Data Breach

Re-Identification of anonymised data sets

Posted on

Many people seem that believe that a personal data can be anonymised by just writing over the identifier with asterixis. This is incorrect and exposes both the business or institution as well as the data subjects to major privacy risks. Useful Definitions Firstly it is worth considering two terms pseudonymisation & anonymisation again. The difference […]

Compliance

CCTV and Data Privacy: What’s the story?

Posted on

A sensible and well-designed and CCTV system is a powerful tool for deterring criminals and tackling security issues. On the other hand, badly designed systems, cause legal and PR problems while generating a false sense of security. In our experience, privacy and security are not mutually exclusive. We find a pragmatic approach based on the […]

Documentation

What do you need in a GDPR privacy statement?

Posted on

Since the coming into force of the EU’s GDPR you will have noticed many GDPR privacy statements.  This is driven by the GDPR’s focus on transparency which is intrinsically linked to fairness and the principle of accountability. This is enumerated clearly in Article 5.2 where the onus is placed on the controller to demonstrate that personal data is […]

Documentation

A quick and simple Customer Experience maturity questionnaire

Posted on

Organisations normally have very laudable goals about customer centricity in their annual reports and strategic documents.  A strong management system would always involve some sanity checking of what actually happens on the ground to implement the strategy.  This would include some kind of mystery shopping as well as customer and staff surveys, to measure and track what level of […]

Documentation

Maintenance and operation of an ISO 27001 ISMS

Posted on

Successfully completing an ISO 27001 certification places great demands on an organisation.  The announcement of success is normally treated as the end of a difficult journey, and can be a time when attention turns to other pressing matters.  However the real job, the real value generating part of ISO 27001 now starts.  This is where the organisation reaps the rewards of a well […]

Documentation

ISO 27001 documentation

Posted on

Having an ISO 27001 system in place mandates a set of documents.  These documents may be the most visible manifestation of a system and certainly the starting point for any ISO 27001 auditor. Naturally before starting to draft documents the organisation will have performed a planning phase and a risk assessment.  Annex A contains an excellent starting point but […]