Electronic Privacy Regulations – a mandate for Quality Modelling and Governance
Last month I discussed the need for organisations to step back and think about information and its meaning and purpose in the context of direct marketing suppressions. On the 1st of July the Irish Government enacted its national legislation to give effect to the Electronic Privacy Directive. Unlike the UK there is no moratorium on enforcement. Rather the Irish DPC has opted to enforce but to examine each case on its merits as the application of the legislation rolls out.
One of the interesting sections in the legislation is the definition of Electronic Communications. It is interesting to me as a hybrid lawyer/data guy because of what it requires organisations to do.
The key defining characteristics of an “electronic message” are that it is
- sent over a public communications network (e.g. the Internet, a mobile phone network etc.) and
- is stored on the network or on the recipient’s terminal equipment (e.g. a computer, a mobile phone, a tablet device, or any other type of equipment which is in the normal possession of the recipient and is connected to a public communications network) until it is collected by the recipient.
The lawyer part of my hind brain has to admire the elegance of the future proofing in this definition. As a data modeller, I have to admire the subtle creation of a Type/Sub-Type concept at the conceptual level.
This diagram (pictured here, but click the link to embiggen) illustrates the “traditional” view of what an electronic communication might be. “Electronic Communication Channel” (or medium) is the Type of thing being described. The usual suspects of email, phone (including Voicemail), Fax, and SMS are reflected as Sub-types.
Each sub-type has different characteristics that distinguish it and which drive information quality dimensions that can be used to measure the quality of the data. An email address is alphanumeric with certain characters not permitted and would have a pattern like firstname.lastname@example.org. Any other pattern would lead to unusable. You can’t use a telephone number as the destination of an email. Likewise, a telephone number can’t contain alphabetical characters and only certain non-numeric characters would be acceptable in a telephone format (e.g. ‘+’ or ‘-‘ or ‘<space>’) .
Modelling purists might validly argue that FAX and SMS are in turn sub-types of Phone, derived from the additional attribute of “Use” (as in “this number is used as a fax line” or “we can use this number to send SMS messages”). But frankly, that’s a discussion I would rather have in front of a whiteboard with a client.
The common characteristic and attribute that connects all of these things as a common type of entity is that they are carried over a public telecommunications network and can result in messages being stored on equipment that an individual has that allows them to connect to that network.
This brings some future proofing into the model and requires organisations to think about how they might use services like Instant Messaging (where the message is stored on an account that the subscriber accesses using a device connected to a public communications network), Twitter, Skype, Google Plus, Facebook, and any of the various low cost communications tools that exist for wifi or 3G enabled phones (e.g. What’sApp, Viber). The diagram opposite (click here to embiggen) summarises the kind of logical model that might need to exist in the future to extend and scale to meet these needs.
This is particularly true given that each of these channels, while technically an “electronic mail” channel will have different attributes, among which will be the attributes that define how you record consent to market to individuals through these channels.
Is Twitter like email? Will you need to record an “opt-in” suppression before including @daraghobrien or @cbridgeinfo in your Twitter push marketing list? Or will it be sufficient to have a record of when a person started following you on Twitter so they could catch up with your news? Or will you need a combination of both to cater for those instances where someone isn’t following you but you get their Twitter username from a business card and include it on a marketing message?
Only by thinking about the attributes and nature of the entity you are seeking to manage can you hope to define appropriate rules, policies, procedures and guidelines for your organisation. Only by testing the logic can you prepare a position for scenarios as yet untested by the legislation or the Regulator.
We have an in-house methodology we call the “Yes No Gameshow” that makes brainstorming issues like this fun and engaging. Why not contact us to find out more about it.