I'm Not a Lawyer, But...

  • Comments posted to this topic are about the item I'm Not a Lawyer, But...

    "The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
    - Theodore Roosevelt

    Author of:
    SQL Server Execution Plans
    SQL Server Query Performance Tuning

  • Having had to read legal stuff from time to time, it's fine to read it.  I read SCOTUS decisions, but not as part of my job.  There are terms that I don't understand.  If the company's lawyers do not know about the law, they must also be hiding under a rock.  It is up to them to understand it, and then your job to translate the understanding into practical knowledge.  It can also be dangerous to practice law without a license....

  • Oh, I'm not practicing law or offering legal advice. It says right there in the editorial, first, legal and business, second, technical. However, meeting the technical needs of pretty much anything without a good understanding of where the request is coming from can lead to poor technical choices. That's why I do advocate that data professionals impacted by these laws, read, study, and understand where and how they apply. That's not to say that we are interpreting them or taking them under management for our organization without legal and business input. Both things can be done.

    "The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
    - Theodore Roosevelt

    Author of:
    SQL Server Execution Plans
    SQL Server Query Performance Tuning

  • at least it will let you know when to ask questions, and the lawyers can confer and give an official answer that jibes with the position they will/may have to take in court. That's usually appreciated by both the law team and management

    -------------------------------------------------------------------------------------------------------------------------------------
    Please follow Best Practices For Posting On Forums to receive quicker and higher quality responses

  • Oh, I'm not practicing law or offering legal advice.

    Didn't think you were.  I was talking about DBAs reading the law and then deciding what was appropriate.  Reading "Legalese" requires specialized training. 

  • I would have thought reading these legal documents should be the role of management, or a compliance dept if you have one. If they then implement the adoption of standards and procedures within their company, then there's no double-handling. I don't think you need to read the statutes to have a sufficient understanding of the law's intent. Management or compliance could provide a summary, or answer questions if needed.

    MattF

  • In my current role i deal with Data in one way or another, day in, day out and I think its important  to have a good understanding of the laws that we need to abide by. I take an interest not for me to interpret /  make my own my mind up but, for me to have the knowledge to ask the right questions . I have a keen interest in GDPR and I know from speaking with many people there are many companies out there that still feel this does not apply to them, which is all well and good until you have a data breach and the fines come in.

    Food for thought and good article Grant

    ***The first step is always the hardest *******

  • SGT_squeequal - Monday, August 6, 2018 9:21 AM

    In my current role i deal with Data in one way or another, day in, day out and I think its important  to have a good understanding of the laws that we need to abide by. I take an interest not for me to interpret /  make my own my mind up but, for me to have the knowledge to ask the right questions . I have a keen interest in GDPR and I know from speaking with many people there are many companies out there that still feel this does not apply to them, which is all well and good until you have a data breach and the fines come in.

    Food for thought and good article Grant

    Cheers!

    "The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
    - Theodore Roosevelt

    Author of:
    SQL Server Execution Plans
    SQL Server Query Performance Tuning

  • Can someone submit a "right to be forgotten" request to the government?

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • MattF - Monday, August 6, 2018 8:50 AM

    I would have thought reading these legal documents should be the role of management, or a compliance dept if you have one. If they then implement the adoption of standards and procedures within their company, then there's no double-handling. I don't think you need to read the statutes to have a sufficient understanding of the law's intent. Management or compliance could provide a summary, or answer questions if needed.

    Actually, I could see a very good reason to at least look over the portions of the relevant laws, rather than just waiting on management / compliance dept to say "here's what you need to do."
    What if they're wrong, or not reading the regulations correctly, or just flat out BS'ing to make things easier for them?
    When a data breach in such instances happens, do you really think said manager would step in front of the bus?  No, they'd stand behind you and push hard.  "*I* didn't tell him to do it that way, that wouldn't be in compliance!"  By the time such a thing works it's way through the courts, even if you had a paper trail proving the manager *did* tell you to do it that way, you've already gone broke and have been living out of your car for the last 6 months...

    Yes, it can still happen if you took the time to read the regulations, figured out what you *should* be doing, discussed it with your manager, still been told to do it the "wrong" way, but I'd suspect you'd have a much stronger leg to stand on when the lawyers come knocking...

    (And yes, I suspect a boss I had in the past may have gone in the direction of "what's easiest" rather than "what's the *right* way" concerning one of laws Grant mentioned.)

  • Eric M Russell - Monday, August 6, 2018 10:09 AM

    Can someone submit a "right to be forgotten" request to the government?

    Not a lawyer...

    But no. Based on everything I've read, legal, let alone governmental, requirements trump the right to be forgotten. If you have deeded property, your name will be on the history forever, that sort of thing.

    "The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
    - Theodore Roosevelt

    Author of:
    SQL Server Execution Plans
    SQL Server Query Performance Tuning

  • MattF - Monday, August 6, 2018 8:50 AM

    I would have thought reading these legal documents should be the role of management, or a compliance dept if you have one. If they then implement the adoption of standards and procedures within their company, then there's no double-handling. I don't think you need to read the statutes to have a sufficient understanding of the law's intent. Management or compliance could provide a summary, or answer questions if needed.

    Same thing goes for business processes for me. I can get my summary from Bill Lumberg and then try to implement it, sure. I just prefer to get a more direct understanding if I can. It's saved me several times.

    "The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
    - Theodore Roosevelt

    Author of:
    SQL Server Execution Plans
    SQL Server Query Performance Tuning

  • I just prefer to get a more direct understanding if I can. It's saved me several times.

    Me too. I would just call it due diligence. Or CYA, if you prefer.

    MarkD

  • MattF - Monday, August 6, 2018 8:50 AM

    I would have thought reading these legal documents should be the role of management, or a compliance dept if you have one. If they then implement the adoption of standards and procedures within their company, then there's no double-handling. I don't think you need to read the statutes to have a sufficient understanding of the law's intent. Management or compliance could provide a summary, or answer questions if needed.

    I'd agree they should, but many of them might not understand the implications in technology or applications. We, as the people doing that work, should also understand and discuss the implications of doing x or y. We need a common understanding of language and law to work together.

    We don't decide, but we help those that do understand the implications and provide guidance.

  • Eric M Russell - Monday, August 6, 2018 10:09 AM

    Can someone submit a "right to be forgotten" request to the government?

    Sure. No idea if they'll honor it.

    The right to be forgotten has some requirements. You can't just decide Amazon needs to delete your data or Google removes you from searches. There must be some valid need that overrides the public knowledge rights.

Viewing 15 posts - 1 through 15 (of 19 total)

You must be logged in to reply to this topic. Login to reply