The States of Jersey have taken a stance on Cyber Essentials and Data Sharing and Encryption.
In an effort to improve data security across the Island organisations are being encouraged to meet the Cyber Essentials. Indeed, it has been indicated that from 2019 it will be a requirement for any organisation doing business with of receiving funding from the States of Jersey.
Also, because of GDPR and the new Data Protection Law, and frankly because it is just common sense to keep personal data data private, safe and secure the States of Jersey have toughed up on Data Sharing and Encryption.
However, whilst it makes sense (and is a legal requirement) to have Data Sharing Agreements for the exchange of personal data between organisations it is clear that the first wave of Data Sharing Agreements coming from the States of Jersey are not very well written, have some significant implications and are poorly understood.
• There is ambiguity over whether these are joint-controller or controller-processor agreements
• There is uncertainty about risk, responsibility and indemnification
• There is little explanation or support on how to implement the conditions of the contract
It makes sense that some special category personal data is protected by encryption for the exchange of personal data between organisations and the States of Jersey. But is it not helpful when each of the 20+ States of Jersey are free to choose a different and costly encryption tool and there is no funding or support for organisations are now expected to go out and buy and use these tools.
If Charities are to be used either as an extension of public service, or a replacement for services that can no longer be provided by government it seems both logical and fair that government should extend its funding, infrastructure and expertise to help them.
If you would like help with Cyber Essentials, Data Sharing and Encryption or would like to support the idea of a common approach (for 520 charities to use the same tools, templates and techniques to save time, money and confusion) please get in contact.
ABOUT THE AUTHOR
Tim Rogers is a keen supporter of the Association of Jersey Charities and Jersey Community Partnership. He has provided presentations, workshops, free advice and guidance amounting to £20,000 to various charities and runs a FREE GDPR Question and Answer service to local Jersey Charities Jersey https://gdprjersey.blogspot.com/ You can contact TimHJRogers@gmail.com
Privacy
Blogger is a standard application provided by Google. Tim Rogers does not capture any personal data from the site, unless of course you choose to leave you personal details in a comment. However Google does track data: it is for example how we know if this page has been read by 10 people or 10,000 people.
No comments:
Post a Comment