PraxIS Apr. 2010

10-04 Contents:  Data Protection, Medical software errors, Eusprig 2010, Excel compatibility

ISSN 1649-2374 This issue online at http://www.sysmod.com/praxis/prax1004.htm   [Previous] [Index]  [Next]

Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success

IN THIS ISSUE

 Risk and Quality
     Data Protection Commissioner 2009 report
     and further resources on the topic
     New book: A pocket guide to risk mathematics
     
 Spreadsheets
     Medical errors and their prevention
     How to write a successful EuSpRIG paper
     Resources for the change from Excel 2003 to  2007

 Off Topic
     
About this newsletter and Archives
Disclaimer
Subscribe and Unsubscribe information


Welcome to PraxIS

Spring has arrived in Ireland! A month late. The magnolia is in flower, the roadside primroses are coming out and the sun is beginning to shine. That *was* a long winter. 

Patrick O'Beirne

____________________________________________________________
____________________________________________________________

IT Risk

Data Protection Commissioner 2009 report

The Twenty-First Annual Report of the Data Protection Commissioner 2009 is available at

http://www.dataprotection.ie/documents/annualreports/AR2010.pdf

Billy Hawkes, the Data Protection Commissioner for Ireland, writes "2009 was a year of change - both actual and promised - in the legal framework governing data protection. The Lisbon Treaty embedded data protection as a fundamental right of European Union citizens. It provided the basis for an extension of data protection rights into all areas of EU activity. It gave new authority to the European Parliament as co-legislator in this area. "

"During the year, we continued to use the full "tool-kit" provided to us by law to advance the data protection rights of individuals. Most organisations do their best to respect the rights of their customers and clients - recognising that this is also an issue of good customer service. For them, our focus continued to be on advice on how best to meet their obligations. For the minority who are careless about data protection rights, we used the full range of our enforcement powers to bring about change. Targeted use of prosecutions has been particularly effective to stamp out abuses in the area of electronic marketing. Selective use of our audit and investigation powers have also helped to bring about improvements at sectoral level."

In 2009 a total of 914 complaints were formally opened for investigation. In the last two years, unsolicited direct marketing complaints have halved. 29% of complaints concerned rights of access to personal data.  During 2009, 119 data security breach notifications were received compared to 81  in the preceding 12 months. This is attributed to more organisations contacting the Office for advice when faced with a data security breach.

Reports on significant investigations are given, for example the Health Service Executive. The report ends with 16 case studies.

Further reading

Audit Guidance
Guidance on audits aimed at assisting organisations selected for audit by the Office of the Data Protection Commissioner - http://www.dataprotection.ie/documents/enforcement/AuditResource.pdf

Report of the Data Protection Commissioner on Data Protection in the Revenue Commissioners
http://www.revenue.ie/en/about/data/data-protection-commissioner-report.pdf http://www.dataprotection.ie/docs/CSPE_Booklet/862.htm

The DPC in conjunction with the Curriculum Development Unit of the Dept of Education and Science, has developed a resource for the CSPE (Civic, Social and Political Education) programme for Junior Certificate Students.  The resource, 'Sign Up, Log In, Opt Out: Protecting your Privacy & Controlling your Data' deals with 2 of the core concepts of CSPE; 'Rights & Responsibilities' and 'Law'. 


Video Clip Competition
An innovative video clip competition was launched in 2008 by my Office in association with Google.
http://www.youtube.com/results?search_type=search_playlists&search_query=Data+Protection+Office+Ireland+Competition+Entry+2009&uni=1

The following training aids and guidance material are available free of charge to assist organisations in raising staff awareness of their responsibilities when processing personal information:
http://www.dataprotection.ie/docs/Publications_and_Forms/960.htm

Breach Notification Guidance: 
http://www.dataprotection.ie/docs/Breach_Notification_Guidance/901.htm

Direct Marketing - A General Guide for Data Controllers:
http://www.dataprotection.ie/docs/DIRECT_MARKETING_–_A_GENERAL_GUIDE_FOR_DATA_CONTROLLERS/905.htm

http://ec.europa.eu/justice_home/fsj/privacy/workinggroup/wpdocs/2009_en.htm

Documents adopted by the Data Protection Working Party 2009


http://www.slideshare.net/brianhonan/the-case-for-mandatory-data-breach-disclosure-laws

The Case for Mandatory Data Breach Disclosure Laws, slideshow by Brian Honan.

____________________________________________________________

A pocket guide to risk mathematics

http://www.amazon.co.uk/Pocket-Guide-Risk-Mathematics-Concepts/dp/0470710527/ 

Matthew Leitch's new book is “A pocket guide to risk mathematics: key concepts every auditor should know” 

"The idea is to change things radically by offering a relatively quick and easy way to learn enough about risk mathematics to include it in audits. It covers the subject conceptually, so that readers can absorb the ideas without having to do the algebra and calculus. This way it covers a lot of territory, with some deep insights, and has space to explain common problems auditors can look for, with suggestions on how to find them and what to suggest. Auditors do not have the main responsibility for avoiding future economic meltdowns, but it would be great if they had the knowledge to do more."

____________________________________________________________
____________________________________________________________

Spreadsheets

Here are some items I recently posted to the Eusprig yahoogroup and the Excel-L lists, copied here for a wider audience :


Medical errors and their prevention

http://opp.sagepub.com/cgi/content/abstract/14/4/181
Journal of Oncology Pharmacy Practice DOI: 10.1177/1078155208094453  Aug 27, 2008;
Matthew DC Small, B. Pharm, Ann Barrett and Gill M Price
The impact of computerized prescribing on error rate in a department of Oncology/Hematology
A prospective audit of 1941 prescriptions for chemotherapy was  made from January to September 2005. 
Results. An application specifically designed for prescribing reduced errors by 42% (RR 0.58; 95% CI 0.47–0.72). Errors occurred in 20% of spreadsheet prescriptions compared with 12% of the computerized prescriptions.

Overdoses on spreadsheet prescriptions ranged from double doses of  cisplatin to tenfold doses of mitoxantrone and hundred fold doses of  vincristine. These carry the risk of a fatal outcome, although it is  unlikely that they would not have been corrected during pharmacy  preparation.

http://rsif.royalsocietypublishing.org/content/early/2010/04/07/rsif.2010.0112.full
Reducing number entry errors: solving a widespread, serious problem
"The erroneous sum in the right-hand column is caused by 3.1. having a final decimal point/full stop, and hence being treated as text, and thus processed as zero by SUM."  That article makes me realise that only now are some people realising that input validation in life-critical applications is a Good Thing. Read the description of the operation of the Alaris Infusion Pump and the Grasbey drug delivery system and shiver. 

____________________________________________________________


Eusprig conference 15/16 July 2010

I uploaded a collection of tips for prospective authors new to writing conference papers: "How to write a successful EuSpRIG paper"
http://www.eusprig.org/How_to_write_a_successful_EuSpRIG_paper.pdf 

____________________________________________________________

Resources for understanding the changes from Excel 2003 to  2007

http://msdn.microsoft.com/en-us/library/bb242669.aspx
Object Model Changes Since Microsoft Office 2003 Excel Developer Reference
A summary of the changes in the Microsoft Office Excel 2007 object model as compared to Microsoft Office 2003.

http://technet.microsoft.com/en-us/library/cc179160.aspx
Changes in ChartingUpdated: 2009-01-15
This article lists the changes (and reasons for the change) in Charting from Microsoft Office 2003 to 2007 Microsoft Office system and suggests migration paths

This topic is included in the following downloadable book for easier reading and printing:
http://go.microsoft.com/fwlink/?LinkID=79595
Technical reference for the 2007 Office release

See the full list of available books at Downloadable content for the 2007 Office Resource Kit .
http://technet.microsoft.com/en-us/library/cc178979.aspx 


____________________________________________________________


Spreadsheet Check and Control: book of 47 best practices to detect and prevent errors

http://www.sysmod.com/scc.htm

XLTest: Spreadsheet testing and auditing add-in

http://www.sysmod.com/xltest/index.htm

XLTest helps you to check the integrity of your spreadsheets far more quickly than with tedious cell-by-cell inspection.

XLTest for Excel 2003 also works in the Add-In tab of Excel 2007

SPECIAL OFFERS

If you own the book "Spreadsheet Check and Control" you save the cost of the book - 30 euro! Simply enter into the discount code box the first word on the top left of page 131.

If you buy the spreadsheet inventory/assessment workbook  ScanXLS you can get it free! Simply say you want XLTest free when placing your ScanXLS order. 

To learn more, download the 19-page set of screenshots (1MB PDF) showing you what it does.

____________________________________________________________
____________________________________________________________

FEEDBACK

Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM

Thank you! Patrick O'Beirne, Editor

_______________________________________________________
_______________________________________________________

Off Topic


Looking back to the beginning of this month, there are some April Fool stories in the Risks Digest. I smiled at the one about Silver Iodide being used to seed cloud computing.

http://catless.ncl.ac.uk/Risks/25.98.html

http://catless.ncl.ac.uk/Risks/26.01.html

_______________________________________________________
_______________________________________________________

Copyright (c) Systems Modelling Limited, http://www.sysmod.com . Reproduction allowed provided this copyright notice is included.

We appreciate any feedback or suggestions for improvement. If you have received this newsletter from anybody else, we urge you to sign up for your personal copy by sending a blank email to   EuroIS-subscribe (at) yahoogroups (dot) com

For those who would like to do more than receive the monthly newsletter, the EuroIS list makes it easy for you to discuss issues raised, to share experiences with the rest of the group, and to contribute files to a common user community pool independent of the sysmod.com web site. I moderate posts to the EuroIS list, to screen out inappropriate material.

Patrick O'Beirne, Editor
_______________________________________________________
ABOUT THIS NEWSLETTER
"Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems".
Please tell a friend about this newsletter.
We especially appreciate a link to www.sysmod.com from your web site!
______________________________________________________
ARCHIVES
To read previous issues of this newsletter please visit our web site at http://www.sysmod.com/praxis.htm

DISCLAIMER
This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult a professional at Systems Modelling Ltd. directly for advice that is specifically tailored to your particular circumstances.
_______________________________________________________
PRIVACY POLICY:
We guarantee not to sell, trade or give your e-mail address to anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers a moderated discussion list for readers and a free shared storage area for user-contributed files. The archives of this group are on YahooGroups website http://finance.groups.yahoo.com/group/EuroIS/
_______________________________________________________