The number of people employed in the UK economy is roughly 24.5 million. Self-employment accounts for another 3.5 million.
Of this number, over 10 million of us are office workers. UK National Statistics say that we work in over 200 million square metres of office space representing a capital investment of more than £120 billion.
So, roughly a third of us sit at desks and computers in premises where others also work.
More than half of the UK’s white-collar employees – equivalent to 8.7million people – work in a culture where coming in early, staying late and battling on when ill is expected, according to research.
It would be wonderful to report that we all do so happily, but, sadly, we are not all happy all of the time. Inevitably, there are occasions when we tend to annoy each other.
The list of ways we irritate each other is very long indeed and equates to the reasons why we like or dislike people in any other spheres of life. It’s sometimes connected to our senses. We may dislike something about the way a work colleague looks or sounds.
Or, even more likely, the dischord might relate to their behaviour; in the course of a seven-or-eight hour working day some aspects of their conduct may strike a colleague as rude, inconsiderate, insensitive, offensive, threatening, intrusive, deceptive, vulgar, moody….the list goes on.
The great majority of white collar workers are sufficiently mature to let these foibles go but more deep-seated habits can have more serious business implications.
The paperless office
The corporate guru, Gerry Robinson, was an advocate of the policy of never letting a piece of paper touch your desk twice; in essence, a way of striving to get things done as they arise, rather than putting them off until later.
As we all know, it’s not an entirely practical idea. It would need to be transcribed as ‘never open an e-mail or text message twice’, these days, an even less practical thought. The underlying principle of getting things dealt with or securely filed instead of burying your desk under a pile of paper is a practical solution.
Leaving confidential information in places accessible to, say, a visitor, outsourced staff or service operatives, is no longer an acceptable option in the days of Data Protection laws and identity fraud.
With so much business information held in electronic form and increased awareness of environmental concerns, the concept of the paperless office seems more attractive but old habits die hard.
Many administrative and clerical workers still rely on the reassuring permanence of the printed word. There are others who correlate a desk piled with charts, printed e-mails, correspondence and other ‘paperwork’ with the appearance of being productive and hard-working.
Phrases like, ‘I’m snowed under’ and ‘I’m buried under a pile of work’, are evidence to support the contention that a cluttered desk overflowing with paper, can mask a number of unwelcome situations.
The employee in question may, in fact;
Simply be thoroughly disorganised.
They may be overworked and unable to cope.
Not everyone has the ability to manage their affairs or workload systematically.
What they are almost certainly doing is leaving confidential business information in a place where it could be accessed by those with less than honest motives.
Data security
The days of private sector organisations being able to brush data protection breaches under the carpet are over.
A new version of the European Commission’s Data Protection Directive was published in mid-November; a sort of updated version of the Data Protection Act for safeguarding all kinds of personal data.
These rules initially applied only to government departments, , although in May 2011 mandatory data breach-disclosure was extended to include telecoms companies and Internet service providers.
The main effect of these changes will be that all businesses, public bodies, charities and other organisations will be compelled to ‘wash their dirty linen in public’ as happens currently in the US.
The measures will include new instructions on data processing, whereby every sector will be included in mandatory beach-disclosure rules.
EU Data Protection Directive
For the technically minded; the EU Data Protection Directive (also known as Directive 95/46/EC) is a directive adopted by the European Union designed to protect the privacy and protection of all personal data collected for or about citizens of the EU.
Directive 95/46/EC encompasses all key elements from article 8 of the European Convention on Human Rights, which states its intention to respect the rights of privacy in personal and family life, as well as in the home and in personal correspondence.
There are seven broad principles within the Data Protection Directive. These include:
- Security
- Purpose
- Disclosure
- Notice
- Accountability
- Consent
- Access.
Once the Directive comes into force any entity which holds personal data for some set purpose or reason becomes legally liable for the consequences of it being misused. Data is categorised as ‘personal’ when it allows a connection to be made between the data and the named person to whom it refers.
A long list includes a variety of examples such as phone numbers, credit card details, home address, dates of birth, bank account details and many other items. All this and more; in particular, to the reference of a distinguishable identification number (such as a national insurance number, driving license number, passport or job number) or to other factors – specifically relating to his or her physical characteristics (i.e. eye colour, height, tattoos, scars, etc) physiological, intellectual, financial, artistic or societal individuality (being a minister of religion, perhaps).
The new Directive will go through a process of consultation over the next 12 months but is expected to be adopted and in force in the UK by early 2013. All sectors will be required to report breaches to the Information Commissioner’s Office. It stipulates that seriously affected individuals are also to be informed.
Re-think
From an operational perspective, this will present a major task for many organisations. There will be a need to a shift in management approach and training, reflected in the re-engineering of mechanisms to detect breaches and report them to responsible internal officers. It will then fall to these managers to inform the Information Commission and individuals who may have been significantly affected by the breach.
Processing is also broadly defined. It relates to any manual or automatic operation involving personal data, including its collection, recording, organisation, storage, modification, retrieval, use, transmission, dissemination or publication, and even blocking, erasure or destruction (Article 2b).
Many more organisations are going to be relying on the services of professional data destruction contractors.
Storm clouds?
Many data compilers have been concerned about third-party responsibility and safety for data in an information cloud. However, The Data Protection Directive includes a ‘binding safe processor rule’, whereby data owners will not be lia
ble for loss at the hands of a third party cloud provider.
ble for loss at the hands of a third party cloud provider.
Under the new rules, when the use of data is outsourced to a certified business, the provider will not be liable for subsequent breaches involving their data from this source. This will be a very positive step toward the adoption of internet cloud services by businesses.
These data protection rules apply when the responsible party (called the Controller in this EU directive) is established or operates within the EU and also when the controller uses equipment located inside the EU to process personal data from elsewhere. Controllers from outside the EU who process personal data inside the EU must nevertheless comply with this directive.
Notification
EU member states have supervisory authorities to monitor data protection levels in their state and to advise the government about related rules and regulations. It is their responsibility to initiate legal proceedings when data protection regulations are infringed. Controllers must notify their governing authority before commencing any processing of personal information, and such notification prescribes in detail what kinds of detailed notice is expected, namely:
- Name and address of the controller or representative
- Purpose(s) of the processing
- Descriptions of the categories of data subjects
- The data or categories of data to be collected
- Recipients to whom such data might be disclosed
- Any proposed transfers of data to third countries.
In short, the data protection screw is tightening and the scope is extending from three sectors to the whole of society.
Organisations of all sizes and complexions would be well advised to responsed now. The data police are coming to town – and they mean business.