Latest Blog Posts

March 2018

Changing thinking

Part of the Castlebridge mission is to "change how people think about information". To that end, we have been at the forefront of information management training in Ireland for a number of years, but for most of that we have worked in-house or through partners to help us get our content and frameworks to the widest audience. 

For example, Castlebridge continues to roll out public and in-house courses for Irish Public Sector organisations through our partner Public Affairs Ireland. These courses have been running for a number of years now, and are highly rated. Up coming courses include:

February 2018

The Irish Data Protection Bill - Thoughts (part 1)

The Irish Government have published their Data Protection Bill 2018, which is intended to legislate for the areas of the General Data Protection Regulation (Regulation 2016/679/EU) which allow for Member States to define their own rules, and is also intended to transpose into Irish legislation the Data Protection Directive for Law Enforcement (Directive 2016/680/EU).

This should be a generally straightforward thing. 

The Data Protection Bill and Data Sharing Bill - some initial thoughts

The Irish Government has this week published the draft of the Data Protection Bill 2018. This legislation purports to give effect to the General Data Protection Regulation, but it contains extensive carve outs and exemptions for Public Sector organisations and Public bodies, not least the proposal to exempt such organisations from the administrative fines proposed under the GDPR (see .

January 2018

And we're back...

This website and blog have been a little bit quiet for the last while. There's been a lot going on.

March 2016

The difference between Information and Data

Back in February my brother asked us to take a look at some data for his Resident's Association. The data related to AirBnB listings in Dublin city centre. We don't do a lot of pro-bono work, but I'd forgotten to get him a Christmas present or a birthday present and was feeling guilty so I agreed to look at the data.

To solve problems, first define them

One of the great things about running a boutique research-driven consultancy in the Information Governance/Quality/Privacy space is that we get asked by clients to look at interesting things and figure out not just what the opportunity is that exists in the problems and challenges of today. What are the things that are happening in the information space that are creating risks as people "run with scissors" to adopt new technologies and ways of working without necessarily understanding the full range of issues and risks.

February 2016

Data Retention, POSMAD, and the Fair Processing Notice

In a previous post I advocated strongly for an evidence based approach to Data Retention schedules in organisations, with the emphasis being on avoiding "indefinite" retention periods or "L'Oreal" like retention rationales ("because we're worth it").

Data Retention & Risk

We have been working on Data Retention policy reviews for a number of clients recently. One element of our approach is a benchmarking exercise against peer organisations domestically or internationally to assess the "reasonableness" and proportionality of proposed retention periods. In one review we found that domestic peers had identified quite a lot of "Retain Indefinitely" retention periods. Coincidentally, these were applied to records which related to accidents, incidents, and activities that service users of the organisation might be involved in.

Safe Harbo(u)r - What can organisations do now?

So, Safe Harbo(ur), much like the Norweigan Blue Parrot, has joined the choir eternal. The Article 29 Working Party are clear - it is no longer a lawful basis under which data can be transferred to the United States.

While we await confirmation of the adequacy of the Privacy Shield (see here and here for our thoughts on that), organisations are faced with either getting their US-based suppliers to adopt Model Contract Clauses (which may not be a long term solution), or finding EU hosted services to replace the functionality of these services.

Privacy Shield: Mission Accomplished?

The Privacy Shield deal is done. Allegedly. It is being hailed as "mission accomplished" by the negotiators. To borrow from Simon McGarr's excellent metaphor, it appears the warship and the lighthouse have reached a mutual solution that required less movement than we expected.

Mission Accomplished indeed.