Managing personal data – are you certain you comply with global legislation?

I’ve just returned from a short vacation in Philadelphia. The American approach to television news, especially in the morning shows, is a great way to wake up with a smile on your face. However this week all the main networks and newspapers covered in some depth the European Court of Justice decision on the requirement of Google to remove, on request, personal information which is incorrect or may in some way infringe the rights of an individual. This judgement is counter to the view taken by the Advocate General of the European Court. The ruling was specific to Google because of the nature of the case being decided but the other search vendors will need to take account of the judgement. Apart from the data privacy issues there is also the issue about whether Google (and similar search sites) is responsible for the content it indexes and makes available.

By coincidence this morning I received the 2014 Global Privacy Handbook from the law firm Baker & McKenzie, which now runs to over 600 pages. Data privacy is now very much centre stage with the rapid move to cloud solutions in a post-Snowden era. Recently I have heard a number of  intranet managers talk about how they are making significant strides in searching for expertise across the organisation by supplementing the “My Profile” approach with a search application that looks not only for references to expertise in reports and blogs (for example) but then uses graph networks to link people together. In principle this should be of considerable benefit to the organisation but there is often at best an off-hand comment about “keeping everything legal” and at worst a total lack of understanding of the implications of digging deep into the lives and experience of employees around the world.

I’ve said this before and I’m saying it again now; you need to be absolutely sure of the legal implications of data privacy legislation in every country that has access to your intranet even if your organisation has no legal entity in the country. I’ve been tracking developments in data privacy since the early 1980s and perhaps the only thing I can be sure about is that you will need documented expert legal advice record that sets out what information can be stored and circulated. Over the next few years the European Union is going to reform the 1998 legislation, but the process as always involves individual Member States writing it into their own statute books so for some years ahead the EU in particular is going to be a patchwork of old and new legislation at a Member State level. There is a good collection of European Commission resources on the EC Justice site.

You may wish to download a recent presentation developed by Baker & McKenzie about global compliance issues, including data privacy (slides 78-82), and take an informed view of the implications for not only the intranet but all social media applications and emails.

Martin White