Month: November 2016

Strategies on Dealing with Sensitive Data

Strategies on Dealing with Sensitive Data

Unless you are living under a rock or in a cave somewhere off grid, the not so United States of America chose a very eccentric leader earlier this week which made the last few days more or less a circus. Yes, Donald Trump won the US presidency and a lot of people are upset causing volatility and shockwaves not just in the US but also across the world. What happened on election night with the Canadian Immigration website was extraordinary and describes the sentiment of non-Trump supporters. The website was reported to have crashed as it could not cope with the surge in traffic from the US, this support talks of some Americans wanting to move to Canada or anywhere else “rational” like Australia and New Zealand. I must say that I am grateful mum chose to migrate a couple of decades ago to Australia instead of the US! Thanks mum, I owe you peace, sanity and a good life!

So what went wrong for Hillary Clinton which caused her the oval office? I asked my American colleagues about their opinion of Hillary and one key denominator is trust. Clinton’s email controversy triggered a south bound ripple effect on the polls. The fact that she had set up a private server for personal and official communication while serving as a Secretary of State, instead of an official government account where classified information is deemed to be secure, was uncovered and scrutinized by the Federal Bureau of Investigation not just once but twice. Of course, Clinton’s opponents and the media feasted on this opportunity, even if the FBI cleared her twice. Regardless if she is innocent or not, damage was done. Clinton was regarded to have been “extremely careless” by the FBI and dodgy and suspicious by her critics.

Clinton’s mishap is a lesson for all. Security of sensitive data is a growing concern in a data-centric world like ours. In a much smaller scale like at home or at a personal level, there are ways we can do to protect sensitive data, such as:

  • If it is not necessary to collect and store the data then don’t – determine what is important and delete, delete, delete
  • Encrypt to prevent unauthorised access – data encryption is said to be the most effective way of securing data as access to a secret key or password is required. But don’t unknowingly give away that key or password (IE. writing it in your wallet or notepad for everyone else to see).
  • Store securely – there are a number of ways to achieve this from data masking, having backups from secure locations, use of security tokens, VPN, etc. It is ideal to research and seek advice from data security experts which can help you determine what is the best way for your situation.

The Office of the Australian Information Commissioner has further information on securing information, which can be accessed via the website https://www.oaic.gov.au/agencies-and-organisations/guides/guide-to-securing-personal-information). I highly recommend to visit and read through the fact sheets as it tackles Privacy Act, personal information security, information lifecycle, risks, types of security and so forth.

What is the BA’s role in shaping what customer data to store, if at all?

What is the BA’s role in shaping what customer data to store, if at all?

data

What is the BA’s role in shaping what customer data to store, if at all?

Business analysts have a critical role to play in deciding what a customer data, if any, needs to be stored for a system in development to achieve its objectives.

Two main considerations need to taken into account in arriving at this decision, which include:

Business Considerations

What data is necessary for the system to effectively function and produce value for the business?

Taking into consideration requirements elicited and business rules articulated, the following questions must be considered:

  1. What data needs to be collected for short term use but is not required to be stored?
  2. What data needs to be collected and stored temporarily?
  3. What data needs to be collected and stored for longer periods of time?

Questions may be difficult to answer as different stakeholders may have different opinions. A business analyst must be able to keep focused on the objectives of the system under development and what ultimately produces greatest business value.

Legal Considerations 

A business analyst must be able to balance business considerations regarding data with legal requirements. He or she must be aware about the boundaries according to the law and what data is legally allowed to be collected on customers.

In NSW, customer data collected is subject to laws namely, the Privacy & Personal Information Protection Act 1998 (NSW) and the Health Records & Information Privacy Act 2002 (NSW) which governs the manner in which data is collected, stored, used and disclosed. Corporations are prohibited from collecting the following data including details of ethnic/racial origin, political opinions, religious/philosophical beliefs, trade union membership, sexual activities and any previous criminal records.

A pragmatic approach is necessary in arriving at appropriate decisions regarding customer data storage. The general rule is: if you don’t need to collect or store particular customer  data – don’t. Customer data should only be collected and stored if it satisfies business needs and legal requirements satisfactorily. A Business Analyst acts as a medium between business (who may not understand what data is necessary for a system to function effectively) and IT (who don’t understand necessarily what data is critical and gives business value). He or she has to tread a fine line to satisfy stakeholders but remain compliant and sensible in a business and legal point of view.

Ethics in ICT projects and Kaizen

Ethics in ICT projects and Kaizen

aaeaaqaaaaaaaaq2aaaajgixnzhmzdq5lwvhzdctngezmc04ytdjltnhzjljotbhotzkma

Both small and large-scale ICT projects pose ethical questions for individuals including business analysts, developers, business product owners and strategy makers.

Many questions may be raised including:

What ethical standards are applicable for projects?
Why are ethics important?
When should ethics be considered (before, during, after or continuously during a project)?
Who should ultimately be responsible for the creation, implementation, checking and continual improvement of compliance with ethical standards within companies?
How should ethical behaviour be developed practically within a company?
How should ethical standards be communicated within an organisation?
How should ethics be linked with agile project management and system development?

Ethics is a difficult matter in that what is legal is not always ethical and what is ethical is not always legal. The concepts of legal compliance and ethical compliance are not synonymous, nor are they of course mutually exclusive. Business can excellent in their knowledge of the law, such as those governing privacy, and in not technically breaching regulations; however there is often a grey area regarding ethics. The common human tendency to rationalise behaviour, arguing that the ‘means justify the end’, can lead individuals to perform unethical actions which they deem to be right. An organisational obsession on short-term goals and profits may lead them to condone unethical behaviour in particular in their use of technology and data. Rewarding short-term performance may put pressure on employees and can compromise their ability to clearly judge what is right and wrong, ethical and unethical.

Ethics in ICT projects is strongly linked to the concepts of data privacy, property, accuracy and accessibility. Any IT system functions on a platform of data, people, processes and technology. It is in the matter of data that business can fall into the trap of unethical behaviour. Sensitive data may be collected on customers that, although legal, is entirely unnecessary and inappropriate. A business may further breach the law, be clearly unethical, and collect data about customers which clearly violates their privacy. Customer data may also be used by the company not only for their use, but sold to third parties for profit. This has been done by large corporations such as FlyBuys which is known to sell customer data onto other corporations.

Data accuracy is important in that customer data may not maintain its integrity when used in systems. Invalid data may have consequences on customers, after which the company may not want to claim any responsibility for any damage incurred. Companies also need to be concerned about data accessibility as it could be construed to be unethical for certain individuals to have access to data across numerous departments, which may lead them to take advantage of their position and access to information for personal gain.

Clearly articulated ethical standards regarding data privacy, property, accuracy and accessibility are very important in all ICT endeavours as they function is the basis for trust between businesses and consumers. Ethics are important not only because they often lineup to what is legal, but because they place the customers best interests at top priority. Ethics need to be considered before, during and after an ICT project is completed and continuously assessed. The concept of kaizen is very relevant in this goal of the ethical compliance. Organisations need to continually seek ways to improve compliance with ethical standards; they need to focus on the greatest risks and implications first, they need to fix problems immediately when they are identified and they need to brainstorm possible ethical dilemmas that may arise in their sprint-cycles. Agile software development allows companies to continuously develop and assess their policies and strategies to properly guard sensitive customer data that needs to be collected and stored, insure that customers know their rights regarding their data and the use of their data (outlining what the system will use customer data to do), ensuring that there is data integrity throughout business processes and insuring that system architecture is developed in such a way that data is protected from access by unauthorised parties (be it outside or internal to the organisation).

Why being ethical is important in Business Analyst’s role?

Why being ethical is important in Business Analyst’s role?

Ethical people are those who recognize the difference between right and wrong and consistently strive to set an example of good conduct. In a business setting, being ethical means applying principles of honesty and fairness to relationships with coworkers and customers. Ethical individuals make an effort to treat everyone with whom they come in contact as they would want to be treated themselves.

Build Customer Loyalty

Consumers may let a company take advantage of them once, but if they believe they have been treated unfairly, such as by being overcharged, they will not be repeat customers. Having a loyal customer base is one of the keys to long-range business success because serving an existing customer doesn’t involve marketing cost, as does acquiring a new one. A company’s reputation for ethical behavior can help it create a more positive image in the marketplace, which can bring in new customers through word-of-mouth referrals. Conversely, a reputation for unethical dealings hurts the company’s chances to obtain new customers, particularly in this age of social networking when dissatisfied customers can quickly disseminate information about the negative experience they had.

Retain Good Employees

Talented individuals at all levels of an organization want to be compensated fairly for their work and dedication. They want career advancement within the organization to be based on the quality of the work they do and not on favoritism. They want to be part of a company whose management team tells them the truth about what is going on, such as when layoffs or reorganizations are being contemplated. Companies who are fair and open in their dealings with employees have a better chance of retaining the most talented people. Employees who do not believe the compensation methodology is fair are often not as dedicated to their jobs as they could be.

Positive Work Environment

Employees have a responsibility to be ethical from the moment they have their first job interview. They must be honest about their capabilities and experience. Ethical employees are perceived as team players rather than as individuals just out for themselves. They develop positive relationships with coworkers. Their supervisors trust them with confidential information and they are often given more autonomy as a result. Employees who are caught in lies by their supervisors damage their chances of advancement within the organization and may risk being fired. An extreme case of poor ethics is employee theft. In some industries, this can cost the business a significant amount of money, such as restaurants whose employees steal food from the storage locker or freezer.

Avoid Legal Problems

At times, a company’s management may be tempted to cut corners in pursuit of profit, such as not fully complying with environmental regulations or labor laws, ignoring worker safety hazards or using substandard materials in their products. The penalties for being caught can be severe, including legal fees and fines or sanctions by governmental agencies. The resulting negative publicity can cause long-range damage to the company’s reputation that is even more costly than the legal fees or fines. Companies that maintain the highest ethical standards take the time to train every member of the organization about the conduct that is expected of them.

Considerations When Using Copy Written Materials

Considerations When Using Copy Written Materials

So you have a project due which requires some research but time is against you and the due date is fast approaching. You turn to the almighty power of Google’s search engine for comfort where you innocently copied and pasted materials to build up your project. At the back of your head a little voice is whispering “You are missing something here, something is not right”. And as you continue, the voice becomes louder and louder, forcing you to think what are you doing wrong. Are you unintentionally harming anyone?

A bright light bulb lit, which given you the idea to seek advice from a wise colleague of yours, Paul, who is a subject matter expert in this field. Paul has done extensive research on the topic of copyright and has happily shared the following points with you as guidelines on remaining compliant when projects like this arises and research is required:

  • Create yourself – as much as possible if it is achievable to create the material yourself then it is best to do so, this saves time in researching for contents and getting permission from owners of the material. So, if you require photo of a native tree for your project, then walk around the park and take photos. The sunshine and fresh air is a bonus, it is healthier!
  • Obtain permission to use material from the owner – if you must use someone else’s work, ask the owner nicely and have it in writing with their details (such as having an email confirmation). Good to cover your back side if things go south and they changed their mind later on.
  • Check if the website does say the content can be used or copyright free – look for this indicator that the content on their website is copy right free. I recommend to screen shot this section as a point of reference and store in a secure location.
  • See if you can pay royalty or get a licence to use the material – something that is frowned upon especially if you are a struggling student but if you need to then you must! Better to pay than get sued by the owner. Legal fees and bill on damages can further drain your funds.

In a nutshell, always assume no one is exempt and everything is under copyright. It is highly recommended to read through the Australian Copyright Act of 1968 which outlines the scope of copyright laws in the country which can be found on the Australian Federal Register of Legislation website (www.legislation.gov.au). Also, the Australian Copyright Council is there to help for inquiries relating to copyright in Australia. For international copyright, Australia has treaties with some countries where copyright laws are reciprocated but it is best to look for the local copyright laws of that country to ensure you are doing the right thing and abiding by their laws.

Copyright, law at informational technology business analyst’s role

Copyright, law at informational technology business analyst’s role

With the internet changing the way we create, share and access information, the question is, when it comes to copyright, as a consumer, are you breaking the law? As a creative, are you protected?

After a review of copyright in the context of the digital economy the Australian Law Reform Commission (ALRC) recommended that Australia introduce ‘fair use’ as a defence to copyright infringement.

Many in the tech and start-up ecosystem find Australia’s current copyright provisions restrictive and inflexible. On the other hand, musicians, film-makers, writers, innovators and other creatives in the digital area have argued strongly for ensuring that IP is protected, perhaps putting the onus on internet services providers to take responsibility for illegal downloads and sharing.

Would a “fair use” provision be an adequate protection for innovators, or is it a vague term which would reduce a creative’s right to decide where and how their content is used?

The issue of copyright is a hot topic, and not a simple one. Beyond the Review: Copyright and the Digital Economy brings together a panel of industry experts who are leading the charge in this field to debate the future of copyright in Australia.

As creative practitioners, our “rights literacy” can often be pretty limited, so we’ve asked some of the key players in the sector to bust some common copyright myths.

  1. If I change more than 10% of the words (or image) am I infringing copyright?

Most probably!  There’s no magic number of words/images/changes you can make to something that will stop it being a breach of copyright.  Copyright doesn’t protect just identical copy, it also protects copying of a part of a work (anything more than an ‘insubstantial’ part) or making an adaptation.  Adaptions such as translation or screen plays that might change all the word in a work would still be a breach of copyright if done without permission.

  1. Is it okay to move my legally purchased content around my own personal devices?

That depends on exactly what you want to move. Because the laws around personal format shifting are technology specific, you can copy a legally-acquired videotape to your tablet, but you can’t do the same for a DVD.  The Australian Copyright Council (ACC) has a useful sheet setting out what you can and can’t legally do titled “Copying and Converting Formats for Private Use”.

  1. With so many regulations, who is monitoring these and does anybody actually get sued for infringement?

There’s been an increase in the ability to monitor copyright infringement, especially with the increasing use of digital content.  Some sites (think YouTube) automatically check uploads for copyright content.  People found to be infringing copyright may be asked to stop using the content, be asked for compensation or may,at the extreme, end up in court.  However, realistically, most of us breach copyright several times a day without even noticing it, and most of these very minor infringements (unauthorised doodles, forwarding emails etc) slip under the radar.  That doesn’t make them legal however.

  1. Can I use pictures found from Google image searches without worrying about getting permission?

Only if they are openly licenced (for example Creative Commons licenced) or public domain (no copyright) images.  You can choose to search certain types of licenced images in the advanced search option, or there are several sites that specialise in only open licenced or public domain images.    If you can’t see any licencing information, then it is wise to assume that it is ‘all rights reserved’.

  1. Do I need to register my copyright in order to protect it?

No, copyright automatically exists as soon as you create the work.  There are some circumstances where the copyright in something you create will not belong to you – for example works you make as an employee doing your job normally belong to the employer.  It is always a good idea to put some indication of how you want your copyright to be observed, so the © symbol for ‘all rights reserved’ or an open licence if you’d like others to share your work.

  1. What are these reforms and how will they impact me?

The ALRC made several recommendations to update copyright. The headline recommendation is a flexible ‘fair use’ exception, which would allow people to make some uses of copyright material without permission if the use was fair.  Examples where uses might be fair would be copying a DVD you own to your tablet to watch while travelling or an artist making a mash-up work from TV advertisements.  For each use though you have to consider what is being done, what sort of work is being used, how much is being used and most importantly whether it has a negative effect on the copyright holder.  Fair use is the system that exists in the USA.  By focusing on whether a use is fair (as opposed to the purpose of a use as the current exceptions do) it can adapt to changes in technology and markets.

The ALRC also made some more technical recommendations about reform of the statutory licences (education, government and disabilities) library and archive use and some government uses, as well as making some suggestions on broadcasts and re transmissions for the government to consider at a later date.  The ADA has a summary of the recommendations on the website.