Database privacy and Legal Issues :: essays research papers

Database privacy and legal issues Data privacy law regulates data management, and information systems manage data. Therefore, data privacy assurance must consider system assurance. An IT department should streamline its functions with the industry standards and privacy regulations in order to avoid any disruption. In order to achieve those objectives, the IT department should assess the risks, design a strategic plan to achieve privacy compliance, implement required policies and procedures, and monitor and audit the procedures to ensure privacy compliance. Gavison, in his article "Privacy and the Limits of the Law", describes privacy in terms of controlling access to our physical person, and to our information. In one phrase, it is the "protection from being brought to the attention of others" struck us as particularly relevant to the census problem (1995). In his article "creating the Privacy Compliant Organization", Parker mentions that there are other forms of privacy to consider, includes: privacy of persons, privacy of personal behavior, privacy of personal communications, privacy of personal information, and privacy of territory (2001). Risk Assessment An IT department should identify and document the information systems that are subject to privacy requirements includes computer files, databases, archives, microfilm, personal records and copies wherever located. Moreover, it should perform a risk assessment and gap analysis of controls and procedures that are in place. The gap analysis will reveal the deficiencies between the current status and the legislative requirements and regulations under which the organization must operate. Additionally, the risk assessment must be applied to the likely risks that an organization may experience from a breach in privacy which include damage to the corporate reputation, damage to business credibility, financial loss, negative publicity, and fines and criminal records for employees. The result of this phase will be the basis for developing a strategic personal information privacy plan (Parker, 2001). Design a Strategic Plan Designing a privacy plan involves planning, and implementing a set of direction, methodology, and tools to address number of issues in order to achieve privacy compliant, which includes: †¢ Establishing the required infrastructure, including the required positions and appointing key privacy personnel. †¢ Establish the methodologies, which include team members, deliverables, activities, critical path, resources, skills, timelines and approaches to addressing the privacy gaps †¢ Introduce the privacy policies, standards, guidelines and procedures required to meet compliance requirements. †¢ Identify the changes required in the systems, procedures, forms, etc. †¢ Formulate the changes required to address the gaps, and †¢ Train the individuals to ensure that they fully understand the requirements of the legislation and the organization's objectives and deliverables to be created (Parker, 2001).