Many people seem that believe that a personal data can be anonymised by just writing over the identifier with asterixis. This is incorrect and exposes both the business or institution as well as the data subjects to major privacy risks. Useful Definitions Firstly it is worth considering two terms pseudonymisation & anonymisation again. The difference […]
Many of our clients with CCTV cameras receive requests from An Garda Siochaná, the PSNI or some other Statutory Authority (SAs as they are commonly referred to) for CCTV footage. The familiar problem here is the client is trapped between the rights of the individual(s) on the footage on one side and rights of the […]
A sensible and well-designed and CCTV system is a powerful tool for deterring criminals and tackling security issues. On the other hand, badly designed systems, cause legal and PR problems while generating a false sense of security. In our experience, privacy and security are not mutually exclusive. We find a pragmatic approach based on the […]
Since the coming into force of the EU’s GDPR you will have noticed many GDPR privacy statements. This is driven by the GDPR’s focus on transparency which is intrinsically linked to fairness and the principle of accountability. This is enumerated clearly in Article 5.2 where the onus is placed on the controller to demonstrate that personal data is […]
Organisations normally have very laudable goals about customer centricity in their annual reports and strategic documents. A strong management system would always involve some sanity checking of what actually happens on the ground to implement the strategy. This would include some kind of mystery shopping as well as customer and staff surveys, to measure and track what level of […]
Successfully completing an ISO 27001 certification places great demands on an organisation. The announcement of success is normally treated as the end of a difficult journey, and can be a time when attention turns to other pressing matters. However the real job, the real value generating part of ISO 27001 now starts. This is where the organisation reaps the rewards of a well […]
Having an ISO 27001 system in place mandates a set of documents. These documents may be the most visible manifestation of a system and certainly the starting point for any ISO 27001 auditor. Naturally before starting to draft documents the organisation will have performed a planning phase and a risk assessment. Annex A contains an excellent starting point but […]