A few years ago I was living in the US of A and saw an ad for cleaning products featuring SNL's star Maya Rudolph. In it, she was creating comedy out of the fact that most cleaning products have "yipikaye" colours - a funny gag to promote the organic brand that got me thinking.
The thing is, the ad and the cleaning product company had, it seems, completely forgotten why cleaning products have weird colours (and many a time an emetic added in): so people don't accidently/voluntarily drink them, as they are, you guessed it, poisonous (whether organic or not - they are not a drinkable concoction).
And what on earth does that have to do with privacy compliance, I hear you cry. A lot actually. The thing is, when we're doing something, especially compliance work, we're in the zone. Everyone knows what's going on and it all makes (sort of) sense. But what happens when the people that weren't in those conversations move on? Well, if the reasons behind the decisions aren't adequately documented and explained, people may forget the rationale behind them.
This is why it is important to document decisions, promote a culture that allows people to understand the rationale and not just obey the rules, prepare clear DPIAs and always think about a reader that was not privy to the decisions when drafting documents.
Because if not, you'll forget that the yipikaye colours were not there to make the product look fancy, but rather to stop your two year old from thinking it's water and accidentally drinking it.
The thing is, the ad and the company it seems had completely forgotten why cleaning products have weird colours (and many a time an emetic added in): so people don't accidently/voluntarily drink them, as they are, you guessed it, poisonous.