19 - Data Flashcards
What is the main concern of using / transferring data across international borders?
The legislation around data handling may be more stringent in one of the two countries and organisations need to take extra care to not breach local standards.
List the eight conditions of the POPI Act in South Africa.
- Accountability
- Processing limitation
- Purpose specification
- Further processing
- Information quality
- Openness
- Security safeguards
- Data subject participation
Describe the POPI Act condition of accountability.
The party responsible for processing the data is also responsible for compliance with POPI.
Describe the POPI Act condition of processing limitation.
Information must be processed in a fair, lawful and relevant manner, after consent is given by the data subject.
Describe the POPI Act condition of purpose specification.
Personal information must be collected for a specific purpose. Record keeping to be destroyed when personal data is no longer relevant or authorised to be held.
Describe the POPI Act condition of further processing limitation
Further processing must be compatible with the initial collection prupose.
Describe the POPI Act condition of information quality
Data completeness, accuracy and updates to be ensured by holder of the data.
Describe the POPI Act condition of openness
Documentation to be maintained on all processing operations and maintaining transparency on data use.
Describe the POPI Act condition of security safegaurds
Integrity and confidentiality of personal data must be secured and all processing done only by authorised operators. Notification to be done on security compromises.
Describe the POPI Act condition of data subject participation.
The data subject may request confirmation of personal data held and request correction or deletion of any inaccurate, misleading or outdated information held.
Aside from criminal action and fines, what is another damaging effect of data breaches occurring within a company’s data bases?
Damage to reputation and the ability to retain and attract clients.
Give the aspects that a data governance policy should aim to cover.
- The specific roles and responsibilities of individuals in the organisation with regards to data.
- How an organisation will capture, analyse and process data.
- Issues with respect to data security and privacy
- The controls that will be put in place to ensure that the required data standards are applied
- How the adequacy of the controls will be monitored on an ongoing basis with respect to data usability, accessibility, integrity and security.
Give the data governance risks.
- Legal and regulatory non-compliance
- Inability to rely on data for decision making
- Reputational issues
- Incurring additional costs
Give a data concern around mergers and acquisitions.
- Should data be combined into one system
- Which company’s system to use
- Data aggregation issues.
Give the main risks associated with risks.
- The data are inaccurate or incomplete
- The data are not credible due to being insufficient volume, particularly for the estimation of extreme outcomes.
- The data are not sufficiently relevant to the intended purpose
- Past data may not reflect what will happen in the future.
- Chosen data groups may not be optimal
- The data are not available in an appropriate form for the intended purpose.