Data Management Flashcards
What is confidentiality
- Information provided that is subject to confidence and not shared without permission
What is the Freedom of Information Act 2005
- Primary piece of UK legislation that controls the access to official information
- The act permits the public right of access to information held by public authorities
- Information must also be published through the public authorities publication scheme
- The act covers all information held and not just information since it came into effect
How would you manage client data if your firm is working for two rival companies?
- I would make the client aware of the risks involved and check their understanding of the conflict of interest
- I would ensure a letter of instruction to continue was obtained from the client
- Exclusivity of staff would be arranged
- The use of NDAs would be considered
- Separate working locations would be put in place
- Secure document and data storage would be arranged to be used exclusively for the separate teams
What is the Data Protection Act 2018?
- The act replaces previous 1998 legislation and manages how personal data is processed by organisations and government
- It is the UK legislation for the implementation of the EU General Data Protection Regulations (GDPR)
What are the principles of the Data Protection Act 2018?
o Used fairly, lawfully and transparently
o Used in a way that is adequate, relevant and limited to only the purpose it is intended
o Is retained for no longer than necessary
o Processed securely including the protection against unlawful use, loss or destruction
What are the individual rights under the Data Protection Act?
o To be informed about how their data is being used
o The right to access their data
o The right to have incorrect information updated
o To have their data erased
o To stop or restrict the processing of their data
o The right of portability
o To object to the use of their data
Who are the key persons outlined within GDPR?
- Controller
o The controller is the natural person or legal entity that determines the purposes and means of the processing of personal data for example when processing an employee’s personal data, the employer is considered to be the controller. - Processor
o A natural person or legal entity that processes personal data on behalf of the controller for example a call centre acting on behalf of its client is considered to be a processor. - Data Protection Officer (DPO)
o The Data Protection Officer is a leadership role required by EU GDPR. This role exists within companies that process the personal data of EU citizens. A DPO is responsible for overseeing the data protection approach, strategy, and its implementation.
What is your understanding of the term Meta Data and why is this important?
- Meta Data is information about a specific piece of data.
- For example when sharing a cost planning document, the Meta Data associated with this could consist of information about the author, the file size, the date the document was created and keywords to describe the document.
- We must ensure that this Meta Data is afforded the same level of care as all other confidential data.
- In a scenario where we are sharing a document or removing confidential components of a document we should ensure that any confidential meta data is not shared inadvertently.