17 MIN READ
The Data Privacy Periodic Table
Topics: Data Privacy
By Sophie Chase-Borthwick on 3 September 2018
Today we’re launching our Data Privacy Periodic Table – the first ever collection of the key “elements” of the data privacy world, regularly updated as new elements come to light. It is intended to help privacy professionals better understand the industry in which they work, and shed light on its often confusing terminology and how various pieces inter-relate.
We have categorised the elements mimicking the traits of the categories in the original scientific version. For example, the far right of the original periodic table is reserved for the Noble gases – stable, inert and unreactive. This seemed an ideal match for the independent legislative or regulatory bodies. Similarly, the column dedicated to the Alkali metals on the far left, with their characteristic volatility, was a fitting location for the universal rights of the data subject, as if meddled with, both are likely to cause an explosion!
We have created a table on the main Data Privacy Periodic Table page that sets out why we have categorised the elements as we have.
Also, below, we have added some additional explanatory notes to explain our thinking for various elements’ inclusion and position.
We’d welcome any comments, or suggestions for new additions – contact me here for any recommendations or drop a comment below.
We also plan to release new updates of this table on a regular basis as the data privacy world changes. Each time we update the table, we will publish similar blogs, all of which are accessible off the main Periodic Table page.
This high status for ethics within data privacy is no exaggeration. After all, privacy legislation is the codification of what society deems to be the ethical and appropriate way in which personal data can be processed. Like Hydrogen, ethics is the most fundamental, original and abundant element of data privacy.
This element, number 21, is expressed in inverted commas for a simple reason: it is impossible. It is a frustrating myth that continues to revolve around data privacy that compliance can be achieved. It cannot, at least not in the way that businesses commonly understand it i.e. a one-off demonstration of adherence to certain rules.
Data privacy regulations are not designed for “single point in time” adherence. They require ongoing efforts and constant vigilance to ensure that data subjects’ rights are protected. A business’ data and processes are far too fluid for any assertion that adherence now means anything for adherence in the future, making claims of “compliance” utterly empty – and so-called certifications of compliance utterly worthless.
We have included the ePrivacy Regulation in the future developments section (and recent reports suggest it will stay there for some time), but have also included the ePrivacy Directive in the Core Legislation section as until the Regulation is passed, the 2002 Directive is in force and very much applicable.
Elements 73-78 list end users, employees, customers, suppliers, marketing databases and partners. Collectively, these could be categorised simply as “data subjects”. But this would ignore the unique ways in which each type of data subject’s personal information needs to be addressed, handled and treated. The data you will likely have on your employees, the permissions you may have and the nature of its processing differs enormously to how you may collect, use and store your databases of marketing targets.
Artificial Intelligence and Societal Values
More updates to the Data Privacy Periodic Table are available here.