We’re sitting on the cusp of a vast data-driven age that some have even started to refer to as the fourth industrial revolution.
The theory goes that if steam powered the first, electricity, mass production and the division of labour the second and computing the third then the fourth epoch of technological progress will be driven by what we can store
Indeed, we can already see how this is beginning to shape our lives. Drones, artificial intelligence, 3D printing and ‘the internet of things’ are already starting to impact on our day-to-day lives. Much of this is powered by information sharing and while the sharing of information helped power our last great technological jumps, the next few years will be defined by it.
It is perhaps with great foresight that the Data Protection Act 1998 came into being. In an increasingly interconnected world it sought to strike a balance between innovation-feeding and the right of the individual to enjoy privacy.
Increasingly the place of Data Protection has entered the national consciousness. In September of this year the Information Commissioner, Elizabeth Denham, gave a speech in which she argued that data protection laws did not hamper the success of anyone. Success, she said, increasingly sits hand in hand with respecting the individual’s right to privacy and with it, the law.
In hard terms the consequences of violating data protection laws can be severe. The biggest fine on the table is £500,000. Prison sentences are also a possibility. This year alone the ICO has levied fines totalling £911,000 and you don’t have to Google very hard to find recent examples of charities that have incurred financial penalties as a result of contravening regulations. And if that wasn’t enough to be worried about, the European General Data Protection Act, enforced (most likely through a need to demonstrate equivalence) from May 2018 can impose fines of between 2 and 5 percent of global revenue.
But what Denham was referring to was not the potential for fines to limit success in monetary terms but rather the impact that disregarding people’s privacy or not treating their personal information in a proper fashion would have on business.
“It’s not privacy or innovation – it’s privacy and innovation. The personal information economy can be a win win situation for everyone. Get it right, and consumers and business benefits. Firstly you need to make sure you’re following the law as it stands – which is a blueprint for responsible data practices. You also need to make sure you’re building something that is future proof to withstand the law of tomorrow. And most of all, you need to make sure that whatever direction you’re taking with people’s information; you’re taking those people with you.”
Playing fast and loose with data is not only illegal, but it is a way of destroying your organisation’s credibility and that of the sector you operate in. The public’s trust of charities remains high in Northern Ireland but as Chief Commissioner Tom McGrath has said “that trust is always conditional. Keeping people’s data safe and using it only in a way that is permitted by law helps to maintain and enhance that trust.”
As the potential for data to drive greater revenue by charities increases, so must vigilance. It’s never been more important for trustees to know their Data Protection obligations.
The Charity Commission for Northern Ireland has produced guidance on Data Protection for charities. You can download it on our website.