This week’s Christmas blogpost from Anne Hopwood, Corporate Records Manager at Rochdale Council, asks – is Santa really a CHUMP?
Santa gets a lot of requests for personal appearances on the run up to Christmas and he tries to do as many of them as he can, particularly for children who have been very brave, very ill or have been extraordinarily helpful to others.
To make these visits run as smoothly as possible, he needs lots of helpers to prepare for the visits, and make sure any presents are ordered and wrapped. The helpers also make sure the right people are invited and, most importantly of all, that there is plenty of hot chocolate for Santa and warm milk for the reindeer.
Because these helpers know things like where the children live, what they want for Christmas, Santa’s schedule and lots of other important things, Santa needs them to be security checked. In the past, he has always asked Dizzy the Data Protection Elf to look after these checks, but she just has no time to do it this year because of all work involved in moving to the new workshops.
He has decided to use a specialist service, the Christmas Helpers Unlimited Monitoring and Processing Service (CHUMPS). They are lovely people and are only too happy to help Santa. He sends them the documented process that Dizzy has been using for years and a Data Sharing Agreement, which is duly signed and returned.
Harry has been a helper for many years, but like many of the helpers he keeps this a secret from everyone. He doesn’t even tell his own children, as he doesn’t want them to think that he can influence the naughty and nice lists. Imagine his surprise when he starts receiving letters, emails and texts offering all kinds of Santa-related services:
- Elf suit dry cleaning
- Brass button polishing
- Special wrapping training for odd shaped gifts
- Voice coaching for ho…ho…ho…ing
- Slipper curling
- Sleigh bell recognition software
Harry decides to contact Dizzy (as he still has her emails from last year) and she is surprised that Harry’s information has been shared. Dizzy does some investigating, and discovers that the CHUMPS have been passing the helpers’ contact information to other parts of their own organisation, who are then contacting the helpers.
Dizzy tells Santa, who is very upset as he knows how secretive most of his helpers are and how much they trust him to keep their secrets. She also tells him that he should have got the CHUMPS to sign a Data Processing Contract which would have had legally binding restrictions, rather than a Data Sharing Agreement which doesn’t. She reminded him that an Agreement is all well and good if you know and trust the people you are sharing information with but that a contract is the only way to go with organisations you don’t know well.
Santa contacts the CHUMPS and finds out that they had a tick box on the security questionnaire asking helpers to tick if they didn’t want to receive this information: a very dubious practice. So far, they only have information for 8 helpers and so haven’t done too much damage. Santa gets the CHUMPS to sign the Data Processing Contract that Dizzy has prepared for him, and thankfully the unwanted communications stop.
Santa writes to each of the helpers who have been affected (shrouded in encryption magic of course, to keep it secret) promising that the messages will stop and offering to help put right any damage that may have been done.
Santa still has one more thing to do. He writes to the ICO to tell them of his mistake, apologise profusely, and tell them what he has done to put things right.
The ICO are very nice and tell Santa that he would not receive a fine, because he told them what he had done, and only 8 people were affected. But he will have to put in place all the things he had promised to do, as well as undertaking some training they want Santa and his team to do.
Santa was very lucky that this problem was spotted as quickly as it was and that disaster was averted… but he is aware that he is now skating on very thin ICE with the ICO!