Dr Katherine O’Keefe

Director of Education & Training

Katherine O'Keefe

About Katherine

Katherine is a San Diegan living in Ireland and lives on green tea. She holds a PhD in Anglo-Irish literature. She joined Castlebridge in 2013 after a career in tutoring and lecturing in University College Dublin and Dublin City University. Since then she has developed a reputation nationally and internationally as an expert in data privacy and information ethics. She works with clients in Ireland and elsewhere in sectors as diverse as public-sector and not-for-profit organisations.

As Director of Training with Castlebridge, Katherine oversees the development of our various data literacy and data education training products and services. This encompasses both in-person and distance learning delivery. In addition, Katherine works on identifying the training and development needs of our clients and building education partnerships with selected partner organisations. She also works hands-on with a range of Castlebridge clients on data protection, data ethics, and data governance assignments. She is the designated DPO for a number of clients through our ClouDPO service.

Katherine lectures on information ethics and data protection practice at the Law Society of Ireland Diploma Centre. She also teaches on Information Ethics in the Sutherland School of Law in UCD. Katherine served on the DAMA International Board for a term as the Director of Professional Development, during which time she oversaw the roll-out of the updated CDMP certification program.


Awards & Recognition

Blog Posts by Katherine

“Data Literacy” is a very current buzzword. It’s been identified as a strategic necessity for data driven organizations, and an essential competency for employees.  But, as usual with many popular words, it’s not always very clear what people mean when they talk about “literacy”. The definition is unclear.  Are we all talking about the same thing?  If Gartner describes it as the ability to “speak data” as if it’s a second language, what do they

We talk a lot in Castlebridge about how trust is essential. Understanding the value of data and communicating the benefits of the outcomes of your process or programme are very important to get people to buy in to your vision. Whether your vision is your data strategy, building Data Governance in your organization, or getting people to consent to you processing their personal data.  Today, it’s nice to be able to look at a success

Data Literacy is becoming a thing, and there is an increasing focus in a number of areas on the question of certification and accreditation of skills. As a consultancy and training company Castlebridge has been at the forefront of Data Protection and data management training for over a decade, and we are proud of our record. In addition to helping skills and expertise through public, tailored and bespoke training to meet our clients’ needs in

In the just over two years since GDPR has come into full effect, we’ve seen a significant rise in a particular kind of jobsworth blocking, where people and organizations with a clear lack of understanding of Data Protection law claim that the they can’t do their jobs because of GDPR. In a very large number of these claims, I end up ranting that “No, GDPR actually requires you to do the thing you are saying

I’m one of the 600,000 or over 1,000,000 people who is currently boiling the kettle to brush my teeth.  Wait . . . how many people?  That’s the question.  Is it approximately 12% or 20% of the of the population of Ireland that has been without clean water for the past couple days?  That’s a big difference in numbers.  Why the confusion?  This is an example of something I call the "Princess Bride Effect".


Yesterday the Irish Times had an interesting article on the Department for Children and Youth Affairs’ new National Childcare Scheme, which is likely to cause some trouble for the department. It turns out that the department has gone live with a system to apply for the National Childcare Scheme that only works with the Public Services Card (or more accurately, the “MyGovID” database that the PSC is a physical token for.)  If you have a

RTÉ Investigates’ exposé of, yet again, serious failings in our childcare system has this week prompted an ill-informed and frankly distracting discussion around the use of CCTV in Ireland’s creches. The suggestion of putting CCTV in creches to “solve” the serious failures in Tusla’s oversight of early childhood care is a bait and switch that distracts us from the real issues of regulation and enforcement. It’s the equivalent of pointing over our shoulders and yelling

I’ve been thinking a lot about balance lately.

The General Data Protection Regulation (GDPR) is human rights-based legislation and we constantly talk about balancing fundamental human rights or balancing the rights and freedoms of individuals with the interests of the data controller.  Data Protection Impact Assessments require balancing tests in the context of risks to rights and freedoms.  Relying on Legitimate Interests requires a “balancing test”.  But what do we mean when we talk about “balance”?

I was invited last Tuesday to a radio interview along with Mark Smyth of the Psychological Society of Ireland and Ivan Yates on Newstalk to talk about “The Momo Challenge” and how to protect your children from cyberbullying. Happily, I think it was a positive and constructive discussion. I figured I’d elaborate on my points a little here.

What is the “Momo Challenge“? It’s basically a recent iteration of games children play to scare themselves. Mark Smyth mentioned

Data Breaches happen all the time. It’s difficult to get a clear statistic on exactly how exactly how common they are (a recent survey suggests that over %50 of organizations have had a breach in the past year). Last year nearly 2,300 data breaches were reported to the Office of the Data Protection Commissioner. This is only reported breaches, of course. A good number of smaller breaches would not have required notifying the DPC, and

In our analysis of the information available on UK charity scandal the other day, one of the main points we focused on was the use of legitimate interests as a legal grounds for processing personal data. This condition for processing is currently being visited in trilogue discussion of Chapter II of the EU Data Protection Regulation.

As we noted yesterday, EU Council of Ministers draft of the Data Protection Regulation proposes expanding the potential scope for

The Register of Electors needs overhaul, but it’s not just a tech problem An article in the Irish Examiner yesterday reported that “The Government ‘Ignored Calls’ on Improving the Voter Register”. Seán McCárthaigh reports that the city and county management association have been warning the Government that “the practices used to maintain the register were outdated and in need of urgent improvements” for the past three years. McCárthaigh notes the following reforms have been proposed:

I'm currently ploughing through the 630 pages three-way comparison papers for the draft EU data protection Regulation as it stands currently, and I've spotted a problem in the definitions that raises some interesting questions.

Currently, the European Parliament's wording for "Special Categories of Data" (i.e. sensitive personal data) is:
1. The processing of personal data, revealing race or ethnic origin, political opinions, religion or philosophical beliefs, sexual orientation or gender identity, trade-union membership and activities, and the

(Or Why We should focus on principles-based training and governance instead of technical solutions.)

Once upon a time, someone gave me a strawberry slicer. “A what?” You ask?

Strawberry slicer: A hinged tool with blunt blades designed to cut small soft fruit into multiple pieces in one motion; the ultimate white elephant gift. As opposed to the multi-purpose tool with a single sharp blade that can be manipulated in a chopping motion to cut soft fruit into

I joined Castlebridge from a background in academic research and teaching in the Liberal Arts. Entering a completely different field has been an interesting challenge. I’ve been learning a lot on the job and some things have been strikingly familiar under the surface jargon, but diving in and learning at a practical level can give you very detailed knowledge on some things without providing the overall understanding of the shape and scope of the subject

A recent talk on Digital Rights and the regulation of data protection in a digital era given by Jan Philipp Albrecht inspired some consideration about how we consider these issues, particularly when it comes to questions of data mining and "big data".

New technology and technological capabilities often raise questions regarding the principles of their use. We call our era the "information age" and we are constantly aware of the exponential growth in computing power, information

A leading Irish newspaper markets itself with the tagline "The Story of Why". In many respects this highlights a similarity between plucky investigative journalism and dogged application of Quality Management principles. A classic quality management technique is the "5 Whys" method for Root Cause analysis - look at the symptom and then ask why 5 times (or more) until you drill down to the candidate root causes that need to be addressed. When, for example,