The objective of this assessment is to assess your knowledge and performance to update, implement and monitor policies and procedures related to copyright, ethics and privacy.
Use the DataTrust report template (DT_Report.dotx) to write the following policies and procedures
- First, the copyright statement needs to be expanded into a copyright policy covering the whole organisation. Write a clause for the copyright policy dealing specifically with the responsibility of DataTrust employees towards copyright and intellectual property within the organisation. The clause must align with legislation and industry standards (list the relevant legislation and industry standards).
- Outline the procedures (in point form) that DataTrust employees must follow in order to apply the copyright policy, ensuring that they’re ethical.
- Previously you looked at how well DataTrust’s privacy policy covers APP 11. What amendments can you suggest to the privacy policy regarding storage and security of personal information, to make sure it aligns with privacy legislation? (List the relevant legislation).
- Outline the physical and Operating System security procedures and features (in point form) as recommendations to be implemented or enhanced, to complement your privacy policy amendments.
- DataTrust doesn’t have a code of ethics so you’ll need to develop one. Write at least two points for a code of ethics that align to legislation and industry standards (list the relevant legislation and industry standards).
- Along with the new code of ethics, management needs a grievance procedure (this should include a review process) to enable confidential reporting of any ethical issues. Write a procedure (in point form) that could be followed for this.
- Develop an implementation and review plan that DataTrust could use to ensure that the policies will be effectively employed by its staff members, including regular checks and reviews of work practices. This must include the following:
- List timeframes to implement the plan
- Outline three appropriate methods and processes to communicate the policies and procedures to staff members and clients (the stakeholders).
Participate in a role play to verbally discuss your copyright, privacy and ethics policies and procedures (from Part 1) in a meeting with DataTrust staff members.
- For face-to-face students, your assessor will observe the role play.
- For online students, make an appointment with your assessor for an online meeting.
- You must articulate your ideas and requirements clearly and appropriately for your audience (staff members).
- You must use appropriate listening and questioning techniques to elicit feedback and ideas.
Role play participants:
- Staff members – arrange for two other people to participate as staff members
- IT Trainee (this is you).
Ensure that you include the following in your role play:
- Distribute your policies and procedures either electronically, for example, as a PowerPoint presentation using the DataTrust PowerPoint template (DT_Powerpoint.potx), or as a printed document using the DataTrust report template (DT_Report.dotx), as appropriate.
- Clearly explain your clause for the Copyright Policy, including the procedures that employees will need to follow.
- Clearly explain your amendments for the Privacy Policy, including the system security procedures that employees will need to follow.
- Clearly explain your two points for the Code of Ethics.
- Clearly explain your grievance procedure.
- Outline the implementation plan.
- Ask your audience for feedback on the policies and procedures. If no one has any general feedback, you must ask specific questions.
- Your assessor will ask you additional questions relevant to the scenario.
The new DataTrust Privacy Policy and Code of Ethics have recently been implemented, however there have still been several breaches within DataTrust.
Requirements have also been established under the Privacy Act for entities in responding to data breaches, known as the Notifiable Data Breaches (NDB) scheme, which DataTrust is obliged to abide by.
You’ve been asked to monitor the implementation of DataTrust’s Privacy Policy and Code of Ethics by following up with two clients who have been affected by data breaches, as well as report to your supervisor on the outcome of your review.
- The CIO, Mark Thrift received a complaint from a client, Tricia Portman. Tricia called the Accounts section to query an invoice and spoke to Brian Cotswald. Brian went on to disclose her personal information without having verified her identify.
Tricia sees this as a breach of privacy and is very upset that the DataTrust Privacy Policy has not been adhered to by Brian.
You’ve been asked to follow up with Tricia, so you’ll need to review the DataTrust Privacy Policy (Privacy Policy.pdf).
Write an email to Tricia, using the email template (DT_Email.dotx), as follows (minimum 75 and maximum 200 words):
- Thank Tricia for her feedback, explaining how it will be used to assist the organisation
- Outline DataTrust’s requirements that should have been followed, according to the Privacy Policy, to ensure good customer service.
- Jessica is a new member of the IT Support team and one of her first tasks was to create an urgent backup of customer information (including the customers’ and DataTrust’s intellectual property), which was requested by the Company Director. As she was new, she hadn't yet been given access to the shared backup drive. Instead of reporting this and waiting for access, she saved the backup data onto her personal hard drive, which she took home at the end of the day with the data still on it. When she got home, she couldn’t find the hard drive. As she caught the train home, she realised that it could have fallen out of her bag or been stolen anywhere between work and home. The following day, you asked Jessica about the backup and she confessed what had happened.
After this incident, management would like you to verbally interview the affected clients to make sure that they’re receiving appropriate service from staff members, according to the newly implemented Code of Ethics (your suggestions from Part 1).
Participate in a role play (minimum two and maximum five minutes, including assessor questions) to verbally interview a client.
- For face-to-face students, your assessor will observe the role play.
- For online students, make an appointment with your assessor for an online meeting.
- You must articulate your ideas and requirements clearly and appropriately for your audience (staff members).
- You must use appropriate listening and questioning techniques to elicit feedback and ideas.
Role play participants:
- Client – another student or other person
- IT Trainee (this is you).
Ensure that you include the following in your role play:
- Explain to the client the reason for the interview, referring to your obligations under the NDB scheme
- Outline DataTrust’s requirements for ethical customer service (i.e. your two points for the code of ethics)
- Ask three appropriate questions to:
- ascertain whether the Code of Ethics is being applied by staff members
- obtain their opinions on the implementation of the Code of Ethics
- Write an email to your supervisor, using the email template (DT_Email.dotx), to report on your review of the work practices and feedback you’ve collected
- Summarise the feedback you received from the staff members (Part 2) and clients (Part 3)
- Identify and list the section of the Privacy Policy that wasn’t adhered to by Brian
- Suggest two procedures that could be implemented to avoid this situation in the future, including one that relates to system security.
From: Pointon, Steve
Sent: Monday, 01 September 2017 10:44 AM
To: Tricia, Portman
Subject: Review of work practices and feedback collected
Dear [Mr Hansen],
This mail is to inform you that review of the work practices has been completed and the feedback from all the respondent has been collected. There has been many areas where the employees took the initiative in suggesting us to make the implementation process more concievable and easy to implement. The feedback collected also led us to learn some of the very basic ideas but with strong relevance. Most of the feedback were on the policy statement which they said should be short, precise and should include actionable words. The other areas of feedback was removing the overlapping of some responsibility to two or more person. They were of the opinion that these should have clear demarcation as to who is responsible for what?
The privacy breach from Brian end should be avoided in the future but these are already currently the part of the procedure in protecting the personal information and has been followed by others. The procedure he should have followed is two steps verification so as to know his customer well and the other one is asking for the UID number so that he could have been certain before sharing any information.
In order to avoid such escalation in the future, I have two suggestion that can avoid such situation. These are: 1. By assigning IT security officer the responsibility to maintain and store data related to personal information.
- Access control standards (including password change standard)
Kind regards
To export a reference to this article please select a referencing stye below:
My Assignment Help. (2020). 22334VIC Certificate IV In Cyber Security Is An Essay.. Retrieved from https://myassignmenthelp.com/free-samples/22334vic-certificate-iv-in-cyber-security/review-of-work-practices.html.
"22334VIC Certificate IV In Cyber Security Is An Essay.." My Assignment Help, 2020, https://myassignmenthelp.com/free-samples/22334vic-certificate-iv-in-cyber-security/review-of-work-practices.html.
My Assignment Help (2020) 22334VIC Certificate IV In Cyber Security Is An Essay. [Online]. Available from: https://myassignmenthelp.com/free-samples/22334vic-certificate-iv-in-cyber-security/review-of-work-practices.html
[Accessed 23 December 2024].
My Assignment Help. '22334VIC Certificate IV In Cyber Security Is An Essay.' (My Assignment Help, 2020) <https://myassignmenthelp.com/free-samples/22334vic-certificate-iv-in-cyber-security/review-of-work-practices.html> accessed 23 December 2024.
My Assignment Help. 22334VIC Certificate IV In Cyber Security Is An Essay. [Internet]. My Assignment Help. 2020 [cited 23 December 2024]. Available from: https://myassignmenthelp.com/free-samples/22334vic-certificate-iv-in-cyber-security/review-of-work-practices.html.