19 - Data Flashcards
What is Personal data
Personal data is information which would allow an individual to be identified, either on its own or when combined with other information
Examples of personal data
Name Address Personal email address Occupation DOB Health status Race or ethnicity Criminal record
What is Sensitive personal dat?
Sensitive personal data is information which is more private to the individual
Its disclosure to others without consent could cause the individual a high level of distress or damage
Examples of sensitive personal data
o Racial or ethnic origin o Political opinions o Religious or other similar beliefs o Membership of trade unions o Physical or mental health condition o Sexual life o Convictions, proceeding and criminal acts
Under what conditions might Sensitive personal data be processed
- The data subject has given explicit consent
- It is required by law for employment purposes
- It is needed in order to protect the vital interests of the individual or another person
- It is needed in connection with the administration of justice or legal proceedings
What is the main concern of using / transferring data across international borders?
The legislation around data handling may be more stringent in one of the two countries and organisations need to take extra care to not breach local standards.
List the eight conditions of the POPI Act in South Africa.
- Accountability
- Processing limitation
- Purpose specification
- Further processing
- Information quality
- Openness
- Security safeguards
- Data subject participation
Describe the POPI Act condition of accountability.
The party responsible for processing the data is also responsible for compliance with POPI.
Describe the POPI Act condition of processing limitation.
Information must be processed in a fair, lawful and relevant manner, after consent is given by the data subject.
Describe the POPI Act condition of purpose specification.
Personal information must be collected for a specific purpose. Record keeping to be destroyed when personal data is no longer relevant or authorised to be held.
Describe the POPI Act condition of further processing limitation
Further processing must be compatible with the initial collection prupose.
Describe the POPI Act condition of information quality
Data completeness, accuracy and updates to be ensured by holder of the data.
Describe the POPI Act condition of openness
Documentation to be maintained on all processing operations and maintaining transparency on data use.
Describe the POPI Act condition of security safe-guards
Integrity and confidentiality of personal data must be secured and all processing done only by authorised operators. Notification to be done on security compromises.
Describe the POPI Act condition of data subject participation.
The data subject may request confirmation of personal data held and request correction or deletion of any inaccurate, misleading or outdated information held.
Aside from criminal action and fines, what is another damaging effect of data breaches occurring within a companyβs data bases?
Damage to reputation and the ability to retain and attract clients.
What is data governance?
Data governance is the overall management of the: availability, usability, integrity and security of data
Give the aspects that a data governance policy should aim to cover. (5)
- The specific roles and responsibilities of individuals in the organisation with regards to data.
- How an organisation will capture, analyse and process data.
- Issues with respect to data security and privacy
- The controls that will be put in place to ensure that the required data standards are applied
- How the adequacy of the controls will be monitored on an ongoing basis with respect to data usability, accessibility, integrity and security.