Reputedly, corporate America values conformity, hence the maxim – “Nobody ever got fired for hiring IBM” – applied to the purchase of materials or services.
This approach fails to understand the drawbacks of conformity and the failure to understand both IBM and the real world.
In Sweden the Transport Agency hired IBM to manage its vehicle registration and drivers’ licence database. The price, not relevant here, was €100 million.
In the events that have happened, IBM did not understand that it was not in the USA – it was in Europe, understanding which required knowledge of the real world.
The Transport Agency failed to understand IBM, understanding which required knowledge of the real world.
Each of them failed to understand Data Protection and data security. IBM recklessly distributed huge quantities of personal data (and State secrets) collected in discharging its tasks, to many IBM business units outside Sweden, in Europe (and possibly beyond).
The Transport Agency itself stored the data in cloud servers. It offered access to the data to commercial users.
Sweden is in the European Union. European Union law obliged Sweden to safeguard the personal data of its citizens and to ensure that any processor of that data (IBM) conformed to EU law. Sweden and IBM were obliged to limit access to the data, not strew it across Europe.
So, the Director General of the Transport Agency has been fired. Two Swedish government ministers have been fired. The government remains in office on a thread.
All of this happened before the General Data Protection Regulation comes into force next May. If IBM were to repeat such errors after that date it would face fines calculated on its global turnover.
Ireland is exposed to the same risks as Sweden; we must not try to sub-contract our obligations under the GDPR – it won’t work. We must not preserve our careers by “hiring IBM”; it won’t work.
We have only ten months left to conform to the real world.
People will get fired; companies will go bust.