Tuesday, 13 January 2015

Gun Fight at the ICO Corral



In the warm glow of contentment that follows any Arsenal victory, even over Stoke, I began this week in an unusually good mood. I am grumpy by nature. Victor Meldrew is my hero. But if Arsenal win 3-0 I come over all smiley for a while.

It never lasts long. I read the ICO’s advice on selecting an asset disposal partner, and on asset disposal in general, and laughed myself miserable. It’s a seven page document and I can summarise it in four words for you.




BE CAREFUL OR ELSE.

Helpful it is not. It mentions CESG, the ‘the UK government’s national technical authority for information assurance’ but does not exactly explain what it does. It suggests auditing a potential service provider, as in visiting them, and it suggests a business choose a partner who treats their data as well, if not better, than the owner.

To put it mildly, it is not very helpful at all.

It says you can either remarket or destroy your old stuff, it does not suggest why remarketing might be better, or indeed worse if you take the opposite view to me. 

It is an insipid document that neither overly informs or helps.

I have said it before and I will say it again, it is not enough to just give the big boys some parameters and expect everyone else to muck in. It’s like taking the guns off cowboys as they ride into town but letting the Indians keep their bows.

The ICO has an important job. Data security is important. But education and advice has to be a major part of the remit, not just punishment. They mention CESG but they do not say that using software approved by CESG removes all data, making hard drives safe to be remarketed, which should be done if possible because it makes the whole damn industry more sustainable.

SME’s need help. 51% of people in this country work for companies who employ 250 people or less, as good a measure as any of SME-ness. So only bloody half of us. Most businesses have a reasonable amount of IT assets but at SME level they will only dispose of a few a year, with the occasional major refresh. You are not going to physically audit your chosen asset disposal partner when you are getting rid of 3 PC’s, a laptop and an old server. Chris Graham might argue that you should, but I can tell him for free that he is living in cloud cuckoo land.

So, with this total lack of meaningful advice, business owners blunder into Arthur Daley land and try to tell the good guys from the chancers. And even the big boys sometimes fall for it because there is no meaningful advice. I know they shouldn’t but they do.

Of course, service providers like us try to give advice and many people listen. Our data security systems are robust, accredited by the only meaningful third party out there (ADISA) and we use CESG approved software. We would be happy to give anyone the grand tour. Our pricing is transparent, our approach reasonable and honest. But we come up against the free merchants and we have nothing in writing from the authorities to support our case.

Wyatt Earp, come on down, we need you.

No comments:

Post a Comment