Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ethics > L5 Data Breaches and the National Consent POlicy > Flashcards

L5 Data Breaches and the National Consent POlicy Flashcards

1
Q

when is a data protection officer necessary for an organisation

A
  • the processing is carried out by a public authority or body
  • the core activities of the controller or the processor consist of processing operations, which require regular and systematic monitoring of data subjects on a large scale; or
  • the core activities of the controller or the processor consist of processing on a large scale of special categories of data or personal data relating to criminal convictions and offences
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

special data cetagories

A
  • Personal data revealing racial or ethnic origin.
  • Political opinions.
  • Religious or philosophical beliefs.
  • Trade union membership.
  • Genetic data and biometric data processed for the purpose of uniquely identifying a natural person.
  • Data concerning health.
  • Data concerning a natural person’s sex life or sexual orientation.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

data protection impact assessments

A
  • Mandatory for any new high risk processing projects
  • To identify and mitigate against any data protection related risks arising from a new project
  • Plan for the implementation of any solutions to those risks, and assess the viability of a project at an early stage.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

data breach

A

a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.” (HSE Data Breach Process Guidance, 2019)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

guidelines/laws which relate to management of breaches

A
  • HSE Data Protection Policy
  • HSE Data Protection Breach Process Guidance
  • Article 33 of the GDPR introduces mandatory data
    breach notification obligations on organisations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

HSE Breach Process Guidance

A
  1. Identify
  2. Notify
  3. Classify
  4. Report
  5. Contain and Recover
  6. Risk assessment
  7. Notification of breach
  8. Evaluation and response
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

step 2: notify

A
  • Staff member notifies line manager within 72 hours, although really it should be immediately
  • Manager is notified and will sign the Data Breach Incident Report form
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

step 3: classify

A

Manager will identify if it is a data protection breach or data protection incident

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

step 4: report

A
  • The staff member and manager complete data breach incident form
  • Which is sent to Deputy Data Protection Officer who confirms breach / incident
  • Also sent to Office of Chief Information Officer (OoCIO) if information systems breach
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Step 4: report (if it’s an incident)

A
  • DDPO advises of any corrective action to make
  • Manager logs incident and implements corrective actions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Step 4: report (if it’s a breach)

A

DDPO logs breach with Data Protection Commission and advises of corrective actions that have been taken

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Step 5: contain and recover

A
  • The manager will limit the scope and impact of the breach of data (eg. changing access)
  • DDPO establish who in the organisation needs to be made aware of the breach and inform them of what they are expected to do to assist in the containment exercise (eg Garda, communications dept)
  • OoCIO has a role in containment if it was an IT breach (eg wiping a mobile device)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Step 6: risk assessment

A
  • Consider what would be the potential adverse consequences for individuals:

a) What type of information/data is involved?
b) How sensitive is the information/data?
c) Are there any security mechanisms in place (e.g. password, protected, encryption)?
d) What could the information/data tell a third party about the individual?
e) How many individuals’ are affected by the breach?

  • If large scale/highly sensitive → DDPO informs DPO who will advise of necessary corrective actions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Step 7: notification of breach

A
  • Outline what occurred
  • Apologise for the incident
  • Provide name and contact for further info
  • Describe the likely consequences of the breach
  • Describe the measures taken to address the breach
  • Confirm the DPC has been notified
  • Record notification to data subject
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Step 8: Evaluation and response

A
  • A thorough review of the incident should occur.
  • Ensure that the steps taken during the incident were appropriate and to identify areas that may need to be improved.
  • Any recommended change to policies and/or procedures should be documented and implemented as soon as possible thereafter
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What does the HSE electronic communications policy apply to

A
  • All electronic communications, email, internet, intranet and fax services provided by the HSE
  • All IT resources provided by the HSE
  • All users (including HSE staff, students, contractors, sub-contractors, agency staff and authorized third party commercial service providers)
  • All use (both personal & HSE business related)
  • All connections to (locally or remotely) the HSE’s email, internet, intranet and fax facilities
  • All connections made to external networks through the HSE network
17
Q

stipulations for personal use of HSE electronic communications (with line manager’s permission)

A
  1. Is not excessive
  2. Does not take priority over their HSE work responsibilities
  3. It does not interfere with the performance and work of the user, other staff or the HSE
  4. Does not incur unwarranted expense or liability for the HSE
  5. Does not have a negative impact on the HSE in any way
  6. Does not involve commercial activities, such as running any sort of private business, advertising or performing work for personal gain or profit
  7. Is lawful and complies with this policy and all other relevant HSE policies
18
Q

HSE Electronic communications policy on personal use of email

A
  • Make clear that the email is personal and not on behalf of HSE
  • Words or actions do not have a negative impact on the HSE
  • Only email facilities provided by the HSE may be used in connection with an individual users work for the HSE.
  • Confidential or restricted information via email must not be forwarded from HSE email messages to their own personal third party web based email account.
  • Users should ensure they keep their personal email messages separate from their HSE business related email messages.
19
Q

HSE electronic communications policy on internet use

A
  • The HSE automatically filters internet access and blocks websites deemed to be inappropriate
  • HSE smart devices aren’t filtered - users are held responsible for all connections made by that device
  • Cannot install or use third party software on HSE devices
  • HSE IP address is logged when visiting any website
20
Q

HSE electronic communications policy on social media use

A
  • Social media is blocked on HSE devices/internet
  • All use of social media (personal or otherwise), must be in accordance with the HSE Social Media Policy & Guidelines
  • Never post/discuss confidential info on social media
  • Speak in the first person
  • Remarks made in the name of the HSE about individuals, organisations or groups which are of an offensive, derogatory or threatening nature on social media may result in disciplinary, legal or criminal action being taken.
  • If you refer to the HSE as your employer in your social media biography, you should be mindful that you are publicly connecting yourself to your place of work.
  • Having an opinion on topics in the public domain relating to the HSE is acceptable, but be mindful that any opinions or comments should be based on fact.
  • Be mindful that your opinions will be monitored by the media who use social media as a research tool
21
Q

HSE tips from Social media policy

A
  • Respect others’ views and opinions…do not engage in a public disagreement.
  • Act professionally at all times.
  • Be quick to correct your own mistakes and admit when you are wrong.
  • Do not engage in conduct that would be viewed as unacceptable online.
  • Do not engage with trolls whose aim is to engage you in negative conversation.
  • Share information that you know to be true, be careful of fake news and sharing misinformation
22
Q

HSE electronic communications policy regarding fax

A
  • Confidential and personal information should not be transmitted by fax
  • Exceptions apply in case of emergency
  • Cover sheet
  • Double check fax number
  • Minimal information
  • Telephone before
  • Keep copy of transmission slip
  • Approval from Manager
23
Q

HSElive

A
  • HSE’s social media team
  • if you are contacted by a member of the public with a question, refer them to HSE live

ethics (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions