Privacy may be booming, but the newspaper biz remains on the decline. So, when the U.K.’s Guardian News and Media asked for 250 employees to volunteer as “redundancies,” Head of Data Protection Tim Gough raised his hand.
This led, he reports, to a lovely summer backpacking around Indonesia, but now he’s back to business with a new consulting firm, Privacy Arts, focused on helping old and new media, along with arts organizations and other nonprofits, to figure out their sticky data protection issues.
“It’s a very different environment to practice privacy,” Gough said of media and the arts. “Maybe you could say that many don’t have a compliance culture.” Previous to the Guardian, Gough was with RBC and wrote Data Protection for Financial Services Firms: A Practical Guide to Managing Data Protection and Information Risk, so he’s seen both sides.
In financial services, “if you want to talk carrot and stick, that’s where the stick can really be deployed.” However, “I think it’s more fun to work in the unregulated industries,” he said. “To get something that works, you have to find a bit of a backdoor, a slightly different way to get to the point where you’re effectively managing all your risks.”
Of course, creativity is baked into what media and arts organizations do. “There’s new products being created all the time,” said Gough. “They don’t hang around. … With the rate of movement being so rapid, you have to try to get in there somehow and try to bring a sense of order to it.”
Which isn’t to say media and the arts don’t care about privacy. “Once you get in with them,” said Gough, “the data scientists and engineers are some of your best friends. They get it. And they like exploring intricacies of data protection. They ask the most challenging questions once you’re in with them. You feel as though you’re pushing boundaries, and you’re working in different cultures, and you can’t just walk around the building like a policeman. You have to find a way to manage it without alienating people.”
“That’s a finely balanced role.”
“What a lot of people need is an extra pair of hands.” —Tim Gough, Privacy Arts
Some media companies are way out ahead, including many of those who participated in the Media Data Protection Forum that Gough hosted while at the Guardian. Others may have a bit more work to do. But in the lead up to GDPR implementation, “what a lot of people need is an extra pair of hands,” Gough said. The need is less focused on legal interpretation and more on “finding a way to put data protection law into practice.”
As many privacy professionals have experienced, Gough encounters plenty of organizations that have a lovely compliance framework written up, but have yet to figure out the details of making it work. “I suppose the artistry we’re trying to bring,” Gough said, “is helping organizations figure out how it actually contributes to a reduction in data protection risk and getting them to the point where they’re doing what they’re supposed to be doing: Treating data with respect and keeping it secure.”
And that means, “there’s plentiful work,” Gough said. Which makes getting started easier, along with “the offers of assistance, and other independent consultants getting in touch,” he said. “It’s just been amazing. Everyone is just inundated, and it’s a wonderful time to be out there, and the privacy community has just been wonderful.”
If you want to comment on this post, you need to login.