The evolution of the PDA into the iPhone and Android devices is nothing short of miraculous – software developers have had a shot in the arm and are using all the connectivity they can to link location, times and dates, cameras, videos and much more to make life easier.
And, my word, what amazing labour-saving devices they have created. Here are just a few:
· Expensify lets you take a photo of your receipt and creates your expense report from the scan;
· Remember the Milk not only records your tasks, you can forward your emails to it, and it will create a map of where your tasks are – so you can minimise your travel times on a journey;
· Eventbrite sets up a webpage for your event, allows your guests to pay online and gives you a spreadsheet of all the attendees’ names;
· Tungle links with your calendar, lets you send out an invitation showing when you are available for a meeting; and when all the attendees have shown all their availability, Tungle chooses the first date and puts it back into your calendar.
These apps on PDAs and, indeed, on full-sized computers, save huge amounts of time and money – our team’s PA saves half a day a week not having to manage group meetings thanks to Tungle.
You can hear the “BUT” flying in at low level, skimming across the rooftops towards us.
Here we go: But… these applications work on PDAs because all the clever stuff in the application is done in the Cloud, away from the PDA itself. And the data it uses are all held in the Cloud, too.
This is fine for us in the UK if this personal data is stored in the European Union (the European Economic Area to be precise), but if it is stored in the Americas (as most data are for these apps) this constitutes an international transfer under the Data Protection Act. That is a bad thing if the transfer is not to a “safe” country, and, in most cases, the Data Controller in your company (you do have one of those don’t you?) will have signed a registration to say that you won’t transfer data internationally in this way.
Not only that but if you were to use Eventbrite for organising your seminar and subsequently data about one of your clients fell into the wrong hands, there may be an argument that you had a duty of care to prevent that from happening. In this particular case it is unlikely to be anything other than a corporate email address but one of the big problems with the current legislation is that it treats uncontroversial data like that in the same vein as financial and any other sort of data. So we have to as well!
If you are a large company, how do you control the many “personal” PDAs that your staff are using to access their company data? And if you are a small company, you will be reluctant to stop using apps which can give you significant competitive advantage.
It seems from the lawyers I have spoken to that this won’t get sorted out anytime soon and you would do well to check where the apps your team uses store their data. If it is in the EEA, you have no problem; if you can switch to a similar app based in the EEA, that works too.
However, if not, you need to check that your contracts with your clients deal with this situation – if you have employees or work with sub-contractors, you may also like to check that you have a policy in place to deal with this. Yet more bureaucracy; but isn’t that often the way until laws catch up with innovation?
Next time you re-draft a client contract, give your lawyer a call just to be on the safe side.
Remit Consulting advises commercial property teams across Europe how to improve their performance in business strategy, process and contracts, and information systems.
Andrew Waller and Bob Thompson co-wrote the latest research paper from the RICS: The role of Cloud Computing in Commercial Property which is launched at the RICS’ London HQ on 24th February. For information on the launch event contact Paul Bagust at the RICS – pbagust@rics.org
