Safety And Security Of Data 4


Published on

The fourth in a series of presentations designed to assist my Y12 ICT AQA AS students in preparing for Unit 2, topic 5

Published in: Education
  • Be the first to comment

Safety And Security Of Data 4

  1. 1. Safety and Security of Data 4
  2. 2. The Need for Legislation <ul><li>As ICT and the internet develops, new laws are required to protect people. </li></ul><ul><li>There is often debate as to the extent laws are required – ie protection against erosion of civil rights </li></ul><ul><li>Difficulties with managing laws internationally </li></ul>
  3. 3. The Data Protection Act 1998 <ul><li>Introduced to protect the individual against the misuse of data </li></ul><ul><li>Also introduced to bring into line with other EU members who already had legislation </li></ul><ul><li>Covers misuse of all personal data, whether on computer or not </li></ul>
  4. 4. The Data Protection Act 1998 <ul><li>Individuals have the right to find the information stored about them and to check whether it is correct. </li></ul><ul><li>If the information is wrong individuals can have it altered and may be able to claim damages if they have suffered a loss resulting from this </li></ul>
  5. 5. What is Personal Data? <ul><li>Data about an identifiable person </li></ul><ul><li>That person must be alive </li></ul><ul><li>The data must be specific to that person </li></ul><ul><ul><li>Medical history </li></ul></ul><ul><ul><li>Credit history </li></ul></ul><ul><ul><li>Qualifications </li></ul></ul><ul><ul><li>Religious beliefs </li></ul></ul><ul><ul><li>Criminal records </li></ul></ul><ul><li>Important for marketing departments! </li></ul>
  6. 6. The Data Protection Principles <ul><li>Personal data shall be processed fairly and lawfully. </li></ul><ul><li>Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes. </li></ul>
  7. 7. The Data Protection Principles <ul><li>Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed. </li></ul><ul><li>Personal data shall be accurate and, where necessary, kept up to date. </li></ul>
  8. 8. The Data Protection Principles <ul><li>Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. </li></ul><ul><li>Personal data shall be processed in acordance with the rights of data subjects under this Act. </li></ul>
  9. 9. The Data Protection Principles <ul><li>Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. </li></ul>
  10. 10. The Data Protection Principles <ul><li>8 Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. </li></ul>
  11. 11. The Data Protection Principles <ul><li>Fairly and lawfully processed </li></ul><ul><li>Processed for limited purposes </li></ul><ul><li>Adequate, relevant and not excessive </li></ul><ul><li>Accurate </li></ul><ul><li>Not kept longer than necessary </li></ul><ul><li>Processed in accordance with the data subjects’ rights </li></ul><ul><li>Secure </li></ul><ul><li>Not transferred to countries outside the EU without adequate protection </li></ul>
  12. 12. Processing of Personal Data <ul><li>Obtaining data </li></ul><ul><li>Recording data </li></ul><ul><li>Carrying out any operation or set of operations on data </li></ul>
  13. 13. Notification Under the Act <ul><li>Businesses etc must let the Information Commissioner’s Office know that an organisation is story and processing personal data </li></ul><ul><li>Information is added to a register which the public may view </li></ul><ul><li>It is an offence for an organisation to process data without notification </li></ul><ul><li>The following information is required: </li></ul>
  14. 14. Required Information <ul><li>Company registration number </li></ul><ul><li>Details of data controller </li></ul><ul><li>Classes of data held </li></ul><ul><li>General description for the reasons </li></ul><ul><li>Description of the data subjects </li></ul><ul><li>List of organisation to whom data is passed </li></ul><ul><li>Information about info passed outside EU </li></ul>
  15. 15. Exemptions from Notification <ul><li>Data held for personal, family or household reasons </li></ul><ul><li>Data used for preparing the text of documents </li></ul><ul><li>Data used for accounting purposes only </li></ul><ul><li>Data held in the interests of national security </li></ul><ul><li>Data used for mailing lists </li></ul>
  16. 16. Subject Access <ul><li>Individuals have a right to see data held about them </li></ul><ul><li>Must write to the organisation and pay a fixed fee (£10 or £2 if a credit reference agency) </li></ul><ul><li>Reply must be received within 40 days (7 days if credit reference agency) </li></ul>
  17. 17. Exemptions <ul><li>Data used for prevention or detection of crime </li></ul><ul><li>Data used for the apprehension or prosecution of offenders </li></ul><ul><li>Data used for the assessment or collection of tax or duty </li></ul>
  18. 18. The Information Commissioner <ul><li>Responsible for the Information Commissioner’s Office </li></ul><ul><li>An independent authority </li></ul><ul><li>Responsible for: </li></ul><ul><ul><li>Administering two acts – DPA and Freedom of Info Act 2000 </li></ul></ul><ul><ul><li>To promote good information handling </li></ul></ul><ul><ul><li>To investigate complaints </li></ul></ul><ul><ul><li>To provide guidelines </li></ul></ul><ul><ul><li>To bring legal proceedings, if necessary </li></ul></ul>
  19. 19. The Freedom of Information Act 2000 <ul><li>Gives the right of access to information held by Local Authorities </li></ul><ul><ul><li>How public authorities carry out their duties </li></ul></ul><ul><ul><li>How they make their decisions </li></ul></ul><ul><ul><li>How they spend public money </li></ul></ul><ul><li>Public Authorities include </li></ul><ul><ul><li>Central government and gov depts </li></ul></ul><ul><ul><li>Local Authorities </li></ul></ul><ul><ul><li>NHS bodies </li></ul></ul><ul><ul><li>Police and prison service </li></ul></ul>
  20. 20. Scope of the Act <ul><li>Not restricted to personal information </li></ul><ul><li>Covers all types of information </li></ul><ul><li>Exemptions are: </li></ul><ul><ul><li>Were the info could jeopardise the prevention of detection of a crime </li></ul></ul><ul><ul><li>Where the release of the information would harm the public more than not releasing the information </li></ul></ul>
  21. 21. What You Need to Do <ul><li>Hand in completed MC spreadsheet </li></ul><ul><li>Complete Case studies 4 and 5 on pages 193 and 194 of Folens </li></ul>