Privacy Musings
Today’s
guest blog on data privacy comes from Sarah Seabury, Director at TPI. 
Musing time for sourcing advisors, and most executives these days, seems to be normally conducted at 30,000 ft. So no surprise that during my final descent to a country that I had never visited before, I found it interesting to consider how much data this new location already holds about me - despite the fact that I had yet to actually arrive.
Like most travellers I made arrangements in advance,
so my credit card details, personal address, passport number, business contact
details and probably much more arrived before I did. Possibly these details had
already been transferred to another country or a third party organisation for
processing without my knowledge. Multiply this by all the countries that I’ve
visited and the many personal transactions involving my personal data during my
lifetime and what do you get? – a
virtual server with my name on it, over which I have very little control,
despite the fact that all the data fundamentally belongs to me.
Europeans have a healthy scepticism about giving their
data to companies and governments, a distrust that stems from mass migrations
and genocide during the second world war. Since then, various pieces of
human rights legislation have ensured that all citizens have the ability to
control the use, spread and quality of their own data - in effect, each person
lends their data for a specific purpose to a named organization. Companies
don’t “own” personal data, but they are responsible for controlling it and
processing it.
A baffling array of densely written (and diversely
interpreted) data protection legislation that mandates this tripartite
arrangement in Europe between data subject, data controller and data processor
has matured over the years into a series of practical and legal measures, which
now looks set to spread round the world under various privacy guises.
So, should the sourcing community be concerned about
the onward march of global privacy?
With my European citizen hat on I say “bring it on”! With my sourcing advisor hat on, my enthusiasm
is more constrained, as the data protection legislation hasn’t dented the
massive uptake of outsourcing in Europe this year or the global spread of data processing services.
Interestingly the prize this year for the biggest UK privacy “foul-ups” was handsomely awarded to
various government departments - who stubbornly hang onto processing citizens’
data in-house in the
The disciplines associated with setting up privacy
compliant sourcing relationships force organizations to think about effective
and respectful data processing. Issues of responsibility and accountability are
discussed and documented. Technical, security and organisation measures are
implemented and then regularly audited. Processes are put in place to allow
data subjects (that’s you and me) to view, amend and even delete data - thereby
improving transparency of use and data quality. Policies are written outlining
an organizations approach to this subject and employees are trained how to
implement the policy.
Sounds expensive to implement - but what is the price
to pay for poor privacy? Well, it is difficult to estimate the economic cost of
poor quality data, the collection and storage of personal data for no defined
purpose or the exposure in the press of those companies who allow data to leak
through poor security measures. The fines levied by the regulators are a drop
in the ocean compared to the reputation damage suffered by the companies
exposed. I much prefer to consider the customer trust side of the equation and
give my business to those with a good privacy reputation. Similarly the corporate clients TPI advises
are keen to establish relationships with suppliers who really understand
privacy.
So the next time you are at 30,000 ft, gazing out of the aircraft window, spare a thought for all those bytes below you with your name attached.
Comments