Data Management Flashcards
(20 cards)
What is the process of verifying data against an alternative source?
Triangulation
Why is data storage and security important?
It is essential that data is kept safe from corruption and that access to it is suitably controlled to ensure privacy and protection
What are some examples of data security technologies?
- Disk encryption - encrypting data on a secure hard disk drive
- Regular backups off site
- Cloud storage
- Password protection and use of anti-virus software protection
- Firewalls and disaster recovery procedures
What is the cloud storage?
- Cloud Storage is a mode of computer data storage in which digital data is stored on servers in off-site locations
- The servers are maintained by a third-party provider who is responsible for hosting, managing, and securing data stored on its infrastructure
What is Copyright?
- Exclusivity rights granted to the original author
- These rights can be licensed, assigned or transferred
- Form of intellectual property
- Crown Copyright - info produced by the government
- Must acknowledge any copyrighted information in your work
What does the Data Protection Act 2018 state?
- Aims to create a single data protection regime affecting businesses, and empower individuals to take control of how their data is used by third parties
- It gives people rights to be informed about how their personal information is used
- UK GDPR is covered by the Act
What are the key requirements of the UK General Data Protection Regulation and the Data Protection Act 2018?
- An obligation to conduct data protection impact assessments for high risk holding of data
- New rights for individuals to have access to information on what personal data is held and to have it erased
- A data controller decides how and why personal data is processed and is directly responsible for GDPR
- A principle of ‘data accountability’ ensuring that organisations can prove to the Information Commissioner’s Office (ICO) how they comply with the regulations
When there has been a data security breach, when does this need to be reported to ICO?
Within 72 hours where there is a loss of personal data and a risk of harm to individuals
What are the fines for non-compliance with the Data Protection Act 2018?
- Fines up to 4% global turnover of the company or £17.5 million (whichever is greater)
- Policed by the ICO
What does Article 5(1) Principles state around the storage of personal data must be?
- Processed lawfully, fairly and in a transparent manner in relation to individuals
- Collected for specified, explicit and legitimate purposes
- Limited to what is necessary for the purposes for which they are processed
- Accurate and kept up to date
What does Article 5(2) require?
The controller shall be responsible for, and be able to demonstrate, compliance with the principles
What are the 8 Individual Rights under UK GDPR?
P -portability
A - access
I - informed
R - rectification
R - restrict processing
O - object
A - automated decision-making
D - erasure (deletion)
What does the Freedom of Information Act 2000 state?
- Gives individuals the right of access to information held by public bodies
- The public body must tell any individual requesting sight of information if it holds it
- Info must be provided in 20 working days in the format requested and the public body can charge for it
What are some exemptions to the Freedom of Information Act?
Info will be refused if in the interest of national security and current legal issues or a criminal investigation
How can data security be improved?
Firewalls, encryption, cloud-based systems and passwords
What is data retention?
Firms require retention policies for the safe keeping of files
What is a Non-Disclosure Agreement (NDA)?
- Legally binding contract which establishes a confidential relationship
- Agreeing sensitive information will not be made available to others
- The party that was harmed by the breach of the NDA can take legal action to enforce the agreement and seek damages for any losses that were incurred
What is the difference between GDPR and Data Protection Act?
GDPR is EU wide, DPA UK’s implementation of GDPR
What are the 7 principles of GDPR?
P -processed lawfully
R - relevant purpose
A - adequate and not excessive
H - held no longer than necessary
A - accurate and up to date
N - not transferred between countries without same security
K - kept securely
Please provide some case law around Data Protection Act 2018?
Halfords sent a marketing email to hundreds of customers, but they hadn’t been consented to sent this. ICO issued a fine for this.
