by William James from The Varities of Religious Experience
A chain is no stronger than its weakest link
The ICO noted that, at GOSH,
Although data protection training was in place, it was not required for temporary members of staff
By their nature, temporary staff are often subject to different procedures and obligations (or lack thereof) to permanent staff. It is, consequently, all too easy for data controllers to ask temporary to handle personal data without applying the appropriate safeguards which they would always apply where permanent staff are concerned.
Data security and data protection within an organisation can, indeed, be seen as a chain. By that I don’t mean that it should tightly bind or shackle the organisation. Rather, what I mean is that – ideally – all parts should link together, and no part be isolated: thus, data, and risks, are appropriately contained. But if a weak link is in place, the potential exists for the whole chain to be broken.
This is not profound, and I strongly suspect it’s not even a new analogy, but I think it’s one worth making.
And it gives me the chance to quote William James for the second time today.