Database privacy and Legal Issues :: essays research papers

Database cover and legal issuesData cover law regulates data management, and information governing bodys manage data. Therefore, data privacy assurance must consider system assurance. An IT department should streamline its functions with the industry standards and privacy regulations in order to avoid any disruption. In order to achieve those objectives, the IT department should assess the risks, design a strategic plan to achieve privacy compliance, implement essential policies and procedures, and monitor and audit the procedures to ensure privacy compliance. Gavison, in his article "Privacy and the Limits of the Law", describes privacy in terms of controlling access to our physical person, and to our information. In one phrase, it is the "protection from being brought to the attention of others" struck us as particularly germane(predicate) to the census problem (1995). In his article "creating the Privacy Compliant Organization", Parker mentions that t here are other forms of privacy to consider, includes privacy of persons, privacy of personal behavior, privacy of personal communications, privacy of personal information, and privacy of territory (2001).Risk AssessmentAn IT department should identify and document the information systems that are subject to privacy requirements includes computing machine files, databases, archives, microfilm, personal records and copies wherever located. Moreover, it should perform a risk assessment and gap analysis of controls and procedures that are in place. The gap analysis lead reveal the deficiencies betwixt the current status and the legislative requirements and regulations under which the organization must operate. Additionally, the risk assessment must be applied to the likely risks that an organization may fetch from a breach in privacy which include damage to the corporate reputation, damage to business credibility, financial loss, negative publicity, and fines and criminal records f or employees. The result of this phase will be the basis for developing a strategic personal information privacy plan (Parker, 2001).Design a Strategic PlanDesigning a privacy plan involves planning, and implementing a set of direction, methodology, and tools to address number of issues in order to achieve privacy compliant, which includes      feeding the required infrastructure, including the required positions and appointing key privacy personnel.      Establish the methodologies, which include team members, deliverables, activities, critical path, resources, skills, timelines and approaches to addressing the privacy gaps      Introduce the privacy policies, standards, guidelines and procedures required to meet compliance requirements.     Identify the changes required in the systems, procedures, forms, etc.      Formulate the changes required to address the gaps, and  &nbs p  Train the individuals to ensure that they fully understand the requirements of the legislation and the organizations objectives and deliverables to be created (Parker, 2001).