The benefits of a system

Hi all,

Systems, we are so used to systems we barely recognise them, we see them every day, take part in them every day and yet when it comes to business, people don't always have a system for information protection.

So where do we use systems in our daily lives? We may have a system for posting onto Facebook or Twitter at certain times of day, putting on relevant or interesting articles for people to view. We may not have a system for doing this instead rely on posting spontaneous content for the world to view, that may be the default position for some but not all. But have you considered what you are putting on social media, after all, we'd expect the big social media companies to protect our data, keep it out of the public domain (when selected) and generally have your well being at heart - and for this they need a system for data protection and to stop leakage.

There's a few points to be made here, the big social media companies give us privacy tools to help us to choose who can see our pages and posts etc but its up to us to use them, I doubt if many people ignore the settings function, especially when we see content that we do not wish to see but whichever way we look at it, systems are in place for our protection - and also to protect the companies from legal proceedings when things go wrong as they invariably do.

There's been some articles in the news lately, very sad articles, one of them was about protecting people from harm and online bullying that contributed to the deaths of some people. Some of these social media companies aren't doing enough to protect the public, especially people who are considered to be mentally vulnerable. I had to ask myself, why don't our public authorities have a system for taking down social websites or pages that target vulnerable people? You'd think police agencies would target these unscrupulous companies' websites and social media pages to protect people from harm, but they don't always and why? Because the system either needs putting in place or the current system needs fixing.

And that leads me back onto where I was and that is a system for data protection. Should companies not have a system in place, the risk of prosecution goes up, but, if you have a system in place and are seen to be doing something positive about data protection by being responsible, then the chances of a higher fine are greatly reduced.

Systems are a way of reducing risks to both an organisation and the data subject - that's me and you in data protection terms, should companies not have a robust system in place to protect data against online thieves then the chances are that things can go wrong. It's also not a good idea for one or two people to understand about data protection, the thing is the more people have an input into this the better. If people don't ask questions then you don't get answers and that leads to confusion, a lack of understanding and fear.

Knowing how well your systems are protected is of vast importance, I had an instance just the other day where I had to enquire about the security of an email system because i'd had information from the National Cyber Security Centre about best practice with regards to email security, what I got back was reassuring, because I trust the person whom I had questioned and wanted to understand more about the system that was in place to protect the company. I was then able to relay this information to a UK Government Authority and we could decide on the best way forward to communicate.

A system for data protection is all about preventing unwanted leakage of information, its no good shutting the door after the horse has bolted, that's when the Information Commissioners Office get involved and so it's important that systems are scrutinised from the outset. Start to finish, what data is coming in, how well is it protected, how well is it stored or where is it going? All of these are about building up a system and picture of interpretation against any legislation like the GDPR for example.

Putting a system in place makes your organisation look better, feel better and act better. It's about being responsible, investing time and effort into understanding how the information flows.



Steven Burgess is a Consultant and Data Protection Officer for Disclosure Services Limited, a company that process data relating to criminal record checks.