“We recognise that our people are essential to DXC Technology’s $ManglenebtSPeak”
Better late than never.
16427 posts • joined 16 Jun 2014
"Not a pair of adult brothers."
I don't have any siblings but I still know that pairs of brothers of any age are family. If you can't be arsed to say what you mean you should be prepared to accept the consequences. After all, govt. contractors rely on that principle for their profits.
If the gym didn't mean that family membership didn't apply to any group of people who could trace a family relationship they shouldn't have used the term. It's not the brothers' fault that the gym's marketing department weren't capable of thinking through the implications of what they advertised. The gym should simply have admitted the consequences of their error, given them the family membership they'd offered - and then rewritten their T&Cs for future members.
The blame for that doesn't sit with Brussels, it sits with the lazy and inept arts graduates staining the seats of
The tax rules get written in the Treasury. You don't think MPs could write 10million words, do you?
What is required to improve this is a binding law to place a word limit on new statutes of say 2,000 words
And whilst we're about it, how about a new law specifying that no program should be no longer than 2000 LoC? Of course to do that we might have to drop things like parameter checking but even if we do what could go wrong?
For the EU to subsequently castigate and change the rules of the "single market" is wrong.
It may be wrong to castigate companies for following the rules but it's not wrong of them to change the rules if they can agree. After all, they're the EU's rules to change as they wish. However, threatening to do so and getting the necessary consensus to do so are two different things.
"Seriously. If you want to send bulk text messages or make automated phone calls you should pay a deposit before you can send them, which is returned to you in the unlikely event that the recipients actually did opt in to receive them."
Take it a step further. The recipient dials a code, say 147x where x is any digit not currently assigned, and their account is credited with £1 (or some larger fee), twice that if the number is TPS registered. The recipient's telco adds on a fee for the service and then puts the charge on the caller's bill - or, if the call arrived from another network, transfer-charges that network.
It would, of course, be up to the originating network to decide whether they require an advance payment - why dictate their credit control policies, just put them on the hook for letting their customers behave that way.
Having something like a configurable background as part of the original design is fair enough. It doesn't touch any of the code responsible for doing the actual work. Just don't make it user configurable.
In fact I've seen something similar where there were a number of production systems sharing a lot of common code and hence user interfaces but operating on different databases. The background was specified in the database so that the users would always be aware of what they were working on.
But the same gig underlined the point about making sure that the test system tests the actual code that will be live. My client was a subcontractor processing data from other subcontractors and it was one of several where the data feed was to be XML so there was a bunch of systems sharing common code for handling that. On one contract upstream wasn't ready to generate XML when testing was due to start and wanted to send fixed width files instead (the data wasn't very complex so in this instance XML was overkill).
Fair enough, we had to have some end-to-end testing in place to keep to schedule. I wrote a front end, in fact a two stage front end, which converted fixed width to CSV and CSV to XML, all parametrised and set up to generate the XML to the project's schema with both steps being trivial to implement and based on the in-house class hierarchy, etc. This enabled our test system to use the eventual live code to do the XML import and as a by-product provided modules to allow the client to import fixed width or CSV data should this be a requirement for a future contract.
My client's development manager - yup, development manager! - couldn't understand why I didn't rip out the entire XML processing code, which was a large part of the entire custom code, and implant a completely new fixed width file processing code just for testing. In fact, it was the stress of dealing with that particular manager's bad decision making that persuaded me retirement time had arrived.
"We need laws to be clear and easy to understand not so complicated."
Laws have something in common with programs. They are lists of things to do. And, therefore, they have to be able to deal with all those tricky corner cases. Remember all those problems with programs where nobody bothered to check whether a parameter passed to a function was within specification? Not checking made for clear, easy to understand, compact and unreliable code. Checking made for longer, somewhat harder to read and more reliable code.
Your clear and easy to understand laws trying to regulate unclear, hard to understand life are liable to fail to fit. Here's one instance for you to consider. It was real and goes right back to the DPA Mark 1 and to my days as a forensic scientist and setting up a casework system for my lab. As such I might receive an exhibit labelled "Clothes of John Smith". That's a label someone else wrote and so would be the accompanying documentation. I, personally, have no idea whether they are indeed the clothes of John Smith, nor who John Smith is. Someone may have given a false name of John Smith. I don't even know if they came from a single person. The defence might subsequently dispute some or all of what I've been told. Should I count the label and accompanying documentation as PII? What does the law say about it? What would you do if you were in that position?
"Would you start an action against (eg) Talk Talk, who probably have a legal budget of the order of a couple of million quid?"
Depending on the scale of the claim the small claims court might be the appropriate venue in some cases. That effectively wipes out the advantage of a large legal budget.
But what happens if
- the ICO finds there was a breach
- a victim loses their house as a consequence
- the ICO issues a flat rate £1,000 compensation?
Should the victim simply write it off to bad luck?
Should the ICO's finding assist in the victim establishing their case? Should there be a compulsory use of an independent arbitrator to assess compensation on a level playing field?
Dave's comparison of big and small businesses set me thinking. It's not necessarily the big organisation that doesn't realise what it's doing with PII. If anything they may have better resources to carry out a formal analysis and pick up on such things whilst a more informally managed SMB might not.
But this line of thinking extends down to the purely personal holding of PII. What about personal friends and family phone and address books? Your Christmas card list? SWMBO's ladies group (definitely NOT part of the WI!)? Does sending Christmas cards escape by being counted as a transacton?
Is a line drawn anywhere and if so where? What about the email list of a group of friends who meet in each others' houses to play bridge? Or a larger group that hires the village hall? Or the village hall management committee?
it is worth stopping to ask whether the actual fines will differ by very much from the current regime
Maybe "dissuasive" as mentioned in the article will change this. I hope those issuing the fines will interpret this as "big enough to affect management's bonuses and too big for the board to hide from the shareholders".
The bottom-feeders can be smacked with proportionately high fines, but they simply aren't going to pay them.
Power to freeze bank accounts would be a useful addition.
Government actually stand to make money from data breaches. That's wrong - the money should either be handed out to the victims
The possible income should be an incentive to pursue cases more vigorously and more often. The fines shouldn't stand in the way of civil proceedings for compensation. The imposition of a fine should, if anything, make the burden of proof easier. The ICO could be given the power to compel a compensation payment but then it might block the injured from producing evidence of more substantial actual losses.
Given that it's been talked about in general terms for ages it's not really that new. Anyone who will have responsibilities under it and has been paying attention should have started planning for it a good while ago even if the final details have only recently been confirmed.
On the downside it'll only be Royal Assent that finally persuades some boards that it's a thing. And some will hold out until they're fined.
"The worst a dumb customer should be able to do is leave all their data exposed for the stealing and/or deleting."
A customer shouldn't even be able to do that. You need to think again about the "their" in "their data". The data may be about customers, employees etc. You and I may be included in the "they". "Their data" may mean "our data" and nobody should be able to leave that exposed.
"I don't see them blocking transfers of PII over the Atlantic any time soon"
They have a cunning plan for that one. Every time the current fig leaf gets torn down by the courts they invent a similar one (rather like the Home Office's handling of investigative powers law). That's because keeping in with the US is important to the rest of the EU. Keeping in with the UK after Brexit won't rank so highly.
Writing procedural code for "if this horizontal line at the top of the image is n pixels long AND ... AND ... AND " then Peckham high st - is going to be a bit limited
And if you don't know how it claims to be able to recognise Peckham High St - and that that "how" makes sense - then you've no assurance that it will recognise it correctly nor that it won't categorise other streets as being Peckham High St. Indeed you don't even know whether the system that recognises it correctly today will do so tomorrow after being provided with additional training data.
"Whether you believe them or not, there are departments in the US Gov that do, and that's why they've gone to the bother of encouraging farmers to build digesters."
I do believe it. That's why I'm a bit worried by the article. They're encouraging farmers to build anaerobic digesters. These are the ones which produce methane. But then it goes on to say that it might not be possible to sell the energy from the methane to make the process economical. If that's the case the methane might be released instead. Old fashioned muck spreading may be a bit smelly but it does result in aerobic breakdown and adds humus to the soil.
Biting the hand that feeds IT © 1998–2019