Data Protection - Daragh O Brien

DATA PROTECTION

PART OF A QUALITY MANAGEMENT SYSTEM FOR INFORMATION

SOME FORMAL DEFINITIONS

Data (plural of datum)•Facts about things

RED 01-01-70

Peanuts

Red

RED

RED

Peanuts

Peanuts

Peanuts

01-01-70

01-01-70

01-01-70

01-01-70


Information•Facts about things in a context•Facts with attached meaning


Information•Facts about things in a context•Facts with attached meaning


Knowledge•Information that can be used to trigger action

• Right place• Right time• Right format• Right context

Caucasian female, early 40s (red hair) collapsed at work

Peanut allergy

Ate birthday cake within last hour

Treat for anaphylactic shock

Value

Data Data Data

Information Information

Knowledge

Context

Data Protection

Information SecurityInformation Quality

SYLLOGISM PART 1

Data Protection is a Quality Management System applied to the collection, management, use, and disposal of personal data.

(e.g. BS10012:2009)

SYLLOGISM PART 2

Information/Data Quality is the application of proven Quality Management systems to the Information Product

SYLLOGISM PART 3

Data Protection is Information Quality

LINKING TO DATA QUALITY

SECTION I

PRINCIPLES RELATING TO DATA QUALITY

Article 6

1. Member States shall provide that personal

data must be:

(a) processed fairly and lawfully;

(b) collected for specified, explicit and

legitimate purposes and not further

processed in a way incompatible with

those purposes. Further processing of

data for historical, statistical or scientific

purposes shall not be considered as

incompatible provided that Member States

provide appropriate safeguards;….

EU Directive 95/46/EC defines “Data Protection” principles as “Data Quality Principles”.

WHAT IS “INFORMATION QUALITY”?The degree to which information and data can be a trusted source for any or all required uses.

The degree to which data and information meets the specific needs of specific customers.

Consistently meeting or exceeding knowledge worker/end customer expectations.

DAVID LOSHIN

Data Domains

Enterprise Agreement of Usage

Stewardship

Ubiquity

Data Model

Clarity of Definition

Comprehensiveness

Flexibility

Robustness

Essentialness

Attribute Granularity

Precision of Domains

Homogenity

Naturalness

Identifiability

Obtainability

Relevance

Simplicity

Semantic Consistency

Structural Consistency

Data Values

Accuracy

Null Values

Completeness

Consistency

Currency

Timeliness

Data Presentation

Appropriateness

Correct Interpretation

Flexibility

Format Precision

Portability

Representation Consistency

Representation of Null Values

Use of Storage

Information Policy

Accessibility

Metadata

Privacy

Redundancy

Security

Unit Cost

Dimensions of Data Quality © D Loshin

DANETTE MCGILVRAY

Data Specification

Data Integrity Fundamentals

Duplication

Accuracy

Consistency & Synchronisation

Timeliness & Availability

Ease of Use & Maintainability

Data Coverage

Presentation Quality

Data Decay

Transactability

Danette McGilvray’s Data Quality Dimensions.

Perception, Relevance, Trust

LARRY ENGLISH

DATA QUALITY CHARACTERISTICS

Data Protection

HIQA’S DEFINITION OF DATA QUALITY

Data Quality refers to data that is accurate, valid, reliable, relevant, legible, complete and available in a timely manner to decision makers for healthcare delivery and planning purposes.

DATA QUALITY CHARACTERISTICS

HIQA

W. EDWARDS DEMING

SYSTEM OF PROFOUND KNOWLEDGE

Theory of Optimisation

Theory of Knowledge

Theory of Variation

Theory of Psychology

(c) Castlebridge Associates 2011. Certain Material (c) Larry English, Danette McGilvray, Tom Redman

THEORY OF KNOWLEDGE

Knowledge cannot exist with out a theory

Experience is not the same as theory

Theory shows cause and effect

Theory allows for prediction


THEORY OF KNOWLEDGE

“Best Efforts? Imagine the chaos if everyone ran around trying their best without a theory of knowledge to inform their actions. Disaster”.


Seek first to understand…

Stephen R. Covey

THEORY OF KNOWLEDGE

I could copy my maths homework

I’d get THAT problem right

But would I understand the principles to apply to a different problem?

KEY LESSON

Effective implementation of Quality Systems requires an understanding of the “Theory of Knowledge” and the fundamental principles of that Quality system.

Blind adoption of tools, techniques, and templates without the Theory of Knowledge tells you “WHAT” but not “WHY”.

NON-LINEAR LIFE CYCLE

Plan Obtain Store/Share

Apply

Maintain

Dispose

Based on English 1999 and McGilvray 2008

MAPPING THE LIFE CYCLE TO DATA PROTECTION

INFORMATION CHAINS – THE FOCUS

An information chain is effectively a chain of processes through which information flows to achieve an objective in the organisation.

Only by understanding how information flows can you understand how the quality of the information

• Affects the organisation• Is affected by the Organisation

If you can't describe what you are doing as a process...

... You don’t know what you are doing.

W. Edwards Deming

THIS IS NOT A PROCESS MAP OR INFO CHAIN DESCRIPTION

• We do this.

• Then Martin in Accounts does that.

• Then Betty in Receivables does this other thing

• Then it comes back to us

• Then something else happens.

• 4th Thursday of month the Jaberwock audits.

If I had wanted to know what you did on your

holidays,

Process Improvement Lead, Telco industry

I’d have asked.

INFORMATION CHAINS

A.K.A. Processes

Some Input

Some Action

Some Output

That becomes an Input

Some Action Some Action

Some Output

That becomes an Input

Some Output

Information Flow

A.K.A. “Cycles”

A.K.A. SIPOC

A.K.A. Workflow

By someone By someone By someone

DATABASES ARE LIKE LAKES

DAVID LOSHIN

THE VIRTUOUS CYCLE

THE VIRTUOUS CYCLE


DANETTE MCGILVRAY10 STEPS TO TRUSTED INFORMATION

SOME INTRODUCTORY COMMENTS

Danette’s view on Information

• Information must be consciously managed as a resource (a source of help to the business) and

• As an asset (a source drawn on by the business to make a profit)

• Information is a product of processes and activities in organisations.

Danette’s Definition of Information Quality

• the degree to which information and data can be a trusted source for any/all required uses

ASSESSMENT-AWARENESS-ACTION

FRAMEWORK FOR INFORMATION QUALITY


THE 10 STEPS METHOD™

LARRY P. ENGLISHTIQM™

THE TIQM PROCESSES

COMMON CORE ELEMENTS

INFORMATION IS…

1.An Asset

2.A Product

INFORMATION QUALITY PROGRAMS

1. Should be based on proven Quality Management Principles

2. Make use of objective statistical measurement of quality

3. Emphasise elimination of process defects to remove root causes of errors

4. Should be cyclical and based on philosophy of continuous improvement

5. Should emphasise the development of a Quality Culture that pervades the organisation.

6. The focus must be on improving the system of production, eliminating common causes of defect, and preventing errors

7. Scrap and rework is not Information Quality Management

BUT BACK TO DATA PROTECTION…

SUMMARY (OF THEORY)

Data Protection & Information Quality are closely linked disciplines

Understanding your Processes is key

Information Life Cycle gives context

You can measure Quality of Information

Quality has to be built in

Inspecting defects out is not Quality

POSMAD

(across many characteristics)

From Toothpastefordinner.com

Process & Context =

Meaning & Purpose

Information has attributes you can measure...

Measurement can support Controls and Policies

Metrics can support Change Management goals

What is measured gets

done.

How can you feed the GREED motive?

What is your Data Protection

Scorecard?

How does it translate to your bottom line?

GETTING HELP

THE IAIDQ• International Association for Information & Data Quality

• Founded in 2004

• Leading Professional body for Information/Data Quality practitioners.

• 500+ members in 15 countries

• Active in Ireland through collaboration with the Irish Computer Society (the “IQ NETWORK”)

D3: Information

Quality Value and Business

Impact

D2:Information

Quality Environment and Culture

D5:Information

Quality Measurement

and Improvement

D6:Sustaining Information

Quality

D1:Information

Quality Strategy and Governance

D4:Information Architecture

Quality

Data Protection - Daragh O Brien

Technology