14 Data Governance Flashcards
What is data governance?
Policies meant to protect people and the integrity of the data
Data governance includes international standards, national laws, local laws, industry regulations, company contracts, or personal rules.
What is data integrity?
How valid, or accurate, the data is
Maintaining data integrity involves ensuring that data is not manipulated incorrectly.
What can happen if data governance rules are ignored?
It can hurt the people whose data you are using and have legal repercussions for you personally.
What are the two main methods of granting access to data?
- Role-based
- User group-based
What does role-based access focus on?
The role a person plays in a company.
What is user group-based access?
Access focused on the specific group to whom the data pertains.
What are Data Use Agreements?
Contracts that state how data can be used, processed, deleted, and maintained.
What is data encryption?
Using algorithms to translate data from plaintext to cyphertext.
True or False: Data in transit is vulnerable.
True
What is de-identification/masking of data?
Removing personal or sensitive information from data to legally report it.
What does the acceptable use policy outline?
How data can be used, how it can’t be used, and what happens if the policy is broken.
What should you do if you suspect a data breach?
- Report the breach
- Secure operations
- Fix vulnerabilities
- Notify the impacted parties
What are some reasons for data deletion?
- Consent is withdrawn
- Illegal means were used to collect or process the data
- Legal obligations
- Data is no longer needed
- The data retention period ended
What does data retention cover?
How long data will be kept and how it will be stored.
What is personally identifiable information (PII)?
Data that can be used to identify a specific person.
List some examples of PII.
- Name
- Physical address
- Email address
- IP address
- Social Security number
- Phone number
- License number
- Passport number
- Login ID
- Social media ID
- Social media posts
- Date of birth
- Digital images
- Geolocation
- Biometric data
- Behavioral data
What is the role of a data analyst regarding data security?
To understand and follow data security protocols.
What is the gold standard in data processing regulations?
The European Union General Data Protection Regulation (GDPR).
Fill in the blank: Data security is important for maintaining _______.
data integrity.
What is the consequence of deviating from the Data Use Agreement?
It is illegal and will have consequences for the company and the individual.
What should you do before sharing data with someone not listed in the Data Use Agreement?
Obtain express approval with a release approval.
True or False: Data security requirements are solely determined by government regulations.
False
What is the significance of understanding data classifications?
Certain types of data are legally protected and have specific rules about how to treat them.
What does PII stand for?
Personally Identifiable Information
PII includes any data that can identify a specific person.
What is an example of PII?
Examples include:
* Social Security number
* Phone number
* Date of birth
* Geolocation
What is the main purpose of the Data Use Agreement?
To outline acceptable use, data processing, data deletion, and data retention.
What is PHI?
Personal Health Information
PHI includes identifiable information related to a person’s health.
Which act is most referenced for protecting health information?
Health Insurance Portability and Accountability Act (HIPAA)
What does PCI stand for?
Payment Card Industry
PCI focuses on financial information related to credit and debit cards.
What is an entity in the context of data governance?
A table, model, or data object.
What are entity relationships?
How data objects connect to each other.
What are the main types of entity relationship requirements?
The main types are:
* Record link restrictions
* Data constraints
* Cardinality
What do record link restrictions refer to?
Restrictions on linking different pieces of data of the same record.
What are data constraints?
Rules designed to protect data integrity.
What is cardinality in data relationships?
The row-to-row relationship between two table entities.
What is a one-to-one relationship in cardinality?
Each row in the first table corresponds to one row in the second table.
What is a one-to-many relationship in cardinality?
Each row in the first table corresponds to multiple rows in the second table.
What is a many-to-many relationship in cardinality?
Each row in one table can correspond to multiple rows in another table and vice versa.
What is the focus of PCI compliance?
Protecting personally identifiable financial information (PIFI).
Fill in the blank: PHI is similar to PII but gets its own classification because there are laws around it specifically, covering any and all _______.
medical records
True or False: All credit card information is considered PCI and is protected.
True
What should you do if you suspect a data breach has occurred?
Inform the impacted parties.
Which part of the Data Use Agreement includes explicit details about how the data is not supposed to be used?
Acceptable use policy
Which variables would be considered PII?
All of the following:
* Geolocation
* Social media post
* Social Security number
A filter that only allows a specific kind of data to be entered into a dataset can be considered which kind of entity relationship restriction?
Data constraint
