Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.
COURSE of the MONTH
11 days, 5 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
data sharing with 3rd parties - non technical question
Posted on 2013-12-02
Do the organisations you work for have any requirements to share data with 3rd parties, for whatever reason?
I am trying to establish who in your organisations keep track on any data sharing agreements with 3rd parties - and whether you keep a central list of all data sharing - or any risks you can share in not keeping tabs on data sharing agreements? i.e. no central oversight of data sharing agreements with 3rd parties - whats the risk?
albeit not a tech question with your jobs handling data I assume you may be the ones who have to get data ready for sharing with 3rd parties, hence may have some insight in this area.
I am trying to establish who in your organisations keep track on any data sharing agreements with 3rd parties - and whether you keep a central list of all data sharing - or any risks you can share in not keeping tabs on data sharing agreements? i.e. no central oversight of data sharing agreements with 3rd parties - whats the risk?
albeit not a tech question with your jobs handling data I assume you may be the ones who have to get data ready for sharing with 3rd parties, hence may have some insight in this area.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2-
2
5 Comments
Active today
We have MOU's with all outside parties that receive our data and with parties that supply data to us.
If you don't have some 'legal' document that outlines the terms then the receiving parties can do whatever they want with the data. Like sell it, give it to competing organizations, etc...
If your company needs to share it with someone, they need to dictate what can and cannot be done with it.
If you don't have some 'legal' document that outlines the terms then the receiving parties can do whatever they want with the data. Like sell it, give it to competing organizations, etc...
If your company needs to share it with someone, they need to dictate what can and cannot be done with it.
Active 2 days ago
Also interested if your data sharing policies formally state any security measures that need to be used when transferring data. I think in the UK their is the context of subject access whereby members of the public can ask an organisation what data they hold about them and why and by law this has to be provided.
Active 2 days ago
Thanks slightwv - I was also interested in the risks of not having anyone in your company not having complete corporate oversight on what data is shared with whom, and any risks associated with not having a corporate oversight of what data sharing you have coming in/going out the organisation.
I appreciate you have to have the rules on what the data can be used for etc.
Does someone in your organisation keep tabs on what data sharing is going on?
I appreciate you have to have the rules on what the data can be used for etc.
Does someone in your organisation keep tabs on what data sharing is going on?
Active today
We have many lawyers that do many things... I can't go into great detail about my employer.
Most organizations also have a document data flow somewhere. If data is shared, then that is data flow (even if it is on CD and mailed). It should be documented.
As far as the risks go: If the data is worth collecting and storing in the first place, is it not worth protecting?
A lot depends on the data itself. Imagine how many companies would LOVE to get their hands on their competitors data.
Just internally, do you let all employees know what all other employees are making? Not a great idea. Access and dissemination of payroll data should be documented just like any other data.
Most organizations also have a document data flow somewhere. If data is shared, then that is data flow (even if it is on CD and mailed). It should be documented.
As far as the risks go: If the data is worth collecting and storing in the first place, is it not worth protecting?
A lot depends on the data itself. Imagine how many companies would LOVE to get their hands on their competitors data.
Just internally, do you let all employees know what all other employees are making? Not a great idea. Access and dissemination of payroll data should be documented just like any other data.
In the American culture, at least, people are very prone to sue -- almost as if you just look at them funny. Mis-use of someone's else property (data), and/or privacy violations (personally identifiable information) is illegal, to some degree or another. So to your last comment, corporate governance should prescribe what is, and what is not, permitted.
Our security policy calls for data in transit, and at rest, to be encrypted. For example, the transfer might utilize a virtual private network with an encrypted tunnel, rather than the traditional FTP exchange. Another good approach is for the target system to pull data up (only), rather than accepting pushed data.
Lastly, a very overlooked aspect is to determine data retention -- and its consequent destruction. For example, you may have to keep email for some number of years -- but it would be very unwise to simply put your backup media out in the day's trash.
Our security policy calls for data in transit, and at rest, to be encrypted. For example, the transfer might utilize a virtual private network with an encrypted tunnel, rather than the traditional FTP exchange. Another good approach is for the target system to pull data up (only), rather than accepting pushed data.
Lastly, a very overlooked aspect is to determine data retention -- and its consequent destruction. For example, you may have to keep email for some number of years -- but it would be very unwise to simply put your backup media out in the day's trash.
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
In part one, we reviewed the prerequisites required for installing SQL Server vNext.
In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
Lotus Notes has been used since a very long time as an e-mail client and is very popular because of it's unmatched security. In this article we are going to learn about RRV Bucket corruption and understand various methods to Fix "RRV Bucket Corrupt…
Via a live example, show how to set up a backup for SQL Server using a Maintenance Plan and how to schedule the job into SQL Server Agent.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
Suggested Courses
Course of the Month11 days, 5 hours left to enroll
770 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.