About
Welcome. I’m John Elliott and this is my small bit of the Internet.
Work
I’m an experienced data protection / IT security / information governance professional and I help organisations look after their data.
In particular I make sure people fulfil their obligations to look after people’s personal information under the Data Protection Act. I combine strong Information Security and legal skills, which gives me the rare ability to help organisations comply with all eight principles of the DPA and safeguard the privacy of thier various stakeholders.
I care about how an organisation uses the personal information it holds and how it secures that information.
I provide my services in various ways: as an interim manager, a consultant, a trainer, a facilitator and as a mentor. If you have questions about how you look after personal data or have problems with the confidentiality, integrity or availability of your data — I’d love to help you.
You can call me on 020 8144 8456 or get in touch here.
Professionally
- I’m a Certified Information Security Systems Security Professional (CISSP) and also a member of the Information Systems Security Association (ISSA).
- I have a Certificate in Legal Studies from Birkbeck, University of London. I’m currently studying Information Rights Law and Practice at Northumbria University.
- I’m a Member of BCS, The Chartered Institute for IT (MBCS) and hold ISEB certificates in Data Protection, Information Risk Management and Information Security Principles.
- I’ve followed my interest in interface design by completing the Interaction Design Practicum at CooperU.
- Like most IT professionals I’ve an expired Prince 2 project management certification. I was once a Certified Technical Trainer.
What I’m interested in
I think we’re only just starting to address the issues around security, privacy and control of personal data that will form the cornerstone of our information society going forward. The ‘problems’ we have with data at the moment stem from the fact that when it comes to the collection, care, storing and sharing of large sets of other people’s data we’re really immature.
Over the next 20 years people who work in technology, law, politics, business, sociology and economics will develop radically different ideas about how we manage data and what effect this will have on individual privacy. We’ll look back at what we did in 2009 and wonder why we worried about some things, and how on earth we thought it was OK to do others. This is an exciting time to be in the privacy/data/information/security/governance business.
As well as what we do with data, I’m also interested in how we communicate security principles to end-users to help develop a shared common knowledge.
- How do we design systems that makes the security usable whilst maintaining the usability of the system?
- How do we communicate security practices to users without confusing or boring them?
What’s the fire extinguisher for?
Often people have a sense that something is not quite right with the way an organisation looks after data. You can’t put your finger on it, but you are worried that something is wrong.
It’s a bit like the faint smell of smoke warning you something, somewhere is on fire. If you were trying to find that fire, you’d like to be carrying an extinguisher.
I will help you explore and find the small data-fires before they become an information inferno. After all, there’s no smoke without fire.
