What was life at the law firm like?
Well that’s where I met Nigel! He was in a different department and further ahead in his career than me. The firm employed about 500 people and it was nice to work in a big firm with lots of people. It was a dynamic environment and I got to rub shoulders with a lot of experts in their field.
I think the hours were the worst thing. There was a regular succession of nights in the office until 1am or 2am, and then back in for 9:30am the next day. There’s only so long you can do that for. And at the time, it also wasn’t the sort of job you could leave at 5:30pm to pick up your child from nursery.
When did you join PCH?
It was in 2017, about six months before the GDPR came into force. Nigel had mentioned he needed a bit of help, and I said, ‘well what about me?’ I didn’t know much about data protection law but I knew I could learn quickly. And it’s a very interesting area because it touches everyone’s lives.
How do you find working with your husband?
He’s not a micromanager, so that’s good! I’ve had to get used to the PCH style – I’ve naturally got a wordier, more detailed way of writing, whereas PCH is more about making everything simple, accessible and straightforward. Most of the people reading our privacy tips, for example, aren’t lawyers so they have to be easy to understand.
One of your responsibilities is PCH’s social media feeds. Where do you think the momentum is around privacy at the moment?
People have become much more aware about the importance of privacy. I think the Covid-19 pandemic has really accelerated that as people’s lives moved online. We’re seeing more stories in the press about data breaches and how big tech is handling people’s data. People are starting to realise the information collected about them isn’t just what they enter into an online form. Profiles are being created about people that also include location data, browsing habits and much more.
Are there any common mistakes that you see organisations making when it comes to privacy compliance?
Probably the failure to be transparent about the data they’re collecting and what they’re doing with it. They also often collect data they don’t need. Retailers don’t need my date of birth, for example. And then just the classic human errors, such as data breaches caused by sending out an email to lots of people CC’d (rather than BCC’d). You’ll never get rid of 100% of human errors but a lot of those mistakes can be minimised with frequent training, and building a privacy-first culture.
Is that becoming harder with hybrid working?
It’s definitely harder for employers to keep control when people are working remotely. There was one example of a data breach in Ireland recently, where someone had printed off a lot of sensitive customer information and just put it in his domestic recycling bin. It was a really windy day and the wind blew the lid off. Customer data was strewn all over the road. If he’d been in the office, those documents probably would have gone straight into the shredder.