Data Management Flashcards
What are the differences between a backup and archive? (4 in total)
Backup: Enables recovery of live, changing data
Archive: Stores unchanging data no longer in use but must still be retained
Backup: One of multiple copies of data
Archive: Usually the only remaining copy of data
Backup: Access to data must be quick for speed recovery
Archive: The speed of access to data is not crucial
Backup: Short term retention of data only for the period when the data is in use.
Archive: Long term retention of data for the required period or indefinitely
What is Consent Obligation?
Only collect, use, or disclose personal data for purposes for which an individual has given his or her consent.
What is Purpose Limitation Obligation?
An organisation may collect, use, or disclose personal data about an individual for the reasonable purposes and for which the individual has given consent.
What is Notification Obligation?
Notify individuals of the purpose of collection, use or disclosure of their personal data on or before collecting the data
What is Access and Correction Obligation?
Access : Upon request by an individual, the organisation should provide its personal data and information about the ways in which the personal data may have been used or disclosed within a year.
Correction : Organisations are also required to correct any error or omission in the individual’s data upon request
What is Accuracy Obligation?
Make reasonable effort to ensure that personal data collected by or on behalf of your organisation is accurate and complete.
What is Protection Obligation?
Make reasonable security arrangements to protect the personal data that your organisation possesses or controls to prevent unauthorised access, collection, use, disclosure, or similar risks.
What is Retention Limitation Obligation?
Cease retention of personal data or remove the means by which the personal data can be associated with particular individuals when it is no longer necessary for any business or legal purpose.
What is Transfer Limitation Obligation?
Data should not be transferred outside of Singapore except in accordance with requirements
What is Accountability Obligation?
Organisations must notify of data breaches if it is likely to be of significant scale, or likely to result in significant harm to an affected individual
State all the obligations under the PDPA (9 in total).
Consent Notification Accountability Purpose Access and Correction Accuracy Protection Retention Limitation Transfer Limitation
How should a company ensure Accountability Obligation is followed?
They should also make available the business contact information of the representatives responsible for answering questions relating to the organisations’ collection, use or disclosure of personal data
How should a company ensure Protection Obligation is followed?
- Take reasonable measures to protect the database from any potential breaches.
- Follow AAA and CIA framework to protect the data from unauthorised access, collection, use or disclosure of data
What are the three key aspects of protecting data privacy?
- Freedom from intrusion
- Control of information about oneself
- Freedom from surveillance
Why and how should a backup plan be established?
Establish a backup plan / back up data regularly to prevent data loss that can occur either due to user error or technical malfunction.
Cloud backups or offsite backups should be employed to reduce the risk of a natural disaster causing data to be lost
Backup plan should be tested regularly to ensure that backup data can be restored in case of data loss.
What is version control?
Version control is a class of systems responsible for managing changes to computer programs, documents or other collections of information Version control software keeps track of every modification to the code
Why should version control be implemented? (2 reasons)
If a mistake is made, developers can revert to an earlier version and compare the code with the current version to help fix the mistake while minimizing disruption to other team members
Prevents concurrent changes made by separate developers from conflicting and causing errors
Why should naming conventions be followed?
To reduce the effort needed to read and understand source code
To enable code reviews to focus on more important issues, such as the functionality of the code, rather than arguing over syntax and naming standards
What are 3 advantages of using cloud hosting over server hosting to store data?
simpler management
bigger company has more resources for security
less staff training needed
What are 3 disadvantages of using cloud hosting over server hosting?
difficult to verify/audit the data stored
less control over data, backup, archival, deletion
cloud provider data policies may change, affecting ability to abide by PDPA
