Binding Corporate Rules
The sub-title of this book by Lokke Moerel is ‘Corporate Self-Regulation of Global Data Transfers’. It is, as you might well expect from an author with one foot in the academic world and one foot in legal practice, a defensible academic analysis of these rules combined with a practical focus and recommendations for improvement.
Lokke Moerel has been involved with Binding Corporate Rules (BCRs) since before they existed; she worked with the then Dutch Data Protection Commissioner in discussions which led to the creation of template BCRs. It is no surprise then that she can provide such a comprehensive review of all aspects of BCRs nor is it a shock to discover that she sees them as the lead mainstream global solution to the problem of regulating corporate conduct in the area of data protection. An acceleration in the acceptance of BCRs and an increase in their credibility will , the author’s view, enhance the protection afforded to individuals. But Lokke Moerel’s message is not so overwhelmingly evangelical as to overlook the need for improvements in the BCR regime. The book includes a number of solid suggestions for improvements in it which EU legislators would do well to note.
Two minor quibbles occur to me. First that the book is up to date to February 2012 and was published five months later; that is fine for the academic market but risks a great deal of data protection water flowing under the practitioner’s bridge. Secondly, there are times when the English does not really flow – understandable for a Dutch author perhaps but her publishers might have done better. But this is a leading text and could be a very useful addition for the data protection practitioner’s library and is a near necessity for academics with a data protection focus.
Binding Corporate Rules was published on 26 July by OUP with a list price of £95 (376 pp, ISBN 978-0-19-966291-3).
The No-nonsense Guide to Legal Issues in Web 2.0 and Cloud Computing
Here’s a book from Charles Oppenheim that has an ambitious aim. It is intended as a guide to ‘the perplexed non-lawyer’ and yet attempts to cover the legal environment for electronic information and creation – areas that frequently leave even specialist lawyers perplexed. I suspect that the key to the Guide’s undoubted success is that Charles Oppenheim comes without a lawyer’s baggage but with decades of knowledge and experience.
The Guide covers copyright and other intellectual property rights, data protection and privacy, freedom of information, defamation, cloud computing and liability. I am not sure that I am convinced that freedom of information belongs there at all but the other topics are dealt with well. The Guide’s special strength is copyright and other IPRs, where the example case studies are well selected and genuinely enlightening. The Guide includes short exercises, presumably intended to test understanding, and I quite like that idea too.
The back-cover blurb describes the Guide as ‘an essential toolkit for all information professionals … a practical introduction to the law on these topics for LIS [library and information science] students and academics’. That’s an understandable boast by the Guide’s publishers, Facet Publishing (the commercial publishing and bookselling arm of the Chartered Institute of Library and Information Professionals), but it seems to me rather unambitious. Here is a book that is up-to-date (references include developments in May 2012) and accessible and I think it would be a valuable read for any non-lawyer with an interest or involvement in this area. You could do worse than give it to clients as it does a great job of explaining the basics – and yet still makes it clear that the whole area is a legal minefield so they will be even more grateful for your expertise.
In the light of the fact that the Guide’s useful sources do not list the SCL web site (surely some mistake), I give the Guide a grudging but emphatic recommendation. I rather wish I’d written it myself.
The No-nonsense Guide to Legal Issues in Web 2.0 and Cloud Computing is published by Facet Publishing with a list price of £49.95 (134 pp, ISBN 978-1-85604-804-0).
Data Protection Strategy: Implementing Data Protection Compliance
The second edition of this book, from the very reliable team of Richard Morgan and Ruth Boardman, was published in late August. A lot of water has flowed under the bridge since 2003 when it first published. The essential aim and approach is unchanged. This is a book that aims to ‘assist the reader in assessing his personal data and setting up and maintaining compliant systems with as little theoretical discussion as possible’. To some extent, the target is the busy executive/data controller rather than the experienced lawyer; indeed, the back cover blurb and the publisher’s web site goes so far as to claim that the book ‘enables a complex subject to be grasped easily’ – I might well argue about the meaning of ‘easily’ in that boast (though one could argue that Usain Bolt won his Olympic titles ‘easily’) but I would not argue with the broad thrust that this is a clearly set out and very clearly written guide. The book benefits from its absorption of much ICO guidance, but this is not uncritical reproduction even if, perforce, some excerpts or restatements of that guidance are lengthy.
The authors do a very good job in updating. They are very aware of the dangers of finding their work overtaken by the much vaunted EU Commission data reform package and close each chapter that is likely to be affected with a summary of the changes that would arise from it. I suspect that the dangers are somewhat exaggerated – after all there was only a nine-year gap between editions and the EU package is looking like it might become unwrapped.
Appendices B to H contain precedents that may be used in various data protection scenarios. The longest one, Appendix E, has a data protection policy for a subject access request. It is not hard to see that, as with any precedent, there are those who will use it unwisely, but it seemed remarkably comprehensive to me and I am sure the unwise will be much outnumbered by those using it sensibly and congratulating themselves on thereby recovering the cost of the book in one fell swoop. I suspect that some of those will be lawyers.
Data Protection Strategy: Implementing Data Protection Compliance (2nd ed) is published by Sweet & Maxwell. It has a list price of £175 (450 pp, ISBN: 9780414026742.
Predictive Coding for Dummies
I was fool enough to think that the arrival of what looked like a book, smelled like a book and called itself a book meant that I had a book for review. OK, it was only 44 pages but it has an ISBN number and claims to be from John Wiley & Sons and they are proper publishers. The first clue I had that something was strange as I flicked through its pages was the references to TAR (Technology Assisted Review), which has become a trade term. I then noticed that the front cover had ‘Brought to you by Symantec’ in larger type than the author’s name and a red sash with ‘Symantec Special Edition’. Still the special contributors listed included Ralph Losey and Dean Gonsowski and I knew enough about them to be sure that they really know what they are talking about. Moreover, the author was named as ‘Matthew D. Nelson, Esq.’ and my rude plebeian roots always force me to defer to anyone with such a title.
Some confusion ensued shortly after the book’s arrival when I was offered what I thought was another copy in an e-mail. I did not want to hog the world’s supply when there are so many dummies out there in need of help with predictive coding so I naturally rejected the offer, saying that I already had a copy. But apparently the new offer was for Recommind’s book Predictive Coding for Dummies, published it seems by John Wiley & Sons, and that was a clear different thing.
I was going to compare and contrast but, as I write this on 15 October, the Recommind version that was due out on 4 October is still being shipped across from the USA. Perhaps it is a more heavyweight tome or has been unluckily allocated to a dirty British coaster. But it has not arrived and I cannot criticise it without having read it – as all good reviewers know, you need to have either read the book or praise it.
While I do not feel that I should scrutinise the ethics of John Wiley & Sons in publishing two works with the same title at virtually the same time (I have no magnifying glass handy), it seems a strange thing for a ‘respectable’ publisher to do. I might also venture to suggest that any publisher that allows the release of a book with an opening paragraph that reads as follows has lost touch with reality:
Are you completely confused about predictive coding and how the technology can be used in eDiscovery, or are you a predictive coding expert hoping to learn about cutting-edge developments in the area? Either way, this book is perfect for you.
It is as if a packet of peanuts had the slogan ‘Lover of salty snacks or sufferer from nut allergies? Either way, there is something in here for you.’ Just to compound their incompetence, they have stuck to the tried and tested Dummies formula with such rigidity and so little imagination that two of the ‘Tips’ are mere cross-references – I am not sure that ‘read another bit’ counts as a ‘tip’. I note too that Wiley’s pride in publishing this work does not extend to listing it on their web site.
I do feel brave enough to criticise Symantec and Recommind though. Time and time again we are told by them and their ilk that predictive coding (under whatever trade name) is the most important new development for lawyers to master. The leading suppliers of this technology call conferences and write articles full of dire warnings – the big, bad judicial wolf will impose sanctions on litigators if they don’t master CAR, TAR and predictive coding soon. They are the evangelists saving lawyers from eternal, or at least temporary, damnation through their ignorance. But I have to say that evangelists carrying the good book to the natives should at least agree on one version of the testament, or risk finding themselves in a bit of a stew.
These organisations accidentally conspire to increase ignorance of predictive coding by 11% (on my rough calculation), through having 28% of those who truly know about it spend 12% of their time flying to conferences about it and 22% of their time at such conferences talking only to each other. They also conspire to increase ignorance by telling litigators the same thing over and over again – often in a way that suggests that the lawyer has straw behind his or her ear – thus ensuring that the message cannot get through. You would think that even they could conspire to produce just one book and make it a good one.
But here is what spoils the joke. Despite the fact that Symantec’s Predictive Coding for Dummies is no better than reading a series of freely available articles on the SCL web site, and despite the fact that it is sometimes embarrassingly US-focused, it isn’t without value. It’s not the sort of value that you should pay actual money for – but then I wouldn’t be surprised if they are leaflet-bombing these publications over EC2 and litigator’s may struggle to avoid being given one. It is in fact a handy pocket-sized guide for the confused dummy. If you think of it as a leaflet/brochure, it does seem quite impressive. It’s a pity I don’t do leaflet reviews.
