C18 Data(1) : Data security and risks Flashcards
Define personal data
Personal data relates to
1. Information iro an individual where the individual can be identified,
2. Data combined with other information could allow the individual to be identified.
Explain why the use of data is an increasingly significant issue for organisations
- Organizations collect large amount of information on individuals as part of their operation.
- Technology has made is possible to collect, store and use large amount of information on an individuals in diverse ways
- Organizations have ethical responsibility to deal responsibly with personal data.
- Balance between the privacy of individuals with the need of the organizations to make fair and reasonable use of personal data in their operations
Explain the purpose of data protection legislation
Aim/purpose of data protection legislation
1. Safeguard the rights of the individual with regard to how organisations can store and process personal data.
2. Regulations vary by jurisdiction/countries
List 8 principles of UK’s data protection act that relate to processing personal data
Personal data must: PAO-TIANS
1. be processed fairly and lawfully
2. be adequate, relevant, and not excessive for the purposes concerned
3. be obtained and processed for specified purpose
4. not be transferred to a country or territory outside the EEA unless that country or territory ensures an adequate level of protection
5. be processed in accordance with the individual’s rights under the Act
6. be accurate and, where necessary, kept up to date
7. not be kept longer than necessary for the purposes concerned
8. be processed securely
Give 3 examples of possible consequences of non-compliance with the data protection legislation when processing personal data.
Consequences of non-compliance with the data protection legislation when processing personal data can be significant
1. Individuals who commit criminal offenses may be prosecuted
2. Organisations might be fined for serious breaches
3. Lead to adverse publicity, which can lead to significant reputational damage to the organisation
Explain the relevance of anonymity to the definition of personal data
- Ability to identify the individual to whom the information relates is crucial to the definition of personal data.
- Obligations of an organisation are considerable less for anonymous data
- Anonymous data may not constitute personal data
List 7 examples of information that can constitute sensitive personal data
Sensitive personal data can include information related to :
PREPS MC
1. Physical or mental health condition
2. Religious or similar belief
3. Ethnic or racial origin
4. Political opinions
5. Sexual life
- Membership of trade unions
- Convictions, proceedings and criminal acts.
Conditions for processing sensitive personal data
JEEV
1. The data subject has given explicit consent
2. It is required by law for employment purposes
3. Needed in connection with the administration of justice or legal proceedings
4. Needed to protect the vital interest of the individual or another person e.g. disclose medical condition in case of an accident at work
Explain what is meant by ‘big data’, including its key characteristics
‘Big data’ : The increasing use of technology has now made it possible for the public and private sector to collect and analyse very large data sets of information
Big data can be characterised by:
1. very large data sets
2. Data brought together from different sources
3. Data which can be analysed very quickly, such as in real time
Describe the main data protection considerations for organisations using big data (TBD)
Conflict with personal data
Company needs to comply with the relevant data protection rules.
privacy considerations
Define data governance
Data governance is a term used to describe overall management of the : (A SIU)
Availability,
Security
Integrity, and
usability of the data employed in an organisation.
Describe the purpose and typical content of the data governance policy
A data governance policy is a documented set of guidelines for ensuring the proper management of an organization’s data. RCDC MM
1. Specific rules and responsibilities of the individuals
2. how to capture, analyse and process data
3. Data security and privacy
4. Controls on data standards
5. Monitoring of adequacy of controls
6. Mechanism to meet legal and regulatory requirements
State risks to organisations if the do not have adequate data governance procedures
Organisations that do not have adequate data governance procedures can be exposed to risks related to:
- Legal and regulatory non-compliance
- Inability to rely on data for decision making
- Reputational issues
- Incurring additional costs (fine and legal costs)
Describe the key data issues when businesses are combined by merger or takeover
Where businesses are combined by merger or takeover, one of the key issues is whether the data for the two businesses should combined onto one system and , if so, which
+ Saving in overhead costs
- High conversion costs
- Risk in aggregating data sourced from different systems
4 risks that arise when using data, that relate to volume and quality of data
- Errors and omissions => Erroneous results or conclusions
- Insufficient data to produce credible results
- Insufficient data to produce credible results in adverse circumstances
- Other sources of data : Not a good proxy.
List 8 reasons why historical data may not be a good reflection of future experience
Further data risks in using historical data.
Historical data may not be a good reflection of future experience due to: CC HOPARF
- Changes in the way in which the past data was recorded
- Changes in the balance of any homogeneous groups underlying the data
- Heterogeneity with the group to which the assumptions are to relate
- Other changes e.g. medical advancements, social changes, economic changes
- Past data may not be up to date
- Past abnormal events
- Significant random fluctuations
- Future trends not being reflected sufficiently in the past data
Risks in attempting to group data into broadly homogeneous groups
Risks in attempting to group data into broadly homogeneous groups
1. The resultant individual groups may be too small for a credible analysis
2. Merging data groups may lead to a data groups that is not sufficiently homogeneous
3 other risks that are associated with the use of data
Further data risks (DLF)
1. Data may have been collected for a purpose=> not appropriate for a different purpose
2. Lack of confidence in the available data=> low confidence in conclusions
3. Format of data is not appropriate for the purpose required
