Week 5 - Data Protection/Security Flashcards
What is data privacy?
Privacy of personal information
What is the need for data privacy applicable to?
Medical records,finance,criminal,political or business/website data
What is PII (Personally Identifiable Information)?
Any info about an individual managed by an agency.
1) any info that can trace an individual’s identity such as name…
2) any other info that is likable to an individual
What are some data privacy issues?
- Trust between customers and businesses
- New laws and regs
- EMployee training
- Cloud security
- THird party risk management
Genetic Data Privacy Act
Signed by Wyoming Governor Mark GOrdon in March 2022. The law goes into effect on 1st July 2022.
Requires any business collecting genetic data to provide transparent information to consumers about collection, use and disclose before collecting it and also obtain express consent from an individual before collecting the genetic data.
Also includes strict prohibitions on how the genetic data can be disclosed and retained. Does not apply to covered entities or business associates collecting protected health info under HIPAA
What were some key things that the Open Data Institute 2018 Survey revealed about British consumer attitudes to sharing personal data?
- Age matters: young adults were more comfortable with sharing info compared to parents’ generation.
- Trusting and knowing organisations increased the likelihood consumers will share data.
- Consumers are prepared to make worthy trade offs to share data if it benefits them and society.
- Data skills need improving: Organisations need to explain how personal data will be used and shared
What is the purpose of Data Protection Act 1998?
To control the way information is handled and to give legal rights to people who have information stored about them
What are the 9 principles of the DPA 2018?
1) Processing data fairly and lawfully.
2) Processing data for specified purposes
3) Adequacy. The amount of data held
4) Accuracy
5) Retention
6) Rights
- Subject access request
- Damage or distress
- Preventing direct marketing
7) Security
8) International (Outside EEA)
What are some key elements (in terms of people/entities) of the DPA?
- Data Subject
To be told is data is being processed about them and the nature of the decision making process. Allow them to prevent processing, have data deleted or amended. THey can sue for damages if not - Data Controller
Determings the purposes for which data are processed - Data Processor
In relation to personal data means any person who processes the data on behalf of the controller
Define a personal data breach
“a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provision of a public electronic communications service”.
What is the ICO maximum monetary penalty?
£500,000
When was the GDPR applied in the UK from?
25 May 2018
What was the reform of EU Data Protection Law?
- THe right to be forgotten
- Explicit consent
- Easier access to one’s own data
- Requirement to notify authorities regarding serious data breaches within 72hours
- Single set of rules across EU
- Companies only deal with single national data authority
- More transparency about how data is handled
- Individuals given the right to refer all cases to their home data authority
- Apply to companies not established in EU, if they offer services in EU
- Increased responsibility for processing data - privacy by design
- National authorities strengthed
What is the penalty for violating GDPR?
4% of global turnover OR 20 million EUR, whichever is higher
What is a Data Protection Officer?
GDPR introduced a requirement to appoint a DPO in some circumstances:
processing over 5000 records a year and employ over 250 employees.
