This coursework assignment consists of TWO questions, each requiring descriptive
ID: 344617 • Letter: T
Question
This coursework assignment consists of TWO questions, each requiring descriptive answers. Both questions should be attempted and your submitted work will be assessed Explain what is meant by a duty of care in the management of project work. Discuss ONE situation where a duty of care is required, including details of: (i) those to whom the duty of care is owed, (ii) a consequence of a failure of the duty of care, (ii) a way to ensure that the duty of care is maintained. [10 marks] 2. Discuss how confidential information (e.g. commercial data, technological secrets, personal data etc.) can be protected when undertaking project work, especially when the communication of this information is a necessary feature of the project. [10 marks]Explanation / Answer
Answer 1: Duty of Care requires us to ensure that all the people we work with are safe and that we abide by relevant legislation. A duty of care exists when a person’s action can directly or indirectly affect the other person. A duty of care becomes more important in a power and authority relationship where one person is the superior and the other is the junior like a project head and project worker.
Duty of Care is the legal duty to take reasonable care so that others aren’t harmed and involves identifying risks and taking reasonable care in your response to these risks. Duty of care is reciprocal – the organisation has a duty of care to the clients and peer supporters and the peer supporter has a duty of care in the services that they provide for the organisation.
An example can be taken here on the project management done in the construction industry. The Chartered Institute of Builders has produced a Code of Practice for Project Management for Construction and Development. In the third edition it states that “Project management is the professional discipline which separates the management function of a project from the design and execution functions”
A real life situation of duty of care can be studied here. Referring to a case posted on mondaq.com website,it refers to the the case of Pozzolanic Lytag Limited v Bryan Hobson Associates [1999] 89 BLR 267 considered whether a project manager owed a duty of care to the client to ensure that the professional indemnity insurance of the consultants was adequate. The case concerned the construction of a concrete dome, which due to a design defect collapsed causing considerable financial loss to the employer. The main contractor was primarily liable under the JCT Design and Build Form of Contract, but did not maintain adequate insurances required by the contract.
Thus one can note that duty of care extends to the clients, failure of which led to the collapse of the dome in this case. An insurances as required by the contract, if done, would have saves the customer from huge financial losses. The project manager should have covered the contractor’s liabilities too when it came to building contract.
Answer 2: These days in the era of information explosion, it becomes important for companies to protect their data and the confidential information. According to a renowned industrialist in India, he stated as “Data is the new Oil”, thus it becomes extremely important for companies to protect confidential information and at the same time makes it essential to disseminate information to the relevant personnel. According to an AIIM survey, 60% of large organizations cite that the potential impact of leaking confidential information would be high, and for 13%, it would be disastrous — which further underscores the importance of ensuring that your organization’s sensitive documents are protected from unauthorized access. In an article published on computer world website by Ariel Peled in 2004, he has given five steps to ensure that the data is kept confidential at the same time effective available to all the concerned people.
The first step according to him is to identify and prioritize the confidential information. This would help a person or an organization to take steps on which data should be protected first. The next step is to identify the unstructured data like the customer correspondence, financial releases and so on and then implement the same in various departments in a phased manner.
The second step would be to study how currently the information is flowing and perform an assessment of risk of the current steps being undertaken. Though it could be easier to identify the confidential information, it becomes far more difficult to identify the places where this information can be leaked.
The third step is to determine appropriate access that can be given. This activity would be based on the risk assessment done in step two. A policy on determination of usage of this information as well as distribution of this information needs to be drafted as a next step.
The fourth step is to implement and monitor the system in place. In many companies document management system software is present. According to Mika Javanainen, in his blog posted in March 2014, is stated that “Today’s most advanced document management software solutions offer new ways to derive access control settings from metadata, making the process of setting permissions for documents and other information both dynamic and automatic. Metadata-driven permissions and the associated audit trail and event log also help organizations prove that they actually follow the access control policies they have defined.”
The fifth step is to review periodically the changes done in the system and whether the objectives highlighted in the step one are achieved and problems identified in step two are being resolved.
Another step that needs to be taken as drafted in the Grant Mcgregor News is Employee training. When it comes to confidential data being leaked, often it’s a company’s own employees who are the biggest risk. It’s usually due to the lack of training provided in the company. When training your employees about protecting confidential information, it’s a good idea to start first with explaining why data confidentiality is so important and then provide training about the practical aspects of data protection. The training can be done in-house or by engaging external experts.