Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
GDPR: Valuing data, assessing risk and consent services
Journal of Data Protection & Privacy,
2
(1),
41-52
(2018)
Abstract
The biggest challenge to business is not having a way to determine which data to save or delete based on its value. Four out of 10 businesses are more concerned by penalties while three out of 10 consider that media coverage will severely affect their brand and customer base. This paper aims to address these concerns by providing an approach to understanding information risk and value in order that a clear plan can be drawn up that manages media communications to control exposure to both penalties and brand/customer losses. This paper will provide the reader with the criteria for identifying business value, establishing responsibility for risk and managing identity. Specifically it will outline: how to carry out an assessment on personal information that recognises quality criteria, process risks and business value in a virtuous cycle; how to educate an appreciation of information risk to the individual especially within the context of a breach notification; and what the market may demand of services to manage trust and transparency including the provision of a pseudonymous identity to reduce risk.
Keywords: anonymity; consent; valuing data risk
The full article is available to subscribers to the journal.
Author's Biography
Stephen Cameron has been an information specialist and architect for over 30 years, working ostensibly in the finance and government sectors. Stephen started working in structured data environments contributing to the ISO and BSI technical committees, eventually working in document and content management, understanding the challenges in unstructured data environments. Stephen designed and built computer and operating systems in the 1980s, has worked for IBM Informix on the DataBlade technology creating new complex data types and continues to advise a number of start-ups on managing data and applications in highly distributed networks. Stephen has patents to his name and has written the authoritative book on Enterprise Content Management by the British Computer Society. Stephen has been working as Chief Information Officer (CIO) of Anzen Data, a General Data Protection Regulation (GDPR)-focused services company that protects personal data across jurisdictions. He is also instrumental in creating a consent management services company. Stephen has particular interest in privacy, process controls, governance and audit, using his experience in the finance industry cross-fertilised with the government sector to address some of the key issues in managing change and governance. He is also a STEM ambassador.
