Chapter 7

Chapter 7

Data Protection Act 1998
1. DPA Principles
  1. Processed fairly and lawfully
    1. Data subjects must be informed if data is being collected about them and their permission sought
    2. Data subjects must be aware of the purpose for which and collected data will be used
  2. Used only for the purposes stated in the registry entry
    1. Data users can only use the data for those purposes
    2. The registration process with the ICO requires identification of the classes of data held and the purposes for which they are to be used
  3. Adequate, relevant and not excessive
    1. There must be enough information to meet the needs of the organisation and individual
    2. An organisation must only keep relevant data and no more
  4. Accurate and must be kept up to date
    1. An organisation is responsible for ensuring data is entered accurately
    2. Validation and verification can be used to help reduce data entry errors
    3. The organisation must review data regularly to ensure it is up to date and this may involve contacting data subjects to ask them to check their personal data
    4. If a data subject says data in inaccurate, then the errors must be corrected by the organisation
  5. Not be held for longer than is necessary for the purpose
    1. Personal data can only be held while it is needed for its purpose
  6. Be processed within the rights of the Data Subjects
  7. Be kept secure and protected against unlawful access and accidental / deliberate damage
    1. Security measures must be put into place including anti-virus software, encryption, backups, authorisation and authentication
    2. Data users must be made aware of the need for security, particularly if they are carrying data on a portable device
  8. Not be transferred outside of the European Union unless that country has adequate data protection legislation
    1. This has wide ranging consequences with much business being conducted internationally
2. The purpose of the DPA is to protect individual from organisations
3. Main aspects
  1. Accurate
  2. Secure
  3. Used for specified purposes
  4. Not kept for longer than necessary
  5. Fairly and lawfully processed
4. DPA Terminology
  1. Personal Data – Covers both facts and opinions about a living individual
  2. Data – Anything which is part of a record about an individual e.g DOB, Name
  3. Processing – Collection and storage of data which includes sorting the data into order
  4. Data Subject – The person that the data is being collected from or stored about
  5. Data Controller – Is responsible for ensuring the data meets the rights of the DPA
  6. Data Processor – Third parties who process the data who are not necessarily part of the Data controller’s organisation
  7. Recipient - This is any person who is employed to access, use or process personal data as part of their job
  8. (Information) Commissioner – The person who has overall responsibility for enforcing the DPA across the UK
5. DPA Rights
  1. Right to subject access
  2. Right to rectify or remove incorrect data
  3. Right to prevent processing that is likely to cause damage or distress
  4. Right to compensation if damage or distress is caused
6. DPA Exemptions
  1. Not everyone is automatically entitled to see the data which is held on them
    1. Crime
    2. Schools and examinations
    3. Taxation
    4. Health and Social Work (medical records)
Computer Misuse Act 1990
1. The purpose of the Act is to prevent the unauthorised use of computer systems and relates to both hardware and software
2. Computer Misuse Act Offences
  1. Unauthorised access to computer material
  2. Unauthorised access with intent to commit further crimes
  3. Unauthorised modification of computer material
  4. Making, supplying or obtaining material that could be used in computer misuse offences e.g. Viruses, Trojans
3. Computer Misuse Act Problems
  1. Accidental Intrusion is not listed as a crime
  2. There may be more than one person in the house therefore responsibility is an issue
  3. The act can only be put in place once the crime has been committed
The Copyright, Designs and Patents Act, 1988
1. Act covers: stealing software, using illegally copied software and manuals, running purchased software on two or more machines at the same time without a suitable licence
Regulation of Investigatory Powers Act 2000
1. The purpose of the Act is for the organisation to lawfully intercept any misuse of communications device
2. Organisations may monitor and record communications
  1. Prevent or detect crimes
  2. Prevent public disorder from occurring
  3. To ensure national security and the safety of the general public
  4. To investigate or detect any abnormal or illegal use of telecommunication systems
  5. Advantages
    1. The company can monitor what its employees are doing
    2. Make sure that the facilities are only being used for legitimate work
    3. Make sure company secrets are not being revealed
  6. Disadvantages
    1. Monitoring can be seen as a breach of trust by employees
    2. Desire by employees to maintain their privacy
Electronic Communications Act (2000)
1. The purpose of the ECA was to make the UK the best place in the world for e-commerce
2. Advantages
  1. Contracts that are signed over the Internet have the same legality as those signed by hand
  2. Increases the security with which individuals can engage in e-commerce
  3. Contracts entered into have legal backing
3. Disadvantages
  1. Many people aren’t aware of digital signatures therefore it will take time for it to be accepted
  2. Since transactions are important to people it will take a lot of time for it to be introduced
  3. People feel insecure due to the security of digital signatures
Freedom of Information Act (2000)
1. The purpose of this act is being able to find out information on any topic from any public authority (government, hospitals, and schools)
2. People can write a letter to the public authority requesting the information they want, it takes 20 working days for them to respond to your request.
3. Advantages
  1. Information which was not accessible to the general public is now available
  2. People feel more confident that they know things aren’t being hidden
4. Disdvantages
  1. There is no certainty that you will receive the information you ask for
  2. The public authority have the right to deny any existence of the information
  3. There is a large cost to respond and find the information
Methods for combating ICT crime and protecting ICT systems
1. Physical Security (Security guards)
2. Biometric Security (Fingerprints)
3. Location of Equipment
4. Firewalls (Prevents unauthorised computers connecting to your network)
5. Backup (Making a copy of the data)
6. Encryption (Coding the data)
7. Software Patches / Updates (Removes any flaws in the software)
8. Anti-virus / anti-spyware (Prevents viruses and spyware infecting machine)
9. Access rights (Access is only granted to certain users)
Networking
1. Linking together two or more computers to be able to share files through a server
2. Advantages
  1. The sharing of peripherals (printers)
  2. Data can be shared
  3. Backup and virus checking from a central location
3. Disadvantages
  1. Viruses can spread faster on a network
  2. Lack of privacy
  3. Initial cost of network
4. Local Area Network (LAN) – When computers are fairly close to one another
5. Wide Area Network (WAN) – When several different LAN’s are linked together it is spread over a wide area
6. A protocol is a set of rules which define:
  1. How to establish communication between the machines
  2. The format of any data which is to be exchanged between the machines

Next up

Description

Resource summary

Similar

	Created by gavinfree about 10 years ago