IT WEEK • 26 JULY 2004
32 COMMENT Rules in
flux for data privacy
32 INTERVIEW Sun Services’ Marissa Peterson explains how
firms can benefit from outsourcing without losing control
MANAGEMENTWEEK
WHERE TECHNOLOGY BECOMES BUSINESS REALITY
Editor: Madeline Bennett
EC questions UK data rules
Madeline Bennett
ews that the UK might have to
grant more rights of access to
personal data to comply with
the EU Data Protection Directive caused
legal experts to warn last week of the harm
such a move could do to businesses.
In a formal letter of notice sent to the
UK government earlier this month, the
European Commission (EC) questioned
whether several aspects of the UK’s Data
Protection Act (DPA) conformed with its
directive. The details of the letter have not
been published, but according to legal
advice site Out-law, it is likely to argue that
the government has failed to guarantee
sufficient rights of access to personal data.
The concerns of the EC were probably
prompted by a UK Court of Appeal ruling
in the recent Durant v FSA case, which
offered a narrow definition of personal
data under the terms of the DPA.
George Gardiner of law firm Gardiner
& Co supported the court’s decision.“There
has been a huge increase in vexatious data
subject requests as a prelude to litigation,
N
ness with the least permissibut now these individuals
DPA IN THE DOCK
ble amount of red tape. “I
have to look elsewhere for
Areas where the UK data
believe the UK has achieved
their disputes,” he said.
legislation may fall short
However, the EC prefers a
this by not simply incorpoRights of access to
broader definition of personrating the directive at its
personal data
al data and may want the UK
strongest,” he added.
International data
to follow suit – a move that
A spokeswoman for the
transfer controls
could cost businesses thouOffice of the Information
Investigative powers
sands if they are faced with a
Commissioner, the governfor commissioner
barrage of data subject rement body responsible for
Source: Out-law
quests as a result. “The EC is
policing the DPA, said it had
giving carte blanche for everynot yet been involved in the
one to pay the £10 cost of the request and
matter. “It concerns these two separate
cause havoc for business,” warned Gardiner.
organisations [the UK government and the
Changes to the law could also harm the
EC] and when they [will] choose to incwider UK economy, if they deter compalude us, we don’t know,” she said.
nies from setting up business here, said
The EC’s letter is also likely to raise
Robert Courtneidge, partner at law firm
concerns that the UK does not demand
Osborne Clarke.“It is common knowledge
sufficient controls on international data
that businesses coming into Europe will
transfers; and that it has not granted the
take into consideration the data protection
information commissioner adequate inenvironment,” Courtneidge explained.
vestigative power, according to Out-law.
“There are countries in the EU whose data
If the EC is not satisfied with the govprotection laws are losing them business.
ernment’s response, it could request amThe UK is not one of them.”
endments to UK legislation. Failing that it
Courtneidge said the UK should help
could take the government to court.
law-abiding firms to carry out their busi Privacy goalposts may shift, p32
Firms squander IT funds
Mark Street
ust under two-fifths of business leaders
have admitted to wasting money on IT
investments because they failed to understand the needs of their organisation, according to a new survey.
The findings suggest that IT directors
should spend more time ensuring the
briefs provided by business managers are
in line with corporate objectives, and the
justification for IT purchases and deployments are rigorously documented.
The poll of more than
3,000 UK business decision makers by YouGov
found that 40 percent of
chief executives believe
that some of their investments in IT over
J
Stobart: IT
must deliver
itweek.co.uk
the past five years have been a waste of
money. Furthermore, 39 percent admitted
they had failed to understand their business needs when investing in technology.
The survey, sponsored by business
management software specialist Sage, also
revealed that purchasing decisions among
companies with more than 100 employees
were chiefly influenced by the internal IT
department or technology suppliers – each
cited as a factor by 62 percent.
Thirty-nine percent of respondents
said that they took a lead from their competitors, and about a quarter said they were
influenced by accountants.
Only 22 percent took into account the
views of consultants or resellers, and perhaps surprisingly 13 percent cited family
and friends as being a major influence on
purchasing decisions.
Some firms expressed concern about
the basis for their IT investments. More
than a quarter of business leaders said they
BAD PURCHASING DECISIONS
out of 10 UK business lead• Four
ers believe some of their IT invest-
•
ments have been a waste of
money, according to a new survey.
The same proportion admitted they
had failed to understand their business needs when investing in IT.
had been sold a product that did not meet
their needs or had received poor customer
service from suppliers.
Paul Stobart, managing director of
Sage, said, “The survey highlights the need
for the industry to deliver tangible benefits,
focus on selling practical solutions not
technology for technology’s sake, and improve after-sales customer service.”
Stobart added that the findings suggest
vendors should do more to help customers
integrate new technologies with existing
systems and not automatically adopt the
“rip out and replace” attitude.
The survey also revealed that confidence had fallen in the efficiency-saving
power of IT investments.
CONTENTS
32 COMMENT Firms may have to
amend their information handling
policies following calls by the
European Commission for the UK
to toughen up its data protection
legislation, says Madeline Bennett
37 INTERVIEW Sun Services chief
Marissa Peterson argues that firms
do not have to sacrifice control of
IT to benefit from outsourcing
DTI delays
recycling
legislation
Dinah Greek
The DTI has announced a delay to
legislation for recycling IT and other
equipment. Meanwhile, experts are
calling for the government to quickly
publish guidelines to help firms prepare to meet their likely responsibilities under the new rules.
The Waste Electrical and Electronic Equipment (WEEE) directive for the
safe disposal of electronic equipment
was due to become law in the UK
next month. But the final consultation
process has yet to begin due to a delay
in the publication of draft regulations
and guidelines, which the DTI had
promised in the spring.
The DTI said the directive should
now be incorporated in legislation by
the end of October and implemented
in a year’s time.“We are not giving a
specific date but the consultation
period will begin soon and the draft
guidance will be published at the
same time,” said a DTI spokeswoman.
But some recycling experts predicted there could be further delays,
and the DTI might be forced to go
back to the drawing board because of
firms’ concerns about the way the
regulations could be implemented.
“They are concerned there could
be too many loopholes and it won’t
clearly explain the core responsibilities. I can see the guidelines having to
be amended,” said Phil Reakes, managing director of Selway Moore’s
recycling division. He added that the
uncertainty meant IT vendors and
their customers were not giving
enough attention to the directive and
how it will affect them.
Tony Lock of analyst company
Bloor Research said he was doubtful
the DTI would meet the new October deadline.“Industry is just not
ready for it, and I should think they
will find more loopholes.”
31
MANAGEMENTWEEK
IT WEEK • 26 JULY 2004
Privacy goalposts may shift
Firms may have to amend their information-handling policies following calls by the EC
for the UK to toughen up its data protection legislation, writes Madeline Bennett
email readers. These people are
responsible for perusing employees’ outgoing messages to prevent
the escape of damaging details or
trade secrets. The position would
require Ms Thomas to relocate, but
it could be the perfect job for her.
US firms have clearly decided to
take a more active approach to
monitoring staff emails. An acquaintance told me that she was
recently questioned by her USbased directors about the content
of a rather strange-sounding email
message she had received. Apparently the directors weren’t put out
by the use of company resources,
but were just interested in what it
all meant – a thinly-veiled threat to
warn people they’re being monitored if ever I came across one.
Whether or not this firm was
adhering to UK data protection
rules remains to be seen...
For UK companies keen to
appoint their very own email
guards, this activity comes with
risks. People are often the weakest
link in corporate security and
firms could easily find themselves
falling foul of our data protection
rules if they do not properly manage who has access to particular
information. Offices are a notorious hive of gossip and the role
would give great ammunition for
the more loose-tongued staff.
But compliance with data protection rules could soon become
even harder for UK companies. The
EC is now questioning the UK government’s interpretation of European data protection law in areas
such as the definition of personal
data and controls on international
data transfers. This could lead to
the government amending the
DPA, which would require yet more
changes to its compliance guidance.
But even if new guidance does
arrive, firms might question the
government’s expertise on such
matters following a recent incident
in which a motorist found a top-
Who controls outsourced IT?
Sun Services chief Marissa Peterson explains why firms need
to be careful when deciding which parts of IT to outsource
IT SERVICES INTERVIEW BY PAULA MUSICH
IT Week: As executive vice-president of
Sun Services, can you explain how you are
developing services for IT outsourcing?
Marissa Peterson:Two weeks ago in Ireland,
13 chief information officers on a customer
advisory council told us they are moving
back from outsourcing. They are insourcing
some part of their IT. That is why we offer
targeted managed services. We assess which
functions [firms] need from an expertise,
control and innovation perspective and
what we are better at. Our approach is based
on preserving customer control. We
want them to retain control.
And how do you
help them do this?
We scale up via
Peterson:
collaboration
32
technology and partners, not lots of people. We use our knowledge base and intellectual capital. We teach [people] how to
fish; we do not just give them the fish. We
call it smart sourcing. Our approach is different from IBM’s or HP’s. We cannot
compete when it comes to people and
money, so we must be smarter about how
we create a value proposition that really
resonates with customers. We collaborate
with our partners to deliver those services.
Other outsourcers say, “Complexity is our
friend,” but you lose control, and you pay
them a lot of money and it impedes you
from making changes as you innovate. [In
the past] our customers that did outsourcing became too dependent.
How are you progressing?
We are working hard on more crisply
articulating our strategy to be clear on
what we plan to do. We have declared a
large-scale move toward recurring rev-
enue: subscriptions, and automated network services. Sun is counting on us to
deliver new subscription services over the
internet. Service was important before; it is
even more important going forward.
secret police dossier in a road near
Heathrow airport. The papers
detailed sensitive information such
as the likely positioning of snipers
and sites at the airport that could
be used by terrorist groups to
launch anti-aircraft missiles.
The incident was described as
“very bad” by home secretary
David Blunkett – an indication
perhaps of the value our government places on protecting sensitive
data? Hopefully this event will
remind firms of the importance of
implementing proper and sensible
controls to protect corporate and
personal information on their systems before there’s a need to resort
to Big Brother tactics. ITW
[email protected]
ABOUT MARISSA PETERSON
Peterson was appointed
• Marissa
executive vice-president of Sun
Services in March.
is also head of worldwide oper• She
ations and chief customer advocate.
joining Sun, Peterson
• Before
worked as a management consultant at Booz Allen Hamilton.
Is the new Sun Preventive Services offering an example of that?
It is a paradigm change in the market that
has been shown to deliver much better
availability. It is unique in that there are
100 different service offerings in one basket that we offer as a portfolio, and it is
subscription-based. We use science in
delivering availability to customers. We
have a knowledge base comprised of our
unique intellectual capital, knowledge of
the products, and expertise in datacentre
operations and processes. We have put that
together in a knowledge base that can
analyse a datacentre operation.
So how does this benefit customers?
We can assess risks proactively and work
with customers to mitigate the risks. It is
like doing preventative maintenance. We
simplified the process so there is one purchase order under one subscription price
for a site instead of [selling] box by box. We
work with customers to get them to the
healthy stage. Once we get them healthy,
there is an agreement on key performance
indicators. Once we deliver the results and
they stay that way for three months, then
we move it to a keep-it-right phase, where
we offer them an incentive to stay healthy.
It is a relationship approach.
Can you give an example?
With Motorola in Shanghai, we went from
99.3 percent availability to 99.999 percent.
That is getting them from 61 hours of
downtime per year to less than six minutes
per year. In a six-month engagement for a
global auto-maker, we worked with them
on reducing the number of severe incidents. We showed a 67 percent reduction
in those incidents after our Sun Preventive
Services engagement and got them up to
100 percent availability. ITW
www.sun.com/service www.eweek.com
itweek.co.uk
© eWeek USA 2004
ata protection is back in the
headlines. Last week it
emerged that the European Commission is questioning the UK’s
interpretation of the EC’s data protection rules, raising the prospect
of the government introducing
amendments to toughen up the
Data Protection Act. Meanwhile, a
police computer operator made
the news after she was fined for
breaching privacy laws.
Leanne Thomas was found
guilty of using police computers to
look up the records of four of her
friends – an offence under the UK
Data Protection Act. As a result,
she was fined £400 and has been
suspended from work.
Now that she has time on her
hands, Ms Thomas might be looking for other suitable employment.
And I think I may have found the
perfect position – an email monitor. Yes, apparently many US-based
organisations, especially larger
firms, are appointing dedicated
D