Snowflake SQL & Big Data

Snowflake SQL & Big Data

Yesterday, I attended Snowflake's World Summit yesterday. My experience of working for US companies has taught me some cynicism about the naming of such events, but both the CTO and business founder are both French and ex-Oracle employees. They have obviously caught a mind share, the meeting was heaving and very heavily overbooked. I attended the plenary sessions, which consisted of a reference story and during the break spoke to one of their pre-sales engineers who was very helpful. This article looks at the architecture, examines its scalability design, the hardware solutions underpinning the solution and comments on the accuracy of Stonebraker's predictions. For more, use the "Read More" button ...

No Deal & cross border data flows

No Deal & cross border data flows

I have just written a blog at linkedin on the impact of a No Deal Brexit on cross border personal data flows. Obtaining an adequacy agreement will take time, one would have hoped that the transition period would have been enough, but without one there will be no adequacy decision on Day 1. Large and prepared entities may be OK as they can use the currently legally permitted alternatives. The US privacy shield may not be avaialable n Day 1, since its an EU agreement. If we leave, we i.e. the UK state may no longer avail itself of the Article 23 powers and the Investigatory Powers Act and the DPA “immigration exception” may cause problems in achieving an adequacy decision. …

Bosses & CCTV

I wrote a piece on my linkedin blog called, “Reusing CCTV in employee relations“. I rang the ICO and was told that employers can reuse CCTV, “if they come across something they cannot reasonably ignore”. The linkedin article looks at the ramifications of this and points to the ICO document, “the employment practices code“, which states that cameras may not be covert and may not be used for general monitoring. …

Do the right thing!

A new linkedin blog by me on the fine print of the GDPR’s “legitimate interest”. The print is not so fine, and in summary, you don’t need to read the fine print to do the right thing.

When claiming a legitimate interest, the privacy rights of data subjects are established as controlling the data processor/controller’s legitimate interest by the requirement to recognise the “fundamental rights and freedoms” of the data subject. The “fundamental rights and freedoms” are defined in the Charter of Fundamental Rights

Due to indirection and thus undocumented nature of the data subject’s consent inherent in legitimate interest, I’d advise finding another lawful purpose. …

Managing Compliance Software

Managing Compliance Software

I have just published on my linkedin blog a little essay on managing software used for the purpose of compliance. One key insight which one might consider is that these programs are being used because you have to not because you want to. Also society does not want businesses innovating the compliance software, we need to know it does what society requires not what the business wants. This makes the governing super strategy for these applications one of “operational efficiency”, or in Dan Remenyi’s model, a “support” system. For compliance systems it is advantageous to buy or adopt a package and to adopt the package’s optimum process; society has confidence that companies are complying with the law, and the companies share the maintenance costs and get a superior product and support. In some cases, the requirement that society has confidence that compliance is correct leads to the regulators giving companies the software or running it themselves.¬† …

Big Brother. No, not the TV show

The police are building a new super database combining records with “intelligence”. Liberty have withdrawn from the government consultation as they rightly feel that it’s a breach of our privacy rights and even the government admit that much/some of the data has no lawful purpose. (I see an ECHT case coming on.)

I have three comments to add.

The Guardian article states that the database will be held on a private cloud provider’s systems; if US owned, then the databases will be subject to US FISA warrants, so the “encrypted at rest” security solution had better be pretty good as the best in the world may be looking for it.

Secondly, government data leaks! The legal precedents in this country show that while the Government may build systems for one purpose, the courts may force disclosure to them in the resolution of private/civil disputes. The first Norwich Pharmacal warrant was issued against the HMRC as the plaintiff showed that the defendants tax records were relevant to the court. It seems that there is a public interest defence against these now, and ensuring the Government’s ability to keep it’s secrets would seem to be in the public interest but we’ll see.

Thirdly, the intelligence databases as noted probably fail the need for a lawful purpose, and fail to deliver most of the privacy rights legislated for by the GDPR, most obviously the need to ensure that personal data is accurate.

I am glad I am still a member of Liberty, and I’ll help them. …