The UK Information Commissioner has announced his support for mandatory data protection audits for local councils and the NHS.
When I read James Michener’s ‘The Source’, I was struck by the sad end when years of painstaking archaeology failed to uncover the artefact of great significance that started the events in a novel of significant page count. So is the bane of the auditor when the key discovery that will assure the right course of action is taken for the future, remains unknown or covered up.
This may cause deep joy in the adversarial relationship between a mandatory external check, but it is a cause for woe and thrice woe when it happens to an audit carried out by one who should be your internal colleague. Better you find and correct a problem waiting to happen than it's realised and discovered by your customers, supply chain, or fine-wielding regulator. In fact, better it is discovered at source (sic!) by the person involved directly in the work but fair dos…if you weren’t so pressured to deliver then you’d probably would not have overlooked the regulatory requirement in the first place. What the eye doesn’t see and all that. The earlier you root out the noncompliance, the cheaper it will be to fix. Think Crosby...we are talking maturity! So how do you get the rigour of the regulator with the privacy your own colleagues? The answer is well known to anyone who has at least dabbled in the international management standards where plan do check act shalt be the whole of the law. And the key part is the checking. Hope is nice, arrogance is deadly, but measure twice, cut once is another universal truth. Why shoot arrows into the air if you don't know where they will land?
So let’s get some structure in place from the regulator…through third-party audits…to internal audits. The lessons have been understood… http://www.bbc.co.uk/news/uk-politics-21335380. Now’s the time to make sure that the lessons have been learnt. So before things get the wrong sort of legal, may I commend you to my learned colleague Mr Roebuck. https://www.eradar.eu/business-solutions/audit-assessment/data-protection-audits/. The recommended good practice that has hit the news this week has been business as usual for E RADAR and its members. Opening the closet is a journey to compliance without the bones of past and present misdemeanours coming back to haunt you. Is that a lamppost I see to guide our way through the forest?
Archaeologists were seen as somewhat celebrities this week with the announcement on the discovery of King Richard III's remains in a Leicester car park.