• About us
  • Raising The Bar
  • Risk Committees
  • Team
  • Events
  • Blog
  • Contact
  • Menu

The Risk Coalition

  • About us
  • Raising The Bar
  • Risk Committees
  • Team
  • Events
  • Blog
  • Contact

Opening our eyes to the risks in our hands

September 05, 2023

It is endlessly fascinating to examine the social and cultural context of words or concepts because the way we understand and respond to them has real world impacts.

My two go-to starting points when I want to understand something better are:
1. look at the origin of the word, and
2. type the word into a search engine and see what images are presented.

So, turning first to the word origin of ‘risk’, it seems to come from the French word, ‘risque’ - meaning "hazard, danger, peril, exposure to mischance or harm" and from the Italian ‘riscare’ to "run into danger".

Then let’s see what the collective ‘wisdom’ of the internet presents us with when we do an image search of the word.   Lots of red and lots of unimaginative images akin to ‘stop signs’.

What comes to your mind when you hear the word risk?

·       What does risk mean?

·       How do we assess risk?

·       How do we respond to risk?

·       How should we respond to risk?

(Those last two questions look the same, but they are not!)

On the whole, we think about risks in the context of harms – to people, animals, the environment and other things we value.

Some risks we cannot do anything about, some we choose not to do anything about (perhaps because of financial or operational reasons), and some prompt us to take action.

But first we have to know what risks exist.

It is generally much easier to comprehend, and respond to, risks when we are clear about what they are.  Seeing the fires rage across Europe and even houses burn in London last year certainly turned the dial on conversations around environmental harms.  It suddenly became something visceral as opposed to scientists talking about global warming models.

The other side of that particular coin is that where the harms are less visible, or hard to imagine, we tend not to be very good at ‘risk engagement’.

One such area is data.

It is such an ephemeral concept. Even the language we use (e.g. ‘cloud’) has an elusive, non-material, feel.

We could not be more wrong.

Data is materially very real.  Take a moment to research the servers that house the eye watering quantities of data we all produce every second of the day, or the cobalt mines in the Democratic Republic of the Congo.  The environmental issues (and risks) have only recently started to be talked about and we must absolutely welcome that.

But what about other risks that are less tangible?

The data protection and privacy community have, for a long time, worked hard to highlight the importance of data governance and the potential for harms when data governance fails.

In our office, at the Data Protection Authority for the Bailiwick of Guernsey, we have, since our inception, been laser focused on harm prevention.  But we have to be honest and say that those conversations, and that strategy, have not had an easy ride.  People find it very difficult to appreciate that data is real and the impact it can have on lives when mishandled can be devastating. Data protection is, sadly, often seen as red tape and an administrative burden.

Engaging with the very real risks that mismanagement (benign and malign) of data can result in requires us to care and to show an interest in each other’s wellbeing.

So when, in recent weeks, we have seen the extraordinary news stories of devastating data breaches, there is an uncomfortable combination of emotions from those of us whose job it is to ensure data protection compliance.

On the one hand, the reality of the harms for the individuals concerned is heartbreaking.  It is not often accurate to talk about data breaches and personal safety, but the recent PSNI breach is exactly that.

And on the other hand, there is a sense of ‘well at least it is top of the agenda now’.

This feels like a moment of cultural shift. Just as the public perception of climate change shifted when we saw the fires. But what does this tell us about ourselves?

Why have we needed to see houses burn and people die to engage with looking after our environment?

Why have we needed to see people’s lives turned upside down by a data breach, knowing that their personal safety and that of their families is now compromised in order to engage with looking after our data?

Recalling the word origin, “run into danger”, perhaps we have now seen enough of the harms to change the direction of travel and start to run from danger instead.

The thing is with the risks that I have highlighted here, and probably with most risks that we can identify: their existence is in our hands.  We are often the perpetrators.  That is depressing but it is also a cause for hope because it must follow that we can therefore be the solution.

 

Emma Martins is the Data Protection Commissioner at the Office of the Data Protection Authority in the Bailiwick of Guernsey, a regulatory office which has a harm prediction and prevention strategy at its core.  Find out more at www.odpa.gg.

Tags: Emma Martins
Prev / Next

Blog

Featured
Sep 4, 2024
Polly Williams, Mia Harris
Three key threats of phishing to be aware of
Sep 4, 2024
Polly Williams, Mia Harris
Sep 4, 2024
Polly Williams, Mia Harris
Aug 25, 2024
Felix Ritchie
Principles versus rules in data and corporate governance
Aug 25, 2024
Felix Ritchie
Aug 25, 2024
Felix Ritchie
Jul 16, 2024
Jane Hunter, Mia Harris
How can you maintain high standards in your business without suffering burnout?
Jul 16, 2024
Jane Hunter, Mia Harris
Jul 16, 2024
Jane Hunter, Mia Harris
Jun 2, 2024
Afshan Moeed
Enforcement of individual accountability in UK banking: a new boardroom recipe for change or continuity?
Jun 2, 2024
Afshan Moeed
Jun 2, 2024
Afshan Moeed
May 28, 2024
Craig Morris, Mia Harris
Three exciting new developments for AI in 2024 that you need to know about
May 28, 2024
Craig Morris, Mia Harris
May 28, 2024
Craig Morris, Mia Harris
May 24, 2024
Stefan Hunziker
The stuff of nightmares: risk management is shut down, and nobody notices
May 24, 2024
Stefan Hunziker
May 24, 2024
Stefan Hunziker
Mar 20, 2024
Neil Tinegate
What should boards know about digital technology?
Mar 20, 2024
Neil Tinegate
Mar 20, 2024
Neil Tinegate
Mar 15, 2024
Francis Kean
The insolvency risk for company directors - are you swimming naked?
Mar 15, 2024
Francis Kean
Mar 15, 2024
Francis Kean
Feb 29, 2024
Andy Watkins-Child
Are you sitting comfortably?  Cyber risk, board attestations and the implications for NEDs
Feb 29, 2024
Andy Watkins-Child
Feb 29, 2024
Andy Watkins-Child
Oct 24, 2023
Mamun Madaser
Risk management and internal audit should collaborate to navigate the poly-crisis of risk
Oct 24, 2023
Mamun Madaser
Oct 24, 2023
Mamun Madaser
Oct 18, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 2
Oct 18, 2023
Jim Watson
Oct 18, 2023
Jim Watson
Oct 13, 2023
Nisha Sanghani
Risk management and internal controls: much (needed) work to do as a result of the proposed changes to the UK Corporate Governance Code
Oct 13, 2023
Nisha Sanghani
Oct 13, 2023
Nisha Sanghani
Oct 9, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 1
Oct 9, 2023
Jim Watson
Oct 9, 2023
Jim Watson
Sep 25, 2023
Chris Burt
The implications of the revised UK Corporate Governance Code
Sep 25, 2023
Chris Burt
Sep 25, 2023
Chris Burt
Sep 13, 2023
Andrew Cunningham
Financial regulators take aim at crypto-finance
Sep 13, 2023
Andrew Cunningham
Sep 13, 2023
Andrew Cunningham