Information Quality And Data Protection

1,753
-1

Published on

Information Quality is often seen as just another problem in organisations, as is Data Protection. In this presentation, Daragh O Brien of the IAIDQ explains how both issues are closely related and how by taking an "Information Quality Eye" approach to Data Protection you can ensure that your organisation benefits from both better quality and better protection.

Published in: Business, Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,753
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
76
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • Data Quality is explicitly referenced in the EU directive which underpins our data protection regulations. They even go so far as to spell out what the attributes of quality they are concerned with are.
  • Data Quality is explicitly referenced in the EU directive which underpins our data protection regulations. They even go so far as to spell out what the attributes of quality they are concerned with are.
  • Information Quality And Data Protection

    1. 1. Information Quality and Data Protection Two sides of the same coin
    2. 2. Introduction About me, about the presentation
    3. 3. About Me Defining & Implementing an effective Data Quality Since 2004 Author of Strategy, Ark Group 2008 (ISBN 978-1-906355-14-2) Since 2005 Regular contributor to ComputerScope Magazine, Running Your Business (Magazine of Irish Small Firms Association) , and the IADQ Newsletter Since 2005 (www.iaid.org/publications) Since 2008 •Graduate of UCD Faculty of Law (Business & Legal Studies), •Lecturer in Legal Regulation for Information Systems, European Masters in Business Informatics, Dublin City University
    4. 4. About Me Winner in 2008 of an Obsessive Blogger award from one of the leading Irish Blogging Communities for my writing on my personal blog (http://obriend.info) and elsewhere about Information Quality topics.
    5. 5. About this Presentation Crash course in first principles  Data Protection   European rules… US rules are different and have over a dozen different discrete State and Federal laws that tackle specific instances of issues…. Information Quality  Basic principles (very elementary)  Analysis  Relevance of Information Quality to Data Protection  Relevance of Data Protection to Information Quality  Conclusion  A detailed handout is available to accompany these slides.
    6. 6. First: Principles Some fundamentals. Made fun. Not mental.
    7. 7. Conclusion Data Protection and Information Quality are inextricably  linked Approaching your Data Protection obligations with an  “Information Quality Eye” will ensure improved capability to comply with regulation while also ensuring information in your organisation is of the highest possible quality, ensuring customer satisfaction and avoiding other regulatory risks. Viewing Information Quality and Data Protection as two  „silo‟ problems deprives you of the potential to add greater value to your organisation while managing privacy/data protection risks.
    8. 8. Data Protection DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL SECTION I PRINCIPLES RELATING TO DATA QUALITY Article 6 1. Member States shall provide that personal data must be: (a) processed fairly and lawfully; (b) collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes. Further processing of data for historical, statistical or scientific purposes shall not be considered as incompatible provided that Member States provide appropriate safeguards; (c) adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed; (d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that data which are inaccurate or incomplete, having regard to the purposes for which they were collected or for which they are further processed, are erased or rectified; (e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected or for which they are further processed. Member States shall lay down appropriate safeguards for personal data stored for longer periods for historical, statistical or scientific use. 2. It shall be for the controller to ensure that paragraph 1 is complied with.
    9. 9. Data Protection DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL SECTION I PRINCIPLES RELATING TO DATA QUALITY Article 6 1. Member States shall provide that personal data must be: (a) processed fairly and lawfully; (b) collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes. Further processing of data for historical, statistical or scientific purposes shall not be considered as incompatible provided that Member States provide appropriate safeguards; (c) adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed; (d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that data which are inaccurate or incomplete, having regard to the purposes for which they were collected or for which they are further processed, are erased or rectified; (e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected or for which they are further processed. Member States shall lay down appropriate safeguards for personal data stored for longer periods for historical, statistical or scientific use. 2. It shall be for the controller to ensure that paragraph 1 is complied with.
    10. 10. Data Protection DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL SECTION I PRINCIPLES RELATING TO DATA QUALITY Article 6 1. Member States shall provide that personal data must be: (a) processed fairly and lawfully; (b) collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes. Further processing of data for historical, statistical or scientific purposes shall not be considered as incompatible provided that Member States provide appropriate safeguards; (c) adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed; (d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that data which are inaccurate or incomplete, having regard to the purposes for which they were collected or for which they are further processed, are erased or rectified; (e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected or for which they are further processed. Member States shall lay down appropriate safeguards for personal data stored for longer periods for historical, statistical or scientific use. 2. It shall be for the controller to ensure that paragraph 1 is complied with.
    11. 11. Fundamental Data Protection Principles Obtain the information fairly  Use only for purposes for which it was obtained  Process it only in ways compatible with the purposes  for which it was given to you initially Keep it safe and secure  Ensure that the information is accurate, relevant, and  not excessive Retain it for no longer than is necessary for the  stated purposes Give a copy of the information held by you relating to  them to an individual when requested
    12. 12. Fundamental Data Protection Principles Obtain the information fairly  Use only for purposes for which it was obtained  Process it only in ways compatible with the purposes  for which it was given to you initially Keep it safe and secure  Ensure that the information is accurate, relevant, and  not excessive Retain it for no longer than is necessary for the  stated purposes Give a copy of the information held by you  relating to them to an individual when requested
    13. 13. Data Protection SECTION I PRINCIPLES RELATING TO DATA QUALITY Article 6 1. Member States shall provide that personal data must be: (a) processed fairly and lawfully; (b) collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes. Further processing of data for historical, statistical or scientific purposes shall not be considered as incompatible provided that Member States provide appropriate safeguards; (c) adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed; (d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that data which are inaccurate or incomplete, having regard to the purposes for which they were collected or for which they are further processed, are erased or rectified; (e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected or for which they are further processed. Member States shall lay down appropriate safeguards for personal data stored for longer periods for historical, statistical or scientific use. Give a copybe for the controller to ensure by you relating to them to an individual when 2. It shall of the information held that paragraph 1 is complied with. requested
    14. 14. Example of a Bad Data Protection Practice “Sign up for a raffle” Lots of personal data… Left completely unattended, along with a box full of more sheets like this one…
    15. 15. Data Protection & Information Quality Mapping the Relationship…
    16. 16. Information Quality Meeting or exceeding information consumer expectations Reducing variation around a mean for the performance and perceived value of an information product Beauty is in the eye of the beholder
    17. 17. Information Quality Data and Information are of high quality if they are fit for their uses (by customers) in operations, decision- making, and planning. They are fit for use when they are free of defects and possess the features needed to complete the operation, make the decision, or complete the plan. Joseph Juran
    18. 18. Information Quality What he said… only the view of the customer needs to be broad enough in your organisation… Is having your data lost or stolen a “feature” of the service you are buying? Dr Tom Redman
    19. 19. Setting & Meeting Expectation 1 Obtain and process the information fairly Setting Expectation Keep it only for one or more specified and 2 Setting Expectation lawful purposes Process it only in ways compatible with the 3 purposes for which it was given to you Meeting Expectation initially 4 Keep it safe and secure Meeting Expectation 5 Keep it accurate and up to date Meeting Expectation Ensure information is accurate, relevant and 6 Meeting Expectation not excessive Retain information for no longer than is 7 Meeting Expectation necessary for the stated purposes Give a copy of the information held by you 8 Meeting Expectation relating to them to individuals on request
    20. 20. Planning to meet expectations Quality of an asset (product, finance, people) is achieved through •Planning •Control •Improvement Joseph Juran
    21. 21. Asset Life Cycle – POSMAD Model Asset Store/Shar Plan Obtain Maintain Apply Dispose Life e Cycle What are our Are we using the What info do I Where/how will Do we have a How will we get process to info for purposes need to we store this retention policy „maintain‟ the it? identified @ capture? info? for this data? information? PLAN How are we How will we Can we find it Do we work Questions you might ask Why do we keeping our Do we retain this communicate again when with our need it? information up data at all? Hows & whys? needed? suppliers/data to date? service What are the Are we storing How are we providers to How do we processes we‟ll What will we the same data correcting ensure they dispose of our old use it for? use to get this many times in errors in our have adequate data? info? many places? data? procedures in What‟s our plan Will these Do our staff place to protect for ensuring Does our data Who will we processes know how/why the data we data integrity become share it with? capture quality we keep info hold on trust? (relating all our “excessive” over info? up to date? records)? time , even if it Will the Do our metrics was appropriate processes Is our data Do we protect Why would we and processes at the time it create poor storage copies of data share it? support this was captured? quality secure? on laptops etc? objective? information? What Is our data Can we find it Am I capturing processes will Is our data storage when we need too much info? we have to find disposal secure? secure? it? and fix errors? DP 1,2,3,5,6,7 1.2,3,4,5,6 1.2,3,4,5,6, 1,3,5,6 4,7,8 1,3,5,6,8 Principle ,8 ,8 7 s
    22. 22. Example of a Bad Data Protection Practice “Sign up for a raffle” Lots of personal data… Left completely unattended, along with a box full of more sheets like this one…
    23. 23. Give a copy of the information held by you 8 Meeting Expectation relating to them to individuals on request A needle in a haystack? Find ALL the data you have about ONE specific person based just on their name, address, other identifying data… not necessarily an account number or other unique reference. For example: Daragh O Brien, 13 Any Street, Anytown, Ireland.
    24. 24. Why did I get into Information Quality (an old slide, but a good slide) Daragh  Darragh  Dara  Darra  Daire  Darach  Darrach  Dáire  Daira  Daireach  Gender?  Male or Female  SPELLING DOES NOT give a clue  Confusion  Often miskeyed as TARA (definitely female)  Often confused with Darren (male) or Daryl (male or female)  Also confused with Daria (female)  Also confused with Dora (female)  O Brien  NOT O‟Brien (anglicised version of gaelic name)  Also use O Briain (proper Irish language spelling)  Will accept O‟Brien (mainly out of laziness at this stage)  Grew up on “Foxfield St. John”  Data cleansing software often changes this to “Foxfield Street John”  Or “St. John‟s, Foxfield” 
    25. 25. Give a copy of the information held by you 8 Meeting Expectation relating to them to individuals on request Lots of data repositories? Which haystack?
    26. 26. Give a copy of the information held by you 8 Meeting Expectation relating to them to individuals on request Potential duplicate records? Which needle?
    27. 27. Conclusion
    28. 28. Conclusion  Information is an asset  Its quality can be managed and improved just like any other asset.  It should be protected like  Data Protection and Information Quality are inextricably linked
    29. 29. Conclusion Approaching your Data Protection obligations  with an “Information Quality Eye” will ensure improved capability to comply with regulation while also ensuring information in your organisation is of the highest possible quality, ensuring customer satisfaction and avoiding other regulatory risks. Viewing Information Quality and Data Protection  as two „silo‟ problems deprives you of the potential to add greater value to your organisation while managing privacy/data protection risks.
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×