GDPR: Secure, Diligent and Ethical Working
Etic Lab know that the threats and opportunities in the digital era for a business based on acquiring, creating, and analysing and using high volumes of data are manifold. It has always been clear to us that the security of our customers and hence our business could never be based upon a tick box approach to the many issues that affect us when dealing with data.
General Data Protection Regulation
GDPR enshrines into law data protection and privacy for all individuals within the European Union. Whilst addressing the export of personal data outside the EU, GDPR aims primarily to give control back to citizens and residents over their personal data. In an era where personal data is repeatedly mishandled, misused and sold with or without consent, GDPR may feel more relevant than ever. Whether it enables and empowers businesses and citizens to share and access personal data securely, diligent and ethically will remain to be seen (and tested in the courts).
First and foremost Etic Lab’s knowledge and experience leads us to believe that security and reputational threats in this arena are constantly evolving. Simply purchasing cyber security products, developing secure working practices and maintaining them cannot in and of itself protect companies from the security and ethical issues that develop in the course of business. Almost every day we find ourselves reading trade reports, academic papers or simply through working with our customers we find new and ingenious methods that can be and are both by accident and design; creating threats to privacy, data quality and indeed the value of commercial brands. Our response to the reality of constantly developing ‘threats’ in the digital domain has been coloured by our need to work with a variety of different clients in a multitude of settings.
Many businesses seek to manage risk by limiting themselves in what they do. Finding reasons not to innovate and develop new approaches when they intrinsically involve exposure to additional risks. Etic Lab cannot take this approach because we are focussed upon exploring new ideas and technologies – it is essential to our business.
We have developed an approach to secure working which seeks to minimise risk through a work culture based on; joint working based on industry standards, a commitment to research and practice in terms of data security issues and ethical working,
Our approach has been to take and solve the problem of creating a secure haven for the data we create, access and manipulate on behalf of our clients. General principles are used to govern our practice in each particular case. We follow Industry standards in acquiring, transmitting and storing data whether our own or that of clients. This is reinforced by closely managing the task of minimising or avoiding moving, transforming or analysing data in such ways that threaten the undertakings made by our clients to their customers with respect to privacy and what can and cannot be done with their data. This approach also serves to illustrate the next aspect our approach to the management of risk derived from data handling in our work.
Without diligent application of a secure working model we expect that at some stage the secure protocols (software, rules and working practices) set up at time A will be deeply flawed and unfit at time B. Few if any of the businesses who have exposed the private data of their customers in recent years and suffered financial penalties and brand damage were without cyber security software and protocols for secure working practices. These events do not occur because businesses do not look to secure the data they store, they occur because they fail to diligently explore the risks they are exposed to as the world changes. The digital world is an engine for change; it isn’t subject to rapid change so much as an environment that creates change. What is more the rate of change in the offices of any business does not map onto the speed of change in the digital domain.
Etic Lab therefore takes the view that we need to look outside of our concerns and practices and examine how things are evolving in the world at large in order that we a can understand and better yet anticipate security threats. To this end we have undertaken research and development work with clients looking in to the evolving threats to personal privacy. Etic Lab has worked with university research departments developing software and research methodologies for identifying software ‘Bots’ both commercial and political. Indeed we have even adapted some of these technologies for legitimate commercial use (Introducing Twitter Toolkit). Similarly we constantly monitor the research literature on emerging privacy threats and developed a research programme around a project to identify and systematically report established and novel threats to personal privacy on the Internet.
In order to achieve a secure workflow involving data creation, manipulation, analysis and use we need to not only be diligent but perhaps just as importantly proactive in avoiding situations where conflicts of interest, dangerous compromises and short-cuts prosper. In practice this means applying this test at the outset for any project or partnership – is what we propose to do ethical? One of our colleagues served for many years as a member of a university ethics committee and we regularly work with academic colleagues where the concerns of such committees need to be addressed long before any work can begin. We follow this approach in our commercial work testing the ethical dimensions of the proposed work and the methods we will need to apply.
GDPR takes effect 25 May 2018. As it always has, Etic Lab is leading the way.