Data management

What are the characteristics in an ER diagram?

An entity - Rectangle labelled in the middle

Relationship - Solid lines between entities

What is a cardinality in ER diagrams?

Numerical relationship between entities

What are the possible cardinalities?

1. One to one

2. One to many

3. Many to many

How to represent many to many cardinality?

Crow-foot on both ends

What is the purpose of data normalisation?

When data is properly normalised, it is organised into records which are individually identifiable by a primary key in their respective table, thereby taking up less space/storage.

Data normalisation also reduces the risk of data anomalies, which are inconsistencies between redundant data in the database.

When is a data said to be in First Normal Form (1NF)?

If

• all its data values are atomic (single values)

• there are no repeating columns (or groups of columns)

When is a data said to be in Second Normal Form (2NF)?

If

• it is also in 1NF

• the non-key fields are fully dependent on the primary key (no partial dependence)

What is partial dependence?

Where a table has a composite key, if the non-key fields depend only on some of the fields in the composite key, this is called partial dependence

When is a data said to be in Third Normal Form (3NF)?

If

• it is also in 2NF

• the non-key attributes are non-transitively dependent on primary key

(Understanding) What does transitively dependent mean?

If an attribute is transitively dependent on a primary key, that means it depends on another attribute which is in turn dependent on the primary key.

What is the PDPA?

The Personal Data Protection Act (PDPA) provides a baseline standard of protection for personal data in Singapore

How many objectives of PDPA are there?

3

What are the objectives of PDPA?

1. Safeguard personal data from misuse

2. Maintain individuals’ trust in organisations that manage their data

3. Keep Singapore a trust hub for businesses

Who / what does PDPA not apply to?

• any individual acting on a personal or domestic basis

• any individual acting in his/her capacity as an employee with an organisation

• any public agency in relation to the collection, use or disclosure of personal data

• business contact information (such as an individual’s name, position or title, business telephone number, business address, business email, business fax number and similar information)

How many protection obligations are there in the PDPA?

10

What is an easy way to remember the protection obligations in the PDPA?

ANCPAPRTAB (ancient paws pur on tables)

What are the protection obligations in PDPA?

1. Accountability obligation

2. Notification obligation

3. Consent obligation

4. Purpose limitation

5. Accuracy

6. Protection

7. Retention limitation

8. Transfer limitation

9. Access and correction

10. Data Breach notification

Explain the accountability obligation of PDPA

Undertake measures to ensure organisation meet obligations under PDPA by

1. Making information about data protection policies, practices

2. Complaints process available upon request

3. Designating a data protection offer (DPO)

4. Business contact information available to public

Explain the notification obligation of PDPA

Notify individuals of the purpose for the

1. Collection

2. Use

3. Disclosure

of personal data

Explain the consent obligation of PDPA

1. Only collect, use and disclose personal data for purposes that the individual has given consent to

2. Allow the individual to withdraw consent, with reasonable notice, and inform them of the likely consequences of withdrawal

3. Once withdrawn, organisation must cease to collect, use or disclose the personal data

Explain the protection obligation of PDPA

Reasonable security arrangements to prevent unauthorised access, collection, use or disclosure or similar risks of personal data in your organisation’s possession

Explain the ‘accuracy’ of PDPA

Ensure personal data collected is accurate and complete, especially if it’s likely to be used to make decisions that will affect the individual, or to be disclosed to another organisation

Explain the Purpose Limitation of PDPA

Collect, use and disclose personal data for purposes that

1. a reasonable person would consider appropriate under given circumstances

2. the individual has given consent to

An organisation, may not, as a condition of providing a product or service, collect, use or disclose personal data beyond what is reasonable to provide the product or service

Explain the Retention Limitation of PDPA

Cease the retention of personal data or dispose of it in a proper manner when it is no longer needed for business use or legal purposes

Explain the Transfer Limitation of PDPA

Transfer personal data to another country only according to the requirements prescribed under the regulations to ensure that that the standard of protection is comparable to the protection under PDPA, unless exempted by the PDPC

Explain the ‘Access and Correction’ of PDPA

Upon request, organisations have to provide individuals with the access to their personal data, as well as information about how the data was used or disclosed within a year before the request

Organisations are also required to correct any error or omission in an individual’s personal data as soon as practicable and send the corrected data to other organisations to which the personal data was disclosed within a year before the correction is made. 

Explain the Data Breach Notification of PDPA

Data breach - take steps to assess if it is notifiable

If likely to significantly affect individuals / of significant scale

Notify PDPC and affected individuals ASAP