My viva voce is now set for 15th April 2019. Many thanks to Dr Ilir Gashir for getting the panel sorted.
I already had a mock viva on the 8th March 2019, which I wasn’t well prepared for. Got other personal stuff to sort out which took too much of my time.
This week onwards I will refocus on my Thesis and start preparing for my viva! I will also need to do a 15 mins presentation. So…get cracking Cher!
Decided to map out my PhD journey – an odyssey!
Attached a large mindmap in pdf -
The battle on criminal misuse of data…
Morrisons to appeal to the Supreme Court
This is a great example of Peirce’s semiotics-ternary! Interpretant (Claimants, Morrisons and the Courts) in full action.
I presented my PhD topic at City’s PhD Symposium on 10th July 2018.
I need to change my ‘bad’ habits of last minute preparation (& no rehearsal!) especially as I do tend to produce far too many slides. I know I have to just ‘show less’ and ‘talk less’ but with impact. I did an awful job of presenting my PhD topic within 10 mins!
I also exported (pdf for presentation) an incorrect version of my pptx! I did the export just mins before I was due to present. A bad start!
Also, had problems with my MacBook Pro over the past few days. I have to switched-off or put into sleep-mode as my Mac is getting ‘overheated’ far too frequently.
I’ve posted at my blog Post #GDPR webinar: my talk on ‘Rights of the Data Subject
For my own use, the slides in pdf 26June2018InfosecwebinarCherDevey
‘Right to be forgotten’ got me googling me
Gosh! What an interesting find! My online footprints started way way back in 1997 (or earlier?)
In James Coplien’s ‘Architecture as Metaphor’:
http://skillsmatter.s3.amazonaws.com/M.+Devos+-+Architecture+as+Metaphor.pdf
ArchitectureAsMetaphor – info – Google Sites
https://sites.google.com/a/gertrudandcope.com/info/Home/ArchitectureAsMetaphor
In someone’s Bibliography:
http://shodhganga.inflibnet.ac.in/bitstream/10603/140985/14/13%20bibliography.pdf
At 17th International Conference Information Visualisation:
http://www.graphicslink.co.uk/IV2013/iV2013_progV6.pdf
A special fengshui journey:
https://www.fengshuiseminars.com/aboutroger.html
ICDR Awards and Commentaries
https://books.google.co.uk/books?isbn=1933833874
AAA Handbook on International Arbitration Practice
https://books.google.co.uk/books?isbn=1933833491
Arbitration Advocacy in Changing Times
https://books.google.co.uk/books?isbn=9041133666
Electronic Discovery/Disclosure: From Litigation to … – JD Supra
documents.jdsupra.com/09bb0057-4f42-4080-8e0d-6bb0057e2be5.pdf
Recent Praise – eLessons Learned eLessons Learned – An ediscovery …
ellblog.com/e-lessons-learned/recent-praise/
November 2015 – Citylibresearchcasestudies
https://citylibresearchcasestudies.wordpress.com/2015/11/
Using game-like methods to elicit and rate … – the Conradiator
www.conradiator.com/resources/pdf/CardsortingPlus.pdf
and my websites and more?…
My Thesis submission deadline is now shifted from the end of September 2018 to the end of March 2019. What a big sigh of relief?!
My current plan (or target) is to aim for submission by the end of this November, well before Xmas 2018. When I heard the news back in early February that I have to submit by the end of this September, I was still busy sorting out my final piece of study, so really need more time for writing. Now, I can focus on my writing knowing that I have ‘enough’ time to finish my Thesis.
Many thanks to the University’s Board and my supervisors, Prof. Steph Wilson, Dr. Ilir Gashi and Dr. David Haynes for all their support and help.
I just have to finish my Thesis!
The easy stuff of my Thesis is getting the outline of the chapters and the dates to complete each of the chapters.
Now the ‘hard’ stuff of writing up…
Today is a reflection day, reflecting on all the sweating & agonising moments with finding users, doing the interviews, designing-building of the dashboard, doing the user evaluation of the dashboard & dealing with WiFi/internet, online questionnaire, iPad, being Me and also being a researcher.
Well…also the many personal dramas since I started on this PhD journey.
Nothing is forever dramatic or agonising or ‘real’, right? This is as real as can be – a beautiful piece of music & singing – to remind me that fairy tales can be ‘real’ stuff. Well… ‘real’ for me & for less than 5 mins for that Royal walk 
. A divine music in a memorable scene – simply, truly magical!
Can my Thesis capture all the dramas of the past years?
Mmm.. not really. It will have to be a meta-non-PhD Thesis or a personal diary of some sort.
During my supervisors’ meeting last Thursday, my 1st supervisor reminded me the essence of my research i.e. embedded in the aim/questions/objectives – all the ‘soft’ stuff which I now have to write about. She also said she is not an expert on my research topics, and another commented – Cher is the ‘expert’ now . It’s not the ‘expert’ stuff that got me into reflective mood since the meeting. It’s when she said to write a story about my findings…
So, my invisible chapters in my Thesis have to be stories that any non-experts would want to read and be captivated like listening to a piece of divine or sublime music.
Just write Cher!
New on @InfosecurityMag talked to @datachainrisk about her PhD research into data privacy and the effect of breaches on people, as well as how #GDPR came along at the right time. @CityUniLondon https://t.co/lq29fQ6ans
— DanRaywood (@DanRaywood) May 24, 2018
On 17th April 2018, I was one of the speakers in the GDPR Press Briefing held at City, University of London (City). Checkout the hot off the press ‘City academics discuss GDPR at press briefing’
My written prepared talk is shared below.
Privacy and the Individual – What difference will GDPR Make?
Thanks John for the introduction. A warm welcome to all.
Any talk on privacy and the GDPR invariably uses terms or phrases that may be blurry or obscure. So just to set the scene, when I say the ICO I’m referring to the UK’s data protection watchdog – The Information Commissioner’s Office. When I say ‘data’ I’m referring to personal data as described in the GDPR.
Although the GDPR did not reference privacy – itself a complex term, privacy is embedded as information or data privacy and expressed in phrases such as:
‘respect for human rights and fundamental freedoms (Art. 12 – exercise of the rights of the data subject); ‘High risk to the rights and freedoms of natural persons’ (Art. 35 -Data protection impact assessment), and ‘Risks to the rights and freedoms of natural persons (individuals)’ (Recital 75).
It is no longer just about protecting personal data or processing of personal data but data privacy.
With this comes obscure or unclear terms.
What is ‘high risk’? How do you express ‘rights and freedoms’ of natural persons (individuals) especially in the context of privacy impact assessment (PIA) or data protection impact assessment (DPIA)?
We know that the GDPR describes DPIA (Art. 35) and also breach notification (Art. 33 – notify the ICO, and Art. 34 – communicate to the data subjects).
I know fresh in our minds is the recent Facebook-Cambridge Analytica scandal. Flashback to October 2015, anyone here still remembers the TalkTalk data breach incident?
Would you all agree that both Facebook & TalkTalk responded or handled the data breach announcement or notification to affected individuals rather badly or failed to do so in the eyes of the public and the affected individuals?
Certainly, under the GDPR both would be required to notify the ICO within 72 hours and to affected UK individuals without undue delay or ‘as soon as possible’ (Guidelines on Personal data breach notification under Regulation 2016/679)
As we know the GDPR requires organisations to notify the ICO where there is a risk to the rights and freedoms of individuals, and only notify the individuals where there is high risk.
My research examines data incidents response, in particular, the privacy harm to individuals as a consequence of the data incident. I have designed a prototype dashboard and have conducted user evaluation study with industry practitioners. The dashboard is for assessing privacy data harm by addressing the initial breach notification question to notify or not affected individuals and to the ICO during initial data incident response.
There is still fear in organisations when it comes to disclosure of data incidents. However, the GDPR will held organisations accountable e.g. with the fines and penalties, and to be transparent to report data incidents. Affected individuals have the right to know.
The outcome of my study also revealed that it is possible to do an initial data breach assessment even with the unclear terms: ‘high risk’ and the ‘rights and freedoms’ of individuals. The prototype dashboard also shows notification alerts with the countdown to 72 hrs from the point of being aware of the incident. One participant remarked: ‘It (the dashboard) provides a calm objectivity in time of panic & stress. Because you’re going to be stressed, you immediately think your personal reputation and your organisation’s reputation. Would we be fined? And all these things come in rather than actual thinking of the consequences to individuals’.
When the data incident happened, the genie was out of the bottle, out in the wild – the harm was already done.
The GDPR would not bring the genie back into the bottle or stop the harm. So as a matter of good business practice and in the spirit of the law, organisations should notify their customers.
Thank you.
Cher
p.s.
May post a photo taken by John Stevenson (City’s Senior Communications Officer)
Normally I enjoy learning and exploring new apps/tools especially tools that help me to ‘think’ and/or communicate or express my ideas visually.
Today I watched 14 YouTubes on NVivo. Nothing wrong with those ‘introductory’ videos. It’s just me. I learn by doing and experimenting. I don’t have plenty of time to learn any tools as I’m on very tight schedule to finish my Thesis. So I need to get up to FAST speed with NVivo. Arghhh…If I have a choice I would not use NVivo at all!