Report: Data Privacy and Security for Australian Government Services
VerifiedAdded on 2022/10/14
|24
|6742
|9
Report
AI Summary
This report analyzes data privacy and security strategies for the Department of Administrative Services (DAS), an Australian government department transitioning to a shared services model. The report begins with an executive summary outlining the context of DAS's cloud-first strategy and its implications for data management. It then proposes a privacy strategy, detailing management of personal information, collection and use of data, digital identity security, and access controls. The report recommends controls for mitigating identified privacy risks and implementing the strategy, followed by a proposal for personal data protection, including authorized access, digital identity use, and risk mitigation. The report emphasizes the importance of data security, transparency, and compliance with privacy regulations, offering a comprehensive framework for protecting sensitive information within the government context. The report concludes with an overview of the information lifecycle, from collection to destruction, and emphasizes the need for ongoing risk assessment and adaptation to ensure robust data protection.
Running head: INVESTIGATING DATA PRIVACY AND SECURITY
Investigating data privacy and security
(Department of Administrative Services)
Name of the student:
Name of the university:
Author Note
Investigating data privacy and security
(Department of Administrative Services)
Name of the student:
Name of the university:
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1INVESTIGATING DATA PRIVACY AND SECURITY
Executive summary
The DAS is an Australian government sector. Their cloud first strategy allows the business ti save
the expense on platforms, software and infratsurtcure. Because of the alterations in the government
policy, DAS is seen to be moving towards shared measure of service. Their steps indicates that DAS
is able to centralize different services for the entire government. Instead of developing distinct tech
stack, they can subscribe to servive providers to deliver the premium services at minimum cost. In
this report, the privacy strategy for Department of Administrative Service or DAS is suggested.
Further, distinct controls of privacy are sugegested in the study. Next, the personal strategy of data
protection are analyzed here. At last, the measures of protecting personal data are investigated in this
analysis.
Executive summary
The DAS is an Australian government sector. Their cloud first strategy allows the business ti save
the expense on platforms, software and infratsurtcure. Because of the alterations in the government
policy, DAS is seen to be moving towards shared measure of service. Their steps indicates that DAS
is able to centralize different services for the entire government. Instead of developing distinct tech
stack, they can subscribe to servive providers to deliver the premium services at minimum cost. In
this report, the privacy strategy for Department of Administrative Service or DAS is suggested.
Further, distinct controls of privacy are sugegested in the study. Next, the personal strategy of data
protection are analyzed here. At last, the measures of protecting personal data are investigated in this
analysis.
2INVESTIGATING DATA PRIVACY AND SECURITY
Table of Contents
Introduction:..........................................................................................................................................4
1. Development of privacy strategy proposal:.......................................................................................4
a. Management of personal information:...........................................................................................5
b. Collection and management of different types of solicited personal data:....................................6
c. Using and disclosing of personal information:..............................................................................6
d. Usage and security of digital identities:.........................................................................................7
e. Security of personal information:..................................................................................................7
f. Accessing personal information:....................................................................................................8
g. Quality and correction of personal information:...........................................................................9
2. Recommended controls:....................................................................................................................9
a. Mitigating the already identified privacy risks:.............................................................................9
b. Implement the privacy strategy:..................................................................................................10
3. Development of the strategy of personal data protection proposal for Department of
Administrative Service:.......................................................................................................................11
a. Protection of personal information:.............................................................................................11
b. Authorised access and disclosure of personal data:.....................................................................12
c. Use of personal digital identities:................................................................................................13
4. The recommended controls:............................................................................................................15
a. Mitigating the previously determined risks of data security:.......................................................15
Table of Contents
Introduction:..........................................................................................................................................4
1. Development of privacy strategy proposal:.......................................................................................4
a. Management of personal information:...........................................................................................5
b. Collection and management of different types of solicited personal data:....................................6
c. Using and disclosing of personal information:..............................................................................6
d. Usage and security of digital identities:.........................................................................................7
e. Security of personal information:..................................................................................................7
f. Accessing personal information:....................................................................................................8
g. Quality and correction of personal information:...........................................................................9
2. Recommended controls:....................................................................................................................9
a. Mitigating the already identified privacy risks:.............................................................................9
b. Implement the privacy strategy:..................................................................................................10
3. Development of the strategy of personal data protection proposal for Department of
Administrative Service:.......................................................................................................................11
a. Protection of personal information:.............................................................................................11
b. Authorised access and disclosure of personal data:.....................................................................12
c. Use of personal digital identities:................................................................................................13
4. The recommended controls:............................................................................................................15
a. Mitigating the previously determined risks of data security:.......................................................15
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3INVESTIGATING DATA PRIVACY AND SECURITY
b. Implementation of streategy regarding personal data protection:...............................................16
Conclusion:..........................................................................................................................................17
References:..........................................................................................................................................19
b. Implementation of streategy regarding personal data protection:...............................................16
Conclusion:..........................................................................................................................................17
References:..........................................................................................................................................19
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4INVESTIGATING DATA PRIVACY AND SECURITY
Introduction:
The Department of Administrative Service or DAS is the Australian government department.
This was the fourth one in the Commonwealth department. This department is the Australian public
service sector that is employed by the officials liable for the minister for the administrative services.
The Shared service is the consolidation of the business tasks utilized by various sections of a similar
company. They are cost-effective since that can centralize the operations at back-office utilize by
numerous divisions of similar business and eradicate the redundancy. Due to the changes in the
policy of the government, DAS is found to be moving to shared service measure. This process will
indicate that DAS can centralize various services for the overall WofG or whole of Government. On
the other hand, the “cloud-first” strategy permits the organizations to save their cost on
infrastructure, platforms and software. Rather than creating the individual tech stack, they are able to
subscribe to service provider providing premium services at low expense. Again, another
government policy is found to be mandating the “cloud-first” approach to the measure of upgrading
and achieving the services and software. Furthermore, DAS is found to be buying a persona
management application and HR from one company at US providing the SaaS application. This
application is intended to provide an HR suite providing overall HR suite including performance
management. The following study demonstrates the proposal for privacy strategy for DAS. Next,
different privacy controls are recommended. Then, the personal data protection strategies are
evaluated. Lastly, the controls of personal data protection are analyzed in the study.
1. Development of privacy strategy proposal:
The purpose is to deliver guidance for the development process for the agency of DAS. This
must articulate the privacy obligations and then support the sharing of information and protecting
Introduction:
The Department of Administrative Service or DAS is the Australian government department.
This was the fourth one in the Commonwealth department. This department is the Australian public
service sector that is employed by the officials liable for the minister for the administrative services.
The Shared service is the consolidation of the business tasks utilized by various sections of a similar
company. They are cost-effective since that can centralize the operations at back-office utilize by
numerous divisions of similar business and eradicate the redundancy. Due to the changes in the
policy of the government, DAS is found to be moving to shared service measure. This process will
indicate that DAS can centralize various services for the overall WofG or whole of Government. On
the other hand, the “cloud-first” strategy permits the organizations to save their cost on
infrastructure, platforms and software. Rather than creating the individual tech stack, they are able to
subscribe to service provider providing premium services at low expense. Again, another
government policy is found to be mandating the “cloud-first” approach to the measure of upgrading
and achieving the services and software. Furthermore, DAS is found to be buying a persona
management application and HR from one company at US providing the SaaS application. This
application is intended to provide an HR suite providing overall HR suite including performance
management. The following study demonstrates the proposal for privacy strategy for DAS. Next,
different privacy controls are recommended. Then, the personal data protection strategies are
evaluated. Lastly, the controls of personal data protection are analyzed in the study.
1. Development of privacy strategy proposal:
The purpose is to deliver guidance for the development process for the agency of DAS. This
must articulate the privacy obligations and then support the sharing of information and protecting
5INVESTIGATING DATA PRIVACY AND SECURITY
information and protect the informant and privacy of the quality interests. Here, the primary
information and guidance must be provided at every stage of the process of privacy development
having the list of resources along with the web links. This is towards the in-detailed data on
particular areas.
a. Management of personal information:
The good practice guidelines must be detailed in principle, providing support towards DAS
on how smartly they can manage the personal data. This must detail when and how the personal data
should be gathered and the way it is collected to be utilized and then disclosed. This must be
involving the security and storage of sensitive data along with paper and electronic data. Here,
effective principles of practices must detail the way individuals can access the data and correct that
as that is wrong and the ways DAS assure the transparent managing of personal data. This has been
defined within the Privacy Act 1988 (Terzi, Terz and Sagiroglu 2015). This states the data or opinion
that involves the data and the opinions forming the element of the database. Irrespective of the fact it
is true or not, recorded in material format or not, the individual identity is been apparent and is
reasonably ascertained coming from the opinion or information. Firstly, the personal information is
to be collected needed for service delivery. Further, the correction, access and accuracy are to be
checked. Here, the personal data gathered, utilized and been disclosed must be current and accurate
(Yu et al. 2016). Besides, the people must be permitted with reasonable access to the personal data
along with DAS considering reasonable steps for making requested deletions and corrections.
Regarding security and storage the personal data must be secured from any sort of misuse, data loss
ad any sort of inappropriate accessing the disclosure. Next, storage and security are to be considered.
Here, the personal data must be protected from any kind of misuse, inappropriate access loss and
disclose. Further, personal data must be used for the main reason that it has been collected apart
from specifically defined situations. DAS must assure that the personal data is supplied to the
information and protect the informant and privacy of the quality interests. Here, the primary
information and guidance must be provided at every stage of the process of privacy development
having the list of resources along with the web links. This is towards the in-detailed data on
particular areas.
a. Management of personal information:
The good practice guidelines must be detailed in principle, providing support towards DAS
on how smartly they can manage the personal data. This must detail when and how the personal data
should be gathered and the way it is collected to be utilized and then disclosed. This must be
involving the security and storage of sensitive data along with paper and electronic data. Here,
effective principles of practices must detail the way individuals can access the data and correct that
as that is wrong and the ways DAS assure the transparent managing of personal data. This has been
defined within the Privacy Act 1988 (Terzi, Terz and Sagiroglu 2015). This states the data or opinion
that involves the data and the opinions forming the element of the database. Irrespective of the fact it
is true or not, recorded in material format or not, the individual identity is been apparent and is
reasonably ascertained coming from the opinion or information. Firstly, the personal information is
to be collected needed for service delivery. Further, the correction, access and accuracy are to be
checked. Here, the personal data gathered, utilized and been disclosed must be current and accurate
(Yu et al. 2016). Besides, the people must be permitted with reasonable access to the personal data
along with DAS considering reasonable steps for making requested deletions and corrections.
Regarding security and storage the personal data must be secured from any sort of misuse, data loss
ad any sort of inappropriate accessing the disclosure. Next, storage and security are to be considered.
Here, the personal data must be protected from any kind of misuse, inappropriate access loss and
disclose. Further, personal data must be used for the main reason that it has been collected apart
from specifically defined situations. DAS must assure that the personal data is supplied to the
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6INVESTIGATING DATA PRIVACY AND SECURITY
providers of third party services and is protected from any kind of improper use (Kaaniche and
Laurent 2017). Moreover, the personal data must be disclosed to any individual and DAS apart from
the people concerned apart from particularly defined situations. DAS must assure that the personal
data s supplied to third-party service providers and is secured from any kind of improper disclosure.
Regarding transparency the kind of personal data is held and collected and the guidelines of
management must be accessible to DAS’s clients and additional interest members of public (Dhote
2016).
b. Collection and management of different types of solicited personal data:
DAS must solicit and then gather personal data. This is must reasonably be needed for and
then related directly to various activities and the functions. Apart from various requirements, APP or
Australian privacy policy entity must solicit and gather sensitive data as the person consents for the
sensitive data collected until any exceptional case is applicable. The entity of APP should be
collecting and soliciting personal data just for the fair and lawful means (Verginadis et al. 2017).
Further, this must be directly from the people until any exceptional case is applicable.
c. Using and disclosing of personal information:
Regarding “use” DAS must remind that entity accessing and then reading the personal data
and search records for the personal data. Besides, the entity must be making decisions on the basis of
personal data and passing personal data from one area of the entity to other. Then there should be
checking of unauthorised access from the staff of the entity and sharing of personal data with other
individual or entity. Besides, the personal data must be disclosed to DAS as per the capability as a
distinct entity (Tang et al. 2016). Next, the personal data must be published to Internet and this can
be with and without intention. They must be accessible to other individual and entities and
accidentally deliver the personal data to unintended recipient. Again they must reveal the personal
providers of third party services and is protected from any kind of improper use (Kaaniche and
Laurent 2017). Moreover, the personal data must be disclosed to any individual and DAS apart from
the people concerned apart from particularly defined situations. DAS must assure that the personal
data s supplied to third-party service providers and is secured from any kind of improper disclosure.
Regarding transparency the kind of personal data is held and collected and the guidelines of
management must be accessible to DAS’s clients and additional interest members of public (Dhote
2016).
b. Collection and management of different types of solicited personal data:
DAS must solicit and then gather personal data. This is must reasonably be needed for and
then related directly to various activities and the functions. Apart from various requirements, APP or
Australian privacy policy entity must solicit and gather sensitive data as the person consents for the
sensitive data collected until any exceptional case is applicable. The entity of APP should be
collecting and soliciting personal data just for the fair and lawful means (Verginadis et al. 2017).
Further, this must be directly from the people until any exceptional case is applicable.
c. Using and disclosing of personal information:
Regarding “use” DAS must remind that entity accessing and then reading the personal data
and search records for the personal data. Besides, the entity must be making decisions on the basis of
personal data and passing personal data from one area of the entity to other. Then there should be
checking of unauthorised access from the staff of the entity and sharing of personal data with other
individual or entity. Besides, the personal data must be disclosed to DAS as per the capability as a
distinct entity (Tang et al. 2016). Next, the personal data must be published to Internet and this can
be with and without intention. They must be accessible to other individual and entities and
accidentally deliver the personal data to unintended recipient. Again they must reveal the personal
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7INVESTIGATING DATA PRIVACY AND SECURITY
data in due course of conversation with individuals present outside. Lastly, they must highlight the
personal data to be read by other individual or entity like reception centre or office (Liu et al. 2015).
d. Usage and security of digital identities:
First of all, the standards are to be considered to govern the entire operation. This is useful to
avoid coordination issues and consistency. Next, there is attribute collection where the essential
attributes of the users should be captured accurately, protected and stored. Further, the authentication
mechanisms should be delivered to the link users for the attributes in avoiding the authentication that
is inconsistent. Next, regarding attribute exchanges, the mechanisms should be utilized to exchange
the attributes resent between various parties despite any compromise of privacy and security
(Boroojeni, Amini and Iyengar 2017). Besides regarding authorization, suitable relationships and
rules should be applicable for utilizing what the users of services are been entitles for accessing on
the basis of the attributes. Regarding service delivery, the users should be supported with easy-to-
use, effective and efficient services (Bugeja, Jacobsson and Davidsson 2016).
e. Security of personal information:
Personal information security includes various aspects. Here, one must consider whether that
is really needed for collecting and holding personal data for carrying the activities and functions.
Next, planning the way personal data can be handled through embedding the protection of privacy to
designing of practices of information handling. Analysing the risks related to the collection of
personal data because of the latest practice, act and changes to the current project and as the part of
business. Considering the suitable stages and then putting that to put the strategies for protecting
personal data that is held (Gai et al. 2016). Next, de-identification or destruction of personal data as
that is never required anymore.
data in due course of conversation with individuals present outside. Lastly, they must highlight the
personal data to be read by other individual or entity like reception centre or office (Liu et al. 2015).
d. Usage and security of digital identities:
First of all, the standards are to be considered to govern the entire operation. This is useful to
avoid coordination issues and consistency. Next, there is attribute collection where the essential
attributes of the users should be captured accurately, protected and stored. Further, the authentication
mechanisms should be delivered to the link users for the attributes in avoiding the authentication that
is inconsistent. Next, regarding attribute exchanges, the mechanisms should be utilized to exchange
the attributes resent between various parties despite any compromise of privacy and security
(Boroojeni, Amini and Iyengar 2017). Besides regarding authorization, suitable relationships and
rules should be applicable for utilizing what the users of services are been entitles for accessing on
the basis of the attributes. Regarding service delivery, the users should be supported with easy-to-
use, effective and efficient services (Bugeja, Jacobsson and Davidsson 2016).
e. Security of personal information:
Personal information security includes various aspects. Here, one must consider whether that
is really needed for collecting and holding personal data for carrying the activities and functions.
Next, planning the way personal data can be handled through embedding the protection of privacy to
designing of practices of information handling. Analysing the risks related to the collection of
personal data because of the latest practice, act and changes to the current project and as the part of
business. Considering the suitable stages and then putting that to put the strategies for protecting
personal data that is held (Gai et al. 2016). Next, de-identification or destruction of personal data as
that is never required anymore.
8INVESTIGATING DATA PRIVACY AND SECURITY
Figure 1: “The information life cycle”
(Source: Zhou et al. 2015, pp.136-144)
f. Accessing personal information:
DAS should be providing access to personal data such that one has asked to access that. This
must be done in such a way that it is practical and reasonable to perform that. Here, for instance one
might ask to retrieve the personal data through gaining the copy by post or through email. Besides,
the information can be provided on phone or through evaluating the data in person (Aldossary and
Figure 1: “The information life cycle”
(Source: Zhou et al. 2015, pp.136-144)
f. Accessing personal information:
DAS should be providing access to personal data such that one has asked to access that. This
must be done in such a way that it is practical and reasonable to perform that. Here, for instance one
might ask to retrieve the personal data through gaining the copy by post or through email. Besides,
the information can be provided on phone or through evaluating the data in person (Aldossary and
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9INVESTIGATING DATA PRIVACY AND SECURITY
Allen 2016). As DAS is unable to provide access to personal data such that it is been requested, they
should be trying to provide access such that it can meet the needs.
g. Quality and correction of personal information:
The entity of APP must consider the reasonable methods for assuring the personal
information quality at a couple of different points. This must be in the cycle of information handling.
At first, this must be during the collection of information. Next, this must be occurring as the data is
disclosed or used. At other times, the constant reviews of the quality of the personal data as help
through APP entity can be assisted through assuring that it is perfect, upgraded, relevant and
completed that it is disclosed or used. The provisions of corrections give rise to some concerns (Yi,
Qin and Li 2015). Here, the criteria through which the personal data is analysed is correct and
involves the way the criteria can be evaluated. At this case, any sort of burden of proof of the people
should be meeting for establishing the personal data that DAS holds about the user which is never
correct. The way to correct the personal data is seen not to be meeting the criteria of meeting.
Further, the relationship has been taking place between the requirements of corrections within the
privacy act and additional federal laws.
2. Recommended controls:
a. Mitigating the already identified privacy risks:
The strategies of risk and mitigation commonly fall within the jurisdiction of the DAS’s risk
management group. Further, the risk management can be summarized as the activity to manage risk
in analysing the control, containment, identification and threat. Besides, the mitigation can be seen
as the risk reduction and damage containment due to the breach. This is called so as it pertains the
legal and security obligations. Further, risk management is a vital strategy that any vendor and DAS
Allen 2016). As DAS is unable to provide access to personal data such that it is been requested, they
should be trying to provide access such that it can meet the needs.
g. Quality and correction of personal information:
The entity of APP must consider the reasonable methods for assuring the personal
information quality at a couple of different points. This must be in the cycle of information handling.
At first, this must be during the collection of information. Next, this must be occurring as the data is
disclosed or used. At other times, the constant reviews of the quality of the personal data as help
through APP entity can be assisted through assuring that it is perfect, upgraded, relevant and
completed that it is disclosed or used. The provisions of corrections give rise to some concerns (Yi,
Qin and Li 2015). Here, the criteria through which the personal data is analysed is correct and
involves the way the criteria can be evaluated. At this case, any sort of burden of proof of the people
should be meeting for establishing the personal data that DAS holds about the user which is never
correct. The way to correct the personal data is seen not to be meeting the criteria of meeting.
Further, the relationship has been taking place between the requirements of corrections within the
privacy act and additional federal laws.
2. Recommended controls:
a. Mitigating the already identified privacy risks:
The strategies of risk and mitigation commonly fall within the jurisdiction of the DAS’s risk
management group. Further, the risk management can be summarized as the activity to manage risk
in analysing the control, containment, identification and threat. Besides, the mitigation can be seen
as the risk reduction and damage containment due to the breach. This is called so as it pertains the
legal and security obligations. Further, risk management is a vital strategy that any vendor and DAS
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10INVESTIGATING DATA PRIVACY AND SECURITY
can deliver to sure personal information. Again, the strategies to mitigate the risk are been structured
on their procedures and policies. This provides the policies tin developing the ways of securing the
DAS. Under mobile space, DAS should be considering all the aspects of RFID interference to
various smartphone apps while considering risk management aims and policies. Moreover, de-
identification is an exercise of risk management. As DAS plans to share data, transmission and
storing, they require to make the identification as an effective part of their strategy of risk
assessment. Here, risk management must be included in the community best practices. Further, best
practices are to be developed for the various policies that concern the PHI security. Different
documentation and websites are to be suggested for assisting DAS to develop the strategy of risk
management.
b. Implement the privacy strategy:
DAS should provide a plan to provide privacy guidance. They must develop the business
case and then enlist the supporting of related stakeholders. Further, they should flesh out the
blueprints of steps, responsibilities, roles and timelines of people included in the project. Next, they
should determine the business process needing guidance. Feedbacks are to be requested from the
owners of the business process, liaisons of privacy and private employees to generate the practice list
that plan of data privacy must benefit. Regarding prioritizing, DS should assess what processes
require the direct inclusion of employees in DAS and particularly look into privacy. Again, they
must utilize this as the scope of bringing set of rules and practices to handle the sensitive data such
that the legal requirements and company policies are consistently implemented. Moreover, they must
assure the staffs to follow the guidance of privacy with simplicity. They should be making that
simple for the employee through including the current checkpoints. Besides, they can spread the
terms of the new resources having targeted emails of various staffs and business leaders. Ultimately,
can deliver to sure personal information. Again, the strategies to mitigate the risk are been structured
on their procedures and policies. This provides the policies tin developing the ways of securing the
DAS. Under mobile space, DAS should be considering all the aspects of RFID interference to
various smartphone apps while considering risk management aims and policies. Moreover, de-
identification is an exercise of risk management. As DAS plans to share data, transmission and
storing, they require to make the identification as an effective part of their strategy of risk
assessment. Here, risk management must be included in the community best practices. Further, best
practices are to be developed for the various policies that concern the PHI security. Different
documentation and websites are to be suggested for assisting DAS to develop the strategy of risk
management.
b. Implement the privacy strategy:
DAS should provide a plan to provide privacy guidance. They must develop the business
case and then enlist the supporting of related stakeholders. Further, they should flesh out the
blueprints of steps, responsibilities, roles and timelines of people included in the project. Next, they
should determine the business process needing guidance. Feedbacks are to be requested from the
owners of the business process, liaisons of privacy and private employees to generate the practice list
that plan of data privacy must benefit. Regarding prioritizing, DS should assess what processes
require the direct inclusion of employees in DAS and particularly look into privacy. Again, they
must utilize this as the scope of bringing set of rules and practices to handle the sensitive data such
that the legal requirements and company policies are consistently implemented. Moreover, they must
assure the staffs to follow the guidance of privacy with simplicity. They should be making that
simple for the employee through including the current checkpoints. Besides, they can spread the
terms of the new resources having targeted emails of various staffs and business leaders. Ultimately,
11INVESTIGATING DATA PRIVACY AND SECURITY
they should teach the staffs to utilize the tools of privacy to get them involved in the current training
programs. Further, DAS must keep in mind to keep track of the deployment.
3. Development of the strategy of personal data protection proposal for
Department of Administrative Service:
a. Protection of personal information:
First of all, there is handling of personal data. Regarding collection DAS must state clearly
the purpose of the usage under the privacy policy and then gather personal data needed to provide
DAS’s services with the helpful fair means and lawful measures. For reason of use, DAS must just
use the personal data collected to developing their services, delivering ads and any other reason to
use the set forth under their privacy policy (Tari et al. 2015). Besides, they must never use those data
for other causes despite the consent of the clients and in the absence of any regulation and law to the
contrary. Regarding the administration system, the appointment of the administrator and
development of the internal rules are to be considered (Islam, Manivannan and Zeadally 2016).
Moreover, DAS has found to appoint the personal data administrator of protection as the
individuals are liable for administration of personal data. DAS has also generated the internal rules
related to security of personal data and ensures the suitable controlling of personal data. Next,
regarding information security measures, DAS restricts the access to personal data for securing
personal data from getting damaged, destroyed or leaked for other security measurement reasons.
Again, they must also deliver the training related to controlling of personal data for the employees
and offices handling personal data. For destruction of the data, as DAS reasonably finds that the
personal data collected in never required for their business activities or on the expiration of distinctly
specified period of retention, they must dispose the personal data in the possession. Next, there is
provision to the third parties (Kumarage et al. 2016). For disclosure to third parties, DAS might
they should teach the staffs to utilize the tools of privacy to get them involved in the current training
programs. Further, DAS must keep in mind to keep track of the deployment.
3. Development of the strategy of personal data protection proposal for
Department of Administrative Service:
a. Protection of personal information:
First of all, there is handling of personal data. Regarding collection DAS must state clearly
the purpose of the usage under the privacy policy and then gather personal data needed to provide
DAS’s services with the helpful fair means and lawful measures. For reason of use, DAS must just
use the personal data collected to developing their services, delivering ads and any other reason to
use the set forth under their privacy policy (Tari et al. 2015). Besides, they must never use those data
for other causes despite the consent of the clients and in the absence of any regulation and law to the
contrary. Regarding the administration system, the appointment of the administrator and
development of the internal rules are to be considered (Islam, Manivannan and Zeadally 2016).
Moreover, DAS has found to appoint the personal data administrator of protection as the
individuals are liable for administration of personal data. DAS has also generated the internal rules
related to security of personal data and ensures the suitable controlling of personal data. Next,
regarding information security measures, DAS restricts the access to personal data for securing
personal data from getting damaged, destroyed or leaked for other security measurement reasons.
Again, they must also deliver the training related to controlling of personal data for the employees
and offices handling personal data. For destruction of the data, as DAS reasonably finds that the
personal data collected in never required for their business activities or on the expiration of distinctly
specified period of retention, they must dispose the personal data in the possession. Next, there is
provision to the third parties (Kumarage et al. 2016). For disclosure to third parties, DAS might
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 24
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.