This article by Bailiwick Deputy Data Protection Commissioner Rachel Masterton was first published in August's Business Brief.
It may seem an odd place to start when talking about the Bailiwick as an attractive place to live and work but the interplay of democracy and the rule of law is the bedrock upon which the community is built and the economy relies. And information
released by Freedom House for 2023 shows that the freedoms fundamental to a democratic jurisdiction have declined globally for the 18th consecutive year. So, our stability is something to cling on to at this time of global flux.
In an ideal world, there would be no need for laws and regulators because everyone would know what is appropriate and would behave as such. However, behind every law is a story of those that did not act in the spirit of the ‘golden rule’ (treat others as you wish to be treated) and those that were harmed as a result.
And whilst democracy leads to a freedom that citizens in more authoritarian countries do not have, it cannot be a freedom to do what you want to the exclusion of everyone else and so democratic governments seek to codify what the golden rule means in practice. And that is driven by the electorate’s views on what poor behaviour needs correcting.
Competition law and regulation comes from big companies exploiting their position to the detriment of other companies and ultimately the consumer being forced to pay exorbitant prices with no viable alternative provider.
Anti-discrimination legislation comes from years of groups of people with certain characteristics being treated worse than their counterparts, missing out on employment and other opportunities for no reason other than being ‘different’.
Data protection legislation stems from the atrocities of the Second World War and the way personal data was used to persecute millions.
It is a part of a suite of protections that can trace their roots back to the European Convention of Human Rights – an attempt by policy and law makers to prevent a repeat of the ultimate example of one group acting in direct contrast to the golden rule.
And whilst this example is relatively recent, law has developed over hundreds of years in response to the dubious behaviour of individuals.
Now, it is not unusual to see comments that regulation places too high a burden on businesses and stifles innovation; that it is ‘red tape’ or box-ticking with no valid purpose, distracting from the important work of a business. And that can be a self-fulfilling prophecy.
As Henry Ford said, “Whether you think you can, or you think you can’t – you’re right.”. If you view something through a negative lens then that is how it will work out.
But remember, whatever law or rules the regulator is there to enforce works to the benefit of all, often a point of view not appreciated until you are on the other side of things, as a consumer, customer or member of staff who is protected by the law and the actions of the regulator.
Data protection legislation requires those processing personal data to do so with due regard to seven principles of good information handling.
Much like when designing a house, these are key elements you cannot do without and underpin the whole endeavour. The principles of lawfulness, fairness and transparency and purpose limitation are the frame of the house with every piece doing a specific job and only that job.
Data minimisation and accuracy is using only those materials that are necessary and paying attention to the plan. And storage limitation and integrity and confidentiality are the services and the security necessary for the house to be wind and water-tight.
Most importantly, this is all built on the foundation of accountability, and we all know the story of the man who built his house on sand and the mess he got himself into.
At risk of extending an already laboured metaphor, what you do with the house once you have it all put together is up to you. You can paint it the colour you want and hang whatever pictures you want on the wall.
You can make it your own and when you come to sell it, if someone else has different tastes then they can vote with their feet. In the same way, when processing information about people, once you have nailed down how you are complying with the principles how you work from there is for you to decide and you can add whatever flourishes you want.
Don’t forget, everyone else is having to start from the same place, and work with the same set of principles. Some will do that better than others and some will pay such cursory attention to them that they will not be in it for the long-term.
Either shoddy compliance will lead to complaints and enforcement action, or people will realise that the organisation is not processing on a firm foundation and take their business elsewhere.
We believe that the only way for organisations to have a long-term future is to embrace data protection and other forms of regulation, and use them to show you are better than others in your field. The so-called ‘red-tape’ can become a competitive advantage and business accelerator.
Regulation is not just something to think about as a business. Regulation gives you benefits as an individual. Competition regulation means prices are more reasonable. Anti-discrimination legislation means equity and gives opportunity to everyone. And data protection legislation gives you rights you can exercise to have a level of control over how your information is being used.
These rights include the right to know how your information will be used by an organisation, the right to access the information an organisation has about you and on which and the right to seek rectification of information you believe to be incomplete or inaccurate.
We know that requests from people exercising their rights can, in some circumstances, seem burdensome and resource intensive. But it is important to remember that the rights that may tax you as an organisation are those afforded to each and every one of us. Too many in other places do not have that assurance, nor could they criticise the bodies created to uphold the laws.
But we do understand that part of our role is to help organisations that want to do the right thing to understand what the right thing is. Our website has a plethora of guidance that seeks to expand on the Law itself and give examples of what good looks like.
Moreover, the joy of being a small jurisdiction is that we don’t need to be some faceless entity hundreds of miles away, removed from the realities of the community. We are part of that community and so want to make sure it is the best it can be.
If you have a gnarly data protection problem you are wrestling with, come to one of our fortnightly drop-ins where you can spend some time with one of our officers to talk through the solutions open to you.
By the time this is published, we will have held the first of a new series of breach workshops, designed to help organisations get a handle on breach management and breach prevention, helping you try to avert disaster and spilling you up to deal with one when it comes your way.
And for those that want to embrace both innovation and accountability, we have a regulatory sandbox that you are welcome to come and play in, to test your ideas and draw on your experience.
As mentioned at the start, all that, combined with the Bailiwick’s other unique characteristics, makes it a great place to live and work particularly at a time when democratic values are being challenged the world over.