Data Management Flashcards
(28 cards)
What systems does your organisation have in place to ensure data security?
Access control systems
1. multi factor authentication to log into devices
2. Least privilege principle- given the minimum level of access necessary to complete their work
-Disk encryption- encrypting data on a secure hard disk drive
-Regular backups off site
-Cloud storage
-Password protection and use of anti-virus software protection
-Network firewalls (protect entire network from unauthorised access)
How can you comply with UK GDPR when dealing with mailing lists?
- Obtain consent- must be clear about how data will be used & why. Also ‘opt-in’ process to receive emails
- Data minimisation- collect the minimum necessary personal data
3.Privacy notice that explains how personal data will be used, how long for and an individual’s rights
4.Protection of data e.g. encryption, access control
- Easy opt out process to withdraw consent/unsubscribe
- Retention & deletion
What information can a firm reasonably retain to comply with other laws than GDPR?
Financial/Accounting records e.g. receipts/invoices/bank statements/tax returns/payroll records to comply with Companies Act 2006 (must retain financial records for 6 years)
Employment records for 6 years after employee leaves e.g. employment contracts, payroll, pension information, with employment law, Health & Safety at Work Act (1974)
Health & Safety records e.g. accident and injury logs, risk assessments for minimum 3 years after the event to comply with Health & Safety at Work Act (1974) and RIDDOR (2013)
What is cloud storage?
Cloud storage is a way of saving data online rather than on a local computer or physical server. It allows individuals and organisations to store, access, and manage data over the internet using remote servers maintained by cloud service providers..
Benefits of cloud based systems?
Accessible anywhere with an internet connection
Scalable
Data security
cost efficient- reduces need for in house IT infrastructure
Why is data management important?
It is essential that data is kept safe from corruption and that access is suitably controlled to ensure privacy and protection
How should you verify data sources?
Consider the reliability of the source and associated risks, verify the data against an alternative source where possible (aka ‘triangulation’)
What is copyright?
-A set of exclusive rights granted to the author/creator of any original work, including the right to copy
-These rights can be licensed, assigned or transferred
-Form of intellectual property
-Must acknowledge any copyright for information duplicated in your work
What is crown copyright?
Refers to all material created and prepared by the Government, e.g. laws, public records, official press releases and OS mapping
Does the EU’S GDPR apply in the UK?
Not since Brexit it no longer applied in the UK but was almost entirely transcribed into the UK GDPR in 2018
What is the relationship between UK GDPR and the Data Protection Act (2018)?
UK GDPR is covered by the Data Protection Act 2018
Aim is to create a single data protection regime affecting businesses and empower individuals to take control of how their data is used by third parties. Give people rights to be informed about how their personal information is used
What are the key requirements of data protection in the UK?
-Obligation to conduct data protection impact assessments for high risk holding of data
-Rights for individuals to have access to information on what personal data is held and to have it erased
-Data controller decides how and why personal data is processed and is directly responsible for GDPR
-‘Data accountability- organisations must be able to prove to the ICO how they comply with the regs
What should you do if there is a data security breach?
Report the the Information Commissioner’s Office (ICO) within 72 hours where there is a loss of personal data and a risk of harm to individuals
What are the penalties for GDPR breach?
Fines of up to 4% global turnover of the company of £17.5 million
(policed by ICO)
What are the 8 Individual Rights under UK GDPR?
1.Right to be informed
2. Right of access
3. Right to rectification
4. Right to erasure
5. Right to restrict processing
6.Right to data portability
7. Right to object
8. Rights to automated decision making and profiling
RARE IDOA
What are the key principles of GDPR?
L- Lawfulness, Fairness & Transparency
S- Storage limitation
M- Minimisation of data
A- Accuracy & Accountability
P- Purpose limitation
S- Security
What are the key elements of the Freedom of Information Act (2000)?
Gives individuals the right of access to information held by public bodies
- Public body must tell any individual requesting sight of information whether it holds it
-Normally must supply in 20 working days in the format requested
-It can charge for the provision of the information
What exemptions are there to the Freedom of Information Act?
-Contrary to GDPR requirements
-If it would prejudice a criminal matter under investigation
-If it would prejudice person’s/organisation’s commercial interest
How can security of electronic data be improved?
-Firewalls
-Encryption
-Cloud based systems
-Passwords/MFA
-Non disclosure agreements
How do data breaches commonly happen?
-employee mistakes
-equipment failure
-hacking
-cyber-attacks
-malware (software designed to gain access to your computer systems)
-loss of equipment.
What is a non-disclosure agreement?
-Legally enforceable contract between two parties relating to sensitive information
-creates a confidential relationship between a person who has sensitive information and a person who has access to that information
-If a party breaches the NDA legal action to enforce the agreement and seek damages for any losses can be taken
Who is your organisation’s data controller?
DWP is its own data controller, and our head of Data Protection officer is Dominic Hartley
How do you file your records safely?
Use cloud systems like Sharepoint
Maintain folder naming conventions
Access controls
Encrypt sensitive files
Keep backups
Follow retention periods (most files are minimum 6 years but leases if executed as a deed are 12 years after expiry)
What is GDPR?
General Data Protection Regulation- governs how personal data should be handled by businesses
