Information Management and BI 1(a)

Question 1

Name the 6 Phases in the “Information Lifecycle Mgmt” (ILM):

Answer 1

IC MUAD

(1) ID
(2) Capture
(3) Manage/Organize
(4) Utilize/Share/Access
(5) Archive
(6) Destroy

Question 2

Under “Information Lifecycle Mgmt” (ILM). what is involved in the 1st Phase: “IDENTIFY “:

Answer 2

• IDENTIFY (1 of 6 ILM Phases)
• Must have formal, structured approach
• ID what data to capture that has potential to assist mgmt in decisions
• Ensure security and BI needs met w/ data being ID’d
• To ID complete body of data, structure could involve: cross-functional team, IT governance guideline and/or body, change control committee, end users, business mgrs, info security and BI specialists

Question 3

Under “Information Lifecycle Mgmt” (ILM). what is involved in the 2nd Phase: “CAPTURE”:

Answer 3

• CAPTURE (2 of 6 ILM Phases)
• Capture data by Transactional Processing Sys (TPS)
• If data in external sys or location to TPS, might involve manual processes
• Captured data need to be aggregated into a DW or similar system

Question 4

Under “Information Lifecycle Mgmt” (ILM). what is involved in the 3rd Phase: “MANAGE”:

Answer 4

• MANAGE (3 of 6 ILM Phases)
• Key factors:
  (1) Ensure appropriate access to users (Logical access, availability and restricted access to data)
  (2) Ensure data integrity/quality w/ adequate controls over input, processing, storage, and output.
• Controls at point of data entry are considered more efficient and effective than controls at processing or output
  phases.
  (3) Ensure timeliness of delivery of data
  (4) Format, transform data into information
• Organize data into systems, tables/files, BI (DW)

Question 5

Under “Information Lifecycle Mgmt” (ILM). what is involved in the 4th Phase: “UTILIZE”:

Answer 5

• UTILIZE (4 of 6 ILM Phases)

- Provide proper use of data as info to users

Question 6

Under “Information Lifecycle Mgmt” (ILM). what is involved in the 5th Phase: “ARCHIVE”:

Answer 6

• ARCHIVE (5 of 6 ILM Phases)
• DW often used to archive permanent and semi-permanent data
• Use archival techniques, useful lives to develop policy for archiving info and data

Question 7

Under “Information Lifecycle Mgmt” (ILM). what is involved in the 6th Phase: “DESTROY”:

Answer 7

• DESTROY (6 of 6 ILM Phase)
• Destroy data if end of its life span
• Need data destruction policies, developed based on contractual, legal, and other constraints

Question 8

What are the rules under the “Health Information Portability and Accountability Act” (HIPAA) of 1996?

Answer 8

• Federal law
• HIPAA established standards for electronic health care transactions and data for patients
• Law on Personally identifiable info (PII) – info to access to financial assets, or personal medical info
• Administrative Simplification (Title II) provisions of HIPAA require health care entities to provide privacy and security for PII for health data
• Need policies and info monitoring to ensure compliance

Question 9

What are the rules under the Gramm-Leach-Bliley Act (GLBA) of 1999?

Answer 9

• Federal law on privacy and security about Personally identifiable info (PII) – info to access to financial assets, or personal medical info
• GLBA applies to financial institutions like commercial / investment banks, securities firms and insurance companies
• Some key aspects of GLBA apply to entities that receive PII like credit reporting agencies, appraisers, mortgage brokers
• Safeguards Rule requires financial institutions to design, implement and maintain safeguards to protect customer info
• Req’mts include written info security (InfoSec) plan that describes how entity plans to protect PII, for consumers past or present
• Mgmt need to study how they manage private data and do risk analysis to comply w/ GLBA

Question 10

What are the rules under the “California Database Breach Act” (SB-1386) of 2002?

Answer 10

• State law on privacy and security
• Related to personally identifiable info (PII) – info to access to financial assets, or personal medical info
• Effective 7/1/03, CA residents whose unencrypted PII was or believed to have been, acquired by unauth person must be notified by entity w/ breach
• Any agency, person, or business that conducts business in CA, and owns or licenses digitized PII must disclose security breach to residents affected
• Mgmt must do risk assessment to determine if subject to CA SB-1386, or similar state law, and take action w/ PandP and monitoring process

Question 11

What are the rules under the Massachusetts Data Privacy Act (MDPA), bill 201 CMR 17?

Answer 11

• State law on privacy and security about Personally identifiable info (PII) – info to access to financial assets or personal medical info
• Must comply if do business w/ MA residents or businesses in MA
• MDPA establishes minimum standards for safeguarding PII of any MA resident of by org’s or individuals who own, license, store or maintain PII
• Applies to collection, storage, or processing of PII.
• Entity (data center) that simply stores PII, or processes PII (credit card processing) may be subject to this law.
• PII is defined in MDPA as SSN, driver’s license or state-issued ID numbers, financial acct numbers, and credit/debit card numbers (CVV codes, PINs or pw’s)
• Care s/b taken by entities that maintain PII data to make sure if subject to MDPA