Data Management Flashcards
Verify data against an alternative source through …
Triangulation
Data storage and security
It is essential that data is kept safe from corruption and that access to it is suitably controlled to ensure privacy and protection
Data security technologies include:
- Disk encryption - encrypting data on a secure hard disk drive
- Regular backups off site
- Cloud storage
- Password protection and use of anti-virus software protection
- Firewalls and disaster recovery procedures
Cloud storage
- Cloud Storage is a mode of computer data storage in which digital data is stored on servers in off-site locations
- The servers are maintained by a third-party provider who is responsible for hosting, managing, and securing data stored on its infrastructure
Copyright
- A set of exclusive rights granted to the author or creator of any original work, including the right to copy
- These rights can be licensed, assigned or transferred
- Form of intellectual property
- Crown Copyright referes to all material created and prepared by the government, such as laws, public records, official press releases and OS mapping
- It is essential that you acknowledge any copyright for information duplicated in your work
Data Protection Act 2018
- Aims to create a single data protection regime affecting businesses, and empower individuals to take control of how their data is used by third parties
- It gives people rights to be informed about how their personal information is used
- UK GDPR is covered by the Act
Key Requirements of the UK General Data Protection Regulation and the Data Protection Act 2018
- An obligation to conduct data protection impact assessments for high risk holding of data
- New rights for individuals to have access to information on what personal data is held and to have it erased
- A data controller decides how and why personal data is processed and is directly responsible for GDPR
- A principle of ‘data accountability’ ensuring that organisations can prove to the Information Commissioner’s Office (ICO) how they comply with the regulations
Data security breaches need to be reported to ICO within
72 hours where there is a loss of personal data and a risk of harm to individuals
What are the fines for non-compliance with the Data Protection Act 2018?
- Fines up to 4% global turnover of the company or £17.5 million (whichever is greater)
- Policed by the ICO
Article 5(1) Principles relating to the storage of personal data states that data must be:
- Processed lawfully, fairly and in a transparent manner in relation to individuals
- Collected for specified, explicit and legitimate purposes
- Limited to what is necessary for the purposes for which they are processed
- Accurate and kept up to date
Article 5(2) requires that
The controller shall be responsible for, and be able to demonstrate, compliance with the principles
8 Individual Rights under UK GDPR
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability (to use for their own purposes)
- Right to object
- Rights to automated decision making and profiling (as undertaken by insurance companies)
Freedom of Information Act 2000
Gives individuals the right of access to information held by public bodies
* The public body must tell any individual requesting sight of information whether it holds it
* Normally the public body is required to supply it in 20 working days in the format requested
* It can charge for the provision of the information
Exemptions are allowed for a variety of reasons to include
- Contrary to the GDPR requirements
- It would prejudice a criminal matter under investigation or a person’s/organisation’s commercial interest
Security of data can be improved using …
Firewalls, encryption, cloud-based systems and passwords
Data retention
Firms require retention policies for the safe keeping of files
Non-Disclosure Agreement (NDA)
- This is a legally enforceable contract between two parties relating to sensitive information
- The agreement will create a confidential relationship between a person who has sensitive information and a person who has access to that information
- The party that was harmed by the breach of the NDA can take legal action to enforce the agreement and seek damages for any losses that were incurred