Who's the Data Custodian in your app?
-
So for us British, European, maybe even US folks at least, we have something called the Data Protection Act, which ultimately means we "should" be careful with other peoples data and not retain it longer than we need. The thing is, as a software developer, do we know who is responsible for the data contained within the database driven apps we release? I would say it's whoever owns the app? What about building apps in-house? The Chief Exec?
Each organisation is obliged to appoint a DP officer who is responsible for policing the systems and procedures in use. But ultimately if there is any breach of the law the organisation as a whole tends to be held responsible. For corporate bodies that means the directors/management, and for charitable bodies it is the trustees.
-
Each organisation is obliged to appoint a DP officer who is responsible for policing the systems and procedures in use. But ultimately if there is any breach of the law the organisation as a whole tends to be held responsible. For corporate bodies that means the directors/management, and for charitable bodies it is the trustees.
Richard MacCutchan wrote:
and for charitable bodies it is the trustees.
Can't we at-least trust those with the data?
"Coming soon"
-
So for us British, European, maybe even US folks at least, we have something called the Data Protection Act, which ultimately means we "should" be careful with other peoples data and not retain it longer than we need. The thing is, as a software developer, do we know who is responsible for the data contained within the database driven apps we release? I would say it's whoever owns the app? What about building apps in-house? The Chief Exec?
This general concept is discovered frequently in the group I work in. We collect operating data, not necessarily personal data, from various pieces of equipment, sensors, meters, etc. And we keep that data... seemingly forever. We do have some regulatory requirements to hold certain data for 'X' number of years; after that time period, we can LEGALLY dispose/delete the data. If we delete the data as we are allowed to do, then, in the event of a legal action, we cannot provide data we don't have - which may benefit the company. However, from the perspective of seeing how something performed over time, we may need more than 'X' number of years of data to see a long term trend... think of very large turbines for example. They may have a service life of 20 to 30 years. So... it is an interesting topic to say the least.
-
So for us British, European, maybe even US folks at least, we have something called the Data Protection Act, which ultimately means we "should" be careful with other peoples data and not retain it longer than we need. The thing is, as a software developer, do we know who is responsible for the data contained within the database driven apps we release? I would say it's whoever owns the app? What about building apps in-house? The Chief Exec?
-
Richard MacCutchan wrote:
and for charitable bodies it is the trustees.
Can't we at-least trust those with the data?
"Coming soon"
-
So for us British, European, maybe even US folks at least, we have something called the Data Protection Act, which ultimately means we "should" be careful with other peoples data and not retain it longer than we need. The thing is, as a software developer, do we know who is responsible for the data contained within the database driven apps we release? I would say it's whoever owns the app? What about building apps in-house? The Chief Exec?
The DPA refers to the storage of the data. So if you are storing data, you must comply with the Act even if you are just holding it as part of a SaaS set-up,
veni bibi saltavi
-
So for us British, European, maybe even US folks at least, we have something called the Data Protection Act, which ultimately means we "should" be careful with other peoples data and not retain it longer than we need. The thing is, as a software developer, do we know who is responsible for the data contained within the database driven apps we release? I would say it's whoever owns the app? What about building apps in-house? The Chief Exec?
I think it depends on the company. Where I work its in house development of Insurance back office system. We hold regular audit reviews by each department team leader(s). Our parent company then on top of that have Yearly company audits and then Group Internal Audits every 2 years repeating depending on how you fair with the audit. We also have security audits on top of that which look at the access of property / systems etc.
Every day, thousands of innocent plants are killed by vegetarians. Help end the violence EAT BACON
-
So for us British, European, maybe even US folks at least, we have something called the Data Protection Act, which ultimately means we "should" be careful with other peoples data and not retain it longer than we need. The thing is, as a software developer, do we know who is responsible for the data contained within the database driven apps we release? I would say it's whoever owns the app? What about building apps in-house? The Chief Exec?
You should be asking that of Kornfeld, in the thread directly above this one.
I wanna be a eunuchs developer! Pass me a bread knife!
-
So for us British, European, maybe even US folks at least, we have something called the Data Protection Act, which ultimately means we "should" be careful with other peoples data and not retain it longer than we need. The thing is, as a software developer, do we know who is responsible for the data contained within the database driven apps we release? I would say it's whoever owns the app? What about building apps in-house? The Chief Exec?
Last year we were tasked with reverse engineering a legacy app, we could not find anyone willing to admit they owned the data and that was from the POV of we want to fix this for you, not you fucked up and we want to put your ass in a sling. So I guess DP was low on their priority list (there was no personal data involved).
Never underestimate the power of human stupidity RAH
-
This general concept is discovered frequently in the group I work in. We collect operating data, not necessarily personal data, from various pieces of equipment, sensors, meters, etc. And we keep that data... seemingly forever. We do have some regulatory requirements to hold certain data for 'X' number of years; after that time period, we can LEGALLY dispose/delete the data. If we delete the data as we are allowed to do, then, in the event of a legal action, we cannot provide data we don't have - which may benefit the company. However, from the perspective of seeing how something performed over time, we may need more than 'X' number of years of data to see a long term trend... think of very large turbines for example. They may have a service life of 20 to 30 years. So... it is an interesting topic to say the least.
-
-
The DPA refers to the storage of the data. So if you are storing data, you must comply with the Act even if you are just holding it as part of a SaaS set-up,
veni bibi saltavi
-
I think it depends on the company. Where I work its in house development of Insurance back office system. We hold regular audit reviews by each department team leader(s). Our parent company then on top of that have Yearly company audits and then Group Internal Audits every 2 years repeating depending on how you fair with the audit. We also have security audits on top of that which look at the access of property / systems etc.
Every day, thousands of innocent plants are killed by vegetarians. Help end the violence EAT BACON
-
Yes, through many different auditing departments.
Every day, thousands of innocent plants are killed by vegetarians. Help end the violence EAT BACON
-
Yes, through many different auditing departments.
Every day, thousands of innocent plants are killed by vegetarians. Help end the violence EAT BACON
-
Last year we were tasked with reverse engineering a legacy app, we could not find anyone willing to admit they owned the data and that was from the POV of we want to fix this for you, not you fucked up and we want to put your ass in a sling. So I guess DP was low on their priority list (there was no personal data involved).
Never underestimate the power of human stupidity RAH
So, all the comanies that I have had no dealings with for the past 10 years, who are still sending me mailing shots, are probably in breach? Hmmm...
We're philosophical about power outages here. A.C. come, A.C. go.
-
So for us British, European, maybe even US folks at least, we have something called the Data Protection Act, which ultimately means we "should" be careful with other peoples data and not retain it longer than we need. The thing is, as a software developer, do we know who is responsible for the data contained within the database driven apps we release? I would say it's whoever owns the app? What about building apps in-house? The Chief Exec?
This may (or may not) have been said already. As a database administrator, we were always told that WE were the custodians of the data, but the Application team OWNED the data. Meaning, we were responsible for the routine maintenance, consistency, and availability of the data while the Application team was responsible for the Content