IVI Framework Viewer

Personal Data Adequacy and Accuracy

C3

Ensure that personal data is only used and disclosed in line with the purposes for which it was acquired, and that the data held is adequate, relevant, and limited to what is necessary to meet those purposes. Monitor the quality of personal data held and remedy any data quality issues.

Improvement Planning

Practices-Outcomes-Metrics (POM)

Representative POMs are described for Personal Data Adequacy and Accuracy at each level of maturity.

2Basic
  • Practice
    Draft policies that outline the legitimate disclosure of personal data.
    Outcome
    Guidance on disclosing personal data is emerging.
    Metric
    Existence of policies on the legitimate disclosure of personal data.
  • Practices
    • Draft policies for maintaining data quality (including data accuracy and relevancy).
    • Define personal data accuracy objectives.
    Outcome
    Guidance on maintaining data quality is emerging, and data accuracy objectives are understood.
    Metrics
    • Existence of data quality standards and criteria.
    • % of personal data fields with appropriate quality attributes or metadata to manage their quality.
    • # of data errors detected.
    • # of metadata adjustments for personal data management.
3Intermediate
  • Practice
    Conduct follow-up reviews and audits to assess compliance with standardized policies, processes, and procedures for the legitimate disclosure of personal data in a defined business domain.
    Outcomes
    • Auditing the disclosure of personal data improves visibility on the extent to which disclosure is consistent with the purpose for which it was collected.
    • Most issues can be addressed and employees can be held accountable for their actions in most instances.
    Metric
    # of personal data disclosure non-compliance issues.
  • Practices
    • Increase monitoring of personal data accuracy and relevancy.
    • Correct reported defects and errors in personal data (e.g. using predominantly manual methods), and notify key third parties when appropriate.
    Outcomes
    • Personal data accuracy and relevancy are improved.
    • Data defects can be remedied and, based on insights gained, the organization can take steps to minimize future data defects.
    Metrics
    • % of personal data fields with appropriate quality attributes or metadata to manage their quality.
    • # of data errors detected.
    • # of metadata adjustments for personal data management.
4Advanced
  • Practice
    Comprehensively trace the disclosure of personal data across the organization.
    Outcomes
    • Tracing the disclosure of personal data across the organization provides widespread visibility of the extent to which disclosure is consistent with the purpose for which it was collected.
    • All issues can be addressed and all employees can be held accountable for their actions.
    Metric
    # of personal data disclosure non-compliance issues.
  • Practices
    • Consistently and proactively monitor personal data accuracy and relevancy across the organization.
    • Automatically detect and remedy defects and errors in personal data, and notify all relevant third parties when appropriate.
    Outcomes
    • Personal data held by the organization is typically accurate and relevant.
    • Defect and error recurrences are minimized.
    Metrics
    • % of personal data fields with appropriate quality attributes or metadata to manage their quality.
    • # of data errors detected.
    • # of metadata adjustments for personal data management.
5Optimized
  • Practice
    Extend tracing of the disclosure of personal data to business ecosystem partners, and continually review the approach for improvement opportunities.
    Outcome
    All stakeholders, both internal and external, are confident that data is disclosed only in accordance with the purpose for which it was collected.
    Metrics
    • Frequency of review and update of personal data disclosure procedures.
    • # of personal data disclosure non-compliance issues.
  • Practice
    Fully automate error detection and preventative maintenance, and ensure system designs provide appropriate support for any data defect remedies.
    Outcomes
    • Personal data held by the organization is accurate and relevant.
    • Defects and errors in personal data are rare.
    Metrics
    • % of personal data fields with appropriate quality attributes or metadata to manage their quality.
    • # of data errors detected.
    • # of metadata adjustments for personal data management.
    • # of systems that automatically update personal data once an error is identified.
    • % of data that is automatically quality controlled.