DATA PROTECTION PART OF A QUALITY MANAGEMENT SYSTEM FOR INFORMATION
DATA PROTECTION
PART OF A QUALITY MANAGEMENT SYSTEM FOR INFORMATION
SOME FORMAL DEFINITIONS
Data (plural of datum)•Facts about things
RED 01-01-70
Peanuts
Red
RED
RED
Peanuts
Peanuts
Peanuts
01-01-70
01-01-70
01-01-70
01-01-70
SOME FORMAL DEFINITIONS
Information•Facts about things in a context•Facts with attached meaning
SOME FORMAL DEFINITIONS
Information•Facts about things in a context•Facts with attached meaning
SOME FORMAL DEFINITIONS
Knowledge•Information that can be used to trigger action
• Right place• Right time• Right format• Right context
Caucasian female, early 40s (red hair) collapsed at work
Peanut allergy
Ate birthday cake within last hour
Treat for anaphylactic shock
Value
Data Data Data
Information Information
Knowledge
Context
Data Protection
Information SecurityInformation Quality
SYLLOGISM PART 1
Data Protection is a Quality Management System applied to the collection, management, use, and disposal of personal data.
(e.g. BS10012:2009)
SYLLOGISM PART 2
Information/Data Quality is the application of proven Quality Management systems to the Information Product
SYLLOGISM PART 3
Data Protection is Information Quality
LINKING TO DATA QUALITY
SECTION I
PRINCIPLES RELATING TO DATA QUALITY
Article 6
1. Member States shall provide that personal
data must be:
(a) processed fairly and lawfully;
(b) collected for specified, explicit and
legitimate purposes and not further
processed in a way incompatible with
those purposes. Further processing of
data for historical, statistical or scientific
purposes shall not be considered as
incompatible provided that Member States
provide appropriate safeguards;….
EU Directive 95/46/EC defines “Data Protection” principles as “Data Quality Principles”.
WHAT IS “INFORMATION QUALITY”?The degree to which information and data can be a trusted source for any or all required uses.
The degree to which data and information meets the specific needs of specific customers.
Consistently meeting or exceeding knowledge worker/end customer expectations.
DAVID LOSHIN
Data Domains
Enterprise Agreement of Usage
Stewardship
Ubiquity
Data Model
Clarity of Definition
Comprehensiveness
Flexibility
Robustness
Essentialness
Attribute Granularity
Precision of Domains
Homogenity
Naturalness
Identifiability
Obtainability
Relevance
Simplicity
Semantic Consistency
Structural Consistency
Data Values
Accuracy
Null Values
Completeness
Consistency
Currency
Timeliness
Data Presentation
Appropriateness
Correct Interpretation
Flexibility
Format Precision
Portability
Representation Consistency
Representation of Null Values
Use of Storage
Information Policy
Accessibility
Metadata
Privacy
Redundancy
Security
Unit Cost
Dimensions of Data Quality © D Loshin
DANETTE MCGILVRAY
Data Specification
Data Integrity Fundamentals
Duplication
Accuracy
Consistency & Synchronisation
Timeliness & Availability
Ease of Use & Maintainability
Data Coverage
Presentation Quality
Data Decay
Transactability
Danette McGilvray’s Data Quality Dimensions.
Perception, Relevance, Trust
LARRY ENGLISH
DATA QUALITY CHARACTERISTICS
Data Protection
HIQA’S DEFINITION OF DATA QUALITY
Data Quality refers to data that is accurate, valid, reliable, relevant, legible, complete and available in a timely manner to decision makers for healthcare delivery and planning purposes.
DATA QUALITY CHARACTERISTICS
HIQA
W. EDWARDS DEMING
SYSTEM OF PROFOUND KNOWLEDGE
Theory of Optimisation
Theory of Knowledge
Theory of Variation
Theory of Psychology
(c) Castlebridge Associates 2011. Certain Material (c) Larry English, Danette McGilvray, Tom Redman
THEORY OF KNOWLEDGE
Knowledge cannot exist with out a theory
Experience is not the same as theory
Theory shows cause and effect
Theory allows for prediction
(c) Castlebridge Associates 2011. Certain Material (c) Larry English, Danette McGilvray, Tom Redman
THEORY OF KNOWLEDGE
“Best Efforts? Imagine the chaos if everyone ran around trying their best without a theory of knowledge to inform their actions. Disaster”.
(c) Castlebridge Associates 2011. Certain Material (c) Larry English, Danette McGilvray, Tom Redman
Seek first to understand…
Stephen R. Covey
THEORY OF KNOWLEDGE
I could copy my maths homework
I’d get THAT problem right
But would I understand the principles to apply to a different problem?
KEY LESSON
Effective implementation of Quality Systems requires an understanding of the “Theory of Knowledge” and the fundamental principles of that Quality system.
Blind adoption of tools, techniques, and templates without the Theory of Knowledge tells you “WHAT” but not “WHY”.
NON-LINEAR LIFE CYCLE
Plan Obtain Store/Share
Apply
Maintain
Dispose
Based on English 1999 and McGilvray 2008
MAPPING THE LIFE CYCLE TO DATA PROTECTION
INFORMATION CHAINS – THE FOCUS
An information chain is effectively a chain of processes through which information flows to achieve an objective in the organisation.
Only by understanding how information flows can you understand how the quality of the information
• Affects the organisation• Is affected by the Organisation
If you can't describe what you are doing as a process...
... You don’t know what you are doing.
W. Edwards Deming
THIS IS NOT A PROCESS MAP OR INFO CHAIN DESCRIPTION
• We do this.
• Then Martin in Accounts does that.
• Then Betty in Receivables does this other thing
• Then it comes back to us
• Then something else happens.
• 4th Thursday of month the Jaberwock audits.
If I had wanted to know what you did on your
holidays,
Process Improvement Lead, Telco industry
I’d have asked.
INFORMATION CHAINS
A.K.A. Processes
Some Input
Some Action
Some Output
That becomes an Input
Some Action Some Action
Some Output
That becomes an Input
Some Output
Information Flow
A.K.A. “Cycles”
A.K.A. SIPOC
A.K.A. Workflow
By someone By someone By someone
DATABASES ARE LIKE LAKES
DAVID LOSHIN
THE VIRTUOUS CYCLE
THE VIRTUOUS CYCLE
(c) Castlebridge Associates 2011. Certain Material (c) Larry English, Danette McGilvray, Tom Redman
DANETTE MCGILVRAY10 STEPS TO TRUSTED INFORMATION
SOME INTRODUCTORY COMMENTS
Danette’s view on Information
• Information must be consciously managed as a resource (a source of help to the business) and
• As an asset (a source drawn on by the business to make a profit)
• Information is a product of processes and activities in organisations.
Danette’s Definition of Information Quality
• the degree to which information and data can be a trusted source for any/all required uses
ASSESSMENT-AWARENESS-ACTION
FRAMEWORK FOR INFORMATION QUALITY
(c) Castlebridge Associates 2011. Certain Material (c) Larry English, Danette McGilvray, Tom Redman
THE 10 STEPS METHOD™
LARRY P. ENGLISHTIQM™
THE TIQM PROCESSES
COMMON CORE ELEMENTS
INFORMATION IS…
1.An Asset
2.A Product
INFORMATION QUALITY PROGRAMS
1. Should be based on proven Quality Management Principles
2. Make use of objective statistical measurement of quality
3. Emphasise elimination of process defects to remove root causes of errors
4. Should be cyclical and based on philosophy of continuous improvement
5. Should emphasise the development of a Quality Culture that pervades the organisation.
6. The focus must be on improving the system of production, eliminating common causes of defect, and preventing errors
7. Scrap and rework is not Information Quality Management
BUT BACK TO DATA PROTECTION…
SUMMARY (OF THEORY)
Data Protection & Information Quality are closely linked disciplines
Understanding your Processes is key
Information Life Cycle gives context
You can measure Quality of Information
Quality has to be built in
Inspecting defects out is not Quality
POSMAD
(across many characteristics)
From Toothpastefordinner.com
Process & Context =
Meaning & Purpose
Information has attributes you can measure...
Measurement can support Controls and Policies
Metrics can support Change Management goals
What is measured gets
done.
How can you feed the GREED motive?
What is your Data Protection
Scorecard?
How does it translate to your bottom line?
GETTING HELP
THE IAIDQ• International Association for Information & Data Quality
• Founded in 2004
• Leading Professional body for Information/Data Quality practitioners.
• 500+ members in 15 countries
• Active in Ireland through collaboration with the Irish Computer Society (the “IQ NETWORK”)
D3: Information
Quality Value and Business
Impact
D2:Information
Quality Environment and Culture
D5:Information
Quality Measurement
and Improvement
D6:Sustaining Information
Quality
D1:Information
Quality Strategy and Governance
D4:Information Architecture
Quality