The Society of Information Technology Management, Socitm, has stated that local government bodies should review all information governance arrangements in light of changes to EU-US data protection policies.
In its latest briefing, Data protection: <Control><All><Delete>?, Socitm has recommended that all IT professionals update their information, security and data protection policies, as councils could face difficulty in remaining compliant under the new legislative framework.
Data protection has been a hot topic in recent months, following the European Court of Justice striking down the Safe Harbor agreement last year, as well criticisms of its replacement, the EU-US Privacy Shield. “Legal action in the wake of the Snowden revelations challenged the degree of protection for citizens’ data provided by Safe Harbor,” Socitm said in the statement. “New measures giving foreigners’ data some legal protection have been put in place, but it is not yet known whether the European authorities will consider that US privacy protection is now adequate.”
In recent weeks, Privacy activist Max Schrems, who has been linked to the initial downfall of Safe Harbour, said in a statement reacting to Privacy Shield, “Basically, the US openly confirms that it violates EU fundamental rights in at least six cases. The commission claims that there is no ‘bulk surveillance’ any more, when its own documents say the exact opposite.”
Socitm said in the statement that new European Data Protection Regulation will also update data laws in the UK, which currently don’t account for new technologies. The UK Data Protection Law was written in 1998, several years before the launch of social media platforms Facebook and Twitter, as well as the surge in data usage from both consumers and enterprise. Socitm stated that councils could be let in a vulnerable position when the regulations are brought in officially.
The regulations, a draft of which were released in January, stated that data protection legislation would have to be updated for the digital age, consumers would have to have access to their own data to understand how and where it is utilized, as well as increasing security standards for an individual’s data.
The fear here seems to be focused around the volume of changes that would need to be enforced once the new regulations are in place. It would appear Socitm is concerned that local councils will not be able to keep pace, leaving the councils in a non-compliant and susceptible position.
“Accommodating the changes will be a matter of amending existing processes rather than inventing new ones,” said Dr Andy Hopkirk, Head of Research at Socitm. “Some of the changes could be onerous and problematic. For example, councils will need to be able to deal correctly and completely with ‘right to be forgotten’ requests – perhaps the single greatest challenge in an almost ubiquitously networked and distributed computing world.”