Some very interesting and positive messages came out of this week's Future of Data Protection Forum. Interestingly the forum didn't just focus on the draft European Regulation: partly because the final state of that is still unclear, but also because there was general agreement that reputable organisations shouldn't aim merely to comply with data protection law.
Over past months there has been various speculation that the Investigatory Powers Bill would try to ban the use of strong encryption. Now the proposed text has been published, it doesn't seem to go quite that far. It won't be illegal either to use strong encryption or to provide it.
The Government has today published its draft Investigatory Powers Bill. There are 299 pages in the legislation alone, so for now I've been looking at the parts most likely to affect Janet and its customers. So far I’ve looked at a bit less than half of the Bill: further implications, if any, will be the subject of future posts.
The Information Commissioner's Office has published a new article on how they are responding to the European Court's Safe Harbor judgment. The overall message is that data controllers should take stock and not panic. While noting that the judgment does remove some of the former legal certainty, the ICO is "certainly not rushing to use our enforcement powers".
The European Court's declaration today that the European Commission's fifteen year old decision on the US Safe Harbor scheme is no longer reliable is another recognition that Data Protection requires continuing assessment, rather than one-off decisions. European regulators have been recommending for years that neither data controllers nor companies to which they export data should rely on Safe Harbor certification alone. The U.K.
The new European Data Protection Regulation is relevant to many areas of our work. Yesterday I had the opportunity to look at its likely effect on information security at a Jisc Special Interest Group meeting.