IVI Framework Viewer

Compatibility, Adequacy, and Accuracy

C3

Ensure that personal data is used and disclosed only for the purposes for which it was acquired. Monitor the quality of personal data held, and remedy any quality issues. (The quality standard for personal data is essentially set by the data subject — that is, the data owner. The custodian sets standards and guidelines to help meet the data subject's standards.)

Improvement Planning

Practices-Outcomes-Metrics (POM)

Representative POMs are described for Compatibility, Adequacy, and Accuracy at each level of maturity.

1Initial
  • Practice
    Implement remedies for defects.
    Outcome
    Fair processing measures (if any) are ad hoc.
  • Practice
    Keep data accurate, up-to-date, and relevant.
    Outcome
    Specific purposes are defined and data subjects are advised in all new acquisition methods.
    Metrics
    • % personal data acquisition methods utilizing the concept of fair notice.
    • % records with consent recorded
    • % Staff provided with training on the concept of specific purpose uses of personal data.
  • Practice
    Limit processing to what is required to support the specific purposes.
    Outcome
    Specific purposes are defined, communicated and permissions sought if appropriate in all acquisition methods.
    Metric
    % Staff provided with training on the concept of specific purpose uses of personal data.
  • Practice
    Maintain data quality attributes.
    Outcome
    Fair processing policies and procedures are regularly improved and executed across the organization.
    Metric
    % Staff provided with training on the concept of specific purpose uses of personal data.
  • Practice
    Processes the data, and/or discloses the data only in such ways as are compatible with the specific purposes for which it has been gathered/processed.
    Outcome
    Fair processing policies and procedures are regularly improved, optimized and executed across the business ecosystem.
    Metric
    Frequency of reviews and improvements.
2Basic
  • Practice
    Implement remedies for defects.
    Outcome
    The personal data acquisition policy (if any) is ad hoc.
  • Practice
    Keep data accurate, up-to-date, and relevant.
    Outcome
    A personal data acquisition policy is drafted and guidelines are in use.
    Metrics
    • % personal data acquisition methods utilizing the concept of fair notice.
    • % records with consent recorded
    • % Staff provided with training on the concepts of fair notice and consent.
  • Practice
    Limit processing to what is required to support the specific purposes.
    Outcome
    Consent, fair notice and acquisition processes are documented and implemented.
    Metrics
    • % personal data acquisition methods utilizing the concept of fair notice.
    • % records with consent recorded
    • % Staff provided with training on the concepts of fair notice and consent.
  • Practice
    Maintain data quality attributes.
    Outcome
    Policy compliant personal data acquisition processes are harmonized and used across the organization and are regularly reviewed and improved.
    Metrics
    • % personal data acquisition methods utilizing the concept of fair notice.
    • % records with consent recorded.
    • % Staff provided with training on the concepts of fair notice and consent.
  • Practice
    Processes the data, and/or discloses the data only in such ways as are compatible with the specific purposes for which it has been gathered/processed.
    Outcome
    Policy compliant personal data acquisition processes are harmonized and used across the business ecosystem and are regularly reviewed and optimized.
    Metrics
    • Frequency of reviews and improvements.
    • Reach or penetration of use of harmonized processes.
3Intermediate
  • Practice
    Implement remedies for defects.
    Outcome
    Conformance and/or compliance is informal and inconsistent.
  • Practice
    Keep data accurate, up-to-date, and relevant.
    Outcome
    Policies for correcting errors and inaccuracies are defined.
    Metrics
    • # data errors detected.
    • # effort to correct data errors and any associated rework.
  • Practice
    Limit processing to what is required to support the specific purposes.
    Outcomes
    • Organisation proactively monitors and implements data defect remedies.
    • The organization notifies third parties when appropriate.
    • Organisational learning takes steps to minimise future defects.
    Metrics
    • # data errors detected.
    • # effort to correct data errors and any associated rework.
  • Practice
    Maintain data quality attributes.
    Outcomes
    • Organisation proactively monitors and implements data defect remedies.
    • The organization notifies third parties when appropriate.
    • Organisational learning takes steps to minimise future defects.
    Metrics
    • # data errors detected.
    • # effort to correct data errors and any associated rework.
  • Practice
    Processes the data, and/or discloses the data only in such ways as are compatible with the specific purposes for which it has been gathered/processed.
    Outcome
    Organisation proactively monitors by use of system designs that provide appropriate supports for data defect remedy.
    Metric
    # Systems that automatically update personal data once an error is identified.
4Advanced
  • Practice
    Implement remedies for defects.
    Outcome
    Conformance and/or compliance is informal and inconsistent.
  • Practice
    Keep data accurate, up-to-date, and relevant.
    Outcome
    Objectives are defined for data accuracy.
    Metrics
    • % Staff made aware of data quality standards and criteria as applied to their roles.
    • # data errors detected.
  • Practice
    Limit processing to what is required to support the specific purposes.
    Outcomes
    • Organisation proactively monitors and implements data defect remedies.
    • The organization notifies third parties when appropriate.
    • Organisational learning takes steps to minimise future defects.
    Metric
    # projects and initiatives on personal data quality
  • Practice
    Maintain data quality attributes.
    Outcomes
    • Organisation proactively monitors and implements data defect remedies.
    • The organization notifies third parties when appropriate.
    • Organisational learning takes steps to minimise future defects.
    Metric
    % Staff made aware of data quality standards and criteria as applied to their roles.
  • Practice
    Processes the data, and/or discloses the data only in such ways as are compatible with the specific purposes for which it has been gathered/processed.
    Outcome
    Organisation proactively monitors by use of system designs that provide appropriate supports for data defect remedy.
    Metrics
    • Frequency that personal data is kept accurate and up to date.
    • % personal data that are reviewed regularly for relevance to specific purpose.
    • # systems that automatically propagate changes once they occur with the entire eco system
5Optimized
  • Practice
    Implement remedies for defects.
    Outcome
    Data protection processing conformance and/or compliance criteria (if any) are ad hoc.
  • Practice
    Keep data accurate, up-to-date, and relevant.
    Outcomes
    • Function or business unit policies for data protection exist.
    • Data protection awareness established where processing occurs.
    Metrics
    • # Views exposing personal data fields.
    • % Views exposing personal data in uses other than the specific purpose uses.
  • Practice
    Limit processing to what is required to support the specific purposes.
    Outcome
    Direct traceability between processing and specific purposes is maintained across some business units.
    Metric
    % Architects, data modellers and solutions designers and developers with specific purpose training.
  • Practice
    Maintain data quality attributes.
    Outcome
    Direct traceability between processing and specific purposes is maintained across the organization.
    Metric
    % Architects, data modellers and solutions designers and developers with specific purpose training.
  • Practice
    Processes the data, and/or discloses the data only in such ways as are compatible with the specific purposes for which it has been gathered/processed.
    Outcome
    Direct traceability between processing and specific purposes is maintained across the business ecosystem.
    Metric
    # Audits on specific purpose usage though out the entire ecosystem.