2 hours 19 minutes
welcome back to student data privacy fundamentals. In this lesson, we will define your purpose.
You'll learn what information to include in your purpose section of your data governance policy.
It's time to start thinking about purpose, and you'll have a section in your data governance policy describing your purpose in paragraphs. But to construct that section, it will be helpful to answer these questions.
What is the main type or types of technology used in your organization, and why does it exist?
For example, a school district might begin by stating
the technology used in quality school district exists to enhance the educational opportunity, opportunities and achievement of district students.
You'll want to go into a little more detail here about what the research says. For example,
research shows that students who have access to technology improve achievement technology assists with the professional enrichment of the staff and increases engagement of students, families and other patrons of the district, all of which positively influenced student achievement.
Lastly, how does your organization use technology to confront that research? This is where our example organization might explain how they utilize technology to help support all areas of education.
Answering these three questions will help you to get a good opening section for your overall purpose.
Are you collecting and storing confidential information?
Why is that necessary? You might say something like
to meet the mission and goals of the organization and to comply with the law. We must collect, create and store confidential information.
Next explained that protecting this data is important.
You might state it like this
accurately. Maintaining and protecting this data is important for efficient company operations, compliance with laws mandating confidentiality and maintaining the trust of companies. Stakeholders
last legal more specific about how you will do this. For example, all persons who have access to company data are required to follow state and federal law company policies and procedures and other rules created to protect user information.
With that information, you can complete paragraph two
in the final paragraph of your purpose section. You will want to get a little more specific about how your organization deals with debt. A security. Let's look at an example.
It is the policy of the district that data or information and all its forms written electronic or printed, is protected from accidental or unintentional unauthorised modification, destruction or disclosure throughout its life cycle.
This protection includes an appropriate level of security over the equipment, software and practices used to process, store and transmit data or information.
All employees and authorized contractors or agents using confidential information will strictly observe protections put into place by the district.
This statement broadly addresses all types of confidential information and how your organization will protect data.
Let's answer a review question. Which item in the list below was not suggested as part of your purpose section in your data governance policy?
A. What could happen If you don't use data safely,
be what type of technology your organization uses.
See what research supports your organizations, use of technology and data
or d. An explanation of wire organization must collect personal data.
The correct answer is a what could happen if you don't use data safely.
This should be addressed beginning in the compliant section that will discuss a bit later.
In today's video, we discussed describing the purpose of your organization's technology and data usage as well, a stating a commitment to securing that technology and protecting that data.
In the next lesson, we will define the scope of our data governance policy. See you soon
Information Systems Security Engineering Professional (ISSEP)
Build upon your CISSP certification by getting the specialized credential of the Information Systems Security ...
6 CEU/CPE Hours Available
Certificate of Completion Offered
MS-500: Microsoft 365 Security Administration
Are you a system administrator who wants to get a certification that is globally recognized ...
7 CEU/CPE Hours Available
Certificate of Completion Offered