Customer Data Policy Formal document identifying the constraints or limitations in using customer information statements of what should or should not be done examples to make clear any statements you make References to all the material, including any Acts of Parliament
Data Protection Actof 12th July 1984 / 1998Anyone processing personal data must comply with the eight enforceable principles of good practice.1. Fairly and lawfully processed;2. Processed for limited purposes;3. Adequate, relevant and not excessive;4. Accurate;5. Not kept longer than necessary;6. Processed in accordance with the data subjects rights;7. Secure (no unauthorised access, alteration or disclosure)8. Not transferred to other countries without adequate protection.
The Information Commissioner The Act established the office of Information Commissioner, whose duties include: administering a public register of Data Users with broad details of the data held investigating complaints and initiating prosecutions for breaches of the Act. publishing several documents that offer guidelines to data users and computer bureaux.
Registration All Data Users have to register, giving: their name and address (or that of their company) a description of the data held and its purpose a description of the sources from which the data is obtained a description of the persons to whom it is intended to disclose data
Exemptions from the Act The Act does not apply to payroll, pensions and accounts data, nor to names and addresses held for distribution purposes. Registration may not be necessary when the data are for personal, family, household or recreational use. Subjects do not have a right to access data if the sole aim of collecting it is for statistical or research purposes, or where it is simply for backup. Data can be disclosed to the data subject’s agent (e.g. lawyer or accountant), to persons working for the data user, and in response to urgent need to prevent injury or damage to health. Additionally, there are exemptions for special categories, including data held: - in connection with national security; - for prevention of crime; - for the collection of tax or duty.
Software Copyright Laws Computer software is now covered by the Copyright Designs and Patents Act of 1988, which covers a wide range of intellectual property such as music, literature and software.
Copyright, Designs & Patents Act1988 Provisions of the Act make it illegal to: copy software run pirated software transmit software over a telecommunications line, thereby creating a copy
The Computer Misuse Act of1990 In the early 1980s in the UK, hacking was not illegal. Some universities stipulated that hacking, especially where damage was done to data files, was a disciplinary offence, but there was no legislative framework within which a criminal prosecution could be brought.
Computer Misuse Act of 1990 The Computer Misuse Act of 1990 defined three specific criminal offences to deal with the problems of hacking, viruses and other nuisances. unauthorised access to computer programs or data unauthorised access with a further criminal intent unauthorised modification of computer material (i.e. programs or data)
How A Virus Works1. ORIGINATION - A programmer writes a program - the virus - to cause mischief or destruction. The virus is capable of reproducing itself2. TRANSMISSION - Often, the virus is attached to a normal program. It then copies itself to other software on the hard disk3. REPRODUCTION - When another drive is inserted into the computer’s disk drive, the virus copies itself on to the drive4. INFECTION - Depending on what the original programmer wrote in the virus program, a virus may display messages, use up all the computer’s memory, destroy data files or cause serious system errors
Health Hazards Stress RSI Eyestrain ELF radiation Backache
Display Screen Regulations 1992 Employers are required to Perform an analysis of workstations in order to evaluate the safety and health conditions to which they give rise Provide training to employees in the use of workstation components Ensure employees take regular breaks or changes in activity Provide regular eye tests for workstation users and pay for glasses
Computers, Health And The Law Employees have a responsibility to Use workstations and equipment correctly, in accordance with training provided by employers Bring problems to the attention of their employer immediately and co-operate in the correction of these problems
Computers, Health and the law Manufacturers are required to ensure that their products comply with the Directive. For example: Screens must tilt and swivel Keyboards must be separate and moveable Notebook PCs are not suitable for entering large amounts of data
The Ergonomic Environment Ergonomics refers to the design and functionality of the environment, and encompasses the entire range of environmental factors. Employers must give consideration to: Lighting: office well lit, with blinds Furniture: chairs of adjustable height, with tilting backrest, swiveling on five-point base Work space: combination of chair, desk, computer, accessories, lighting, heating and ventilation all contribute to overall well-being Noise: e.g. noisy printers relocated Hardware: screen must tilt and swivel and be flicker-free, the keyboard separately attached Software: should facilitate task, be easy to use and adaptable to user’s experience
DRM Music & Films Technology to restrict where, how often, on what you can use it
Proprietary Software Sold under licence – not ownership Unable to modify Restricted rights to sell-on
Open Source Movement Have access to the source code – can therefore modify it Redistribute the code or executable Usually free to obtain
The Rights of Data Subjects Apart from the right to complain to the Information Commissioner, data subjects also have a range of rights which they may exercise in the civil courts. These are: Right to compensation for unauthorised disclosure of data (arising from principle no. 3); Right to compensation for inaccurate data (arising out of principle no. 5); Right of access to data and to apply for rectification or erasure where data are inaccurate (arising out of principle no. 7); Right to compensation for unauthorised access, loss or destruction of data (arising out of principle no. 8).
Relevant LegislationData Protection Data Protection Act 1998 Freedom of Information Act 2000 (FOIA)Usage of IT Systems Computer Misuse Act 1990 Terrorism Act 2000 Privacy and Electronic Communications Regulations 2003