Data Governance Flashcards
What are the 2 data compliance legal rules
GDPR and CCPA
What is GDPR and name 3 things it does
General Data Protection Regulation (GDPR)
right to access, correct, delete, and transfer their data.
Companies must obtain explicit consent before processing personal data
required to notify authorities of data breaches within 72 hours.
What is CCPA and name 4 things it does
California Consumer Privacy Act
right to know what personal data is being collected
the purpose of the collection, and who it is shared with
request the deletion of their data
opt-out of the sale of their personal information
Name the 8 key components of DCAM
Data Management Strategy
Data Governance
Data Quality Management
Data Architecture
Data Operations
Data and Technology Infrastructure
Data Risk Management
Data Privacy and Security
Organizational Alignment
What are the 4 purposes of DCAM
Benchmarking: DCAM allows organizations to benchmark their data management capabilities against industry standards and best practices.
Gap Analysis: Identifies gaps in current data management practices, helping organizations prioritize improvements.
Strategic Planning: Provides a roadmap for enhancing data management capabilities to support business objectives.
Regulatory Compliance: Helps organizations ensure compliance with data-related regulations and standards.
What is a Data Steward
Individuals assigned to specific data domains, responsible for maintaining data quality, defining data standards, and ensuring compliance with data policies.
What is a Data Owner
Senior managers who have accountability for the data within their domain and ensure that data governance policies are followed.
What are 3 elements of data security
Access Control: Access to data must be restricted based on roles and responsibilities. Sensitive data must be encrypted both in transit and at rest.
Data Classification: All data must be classified according to its sensitivity and importance. Categories may include public, internal, confidential, and restricted.
Compliance: Data handling and processing must comply with relevant regulations, including GDPR, CCPA, and HIPAA.
What is the data governance cert from DAMA
Certified Data Management Professional (CDMP)
What 6 things does GPDR define as personal data
1 - Identifiers: Such as a name, identification number, location data, or an online identifier (e.g., IP address, cookies).
2 - Physical Characteristics: Information like a person’s physical, physiological, or genetic characteristics.
3 - Economic Information: Data related to someone’s economic status, like bank details or salary.
4 - Cultural or Social Identity: Information such as ethnicity, religion, or social connections.
5 - Health Data: Includes any data about a person’s physical or mental health.
6 - Biometric Data: Information like fingerprints or facial recognition data used to uniquely identify an individual.
What 11 things does CCPA define as personal informat
any data that identifies, relates to, or could reasonably be linked to you or your household, directly or indirectly.
1 Identifiers: Such as real names, aliases, postal addresses, unique personal identifiers, online identifiers, IP addresses, email addresses, account names, Social Security numbers, driver’s license numbers, passport numbers, etc.
2- Personal Records: Information like purchase history, credit card information, or other financial details.
3 -Characteristics of Protected Classifications: Such as race, gender, age, or disability.
4 - Commercial Information: Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
5 - Biometric Information: Physiological, biological, or behavioral characteristics that can be used to establish individual identity, like fingerprints or voiceprints.
6 - Internet or Other Electronic Network Activity Information: Such as browsing history, search history, and information regarding a consumer’s interaction with a website, application, or advertisement.
7 - Geolocation Data: Physical location or movements.
8 - Audio, Electronic, Visual, Thermal, Olfactory, or Similar Information: Such as photographs, audio recordings, or thermal imaging data.
9 - Professional or Employment-Related Information: Job history, performance evaluations, etc.
10 - Education Information: Defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (FERPA).
11 - Inferences Drawn from Personal Information: Such as profiles reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.