Compatibility, Adequacy, and Accuracy

Ensure that personal data is used and disclosed only for the purposes for which it was acquired. Monitor the quality of personal data held, and remedy any quality issues. (The quality standard for personal data is essentially set by the data subject — that is, the data owner. The custodian sets standards and guidelines to help meet the data subject's standards.)

Improvement Planning

Practices-Outcomes-Metrics (POM)

Representative POMs are described for Compatibility, Adequacy, and Accuracy at each level of maturity.

1Initial

Practice
Implement remedies for defects.
Outcome
Fair processing measures (if any) are ad hoc.
Practice
Keep data accurate, up-to-date, and relevant.
Outcome
Specific purposes are defined and data subjects are advised in all new acquisition methods.
Metrics
- % personal data acquisition methods utilizing the concept of fair notice.
- % records with consent recorded
- % Staff provided with training on the concept of specific purpose uses of personal data.
Practice
Limit processing to what is required to support the specific purposes.
Outcome
Specific purposes are defined, communicated and permissions sought if appropriate in all acquisition methods.
Metric
% Staff provided with training on the concept of specific purpose uses of personal data.
Practice
Maintain data quality attributes.
Outcome
Fair processing policies and procedures are regularly improved and executed across the organization.
Metric
% Staff provided with training on the concept of specific purpose uses of personal data.
Practice
Processes the data, and/or discloses the data only in such ways as are compatible with the specific purposes for which it has been gathered/processed.
Outcome
Fair processing policies and procedures are regularly improved, optimized and executed across the business ecosystem.
Metric
Frequency of reviews and improvements.

2Basic

Practice
Implement remedies for defects.
Outcome
The personal data acquisition policy (if any) is ad hoc.
Practice
Keep data accurate, up-to-date, and relevant.
Outcome
A personal data acquisition policy is drafted and guidelines are in use.
Metrics
- % personal data acquisition methods utilizing the concept of fair notice.
- % records with consent recorded
- % Staff provided with training on the concepts of fair notice and consent.
Practice
Limit processing to what is required to support the specific purposes.
Outcome
Consent, fair notice and acquisition processes are documented and implemented.
Metrics
- % personal data acquisition methods utilizing the concept of fair notice.
- % records with consent recorded
- % Staff provided with training on the concepts of fair notice and consent.
Practice
Maintain data quality attributes.
Outcome
Policy compliant personal data acquisition processes are harmonized and used across the organization and are regularly reviewed and improved.
Metrics
- % personal data acquisition methods utilizing the concept of fair notice.
- % records with consent recorded.
- % Staff provided with training on the concepts of fair notice and consent.
Practice
Processes the data, and/or discloses the data only in such ways as are compatible with the specific purposes for which it has been gathered/processed.
Outcome
Policy compliant personal data acquisition processes are harmonized and used across the business ecosystem and are regularly reviewed and optimized.
Metrics
- Frequency of reviews and improvements.
- Reach or penetration of use of harmonized processes.

3Intermediate

Practice
Implement remedies for defects.
Outcome
Conformance and/or compliance is informal and inconsistent.
Practice
Keep data accurate, up-to-date, and relevant.
Outcome
Policies for correcting errors and inaccuracies are defined.
Metrics
- # data errors detected.
- # effort to correct data errors and any associated rework.
Practice
Limit processing to what is required to support the specific purposes.
Outcomes
- Organisation proactively monitors and implements data defect remedies.
- The organization notifies third parties when appropriate.
- Organisational learning takes steps to minimise future defects.
Metrics
- # data errors detected.
- # effort to correct data errors and any associated rework.
Practice
Maintain data quality attributes.
Outcomes
- Organisation proactively monitors and implements data defect remedies.
- The organization notifies third parties when appropriate.
- Organisational learning takes steps to minimise future defects.
Metrics
- # data errors detected.
- # effort to correct data errors and any associated rework.
Practice
Processes the data, and/or discloses the data only in such ways as are compatible with the specific purposes for which it has been gathered/processed.
Outcome
Organisation proactively monitors by use of system designs that provide appropriate supports for data defect remedy.
Metric
# Systems that automatically update personal data once an error is identified.

4Advanced

Practice
Implement remedies for defects.
Outcome
Conformance and/or compliance is informal and inconsistent.
Practice
Keep data accurate, up-to-date, and relevant.
Outcome
Objectives are defined for data accuracy.
Metrics
- % Staff made aware of data quality standards and criteria as applied to their roles.
- # data errors detected.
Practice
Limit processing to what is required to support the specific purposes.
Outcomes
- Organisation proactively monitors and implements data defect remedies.
- The organization notifies third parties when appropriate.
- Organisational learning takes steps to minimise future defects.
Metric
# projects and initiatives on personal data quality
Practice
Maintain data quality attributes.
Outcomes
- Organisation proactively monitors and implements data defect remedies.
- The organization notifies third parties when appropriate.
- Organisational learning takes steps to minimise future defects.
Metric
% Staff made aware of data quality standards and criteria as applied to their roles.
Practice
Processes the data, and/or discloses the data only in such ways as are compatible with the specific purposes for which it has been gathered/processed.
Outcome
Organisation proactively monitors by use of system designs that provide appropriate supports for data defect remedy.
Metrics
- Frequency that personal data is kept accurate and up to date.
- % personal data that are reviewed regularly for relevance to specific purpose.
- # systems that automatically propagate changes once they occur with the entire eco system

5Optimized

Practice
Implement remedies for defects.
Outcome
Data protection processing conformance and/or compliance criteria (if any) are ad hoc.
Practice
Keep data accurate, up-to-date, and relevant.
Outcomes
- Function or business unit policies for data protection exist.
- Data protection awareness established where processing occurs.
Metrics
- # Views exposing personal data fields.
- % Views exposing personal data in uses other than the specific purpose uses.
Practice
Limit processing to what is required to support the specific purposes.
Outcome
Direct traceability between processing and specific purposes is maintained across some business units.
Metric
% Architects, data modellers and solutions designers and developers with specific purpose training.
Practice
Maintain data quality attributes.
Outcome
Direct traceability between processing and specific purposes is maintained across the organization.
Metric
% Architects, data modellers and solutions designers and developers with specific purpose training.
Practice
Processes the data, and/or discloses the data only in such ways as are compatible with the specific purposes for which it has been gathered/processed.
Outcome
Direct traceability between processing and specific purposes is maintained across the business ecosystem.
Metric
# Audits on specific purpose usage though out the entire ecosystem.