3 minute read
UPDATE: The Data Privacy Periodic Table
Topics: Data Privacy
By Sophie Chase-Borthwick on 25 September 2018
The launch of the Data Privacy Periodic Table earlier this month was a roaring success. We’ve received some excellent feedback, and some people are even printing it off for their office walls!
Some of the comments we’ve received:
“Not seen anything like this before.”
“Very useful for the project I am working on right now.”
“Great initiative and a very innovative way of displaying what is a lot of information.”
Thank you for the kind comments – you know who you are!
But more importantly, we have also had some really constructive feedback and fascinating conversations on new “elements” to include, some to move and even debates on the worthiness of some elements’ inclusion.
All in all, it’s been a really exciting launch. We have now completed some updates to the Table and a new version is now available below. As always, some notes on what we have done are underneath, along with reasoning behind why some input has not been pursued.
This is however by no means a finished project. We still want your feedback as the data privacy world changes under our feet. Case law might mean that new central components of privacy may be demanded, or new independent bodies may be formed. And of course, new core legislation will always be likely. So submit comments below, or contact me directly.
Our latest explanatory notes:
Data Protection Authorities
Although, we have taken on board the sentiment of the comment and recognized we needed to add enforcement bodies alongside the Local Legislators that were already included. We have therefore added in Local Regulators, in place of the EU, on the basis that we needed to make room somehow; didn’t need two European organizations; and were wiser to include the European Data Protection Board instead.
This is because performing an audit is one thing, but it is quite another to be constructive with it. We find that many external advisors conduct audits of organizations, only to leave them with a list of actions and criticisms, and offering no plan or input as to how to remedy them. This “ivory tower” syndrome is in our view irresponsible and unhelpful. We would rather emphasize the need for audits to be augmented with honest consultation and support, alongside a practicable plan of action based on technical and legal knowledge. Anyone can criticize, but few can (or will?) help organizations improve.
To many, these will appear synonymous. But in actual fact, background checking is primarily focused on employees whereas KYC is, as the name suggests, focused on customers. A good point that we have accommodated in our new version.