Sound the alarm

Sound the alarm

I have just started the Secret Barrister, in the forward, they say,

When you have sat in as many decrepit court cells or tired, coffee stained witness suites as I have, looking into the eyes of someone whose most basic sense of what is ‘fair’ and what is right has been entirely crushed by their exposure to the criminal justice system, you can either slink into jaundiced defeatism or sound the alarm.

The Secret Barrister

And while I have not sat in courts, or witness suites, I (as an accompanying rep) too have met many who are shocked at the lack of fairness amongst our employers, and in our law.  …

Wiping the phone at the Treasury

Wiping the phone at the Treasury

I wrote a piece on the Guardian story about the Treasury losing the Perm Sec’s texts and posted it on linkedin. One particularly disturbing feature of this story may be that messages from David Cameron about Greensill Capital have been lost. On the linkedin blog, I looked at the story from an IT Security and employment law point of view rather than looking at the political corruption angle. I suggest that for an organisation with a public record, FoI or compliance liability that SMS and whatsapp or any messaging product without central logging should not be used. I suggest that wiping the phone instead of a password reset especially when the device has not been lost might be a bit extreme. I hint that peer to peer messaging without a super user is also inappropriate.

I argue that this is a symptom of the growing contempt that politicians and now it seems bureaucrats have for their record keeping responsibilities which are mandate by statute law. It is likely that the use of personal IT i.e. phones and emails if not laptops/workstations is becoming endemic destroying and designed to destroy audit trails of behaviour. I note and have commented elsewhere on the failure to pass the email & records relating to Johnson’s decisions with respect to Jennifer Arcuri’s trade missions and grants.

I note that such behaviour if undertaken by more junior staff would probably involve disciplinary action. I have dealt with cases where people have been investigated under the disciplinary policy for misuse of their personal IT in the office and also for the destruction or unauthorised amendment to business records. These have usually been considered gross misconduct cases which can lead to dismissal, but most of my members are blue collar workers.

With respect to the Treasury, I wonder if the texts have been truly lost, if they have, it’s either a policy failure, i.e. a failure of the control design or a deliberate breach. Someone should be accountable, just as they should at the GLA. The irony here i.e. at the Treasury is that it looks like the responsible person for either of these failures is the same person. The Permanent Secretary is meant to be a check on the, certainly, financial probity of ministers and occupy an important role in implementing a segregation of duties and avoiding  toxic combinations. These controls are designed to stop fraud and corruption. These ones seem to have failed. …

One problem with this plan …

One problem with this plan …

It still surprises me, just how blatant the lies the Tories tell are. They have posted a tweet, boasting of the UK's legislative commitment to workers rights by posting four facts and comparing them, favourably of course, with the EU. As Edmund Blackadder once said, "there's just one problem with this plan ... it's complete bollocks." The fact is whoever authorised this ad. will have known it's a lie and just doesn't care. To see the tweet and my notes on its rebuttal, use the 'Read More' button ...

Cannonballs

During the age of sail, cannons could use cannonballs or grapeshot. Cannonballs damaged the hull, gun decks and masts, grapeshot killed people and had a larger damage area although each shot caused less damage. One has to choose the ammo depending on the target; the same is true when building cases in disciplinary and grievance hearings. Choose your [metaphoric] ammo with care and in the knowledge of the target i.e. discover the weaknesses in their case and make sure its on the table with the maximum of force, don’t get distracted by personal anger or irrelevant detail! Use a cannonball!

 …

Labour Leak – Closing the Stable Door

Labour Leak – Closing the Stable Door

This blog article is one of several albeit the first published on the labourleak. It focuses on fixing the problems identified and implied in the #labourleak in a holistic way. It looks at the controls, briefly on why they failed, how the private sector manages, the question of Union collusion, IT standards & controls, the disciplinary process, the NEC and if genuine professionalism can possibly improve the quality and honesty of the decisions taken by the Labour Party; it concludes by proposing that the rules be changed to place a duty on all role holders to conform to the Nolan Principles, and that whistle blowers have better protection, but on the way recommends that the Labour Party use a series of external certifications, ask the Auditors to to inspect that payments and receipts are handled according to the Party's financial control rules, increase the professionalism of the staff and NEC committees, all of this to guarantee to its members and staff that good practice and not arbitrary actions are the guiding principles of judgement and decision.

Can’t make it up

Can’t make it up

A note on LinkedIn on why managements need IT usage policies to prove their compliance and to act legally and fairly towards their employees. I suggest that ISO27001 is useful as a technical standard and COBIT as an organisational one.

This was written in the light of a couple of cases I had to deal with as an accompanying rep. or as an advisor.

You can’t claim that users are not performing if you can’t prove the IT systems work as documented. You can’t pursue a conduct disciplinary against people operating a policy. You can’t fulfil FOI or SAR requests if the data retention policy is suspect. You can’t be sure that corruption has not occurred if there is inadequate segregation of duties.

Having policy will help the organisation answer the following questions. Is our software supported?  Why and how was that data deleted? What should be logged? Who has permission to read, amend and run these programs and/or this data? Are our vendors signed up to our IT security goals? Why do you not know this?

This is all defined in these standards, and the GDPR makes certification to good practice evidence of good will. ISO27001 and COBIT are the big boys in town to prove technical and organisational protection.

You can’t make it up anymore. …

A note on redundancy

There’s redundancies coming! I wrote a short piece on our Union branch web site, emphasising the need for speed; the consultation period is only 45 days now. I briefly touch on the issue of economic viability; for redundancies to be legal and fair, the work must have gone or about to go. It will be harder to argue that jobs under threat are viable while CV19 is looking over the economy like a black rain cloud. I also discuss the need for transparency and fairness in selecting people for redundancy in cases where judgement is required. (Some business units may be reducing in size and so there remains the opportunity stay in employment for some, in these cases the decision must be fair, impersonal and transparent. …

Politics matters, even against a disease

Politics matters, even against a disease

It would be odd not to comment on the CV19 pandemic. For various reasons I have been looking back at my blog and remember at one stage it was a semi-public diary. Because it’s my blog, this is quite abstract and very political, I hope that my readers are keeping safe with their families.  This article looks at the diseases virulence and also the need for effective non-pharmaceutical interventions, especially the funding of sick pay and funding for isolation. There is [much] more below/overleaf. … …

Employee self-defence

Employee self-defence

I have been meaning to write an “employee self defence” manual for a while now, and something came across my desk today to remind me of this ambition. Here’s mine off the top of my head.

  • Always reply to management in writing and in good time.
  • Know where your contract is, make a good .pdf copy of it and keep a copy of any variations particularly if you work for a business unit that has been subject to a TUPE agreement, you’d be surprised how careless some managements can be in keeping good records. If you opt out of the working time directive or refuse to, keep a record. If seconded, or asked to cover other duties get the instruction in writing together with the commitment to end the change in duties.
  • While contracts can be varied unilaterally i.e. imposed, it depends on the wording of the original contract, if you object to the changes, let management know in writing, it can’t stop it but it may be relevant for future grievances or disciplinary processes.
  • Keep a contemporaneous diary and keep it off your employer’s IT; they can deny it to you when you need it or worse, amend the record.
  • See your Doctor when needed and take their advice, don’t make them look a fool. If signed off sick, make sure your appropriate management know and they have the appropriate documentation.
  • Tell your management if you are disabled or chronically sick, they won’t make reasonable adjustments unless they do.
  • If you want flexible working arrangements, you have a legal right for this to be considered, understand the management process, they may mandate a specific form and make sure your application and their reply is in writing.
  • Know your grievance and whistle blowing policy so you know who to talk to when you need it.
  • If you think it’s a grievance, lodge it, the least that will happen is that your case is in writing, actually shit managements might retaliate but your case is in writing and if they’re bad, it’ll only get worse anyway.
  • Wrongfully deducting money from your wages is a crime. Proving it may require significant documentation; be prepared.
  • Know the IT use and record management policy of your employer; don’t break them and complain if others try and get you to do so too, by for instance, using personal phones or emails and whatsapp or twitter to discuss work matters. If an employee, don’t use your own phone for any work business; they have a duty to provide one if you need it for work.

That’s it for the moment but I know there’s more. …