<sarc>Nice precise guidance</sarc>
"... If it's likely that there will be a risk then you must notify the ICO ..."
What a muddle! Of course there's always a risk - the real question is what the level of risk is. And of course likelihood is one of the two parameters of risk - the other being consequence, so "likelihood of risk" is both specious and tautological.
Official guidance should be neither, so why does the guidance not say something like "if there is a high likelihood of significant harm to the rights and freedoms of data subjects..."?
Maybe because the use of the term "risk" in the vernacular has always been utterly sloppy and even risk professionals in general don't seem to use a consistent definition of it. It's about time we did.
Biting the hand that feeds IT
