August 9, 2018 at 11:06 am
For me, reading the docs and having an understanding is good, if only because we're human. A lawyer might explain to me that we need to handle data correctly for all people and orgnanizations, perhaps unaware that GDPR applies to humans only, or just making a mistake in the explanation. If I've read the law, I can ask a question and we can then decide.
It's redundancy and a check that helps me be sure I know what I'm being asked to do and if it makes sense.
August 9, 2018 at 11:18 am
There must be some valid need that overrides the public knowledge rights.
That's quite a wrinkle. Who decides that? I can't imagine what valid need an individual might have that could kick this in. The best I could do is that I just want to be forgotten. Doubt that would fly.
August 9, 2018 at 11:40 am
RonKyle - Thursday, August 9, 2018 11:18 AMThat's quite a wrinkle. Who decides that? I can't imagine what valid need an individual might have that could kick this in. The best I could do is that I just want to be forgotten. Doubt that would fly.
The courts decide this. There is arbitration.
The people that have gotten this enforced have been people who had some issue, usually legal, that was reported. They have sued to get Google and search engines to remove the reporting from indexes, as this can be prejudicial against them. Often there is some mitigating circumstance as they've completed some program, treatment, or rehabilitation. This doesn't remove the conviction, arrest, report, etc from government, nor do I think it removes it from media archives (could be wrong here), but it limits the exposure from a search perspective as this coming up quickly.
A background check with government would still return the information.
There's a reasonable argument here, though in limited circumstances.
As for "right to be forgotten " from business. If I close my Amazon account, I think it's entirely reasonable for my data to be deleted now if it's not relevant for tax purposes, and certainly reasonable to have it all removed (or delinked from me) in seven years when statutes of limitation expire.
August 9, 2018 at 12:03 pm
jasona.work - Monday, August 6, 2018 11:04 AMMattF - Monday, August 6, 2018 8:50 AMI would have thought reading these legal documents should be the role of management, or a compliance dept if you have one. If they then implement the adoption of standards and procedures within their company, then there's no double-handling. I don't think you need to read the statutes to have a sufficient understanding of the law's intent. Management or compliance could provide a summary, or answer questions if needed.Actually, I could see a very good reason to at least look over the portions of the relevant laws, rather than just waiting on management / compliance dept to say "here's what you need to do."
What if they're wrong, or not reading the regulations correctly, or just flat out BS'ing to make things easier for them?
When a data breach in such instances happens, do you really think said manager would step in front of the bus? No, they'd stand behind you and push hard. "*I* didn't tell him to do it that way, that wouldn't be in compliance!" By the time such a thing works it's way through the courts, even if you had a paper trail proving the manager *did* tell you to do it that way, you've already gone broke and have been living out of your car for the last 6 months...Yes, it can still happen if you took the time to read the regulations, figured out what you *should* be doing, discussed it with your manager, still been told to do it the "wrong" way, but I'd suspect you'd have a much stronger leg to stand on when the lawyers come knocking...
(And yes, I suspect a boss I had in the past may have gone in the direction of "what's easiest" rather than "what's the *right* way" concerning one of laws Grant mentioned.)
The scenario above sounds like a company that you wouldn't want to work for anyway. If you can't trust your Compliance dept or management to that extent you should be looking for another job.
As long as you can demonstrate that you have followed company policy and procedures then the company is liable, not the individual. I doubt that reading (and properly understanding) legal documents that pertain to an organization as a whole, is in the job description for a DBA.
MattF
August 9, 2018 at 12:38 pm
MattF - Thursday, August 9, 2018 12:03 PMThe scenario above sounds like a company that you wouldn't want to work for anyway. If you can't trust your Compliance dept or management to that extent you should be looking for another job.
As long as you can demonstrate that you have followed company policy and procedures then the company is liable, not the individual. I doubt that reading (and properly understanding) legal documents that pertain to an organization as a whole, is in the job description for a DBA.
Well, at the time and company, I was still relatively newish, they weren't using SQL (at the time,) so I didn't really think about it.
But, looking back on it with a couple (several couple, to be honest) years of distance and experience and Grant's editorial, yeah, I think they might've been doing things a bit less than by the books for the laws in question. And, in all honesty, they may still be a bit less on the completely in accordance with side of things...
But, that is just my opinion / feeling and I've got nothing to back it up. I will say though, I wouldn't go back there to work, even as a consultant for more than I make now, because I really, really doubt they'd listen...
Viewing 5 posts - 16 through 19 (of 19 total)
You must be logged in to reply to this topic. Login to reply