Tuesday, 31 January 2017

ICO: Data Security Includes Transport of Records to New Jobs

We typically think of data security as pertaining only to online data that might be accessed through hacked networks. But it turns out there's more to it, as evidenced by the recent prosecution of a woman who was charged with e-mailing herself contact information on more than 100 clients as she moved to another job.

According to ICO Head of Enforcement Steve Eckersley, it is against the law to take "personal information when you change jobs for your own benefit or [the] benefit of the [new] company." This includes contact information that would enable a worker to stay in touch with clients.

The ICO reports that Rebecca Gray pleaded guilty on 18 January (2017) to a violation of section 55 of the Data Protection Act. Her penalty included a £200 fine, £214 in prosecution costs, and a £30 victim surcharge. She maintained that her intent was never to cause harm, but Ms Gray still lost her job as a result of her actions.

Why This Is an Offence

The Data Protection Act of 1998 is very specific about what kinds of data must be protected by employers and others. While it may seem a bit severe that Ms Gray was prosecuted for her decision to keep the customer contact information, there is a very good reason why her actions constitute an offence under the law.

Contact information consisting of just a name and physical address is enough for a creative hacker to steal a person's identity. It doesn't take much in a day and age when so much information about so many of us is stored online. The most successful identity thieves need but a crack to get in the door. Therefore, all personal data must be protected at all costs.

The idea of privacy needs to be considered here as well. Ms Gray was part of the recruiting industry before losing her job. It is possible that clients she worked with via her former employer don't want to be contacted by her on behalf of a new agency. Some might even be surprised to receive contacts from Gray through her new employer, leading to concerns about their own privacy and security.

In the end, the advice offered by Eckersley is sound. In an official ICO news release Eckersley said:

"We're asking people to stop and think about the consequences before taking information. Most people know it's wrong, but they don't seem to realise it's a criminal offence and that they could end up in court and also lose their job. What people think is a minor mistake can lead to job loss, a day in court and a fine."

We are confident that Ms Gray has learned her lesson and will not repeat her previous actions. In the meantime, we urge our readers to remind their employees of their legal responsibilities under the Data Protection Act. Data collected for your business purposes must remain with your business when employees leave.

Wednesday, 25 January 2017

Is Microsoft's Brexit Warning More Than Just a Warning?

In the months leading up to last June's Brexit vote, numerous companies began letting their opinions be known in the hope of influencing the vote. Much to the dismay of many corporate giants, voters chose to leave the EU for a long list of reasons. Those corporations in favour of our remaining in the EU are now trying to figure out what they will do in the future. Some are making comments that could be construed as warnings.

One of the latest is a warning by Microsoft that they may pull out of building a new UK data centre if our government places restrictive tariffs on the hardware that the software giant needs to build the facility. As Tech Republic recently reported, Microsoft relies on server racks and other hardware imported from China and Eastern Europe. If they believe bringing that hardware into the UK is too expensive, they may scrap their plans, moving the data centre to another location elsewhere in Europe.

"If all of a sudden there are huge import [tariffs] on server racks from China or from Eastern Europe, where a lot of them are actually assembled, that might change our investment decisions and perhaps we will build our data centres across other European countries," said Microsoft's Owen Larter.

Some could construe Larter's comments to be more than just a warning. For example, is Microsoft trying to influence Brexit negotiations? If so, it would not be the first time, nor would Microsoft be the first foreign corporation attempting to insert itself into the Brexit issue.

Much Ado about Nothing?

A bigger question at hand is whether Microsoft's concerns are much ado about nothing. Remember what the corporate giants were saying this time last year: a successful 'leave' vote would lead to an economic collapse and another recession. It would lead to lost jobs and fewer opportunities for foreign workers. It would lead to the bottoming out of the Pound.

Though most of the dire predictions did not come true, the Pound did take a beating directly after the vote. But, as Tech Republic points out, corporations like Apple and Microsoft directly contributed to the Pound's decline by sharply increasing their prices last year. Apple raised the price of many of its retail products by hundreds of pounds while Microsoft raised its cloud computing prices for UK businesses more than 20%.

It is entirely possible that a “hard Brexit” could mean excessively high tariffs and restrictions on bringing in foreign workers. But it's hard to imagine that the Theresa May government would seek to impose restrictions severe enough to hamper business opportunities. The EU might though…

The UK has long been a leader in digital technology due to our widespread support of the sector and our willingness to invest in it. Even if we don't get what we want from the EU, is it not reasonable to assume that the government will still go out of its way to make sure companies like Microsoft and Apple still flourish here?


Wednesday, 18 January 2017

Google Goes 100% Solar in Chile

Late last year (2016), Google made a daring announcement that set the tech world abuzz: it will be disconnecting from all non-renewable energy sources in 2017.  The implication of that announcement is that Google plans to power all its facilities using wind, solar and other green initiatives. They recently took a big step toward accomplishing that goal by reaching a deal with a solar power producer in Chile.

News reports say Google has purchased some 80 MW of power from a Chilean company by the name of Acciona Energy. Acciona operates a massive solar power facility north of Santiago, in the Atacama Desert. The 1.5 million m² facility can produce up to 493 GWh annually.

The Atacama Desert offers an ideal location for a solar power facility thanks to it being the driest non-polar desert in the world. It is extremely arid, with very little annual rainfall and consistent sunshine almost year-round. The Atacama is situated between the Pacific Coast and the west side of the Andes mountains.

A Big Win for Google

Google certainly turned heads when they announced their intentions to be completely green for power needs by the end of this year. As such, the deal with Acciona represents a big win for them. Google will use 100% solar power for all their Chilean data centres, along with office space in Quilicura.

It should be noted that in some locales it's not easy to directly purchase green energy due to the way energy grids are set up. Google does not see that as an obstacle, but as a challenge. In their announcement last year, they committed to buying 100% of their energy directly from green producers. They appear to be putting their words into action with the deal in Chile.

Google has already worked out 20 different renewable energy deals with providers around the world. They have put their money where their mouths are too as, already, the company has invested some £3 billion in green energy efforts. Google officials claim the company is the world's largest corporate buyer of green energy, with total commitments thus far reaching in excess of 2.6 GW annually.

Data Centre Energy Consumption

Whether Google actually attains its 100% green energy goal this year or not, the deal they've reached in Chile is still both important and historic. The world's data centres are now among the largest consumers of energy in nearly every market. That is not going to change. As the digital age brings more technologies for sharing information around the world, the energy needs of the entire data centre industry are only going to keep growing.

Google's goal for green energy now sets the standard for the rest of the tech industry to follow. Google has made a very impressive move in Chile, just as they have elsewhere. Now how long will it be before other tech giants do the same? There's no way to know, but it will be fun to watch.


Wednesday, 11 January 2017

Fighting Back against 'Marketing Technology'

If you're planning on shopping in a brick-and-mortar Amazon outlet - slated to appear on UK high streets in the near future - you're likely to encounter the retail giant's checkout-free model that utilises face recognition and other technologies to eliminate the need for the cash register. But be aware that computers and sophisticated software are examining your physical appearance and using it, not only to eliminate having to checkout, but also to market to you.

Meanwhile, social media site Facebook uses facial recognition software to add tags of users to uploaded photographs. What seems like a very creative and helpful feature is gradually becoming more annoying to users with serious security concerns. But people are fighting back. Take Berlin artist and avid technology fan Adam Harvey. Concern over security and privacy has led Harvey to work on two projects designed to thwart facial recognition software.

Harvey’s first project, known as CV Dazzle, came up with ways people could change their physical appearance through hairstyles and makeup in order to foil facial recognition. Though the concept was indeed workable, there were inherent limitations that made it unworkable on a large-scale. So Harvey's second project aims to make up for what his first project lacked. His new offering is a line of fabrics with printed patterns designed specifically to overwhelm facial recognition systems.

"As I’ve looked at in an earlier project, you can change the way you appear but, in camouflage, you can think of the figure in the ground relationship," Harvey recently said in an address to the Chaos Communications Congress. "There's also an opportunity to modify the 'ground', the things that appear next to you, around you, and that can also modify the computer vision confidence score."

A Kind of DDoS Acid Attack

Data centre operators are familiar with DDoS (distributed denial of service) attacks that can bring down a website simply by overwhelming servers with a constant barrage of crushing login attempts. What Harvey is trying to do with his fabric designs is very similar. The designs include carefully implemented marks that replicate different facial features meant to overwork and confuse facial recognition software. The patterns don't look like much to the human eye, but they are exactly what facial recognition software is designed to analyse.

Harvey maintains that his project is absolutely necessary in the digital age. Like many others, he's not convinced that a technology being portrayed as an innocuous marketing initiative will remain innocuous permanently. These kinds of technologies often find themselves hijacked by people or organisations that use them to invade the privacy of citizens and compromise their security. If Harvey has anything to do with it, facial recognition software is not going to be as successful as its creators want it to be.

Will software developers find a way around Harvey's camouflage? Perhaps, but that will just perpetuate the continuation of the cat and mouse game now being played. The game is just what technology has led us to.


Friday, 6 January 2017

'Right to Disconnect' Takes Effect in France

At the end of a long work day, you expect to be able to go home to family, sit down to a good meal and relax for the rest of the evening. You hope to be able to spend weekends doing what you enjoy rather than having to worry about what awaits at the office on Monday morning.  However, if you're like many of us in this modern working world, those times of complete disconnection from work are rare. In France, they have decided to do something about it by formally implementing the 'right to disconnect'.

A new law codifying the rights of workers to take back their time away from work officially came into effect on January 1st 2017. The law is just one part of a much larger reform package intended to make labour practices in France more favourable to workers looking for a better work-life balance.

Under the legislation, companies with 50 or more employees must make every effort to negotiate in good faith in order to establish policies governing “off time” policies that both sides can live with. Those policies are meant to outline the limits of workplace intrusion into the personal lives of workers. If a company and its staff are unable to successfully negotiate acceptable policies, the employer must then publish documents detailing their off-time policies and the associated rights of workers.

A Law with No Teeth?

The right to disconnect legislation has been hailed by labour unions and worker advocates as a big win for the average man in the street. But how effective will the law actually be? News sources say that there are no mechanisms in place for enforcement. Rather, the French government hopes the legislation will encourage companies to voluntarily make a good-faith effort to negotiate with the employees.

Some companies have already done just that, according to the publication Silicon. A January 3rd piece from Silicon contributor Matthew Broersma cites Daimler and Volkswagen-BMW as just two examples. The question is, how many other companies will follow a law that essentially has no teeth?

We expect big-name corporations to make a way to allow their workers to disconnect, if for no other reason than the fact that they cannot afford the bad press that would come from ignoring the legislation. But smaller companies without name recognition to worry about might not be so keen on the idea.

The ironic thing is that logic dictates workers already have a right to disconnect, based on the simple fundamentals of business. A business essentially purchases services from employees by way of salary. For them to extract services for which they DO NOT pay is not only bad business but it is a legalised form of theft.

It is unfortunate that France has had to enact their right to disconnect legislation – because that right already exists naturally. Hopefully, employers will get on board with the new law because it's the right thing to do, not because French legislators have told them to.