Posts by IamStillIan 54 publicly visible posts • joined 10 Apr 2017
Remaining was about continuity, and close links and influence with what is still the UK's main trading partners. We threw much of that away, and got nothing useful in return leading most people to ask, what was the point?
Compliance has already been made harder by Brexit, if this went ahead, it would only worsen the situation.
As aside, clearly the EU isn't a country, but it negotiates as one, which gives it leverage. The UK lacks the same leverage.
If you're lucky enough to live somewhere that's possible and be able to make it work for you, then that's definately the greener option.
Unfortunately not everywhere has invested in infrastructure to make that possible, and not everyone is physically capable of the more active options.
I agree, this should be the prefered model, and demand reduction (i.e. reducing needless travel) is essential regardless, but it's never going to provide 100% coverage, so some EV's along side it makes sense.
"Which would appear to mean that these clowns were previously entirely happy to spend tens of millions with a supplier with no experience of the UK defined benefit market, who was unable to evidence a digital first service, and presented inadequate evidence of service transition and data migration."
While I get your drift, these big public sector contracts have issues in that regard.
It's pretty common to run into public sector contracts which require "has done <really niche and specific thing which could only possibly be satisfied by the incumbant because no one else has had that contract but them>", which destroys the whole tendering concept.
If you actually want a choice, you have to be willing to tolerate someone who hasn't done exactly the same thing. If you're not, and the incumbant figures that out, they'll explain about the 1000% price inflation to keep them on..
"Companies such as Apple should realize that if I need to repair my iPhone (if I had one), I may not be in a position to buy a new one and that could mean I'd buy an Android so I have a phone to use. OTOH, if I could have my iPhone repaired for the same or less locally, the same day, I'd continue on with an Apple phone."
If they believed that (and they do study the market), they'd change. Apple phones are the more up market option; which means they tend to be owned by people who can afford to replace them, or at very laest consider it an essential which is worth spending larger sums on. People who are really struggling with that, probably already moved elsewhere..
The presumption you're making here is that they're lesser quality, when in many cases they're the same. Even if they're not, cost/benefit may fall in favour of the lesser part.
I do agree about the need for transparacy through, and I support that amendment to the legislation (that repair shops must indicate the parts they're using).
None of this is new, and templates for the model already exist.
Car manufacturers used to do this with spares, and the result was extortinate pricing. Once independant competition was made possible, the manufactures prices fell (still higher, but the very existance of another option reduced monopolistc extortion). It also made extension of life beyond manufacturer support a viable option.
> people in the UK typically buy on price rather than speed
This focus on speed is the real point - it's popular with marketing folks, but not actually catering to the real need.
People knock on my door asking if I'd like to upgrade my 100mb/s service to 500mb/s - and I ask, what would I do with 500mb/s at home, and they waffle a load of nonesense which could be done on a 25mb/s connetion.
Speed isn't the issue, stability and reliability is. Where's all the marketing saying "Guarenteed xxx uptime, and wacking great compensation if we don't deliver" - that I'd pay for.
The only effort I've seen is "guarenteed wifi in every room" type offers, which means they'll give you a mesh repeater if you've got a bit house; no commitment on the main service they actually provide.
Also seem to have missed "Client pressure" as an option. As a small organisation with significantly larger clients, it's not uncommon for them to "expect" as do do things Thier way, regardless if whether there's any advantage or it even makes sense in the situation.
Tick box compliance stuff...
Anonoymisation is more complex than its given credit for. You get back to the same problem; who decides what's good enough?
As scrubber notes, positioning this as saving lives vs not is a false representation. It's macro research vs local service effectiveness, with an added bonus of providing an avenue for sought-out prejudice.
What we're weighing up here is the potential benefits of it getting to the right people Vs our confidence it won't get to the wrong people.
The problem is that trust in Government in the UK is at an all time low. With a PM who unashamedly lies to us, goes back on his word with our neighbours as a badge of honour and is already in discussions about rolling back data protection laws for profit, it's seems we're only we ever one casually waved though regulatory change from anything we might have though was satisfactory being swept away.
How can you expect people to to take a leap of faith in that context?
This tone assumes Morrisons was powerless against KPMG's proposed mechanism,.
Morrisons is of course entitled to refuse a process they consider to be contrary to their data protection obligations.
They're required to be audited, they're not required to be audited according to a process invented by a third party they don't agree with. Of course they may not have reviewed it..
"That seems like an edge case to me. I'm purely speculating here, but it seems to me that an org that is so small that it can't sort out infrastructure is probably also so small that the infrastructure it needs is simple enough that they could sort it out themselves."
As someone in this position, I see both sides. We use o365, but that's because we're a dev shop working on MS stuff and get it free though the partner program. If we weren't a dev shop we'd likely not have the infrastructure / skills in house run something like that ourselves.
It takes care of a lot of bits of stuff - AD, Fleet admin, E-Mails, OneDrive, Office, various resilliance and audit issues.. so it probably would be worth the full cost if you were starting out with none of that. Once you learn a little bbit about it, there's also various approahes around to avoid the full costs (I mean the legal ones).
We had slighlty mixed messaged on that.
On one hand you've got "required to function" granting exception, and a clause (somewhere, can't find it right now) pharsed as "…taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures".
On the other hand, you've got the ICO publishing things (I think it was clarification statement about backups) that say "technical difficulties doing it aren't an excuse".
In which case, see standard process for someone who releases something into the public domain without your consent; liability lies with them, not the key server. Once in the public domain, there's not a lot that can be done.
I could have a local cache of your key recorded from the key server, which I did on the understanding you'd consented to typical use of the pgp system. Is the onus on me to monitor the key server for status changes?
So complying with a US law will mean violating EU law. That comes with a set of follow up quetsions:
1. Is there anything in US law which permits "we can't do that, it'd be against someone else's law" as a defence?
2. If Microsoft refuses to comply, gets fined, and still refuses to comply, can it continue to be punished or is that the end of the matter?
3. Is there a limit to what they could be fined? Basically, on a pure buiness costs basis, what makes more sense, breaking GDPR or braking CLOUD?
That exemption is a Member State Derogation. ie. Member states can execute discretion to legislate over these areas. The UK won't be a member state, so we won't be entitled to derogations of our own making unless we obtain an agreement to the contrary, dispite the fact we're pretty likely to stiill have to comply with thme.
One of the really important points of the census is to validate all the other data excercises going on day to day. ie. is the admin data any good, or does government miss big sections of the population (always shows that it does..).
This move threatens to render missed groups off the radar indefinately, which has all kinds of knock on in service provision, democracy etc.
Doing bits of it online to save postage is seems fine form that this point of view, but not doing it at all is a huge failing.
"I dont believe there is ever likely to be full privacy on the internet"
That'd basically be oxymoronic. The internet exists to communicate data. "Full privacy" for everyone about everything would mean don't communicate any data... As you say, it's about agreeing boundaries. The system is still relatively immature (compared to walking down the street..), opinions vary, the scope is wide, and enforcement is difficult. We're a long way off.
You walk down your street with knowledge of the area / community, and having decided the risk is acceptable; there maybe some streets you don't walk down because you don't feel that's true.
The real difference vs the down the street analogy is the scale and extent at which it can happen. People elsewhere in the world can do it en-masse in your street, and every other street. That changes the discussion because you no longer know which streets are safe, or what communicty you're interacting with, so your ability to choose is being eroded. Oddly enough that's an inverse privacy problem, where those doing the monitoring have too much privacy.
That's rather mixed bag then:
"due domestic demands" - that would indicate the issue is socital bias in domestic responsibilities; not really within an employers scope to mitigate, but clearly a route cause for various other gender issues.
"gaming the system" - seems to be about experience rather than gender. It's probably still something Uber should address; presumably through tweaks to the pricing model to try and minimise the advantages so all fares yield equvilant rewards. They'll never get that perfect, but can probably do better that an current. This however, would be primarily for the benefit of the customers rather than the
drivers.
That's my assumption as well, and I see the point of that; otherwise any crook can just turn round, claim to be a researcher and simply "not have reported it yet".
Whether 72hrs is the right number is a fair question, along with how extensive the report is.
If it's a simple "Dear ICO, I believe that combining X with Y can reveal Z, but I'm sitll working on. Cheers" then that could be reasonable. If we're talking about an indepth analysis, then that's a different situation.
I'm inclined to agree with jmch.
While there is some residual risk fo taking 10 days to notify, it's probably better average for something of this size.
it practice it does take a bit of time to confirm it's actually happened, evaluate exactly what data has been taken, and which people need notifying.
They could have used the 2 step-model; of a general "something has been breached, be alert, details to follow", followed by a "this does/doesn't actually imapct you peronsally, in this way...", but I guess that's being balanced vs reputational damage risk of broadcasting a worse meessage than they actually need to.
I guess
It's more than difficut to manage. In infeasibly problematic without effectively a new interational agreement on it and a huge wodge of policy everyone has to find ways to implement.
There are issues around how to record such information, confidence in such information, burden of proof.
Then there are ambiguities around things made in multiple juristrictions (collaborative authoring), out of duristiction (international waters), the list goes on and on.
"Because, yeah, devs hate code and love GUIs."
I actually think that's a misunderstanding. There's quite a mix of people who do this knida stuff.
Devs who write it themselves where there's an off-the-shelf solution available have special circumstances or are doing it wrong.
The data science crowd prefer to save their smarts for the analytics bit, they'd probably rather just push some buttons and have the data automagically become available.
I think the response is "How can you possible do statistics without a guess!?". Given that there are no comprehensive models of the world, and practically nothing is truely independant, you always assume something, whether you realise it or not.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
