Data Privacy, Integrity, and Management

You can read this note directly if you understand that organisations collect and store data. Data management is about keeping data useful, protected, accurate, and properly handled throughout its life.

A database may have correct tables, keys, and SQL queries, but still be badly managed. For example, a school database may store students correctly, but if the file is lost, leaked, overwritten, or kept forever without a valid reason, the database is still poorly managed.

This note focuses on the practical question:

How can data remain accurate, protected, recoverable, and responsibly handled over time?

Beginner Problem

A database can be technically correct but still fail in real use.

Example:

SituationMain issue
marks are accidentally changedintegrity
student addresses are sent to the wrong group chatprivacy
the only copy of a database is lostavailability and recovery
old personal data is kept forever without reasonprivacy and governance
two users edit different versions of the same fileversion control
a teacher cannot restore a deleted recordbackup and recovery

Data management is about preventing these failures, not just fixing them after they happen.

A good beginner habit is to ask two questions:

  1. What could go wrong with this data?
  2. Which protection method actually reduces that risk?

Weak answer:

Use encryption.

Better answer:

If the risk is unauthorised access to stored personal data, encryption can help protect the data if the storage device or file is stolen. However, encryption does not prevent wrong data entry, accidental deletion, or poor file naming.

Data Lifecycle

Caption: Data protection is a lifecycle: at each stage, check access, accuracy, protection, retention, and whether the data should still be kept.

Common lifecycle stages:

StageQuestion to askExample
collectIs there a valid purpose for collecting this data?Should a club collect phone numbers, or is class ID enough?
storeWho can access it?Should all members see the full contact list?
useIs it accurate and used appropriately?Are attendance records updated by authorised people only?
protectIs there backup, access control, and encryption where needed?Can the database be restored after accidental deletion?
disposeShould it be archived or securely erased?Should old member records be kept after students leave?

Data protection is not a single action done at the end. It should be considered throughout the data lifecycle.

Caption: Match the specific data risk to a protection method that reduces that risk; no single method solves every data-management problem.

Privacy and Integrity

Data privacy means data is accessed or disclosed only by authorised people for appropriate purposes.

Data integrity means data is accurate, complete, consistent, and not improperly altered.

Example:

  • privacy problem: a student list is shared with people who should not see it;
  • integrity problem: a student’s mark is accidentally changed from 78 to 87.

These are different ideas.

ConceptMain questionExample failure
privacyWho can see or receive the data?student phone numbers are shared with unauthorised people
integrityIs the data correct and trustworthy?a mark is entered wrongly or overwritten
availabilityCan authorised users access it when needed?the only copy of the database is lost

A single incident can affect more than one area. For example, malware may leak personal data, damage records, and make the database unavailable.

Caption: Data management chooses controls that protect privacy, integrity, and availability according to the risk.

Threats to Data

Threats include:

  • accidental deletion;
  • hardware failure;
  • malware;
  • unauthorised access;
  • human error;
  • natural disasters;
  • outdated or conflicting file versions;
  • invalid or incomplete input;
  • accidental disclosure;
  • keeping data longer than necessary.

The protection method should match the threat.

Match examples:

ThreatSuitable protectionWhy it helps
accidental deletionbackupallows data to be restored
unauthorised accessauthentication and access controllimits access to authorised users
invalid inputvalidationrejects data that does not meet rules
accidental change during transferverificationchecks that copied or transferred data matches the original
stolen storage deviceencryptionmakes data harder to read without the key
confusing file versionsversion control and naming conventionmakes the latest and previous versions clear
old personal data no longer neededretention policy and secure erasurereduces unnecessary privacy risk
incorrect update to important recordsaudit trail and restricted editing rightshelps trace changes and limits who can change data

Match the Protection to the Problem

Students often give protection methods that sound good but do not solve the stated problem.

ProblemWeak answerBetter answer
student data is leaked to outsidersmake a backupuse access control, authentication, appropriate sharing rules, and encryption where suitable
wrong marks are enteredencrypt the databaseuse validation, verification, restricted editing rights, and checking procedures
file is accidentally deleteduse a passwordkeep backups and test that restoration works
old records are kept foreveruse version controlset a retention policy, archive if justified, or securely erase when no longer needed
many people edit different file copiesuse encryptionuse version control or a clear naming convention
a laptop containing personal data is stolenuse a better filenameencrypt sensitive data and require authentication

The key is not to name a security method randomly. The key is to explain how the method reduces the specific risk.

Validation Versus Verification

Validation checks whether input is reasonable or follows required rules.

Verification checks whether data has been copied, transferred, or entered accurately.

MethodMain ideaExample
validationIs the data acceptable?reject a date of birth in the future
verificationWas the data copied or entered correctly?compare a retyped email address with the original

Example:

A student enters a phone number as 91234567.

A validation check may test whether the phone number has the correct number of digits.

A verification check may ask the student to enter the phone number twice and compare the two entries.

Validation reduces invalid data. Verification reduces copying or entry errors. Neither automatically guarantees that the information is true.

Authentication, Authorisation, and Access Control

These terms are related but not identical.

TermMeaningExample
authenticationchecks who the user islogging in with an account and password
authorisationdecides what the identified user may doa teacher may edit marks; a student may only view their own data
access controlthe overall system that limits accessdifferent roles have different permissions

Example:

A teacher logs in successfully.

Authentication answers:

Is this really the teacher's account?

Authorisation answers:

What is this teacher allowed to read, add, edit, or delete?

A system can authenticate a user but still give them the wrong permissions. That would be an access-control problem.

Backup Versus Archive

IdeaPurposeTypical use
backuprestore data after loss or damagerecover from accidental deletion
archivekeep older data for long-term reference or compliancestore past records no longer used daily

A backup is for recovery. An archive is for long-term retention.

Example:

A teacher accidentally deletes the current attendance database.

A backup helps restore the lost data.

Example:

The school keeps attendance records from previous years for reference.

An archive stores records that are no longer used every day but may still need to be kept for a valid reason.

A backup should not be treated as a general archive. A backup may be overwritten according to a backup schedule. An archive should follow a retention decision.

Backup Is Not the Same as Version Control

Backup and version control both help with recovery, but they are not the same.

IdeaBest forExample
backuprecovering data after loss, deletion, or damagerestore yesterday’s database backup
version controltracking changes over timesee who changed a file and recover an older version

For software projects, Git is a common version-control system. However, Git history for code is not the same as a database backup. A project may have perfect source-code history but still lose the production database if no database backup exists.

Methods to Protect Data

MethodHow it helps
access controllimits who can read or change data
authenticationchecks user identity
authorisationcontrols what an identified user may do
validationreduces invalid input
verificationchecks data was copied or entered accurately
backupsupports recovery
restore testingchecks that backups can actually be used
encryptionprotects data if intercepted or stolen
version controltracks changes and supports recovery of earlier versions
naming conventionreduces confusion between file versions
audit trailrecords who made changes and when
secure erasurereduces risk from data that is no longer needed

A strong answer should usually include both the method and the reason.

Weak answer:

Use backup.

Better answer:

Use regular backups so that the database can be restored if records are accidentally deleted or damaged.

Even better:

Use regular backups and test restore procedures, because an untested backup may not be usable during a real data-loss incident.

Version Control and Naming Convention

Version control records changes over time. In software, Git is a common version-control system. For ordinary files, a clear naming convention can still reduce confusion.

Weak file names:

final.docx
final2.docx
really_final.docx

Problems:

  • the latest version is unclear;
  • the date is unclear;
  • the purpose of each version is unclear;
  • files may be overwritten by accident.

Better file names:

project_report_2026-07-08_v01.docx
project_report_2026-07-09_v02.docx

A good naming convention should be consistent, sortable, and meaningful.

For dates, use YYYY-MM-DD because it sorts correctly as text:

survey_results_2026-07-08_v01.csv
survey_results_2026-07-09_v02.csv

Possible naming pattern:

project_or_dataset_YYYY-MM-DD_vNN.ext

Example:

cca_attendance_2026-07-08_v01.csv
cca_attendance_2026-07-09_v02.csv

Worked Scenario: School CCA Database

A school club stores:

member names, class IDs, phone numbers, attendance records, payment records

Think through the lifecycle.

StageGood management questionPossible action
collectIs each field needed?collect class ID and contact number only if there is a valid purpose
storeWho can access the file or database?restrict access to teachers and authorised student leaders
useCan the data be kept accurate?validate input and verify important updates
updateWho can change records?allow only authorised users to edit payment or attendance data
protectCan data be recovered?keep regular backups and test restoration
shareIs disclosure appropriate?avoid sending full contact lists to unnecessary recipients
archiveAre older records still needed?archive past records only for a valid reason
disposeShould old personal data be removed?securely erase records that are no longer needed

Possible risks and responses:

RiskSuitable response
member phone numbers are shared too widelyapply access control and share only necessary data
attendance is entered wronglyuse validation and checking procedures
payment records are edited by mistakerestrict editing rights and keep an audit trail
database file is lostrestore from backup
old member records remain foreverapply a retention policy and secure erasure

This scenario shows that data management is not one method. It is a set of decisions throughout the data lifecycle.

PDPA at Syllabus Depth

Singapore’s Personal Data Protection Act, or PDPA, governs the collection, use, and disclosure of personal data by organisations.

At syllabus depth, focus on the principle that organisations should:

  • collect personal data for appropriate purposes;
  • inform individuals and obtain consent where required;
  • use and disclose data appropriately;
  • protect personal data in their possession;
  • retain data only as long as needed;
  • allow reasonable correction where appropriate.

This wiki note is for computing syllabus understanding, not legal advice.

Beginner example:

A school club wants to record attendance.

It may need names and class IDs. It may not need sensitive personal information if the attendance purpose can be achieved without it. Collecting more personal data than needed increases privacy risk.

Another example:

A club leader wants to message members about training.

It may be appropriate to use contact details for club communication if they were collected for that purpose. It would not be appropriate to share the full contact list with unrelated people.

For exams, avoid treating PDPA as only about consent. Protection, appropriate purpose, retention, disclosure, and correction also matter at syllabus depth.

How to Answer Data-Management Questions

Use this pattern:

  1. Identify the risk.
  2. State a suitable protection method.
  3. Explain how the method reduces the risk.
  4. Mention a limitation if relevant.

Example question:

A school stores student addresses in a database. Suggest one way to protect the data.

Weak answer:

Use encryption.

Better answer:

Use access control so that only authorised staff can view or update student addresses. This reduces the risk of unauthorised access or disclosure.

Another good answer:

Encrypt the database or storage device so that the addresses are harder to read if the device or file is stolen.

Both can be correct, but they address slightly different risks. A good answer should match the question’s risk.

Common Mistakes

  • Saying privacy and integrity are the same.
  • Treating backup as archive.
  • Treating Git history as a full database backup.
  • Keeping every old file forever without a retention reason.
  • Using vague file names that do not show date or version.
  • Assuming encryption alone solves all data management problems.
  • Suggesting backup to solve invalid data entry.
  • Suggesting validation to solve accidental file deletion.
  • Discussing PDPA as if consent is the only issue.
  • Forgetting to explain how a protection method reduces the specific risk.

Check Your Understanding

  1. What is the difference between privacy and integrity?
  2. What is the difference between backup and archive?
  3. Why is version control useful?
  4. Why should personal data not be kept indefinitely without reason?
  5. Why does encryption not solve every data-management problem?
  6. What is the difference between authentication and authorisation?
  7. Why should backups be tested?
  8. Why is validation different from verification?

Answers:

  1. Privacy controls authorised access and disclosure; integrity concerns correctness and trustworthiness.
  2. Backup supports recovery after loss or damage; archive supports long-term retention.
  3. It tracks changes and helps recover earlier versions.
  4. It increases risk and may conflict with good data protection practice.
  5. Encryption helps protect data if it is intercepted or stolen, but it does not prevent wrong input, accidental deletion, or poor access permissions.
  6. Authentication checks identity; authorisation controls what an identified user may do.
  7. A backup is useful only if it can actually be restored when needed.
  8. Validation checks whether data is acceptable; verification checks whether data has been copied or entered accurately.