Data protection is actually pretty easy. True, there are all the legal niceties, and for some courses students have to learn all the principles in the sort of detail that nobody except a lawyer can remember. (A pretty pointless exercise too, given that you can always look them up.) Even so, in my experience students find it easier to learn stuff if they understand the underlying principles. Here are what I believe the underlying principles of data protection to be:
- Don’t collect people’s data unless you have permission.
- Don’t pass their details on to others, unless you have permission.
- Don’t misuse the data, eg by using for a different reason that they let you have it in the first place.
- Look after the data, for example don’t leave a laptop containing their personal details in the back of an unlocked car.
Anyone can understand these principles by thinking about a micro-level example. Let’s suppose you and I meet at a conference, and you ask me if I know of any good websites for teaching Business Studies. I say, “sure, let me have your email address, and I’ll send you some links when I get back!”
So you do and I do. But then the next thing you know, I’ve sent you an email telling you about my book, Go On, Bore ‘Em: How to make your ICT lessons excruciatingly dull. It’s a great book, by the way, and you’d probably thank me for bringing it to your attention, but that’s not the point.
Then next week I copy you in on an email to someone you’ve never heard of, telling them that you teach Business Studies too, and suggesting they call you on the phone number I’ve so helpfully provided, taken from your business card. For all you know, I could have just passed on your contact details to the local axe murderer.
As if all that wasn’t enough, I decide to store your contact details, along with those of all the other people I know, in the “cloud”. But rather than fork out the money for a proper, secure, online solution, I bung them all up on my website on an openly-accessible page which is linked to from my home page with the words “My contacts”.
I think if I were to do any one of these things, you’d think I was at best untrustworthy, and possibly even unhinged. Yet I constantly come across abuses of data protection principles. For example, I receive emails in which the CC field is replete with the email addresses of people I’ve never heard of, and I also receive requests asking if I could pass on details of people I think might like a particular product. Well yes, I could – but I won’t. And if I even considered it, I’d ask the person’s permission first.
So what is so difficult about data protection? Isn’t it all (a) just common sense and (b) simply a matter of ethical and decent behaviour?