Pau Lo
asked on
data sharing with 3rd parties - non technical question
Do the organisations you work for have any requirements to share data with 3rd parties, for whatever reason?
I am trying to establish who in your organisations keep track on any data sharing agreements with 3rd parties - and whether you keep a central list of all data sharing - or any risks you can share in not keeping tabs on data sharing agreements? i.e. no central oversight of data sharing agreements with 3rd parties - whats the risk?
albeit not a tech question with your jobs handling data I assume you may be the ones who have to get data ready for sharing with 3rd parties, hence may have some insight in this area.
I am trying to establish who in your organisations keep track on any data sharing agreements with 3rd parties - and whether you keep a central list of all data sharing - or any risks you can share in not keeping tabs on data sharing agreements? i.e. no central oversight of data sharing agreements with 3rd parties - whats the risk?
albeit not a tech question with your jobs handling data I assume you may be the ones who have to get data ready for sharing with 3rd parties, hence may have some insight in this area.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks slightwv - I was also interested in the risks of not having anyone in your company not having complete corporate oversight on what data is shared with whom, and any risks associated with not having a corporate oversight of what data sharing you have coming in/going out the organisation.
I appreciate you have to have the rules on what the data can be used for etc.
Does someone in your organisation keep tabs on what data sharing is going on?
I appreciate you have to have the rules on what the data can be used for etc.
Does someone in your organisation keep tabs on what data sharing is going on?
We have many lawyers that do many things... I can't go into great detail about my employer.
Most organizations also have a document data flow somewhere. If data is shared, then that is data flow (even if it is on CD and mailed). It should be documented.
As far as the risks go: If the data is worth collecting and storing in the first place, is it not worth protecting?
A lot depends on the data itself. Imagine how many companies would LOVE to get their hands on their competitors data.
Just internally, do you let all employees know what all other employees are making? Not a great idea. Access and dissemination of payroll data should be documented just like any other data.
Most organizations also have a document data flow somewhere. If data is shared, then that is data flow (even if it is on CD and mailed). It should be documented.
As far as the risks go: If the data is worth collecting and storing in the first place, is it not worth protecting?
A lot depends on the data itself. Imagine how many companies would LOVE to get their hands on their competitors data.
Just internally, do you let all employees know what all other employees are making? Not a great idea. Access and dissemination of payroll data should be documented just like any other data.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER