Week 2 Data Governance Flashcards
Data Governance
Outlines business policies for the management of data.
GDPR Principal
General Data Protection Regulation Principals. Enforced in the EU, but in New Zealand they provide a good framework for businesses to base data governance policies on.
Seven GDPR Principals
Lawfulness, trust, and transparency, Purpose Limitation, Data Minimisation, Accuracy, Storage levels, Integrity and confidentiality, and accountability.
Lawfulness, Trust, and Transparency
Standards around how data can be obtained, informing the data source, and honouring agreements regarding data usage and collection.
Purpose Limitation
Data can only be used for a pre-specified use/ purpose which the person providing data is aware of.
Data Minimisation
Only collect the minimum of data needed. Ie. only collect relevant and necessary data.
Accuracy
It is the responsibility of the organisation to keep personal data up to date and dispose of obsolete data.
Storage Levels
An appropriate retention period for holding the data must be specified. Data must be disposed of after the retention period
Integrity and Confidentiallity
All data must be protected bu the organisation and source anyomity must be maintained
Accountability
The organisation must enforce data governance policies, in such a way that it remains in-line with regulation
Commercial Law
Data Privacy: Personal data is treated differently than other data types by law
Data Challenges
Data Challenges can be mitigated with effective data governance policies Dundee by the GDPR framework
Four types of privacy
Controlling the information others have about you (most important), territorial privacy, personal privacy, communication and surveillance privacy.
Need for data privacy law
New technologies giving more value to data, new types of information becoming valuable, information is becoming more interconnected and can be linked more.
=> information the largest asset in developed countries.
But the risks of data privacy are less obvious due to “a lack of dead bodies”. So, privacy laws are needed to prevent exploitation.
Harms of personal data infringement
Mischiefs can be split into four categories: information collection, information processing, information dissemination, and invasion. Invasion only possible because of other 3 factors.
