Data Management Flashcards
What are the differences between a backup and archive? (4 in total)
Backup: Enables recovery of live, changing data
Archive: Stores unchanging data no longer in use but must still be retained
Backup: One of multiple copies of data
Archive: Usually the only remaining copy of data
Backup: Access to data must be quick for speed recovery
Archive: The speed of access to data is not crucial
Backup: Short term retention of data only for the period when the data is in use.
Archive: Long term retention of data for the required period or indefinitely
What is Consent Obligation?
Only collect, use, or disclose personal data for purposes for which an individual has given his or her consent.
What is Purpose Limitation Obligation?
An organisation may collect, use, or disclose personal data about an individual for the reasonable purposes and for which the individual has given consent.
What is Notification Obligation?
Notify individuals of the purpose of collection, use or disclosure of their personal data on or before collecting the data
What is Access and Correction Obligation?
Access : Upon request by an individual, the organisation should provide its personal data and information about the ways in which the personal data may have been used or disclosed within a year.
Correction : Organisations are also required to correct any error or omission in the individual’s data upon request
What is Accuracy Obligation?
Make reasonable effort to ensure that personal data collected by or on behalf of your organisation is accurate and complete.
What is Protection Obligation?
Make reasonable security arrangements to protect the personal data that your organisation possesses or controls to prevent unauthorised access, collection, use, disclosure, or similar risks.
What is Retention Limitation Obligation?
Cease retention of personal data or remove the means by which the personal data can be associated with particular individuals when it is no longer necessary for any business or legal purpose.
What is Transfer Limitation Obligation?
Data should not be transferred outside of Singapore except in accordance with requirements
What is Accountability Obligation?
Organisations must notify of data breaches if it is likely to be of significant scale, or likely to result in significant harm to an affected individual
State all the obligations under the PDPA (9 in total).
Consent Notification Accountability Purpose Access and Correction Accuracy Protection Retention Limitation Transfer Limitation
How should a company ensure Accountability Obligation is followed?
They should also make available the business contact information of the representatives responsible for answering questions relating to the organisations’ collection, use or disclosure of personal data
How should a company ensure Protection Obligation is followed?
- Take reasonable measures to protect the database from any potential breaches.
- Follow AAA and CIA framework to protect the data from unauthorised access, collection, use or disclosure of data
What are the three key aspects of protecting data privacy?
- Freedom from intrusion
- Control of information about oneself
- Freedom from surveillance
Why and how should a backup plan be established?
Establish a backup plan / back up data regularly to prevent data loss that can occur either due to user error or technical malfunction.
Cloud backups or offsite backups should be employed to reduce the risk of a natural disaster causing data to be lost
Backup plan should be tested regularly to ensure that backup data can be restored in case of data loss.
