Kibata

Sign In

Our Services

Get 15% Discount on your First Order

Order Now
[rank_math_breadcrumb]

Discussion Board Peer Responses

Please see attachment 

Discussion Board Peer Responses

In responding to your peer’s posts, be sure to do the following:

• Ask at least one relevant question regarding their example scenario
and the roles defined within their RACI matrix.

• Discuss similarities and differences between your approach and that
of your peers; be sure to explain your line of thinking.

Peer 1:

Nathaniel

I used scenario 1 where in a healthcare organization, there is a need to
manage patient data securely, but beyond HIPAA, there are no explicit
regulations guiding data privacy practices. While HIPAA has regulations
around what to protect and guidelines around what can be shared, the how
you protect it is more open to a companies discretion.

This is where using the RACI matrix can be very useful. It structures who is
responsible, accountable, consulted, and informed in the development and
implementation of securing of sensitive data. From personal experience,
when there is a breakdown in following RACI matrix and including all
responsible parties, either a product is unable to be delivered or it does not
meet the business needs. For example, in one of my roles a business analyst
(responsible party) met with the customer without the developers (also
responsible party). The business analyst proceeded to tell the customer how
the application could be built, not realizing the data could not be brought
together the way they had described to the customer. This caused multiple
additional meetings and design sessions to get the customer to accept what
actually could be done vs what they had initially been offered. This same
scenario would apply when it comes to safeguarding data by designing the

application properly. A business analyst would not want to meet with a
customer, gather requirements, and commit to the customer what can be
done without including other responsible/accountable parties first. This will
ensure that the data the customer wants follows security guidelines and is
actually available to the customer.

For responsible parties you would have roles such as business analysts and
developers, those that get the work done. For accountable parties you can
have roles such as product owners and project managers, ones that make
sure responsible parties are meeting deadlines and that the project is
completed. For consulted parties you would have roles such as information
security and cybersecurity, making sure the project meets legal/security
guidelines. With how critical legal/security rules are, the consulted parties
would be involved throughout the process and help avoid rework for
developers. Finally you have the informed parties such as business owners
and stakeholders, ones that typically see the big picture of the project and
need to be kept in the loop on the milestones being met.

When there are no guiding regulations about handling sensitive data, start
by questioning if just because something can be done, should it. You can
use data to present the facts in a way that fits your narrative but not
entirely true, which would not be ethical and can result in poor decision
making. There is also the opportunity for data misuse, such as using data
collected in new ways. While this may not be a legal concern, it could be an
issue with how customers perceive it. Someone else had mentioned in their
post a couple weeks ago about Google actually gathering data when
someone is using incognito. This damaged customer trust, which is one of
the hardest things to get back.

Peer 2

Dan

In an e-commerce company that operates in a jurisdiction with limited regulations, accountability,
and responsibility is paramount when handling customer data. The Responsible-Accountable-
Consulted-Informed (RACI) matrix can be vital to keep employees informed on their roles in the
data handling process from the beginning to the final task. One of the main stipulations of the
RACI matrix is that “to foster accountability, tasks should not have more than one A entry in the
matrix to avoid diffusion of responsibility” (Ucertify, 2023). Essentially, by keeping one person
assigned to the A role for each task, the accountability lies solely on them and the blame cannot
be passed around if things fail. The other 3 roles are equally as important, as R is assigned to
people who will do the task, and C is for those who provide insight. I is for employees who will be
informed about the task but will not participate in its completion.

For the example of an e-commerce company, a few examples of individuals/departments
that may be involved in the matrix include a Data Protection Officer (DPO), Information Technology
department (IT), legal counsel, and management. One common task that could be used an
example as of where their RACI matrix responsibilities lie would be the collection of data. The IT
department would be assigned with the R role and be responsible for ensuring the system
collecting the data is secure and safe. The DPO would have the A role and be accountable for the
collection of the data and whether it follows the limited regulations that are in place and that
customer data is being protected. The legal counsel will be the C in the matrix as they will be
consulted by the prior two groups on how to set up the data collection systems per the pre-
established rules and regulations. The final part of the matrix is the I and that belongs to
management who will be informed of the process and success or lack thereof by the previous three
groups in regards to the task at hand.

In this example, because there are limited regulations that are currently in place, it can be
helpful to look at outside resources that can help guide the handling of sensitive data. One such
source is the General Data Protection Regulation (GDPR). While the GDPR may only be in place for
companies residing or doing business in the EU, it provides a great framework for businesses
outside of the EU to follow and build their specific regulations around it. Other industry best
practices can also be followed and consultation from a legal team who specializes in such
information can be invaluable.

References

Ucertify. (2023). Dat-250-14280: Certified Ethical Emerging Technologist. Lesson 8.

Ucertify.

  • Nathaniel

Share This Post

Email
WhatsApp
Facebook
Twitter
LinkedIn
Pinterest
Reddit

Order a Similar Paper and get 15% Discount on your First Order

Order Now

Related Questions

Information Systems Assignment1

Find the details in the attached file. UU-MBA-740-ZM Web design and development Assignment 1 Dear students, This is your first assignment for this course that accounts for 50% of your total marks for the course. Please answer and elaborate on the following questions: 1. What do you need to take

V

Risk mitigation, which is part of the risk management plan, takes place once you have identified and analyzed your risks. Risk mitigation is identifying the strategies you are going to use to accept, avoid, share/reduce, or work around the identified and analyzed risks. Which of the seven domains do you

SLP 3 – 40

Please help me Module 3 – SLP Database Applications Recall that for the SLP assignment for this course, we are conducting assessments of database programs and demonstrations available online. For this SLP review the tutorial  Microsoft SQL Server 2022 Essential Training  from LinkedIn Learning.  Once you have completed your exploration

Case 3 – 40

I need help Module 3 – Case Database Applications Assignment Overview Computer supported collaborative work (CSCW) was developed to support teams by providing team members with powerful and convenient ways to schedule their interactions, communicate with each other, and record and update group output. Much of the early research in

SLP 2 – 40

help with homework Module 2 – SLP Database Management Recall that for the SLP assignment for this course, we are conducting assessments of database programs and demonstrations available online. For this module, your task is to try the tutorial  Learning SQL Programming  from LinkedIn Learning.   The more of the

Case 2 – 40

help pls Module 2 – Case Database Management Assignment Overview The Case Assignment for this module revolves around the question of large-scale data and the implications of database capabilities for organizational data management. As we’ve said, the change from data as a scarce resource to data as overabundance is still

SLP 4 – 24

I need help please Module 4 – SLP Strategic Portfolio Management Often best practices in the workplace lag behind technology advances. Ethical principles and best practices must be constantly reviewed and deeply considered in the workplace. Social media have had a big impact particularly on the Digital Native (those born

INFA PROJECT 4 PRIVACY COMPLIANCE

   For this project, you will leverage your research from Projects #1, #2, and #3 to develop a privacy compliance strategy for your chosen company. The deliverable for this project will be a Privacy Compliance Strategy that includes a legal and regulatory analysis for privacy laws and regulations. The scope

INFA PROJECT 3 RISK MITIGATION

 For this project, you will leverage your research from Project #1 and analysis from Project #2 to develop a risk mitigation strategy for your chosen company. If necessary, you can adjust your Information Usage Profile or your Risk Profile using feedback from your instructor and additional information from your readings

Case 4 – 24

I need help Module 4 – Case Strategic Portfolio Management Assignment Overview While some refer to Web 2.0/Web 3.0 as jargon, it has come to symbolize the sharing economy and the ability of people and businesses to interact with each other, forming virtual relationships. These virtual relationships include social media,

SLP 3 – 24

Help please Module 3 – SLP IT Governance Dashboards, which display data using graphics, have become commonplace. They are used for many applications, such as showing voter turnout in different states during national elections. The first informational dashboards were used in early automobiles and featured gauges to indicate speed and

case 3 – 24

help please Module 3 – Case IT Governance Assignment Overview Many firms are using Big Data to power their decision making. Here is a chance to see how firms are using Big data and how it impacts their decision making. Case Assignment For Big Data, find a case study and

SLP 4 -17

I NEED HELP Module 4 – SLP Managing and Assessing Information Security Policy Using a graphics program, design several security awareness posters on the following themes: updating antivirus signatures, protecting sensitive information, watching out for e-mail viruses, prohibiting the personal use of company equipment, changing and protecting passwords, avoiding social

case 3 – 17

i need help Module 3 – Case Security Laws and Standards Assignment Overview Employees must be trained and kept aware of topics related to information security, not the least of which is the expected behaviors of an ethical employee. This is especially important in information security, as many employees may

Case 4 – 17

Need help Module 4 – Case Managing and Assessing Information Security Policy Assignment Overview The Information Security Blueprint is the basis for the design, selection, and implementation of all security program elements. The blueprint builds on top of the organization’s information security policies and it is a scalable, upgradable, comprehensive plan

III

See attached The purpose of the PowerPoint presentation is to show threats, vulnerabilities, and recommendations in an affinity diagram. An example of this diagram is provided in your textbook in Chapter 4. As a risk management project manager, you must identify the threats, vulnerabilities, and recommendations for ABC IT Organization’s

Help with system change course

· What do critical pragmatism, improvement research, and democracy have to do with each other? · How do you make sense of your personal epistemology / worldview and improvement science? · Improvement science focuses on being problem focused and user centered, but it also uses methods and theory responsibly and

Coding for Musculoskeletal Services

  You are a new medical coder that works for an Orthopedic medical practice. Patients are often seen for fractures or dislocations which require either a cast or splint. A common patient encounter may be for the application of a long-arm split. Apply your knowledge of CPT to this patient