It’s always the small stuff!
There’s been a big jump in traffic on my personal blog today after I published a post about the importance of setting the “tone at the top” in any effort to either influence Data Quality improvements or ensure appropriate levels of Personal Data Protection.
Those of us who have slogged at the coal face of countless information management projects and seen (for example) 84% of Data Migrations fail (burning money as they went) are all to aware of the fact that it is the people aspect and the need to plan your information strategy when embarking on a new venture or initiative that often is at the root of the mother of all f*ckups.
- Failure to perform due diligence to ensure regulatory compliance results in loss of data, brand damage, and regulatory penalties
- Failure to ensure proper controls and governance (the paper work is important) resulting in uncontrolled exposure to risk of noncompliance or litigation.
In their rush to be the first (or second) with the latest web campaigning toys in Ireland, Fine Gael have made the same mistakes that many SMEs (and larger businesses) have made with their race to the Cloud. Compliance and due diligence activities are boring, they require you to have a clear plan of what you intend to do. They mean you have to put effort into being transparent and ensuring trust.
But if you are a politician it is all about trust. How can political leaders expect to change a culture of light touch regulation and soft-touch compliance if they willingly and blindly flout a key piece of our Regulatory and governance frameworks?
The Fine Gael story has tied together in one bundle the subject matter of a number of the posts and tutorials I’ve published for Castlebridge Associates.
- Doing it by Design
- Obscured by Clouds (blog post and tutorial)
- Directors Liability, Perspective and joining the dots
- Small Print, Big headache
Coming on the heels of the recent GAA Data Protection breach that originated in Northern Ireland but affected all 500,000 GAA members, which involved a “cloud” solution provider, one would have thought that someone somewhere might have suggested some due diligence be done.