Why Zoom?

I have posted a blog on Why Zoom? has become so popular in terms of getting consumer mind share.

I wonder if it’s based on Microsoft forgetting its history. I am sure the ultra low cost of using Zoom helps but Microsoft’s entry cost for Skype is the same and at the end, someone has to pay for the server room cycles.

Perhaps in the hypergrowth stage best of breed works but I suspect that an integrated offering will win out in the end.

 …

Where is BS20001 when you need it?

Where is BS20001 when you need it?

I have been looking at my CISSP notes on Business Continuity and they all state that getting your people into work is as important as ensuring the IT can survive the disaster. Also, people have been reducing the likelihood of a data centre loss and to be frank that’s not what’s happened. No question but that much planning has been found wanting as companies whose strategy in terms of meeting their public duty in the case of a disaster has been to allow competitors to step in. Both Waitrose and Laithwaite’s web sites have failed over the last seven days; these will probably be because of both staff nonavailability and insufficient capacity to cope with increased demand.

I also wrote a piece on my linkedin blog about the vulnerabilities that a sudden switch to mass working from home may cause, looking at vulnerability management, data leakage protection and obliquely vendor management. …

No Deal & cross border data flows

No Deal & cross border data flows

I have just written a blog at linkedin on the impact of a No Deal Brexit on cross border personal data flows. Obtaining an adequacy agreement will take time, one would have hoped that the transition period would have been enough, but without one there will be no adequacy decision on Day 1. Large and prepared entities may be OK as they can use the currently legally permitted alternatives. The US privacy shield may not be avaialable n Day 1, since its an EU agreement. If we leave, we i.e. the UK state may no longer avail itself of the Article 23 powers and the Investigatory Powers Act and the DPA “immigration exception” may cause problems in achieving an adequacy decision. …

Bosses & CCTV

I wrote a piece on my linkedin blog called, “Reusing CCTV in employee relations“. I rang the ICO and was told that employers can reuse CCTV, “if they come across something they cannot reasonably ignore”. The linkedin article looks at the ramifications of this and points to the ICO document, “the employment practices code“, which states that cameras may not be covert and may not be used for general monitoring. …

Do the right thing!

A new linkedin blog by me on the fine print of the GDPR’s “legitimate interest”. The print is not so fine, and in summary, you don’t need to read the fine print to do the right thing.

When claiming a legitimate interest, the privacy rights of data subjects are established as controlling the data processor/controller’s legitimate interest by the requirement to recognise the “fundamental rights and freedoms” of the data subject. The “fundamental rights and freedoms” are defined in the Charter of Fundamental Rights

Due to indirection and thus undocumented nature of the data subject’s consent inherent in legitimate interest, I’d advise finding another lawful purpose. …