For me, having the opportunity to talk to you today as the UK’s new Information Commissioner takes me back to thinking about my roots. Trained as an archivist, my journey to Information Commissioner began as a records manager in the health sector in Calgary, Alberta, many moons ago, when a new FOI and privacy law meant every organisation had to have a data protection officer – sound familiar? Very soon my first information job was not that much about records management. Instead I was writing policies and training staff on privacy, and trying to convince clinicians and hospital administrators raised on a culture of confidentiality that public access to records (under certain circumstances) was important.
That was a huge attitude change for the health authority, and I am sure all organisations went through a similar (may I say “cultural” change.)
Twenty years later, and 4,000 miles around the globe, I’m tasked with helping the next generation of data protection officers face similar challenges. Responding to a new law – the forthcoming GDPR, assisting in updating your training and assisting and evolving the attitude that your organisations take to data protection.
I understand your reality, and my office will be here to help you through this important change.
As Information Commissioner, along with my capable staff, I have been trying to get the message out of positive change in respecting information rights.
I was interviewed by the BBC about Freedom of Information, and I expressed suggestions on how it could work even better: tighter monitoring of public authorities, extension of the law to cover private companies who are providing services on behalf of public bodies.
I presented my views on WhatsApp and Facebook: specifically the importance of consumers being given proper information and protection around their personal data, my concerns about what happens to people’s information when companies merge or are acquired.
I and my staff presented to the committee reviewing the Digital Economy Bill. I outlined the checks and balances we want to see around data sharing, and the importance of inspiring confidence in e-government.
There’s been work behind the scenes too. Earlier this month I spoke with Dame Fiona Caldicott. Her office plays an important role, and we need to work closely together on issues like data sharing and consent in the health sector. And I am in contact with senior officials urging that the role of the Law Enforcement Directive is confirmed as a priority.
Whatever you’ve seen, I hope you’ll have felt my passion for access rights and privacy issues. This is what I do. I’ve worked as a regulator in this field for more than twelve years. My focus has always been on making sure the regulator is relevant, and making sure our work made a difference to the public.
Each of us in the information rights field, on a daily basis, tries to make a difference to the public. Collectively, we do a good job: I think people have never been more aware of their rights, of what they can expect of the businesses and organisations they trust with their data. But there’s no time to stand still. I believe there is much more to do, and we need to respond to a fast changing world.
You know, when we speak about social media, apps and the digital economy, it’s easy to forget the world that the UK’s current Data Protection Act was forged in. No Google. No Facebook. Clunky desktop computers with less processing power than we all have now in our pockets and purses.
I was honoured to give my views to a group of digital entrepreneurs in September. I wanted to make the point that I do not believe data protection law stands in the way of technological progress.
The theme of my speech was privacy and innovation, not privacy or innovation.
But that’s a theme that is already second nature to most of you.