18/12/2012 11:10 GMT | Updated 16/02/2013 05:12 GMT

Government's Communications Bill - Licence to Snoop?

Over the years, how many times have we heard the phrase 'a fundamental rethink' when discussing government policies? Quite a few I would wager.

This was no different when David Cameron was forced to defend the draft Communications Data Bill from within his own party. Nick Clegg stating that there should be a push for 'the balance between security and liberty.' So why the concern - and what does this bill do that others don't?

In brief, it principally allows official bodies to monitor communication channels such as emails, web calls and activity on social media networking sites and, although there will be no 'real-time' monitoring as such, the information will be required to be held for up to 12 months.

The 'official bodies' interested in investigating chatter between any individuals and groups who might be up to nefarious activities are the police, the Serious and Organized Crime Agency, the intelligence agencies and HM Revenue and Customs.

The obvious angle to take on a topic such as this is to argue for the rights of the individual for privacy and this 'snoopers' charter', as civil liberty organizations have called it, is a step too far. But it begs the question 'what's the problem?' If you're a law-abiding citizen and have no criminal intent then does it really matter if the government want to take a look at the latest pictures you've posted of your dog wearing a hat and sunglasses on Facebook? Do you care if they have access to your text messages to your other-half asking them to get you a pint of milk from the shops? The answer is probably not.

Thankfully, the vast majority of us are not engaged in activities likely to interest 'official bodies'. The idea behind the bill is to provide these bodies with the necessary resources, should they need them, to gather evidence of past conversations and communications that will build up a picture of what is going on. Appropriate areas might include organized crime and terrorism.

My concern is not about the rights of official bodies having access to this information. Rather it is the ability of these organizations to hold such vast amounts of data securely coupled with the idea that a Draft Communications Bill can be written without any real consideration around the practicalities of its implementation.

When we work with any organization we carry out audits to unearth what policies and procedures are in place. It's the starting point of good governance and sets the scene so that we know what the business supports and allows or doesn't.

If we think of this Communications Data Bill as just another policy being implemented in a business, I wonder about the process of drafting the document: what was the consultation process and the demographics of the people involved.

Imagine you're in your office now and you need to write your own company Internet use policy. Would you do this a) on your own, b) with only IT people in the room, c) with only business leaders in the room or d) with a mix of people from both the business and IT?

Hopefully you chose option D. If you are writing any policy that requires compliance from large numbers of people then you need to engage with individuals from each area of the business who either help enforce the policy or who will be governed by it. Taking this route ensure more robust policies with fewer loopholes.

Returning to the government - when they make this kind of U-turn it is a sign that they have not consulted adequately or have not listened or understood the implications of what they are trying to enforce.

But how many people can afford to be smug? Have you got policies in your company to manage data security as well as email and social media use? Even if you have policies can you be sure that they can't be breached, also when was the last time they were reviewed?

The government is a large organisation with a wide range of stakeholders to satisfy. Will we always be happy? No. Will they always get it right? No. But are they doing something about it? Yes. Can we all say the same about our own policies, security and data storage?