2. Data protection act 1998
The data protection act is made so information stored on a data
system is:
Used fairly and lawfully
Used for limited, specifically stated purposes
Used in a way that is adequate, relevant and not excessive
Accurate
Kept for no longer than is absolutely necessary
Handled according to people’s data protection rights
Kept safe and secure
Not transferred outside the UK without adequate protection
3. Data protection act 1998
The data protection act protects many forms of personal
information including:
Ethnic background
Political opinions
Religious beliefs
Health
Sexual agenda
Criminal records
4. Freedom of information act
2000
The Freedom of Information Act gives you the right to access
recorded information held by public sector organisations.
Anyone can request information – there are no restrictions
on your age, nationality or where you live.
Your request will be handled under different regulations
depending on the kind of information you ask for, e.g. the:
Data protection act if you ask for information an organisation
holds about you
Environmental information regulations if you ask for
environmental information
5. Freedom of information act
2000
You can request information from some public sector
organisations, for example:
government departments, and other public bodies and
committees
local councils
schools, colleges and universities
health trusts, hospitals and doctors’ surgeries
publicly owned companies
publicly funded museums
the police
6. Computer misuse act
1990
The act is split into three sections and makes the following acts
illegal:
Unauthorized access to computer material
Unauthorized access to computer systems with intent to
commit another offense
Unauthorized modification of computer material
This act covers the following:
Hacking
Fraud and theft
Card not present fraud
Denial of service attacks
7. Computer misuse act
1990
Other forms of computer misuse that fall under this law are:
Pornography
Online sexual grooming
Extreme material
Incitement to racial & religious hatred
Online harassment
Terrorism
8. Copyright considerations
Copyright legislation & regulation takes into account:
Intellectual property Law
Copyright legislation in the UK
Rights granted by copyright
Copyright ownership
Copyright duration
Copyright infringement
9. Ethical issues: moral &
whistleblowing
Moral:
Protection of privacy and personal data
Free expression and choice
Whistleblowing:
Unethical practices
Protection program
10. Ethical issues: disability &
use of information
Disability:
Discrimination
Accessibility & availability
Use of Information:
Personal & private information
11. Codes of practices: e-mail &
internet
E-mails:
Aggressive behaviour
Plagiarism
Corrupt content
Internet:
Unnecessary use
Illegal action
Offensive material
15. Health & Safety: processes &
procedures
Processes & Procedures
Emergency fire procedures
First aid
Accidents/incidents
Reporting issues/concerns
16. Health & Safety:
regulations
Health and safety at work act 1974
safe operation and maintenance of the working environment,
equipment and systems
maintenance of safe access to the workplace
safe use, handling and storage of dangerous substances/facilities
adequate training of staff to ensure health and safety
17. Organisational policies
Organisational policies that relate to the use of business
information can help make sure that decisions affecting staff:
are understandable and consistent
meet legal requirements
take full account of their impact
contribute to productive working relationships
18. Costs: system upgrades &
development
It is important to manage the costs of IT Projects
The total benefits of a project should exceed the total
costs
Two areas to consider regarding costs for a business
case:
– Cost of system upgrades e.g.
New computer equipment and installation
User testing and training
Additional IT resources to run the systems
– Cost of development
Cost of getting/developing the new
system
Costs of future developments of the
system
19. Costs: training &
modification
Training
More trained personnel
training needed in using equipment and using the software
Modification
More complex upgrades are needed but cost a higher price
20. Continuance planning
Key successful business continuance plans are:
Identifying potential risks.
Full understanding of how the organisation will be affected.
Identifying factors and implementing resolutions as far as
possible to
minimise the risks in the first place.
21. Comparison of Legal
Issues
Comparison:
Copyright with Data Protection Act 1998 on a
organisation
Plagiarism
Intellectual property
Protection of information
Theft, manipulation & misconfiguration
24. Bibliography
Date Source of information
02/10/14 https://www.gov.uk/data-protection/the-data-protection-act
02/10/14 https://www.gov.uk/make-a-freedom-of-information-
request/the-freedom-of-information-act
05/10/14 http://www.bbc.co.uk/schools/gcsebitesize/ict/legal/0datapr
otectionactrev1.shtml
09/10/14 http://www.teach-
ict.com/as_a2_ict_new/ocr/AS_G061/317_role_impact_ict/c
omputer_misuse_act/miniweb/index.htm
09/10/14 http://www.bbc.co.uk/schools/gcsebitesize/ict/legal/2copyrig
htrev1.shtml
16/10/14 http://teachingwithcrump.weebly.com/p6---organisational-
issues.html
16/10/14 http://www.slideshare.net/mrcox/btec-national-in-ict-unit-3-
operational-issues
18/10/14 http://operationalissues.blogspot.co.uk/
Editor's Notes
P3: explain the issues related to the use of information
Robert Taylor
The data protection act was made in 1998 as a defence against information fraud. At the turn of the 20th century a lot more businesses and people decided to store data onto their computers and on the internet. This made it more likely to have their data stolen and their information disclosed. The Data Protection Act is the one of the most important pieces of UK law & legislation concerning the protection of personal data. This regulation was introduced so that the UK legislation was in line with the EU Data Protection Directive of 1995. The Directive made it necessary for all Members of the EU to protect people's essential rights & freedoms. The DPA mainly targets any business/organisation whether active or inactive, that retains personal data on a computer or a form of sorting system. This data must be securely protected and satisfy the regulations of the data protection act (as shown). In-order for the information to comply with the data protection act it must be used fairly and lawfully, this refers to how the personal data is being processed. The personal data should be kept out of the reach of people who would use the data for unethical purposes for example, using the information to harass someone for their sexual health. The personal data should only be used or spoken of when necessary and not in over excessive amounts. This allows for better confidentiality and helps stop the potential spread of sensitive information. An example of this could be the medication of a child being told to their teacher, so that the teacher can act accordingly to the child’s situation. The data must be accurate and handled in accordance with the specific data protection rights. This is important so that there isn’t any miscommunication that could result in a life threatening situation, also the data should be processed properly to stop anyone unintended from reading the data. It’s vital that the personal data is kept securely and for the amount of time appropriate, this will help prevent the sensitive information from being stolen and misused by both internal and external parties. The same is also applicable to the transfer of data without suitable safeguards, since when data is transferred it must be done in a protected and appropriate method to minimalize the theft of information.
Personal data, especially the sensitive data must always remain protected and secure. This is because these types of information could be used in a discriminating manner, so it should be handled with better care than other forms of personal data. The processing of sensitive personal data needs to satisfy at least one of the regulations for processing that particular piece of information, such as the co-workers of the employee shouldn’t be able to see what religious beliefs the member of staff has unless they allow them permission. Depending on the circumstances different conditions would apply. The category of the data is also a factor in deciding how much/what form of security is appropriate to use on the personal information. Although the data protection act mainly protects a persons sensitive data, it also protects valuable data from theft, such as a companies business ideas where a rival corporation may attempt to steal the plans of a new product/service. The data protection act can then be used to shield the important information in-order to prevent such situations.
The Freedom of information act is a piece of British government legislation that allows the public to ask an organisation to divulge certain details about their company. The act gives individuals a statutory right to examine the information held by Government branches and public organisations. Using the freedom of information act anyone of any nationality & living wherever in the world, can make a written appeal for information, and expect a reply within 20 working days. The appropriate government will then look over the application and decide if it is worthy to be approved. If not then the request will be denied and the applicant won’t receive the information, but often the government grant access to the information and meet that request with a number of specified exemptions with both particular practical and financial limitations. The FOI act imposes a considerable burden on those responsible for managing freedom of information applications in public authorities as they will receive a substantial amount of requests. The Data Protection Act has conventionally provided individuals with a right to inspect information held about themselves, this legislation was established to cover information about third parties as-well as any other information that may be retained by the local government. The Environmental Information Regulations 2004 provides a similar right to access information that relates to the environment. This can be useful to determine organisations carbon emissions or even their waste disposal size.
The freedom of information act allows people to examine information from any public sector company. This includes associations like local councils, police and even medical centres. Different organisations will have different categories of data as-well as various methods to relay the requested information. For example, schools will be able to disclose the average grades of results for their pupils by retrieving the information from their data banks/archives. On the other hand the publicly owned companies will have different information such as their net profit earnings or their total company staff count. This information may be stored in a secure computer system and need to be printed out. A lot of public sector organisations will have procedures in place to respond to any requests/applications. The system will analyse the submission thoroughly to decide whether they qualify and should have the information be released, or whether any exemptions may be applicable to their demand. Usually the Freedom of Information Act defines that an individual has the entitlement to be told whether the information exists & the right to obtain that information, unless their request is exempted. The freedom of information act does not alter the right of patients to protection of their patient confidentiality, as they are still safeguarded by the data protection act 1998.
The Computer Misuse Act 1990 was introduced in-order to deal with computer hacking. It comprises of three main offences to do with illegal actions involving computers: Firstly there is a basic hacking offence, which involves the unauthorised access to any program or data stored within a computer. Secondly, it’s an crime to try and attempt to execute an offence with an intent to commit the crime. The last subdivision contains the offence of performing any unauthorised act to a computer with hostile intent. This includes, to impair the processes of any computer, to stop or obstruct access to any program or data retained in a computer, to damage the operation of the programs or the accuracy of the computer data & knowing that any alteration intended to be happen is unauthorised. Hacking is used to describe the unauthorised access to a computer, it is usually aimed at organisations and often causes problems through financial disruption. Fraud and theft is often the case with many forms of computer misuse, where an individual with illegally try to change computer input data so that they may better themselves. Card not present fraud involves the stealing of valuable bank card details via misleading websites or computer viruses. The denial of service attacks is where hackers try and overload network systems so that they crash and become unusable, these usually occur on businesses/institutes in-order to cause economic interference.
The computer misuse act also covers other forms of legal issues related to the use of information. There are a lot of forms of computer misuse that are classified under the computer misuse act 1990, one of the biggest and most controversial is pornography. Some forms UK legislation make it illegal to distribute material that tends to degrade and corrupt there viewers. This is usually because the content may be classed as indecent or explicit content and not meant for public viewing. Highly sensitive topics involving online pornography generally include the viewing, possession, making and distribution of offensive images of children or serious stalking/ harassment enabled by modern forms of communication technologies. If an individual was found guilty of computer misuse then they would face criminal prosecution. If the criminal activity was located on an organisations computer then that business could suffer major reputational damage if it is not seen to be performing properly. Online sexual grooming is another form of computer misuse, it is a crime to befriend a child on the internet or by other means and to meet or intend to meet the child with the intention of abusing them. The computer misuse act 1990 prohibits adults from engaging in inappropriate behaviour such as sexual conversations with children online. It is also illegal to conceal the knowledge of any such activities within an organisation. Extreme material involves the possession of pornographic information which is graphic and sexually explicit and may contains realistic scenes or actual depictions of serious violence, bestiality or necrophilia. The computer misuse act can help prevent the distribution of these materials over telecommunications to reduce the severity and impact on the internet. Other issues related to the use of information includes the incitement of racial/religious hatred & online harassment. Cyberbullying is a crime that has been recently made more aware due to its psychological effects, especially on youths.
Copyright is a legally enforceable property right that makes it possible for the holder of that right to profit from their creation. The copyright laws prevent others from exploiting the work of the creator without the rights holder's permission for a set period of time. Copyright law guards the expression of ideas from misuse but not the actual idea itself. Intellectual property law lets people own the ideas/work they produce. Intellectual property rights are privileges granted to inventors and owners of creations that are the outcome of human intellectual creativity. These creations can be specialised in many forms of practice from the industrial to scientific/literary or even artistic fields of expertise. For example, these rights can apply to software, business names, manuscripts and inventions. Copyright legislation in the UK has changed over the years to suit the modern era. In conjunction with computer copyright issues, the UK government have made revisions to recognise the digital age in 2003 to amend any faults that were present in the Copyright, designs and patents act 1988. The copyright legislation is constantly updated to maximise efficiency and fix and gaps in the regulations. The owner(s) of the copyright material solely control the rights to the material they branded, but they can make deals with other parties to use their creation under their terms and conditions. The owners can also sell their rights to their product if they so desire, this can let other parties gain profit from their idea while they still make money. The duration of any copyright is reliant on several factors such as, the style of work protected, whether the idea is distributed or undistributed, whether the creator is well known for their work or not, and whether other possible measures from previous copyright legislation apply to the situation. Copyright infringement occurs when one of the copyright owner’s creations are used by a party without the consent or approval of the copyright owner or when the party is out of terms with the legislation, and is referred to as primary infringement. Secondary infringement occurs with the parties association, where they are marketing and distributing products that they shouldn’t have the rights to. This causes major issues on computer systems especially with software and music, since they are often easily copies and distributed without the owners permission.
Ethical issues include the moral concerns that involves the protection of personal information & human rights. The ethics of computer information should keep the importance of moral data out of reach from unethical people. Moral issues involves the release of private and personal information that should be otherwise kept secure and accessible to only a select few. Its immoral for someone to leak information that is confidential to an individual without their consent. In-order for their to be morality then there would have to be sufficient security measures to stop the data from being unethically disclosed. A moral issue that concerns the use of information would be the rights to freedom of speech and opinions. Every person has entitlement to human rights, this can cause ethical issues involving discrimination or prejudice. It’s morally unethical for people to be deprived of their freedom and opinions, so it should be safeguarded by the government at all times. Whistleblowing is the release of often crucial information that was intended to be kept secret by an organisation or party. Whistleblowing is usually carried out because a member is unhappy with an aspect of the company and wants to make their concerns public. If any worker do see unethical activity then they may end up whistleblowing their findings to the police or company management. Although several companies do have whistleblowing policies to help their staff raise awareness of any concerns that they may harbour. There are also protection programs for people that do decide to whistle-blow on a more serious issue. These people may have upset the organisation and feel threatened by their authority. These protection schemes help shield them from discrimination such as dismissal, disciplining or even in extreme cases threats.
Disability is an ethical issue to the use of information as people who are disabled are often unable to perform the same tasks that a regular person would be able to. They are limited at work and often discriminated against because of their disability. It’s unethical for information to be perceived as useless when considering someone's disabilities, yet as they are unable to carry out all the responsibilities that maybe required then it’s considered an ethical refusal of service. When considering disabled individuals its necessary for them to be able to get the correct treatment that corresponds to their condition. Some forms of legislation require disabled access to be present that would allow the disabled people to be able to perform the duties of an otherwise regular person. The ethical issues of the use of information range from the misuse of the data protection act & other legislation to the legal decision making of individuals or organisations.
There are many codes of practices that can be used to limit any unethical behaviour from individuals. There has to be a set of rule and regulations to control any potentially immoral material this is applicable to any form of telecommunications including e-mails. E-mails are essential for sending information fast and with ease, but sometimes they contain inappropriate content. The codes of practices are used to stop unethical content like aggressive behaviour, where the e-mail includes messages or material that have malicious intent and are aimed to hurt the recipient. E-mails can also contain content like plagiarism that has been copied, where the sender has decided to use other peoples information as their own. The e-mail may even harbour corrupt content such a virus in an attachment file, this can cause great damage to potentially unprotected valuable computer information. These forms of unorderly conduct are unethical as they breach the codes of conduct and are greatly disrespecting others. Codes of practices fro the internet are much more complex than for e-mails as the internet has a lot more content. The internet shouldn’t be used unnecessarily for pointless browsing, the internet codes and practices will vary from place to place. Places like school want their students to look at educational websites and while organisation may need to reference sources of information in their job. Whatever the case under the codes of practices the content being observed should be relevant. No illegal actions should be performed on the internet especially under a codes of practice. No matter what codes of practice or regulations the manager has, there should be no form of illegal activity as it is against the law and can cause the police to become involved. Offensive material should also be strictly prohibited as it is extremely unethical and could cause trouble with the other people.
Codes and practices can have different policies and regulations depending on the type of working environment, these are known as internal policies. Internal policies are aimed at stopping issues that may arise from forms of unethical behaviour for example, inequality would need to be reduced to a minimum. Equality is an issue in some working environments as some individuals may use discriminating language either casually or possibly with malicious intent. People who have a certain belief in religion or even are of a specific gender may find themselves discriminated again and need to use the internal policies to report the incident as an offence. The internal policies should also cover the diverse categories of people that may enter the working environment. People who are of a different ethnic background or sexual orientation are required to be protected by the internal policies so that they are not discriminated again for their lifestyle choices or culture/appearance. The internal policies should also be able to cover disabled individuals and stop potential discrimination for their unchangeable characteristics. Disabled people would face many issues that internal policies information & regulation would have to cover, such as the disabled access to buildings and a trainer helper available to them at all times. Intellectual property content is used in codes of practices to regulate work that may have been plagiarised. Codes of practice would have to include the information regarding the intellectual properties content in-order to protect both the workers from copying others work, but to also stop other from copying their work. The copyright acts should comply with the regulations set out, as to minimalize the potential exploitation of the individuals work. The codes of practice should have rules for the content produced to abide by, These rules should include the improper use when dealing with content. The content of a document should be detailed, formal & explanatory so that the reading can get a better understanding of what the content is explaining. If the content has improper usage such as the presence of foul/vulgar words then under the codes of practices it should be changed and anyone responsible should be disciplined accordingly. This is an issue when it comes to the creation of important documents as all official documents must be kept to the regulation standard and not have any inappropriate content.
When a individual or party is involved with bad practices then some people feel obliged to confront the situation and report the events that happened. The bad practices may be performed by the organisation themselves or just an individual without permission of the organisation. When reporting a bad practice There are 3 people to contact, firstly if its just an individual then the human resources department or the supervising manager should be contacted to deal with any situation. If the organisation is using bad forms of practice then the worker may want to whistle-blow what they have witnessed by contacting the local authorities or even a whistleblowing agency. By whistleblowing the individual responsible for any unethical practices can be deal with in an appropriate manner. The individual may want to report a breach in the organisations policies to the managers so that they can fix the situation. The worker will have to contact the managers and alert them of the breach. The breach can be from a health and safety risk to a the theft of equipment. The individual should not get involved with the breach and instead inform the correct personnel to take care of the situation. It’s essential that all the workers know what to do if they encounter a breach and who to contact under the specific circumstances. It would be unethical for the bad practice or breach to be left unreported as the damage done could psychologically or even physically injure someone.
The impact of information breaches of any type can range from little or no affect to disastrous. It is a particular nuisance when the information is greatly modified, or where it’s possible that the real extent of the security breach isn’t even discovered. Deliberate modifications to information will be more likely to result in a breach rather than accidental ones, since there is malicious intent on attempting to break the security policy. In-order for the security to be upheld certain criteria will need to be fulfilled. The information will need to be protected by an operational security policy, the policy should include detailed rules and regulations on what manipulation of data is allowed and who has permission for it. This security policy should clearly describe the responsibilities and permissions, as well as disciplinary actions taken if breaches do occur. The operational security policy would also act as a deterrent for any potential deliberate threatening activity. In-order for effective security, authorization codes will need to be set up to limit the access to only a select group of people. It would be a major security issue if anyone was able to retrieve the sensitive information stored on a computer system in an organisation without having to overcome some barriers of protection. So by having security systems that make the user verify that they are eligible to access that computer system then it would reduce the issue of unauthorised manipulation of data.
Health and safety is necessary for everyone and every aspect should be checked for potential hazards and risk to health. There are many forms of health and safety that require certain processes and procedures to be put in place for maximum protection. There needs to be emergency arrangements positioned such as fire assembly points and fire safety equipment, in-case of a fire outbreak. If a fire does occur then other individuals won’t recognise that there is a danger, this will cause an issue to health and safety and require someone to alert the other members that there is a fire hazard present. This can be done with a fire alarm system, and occasional fire drills to test the parameters of their emergency arrangements. If the emergency procedures don’t work and an individual is injured then this may cause a life threatening issue. By having several first aid workers and first aid kits located evenly across the work space then it will diminish any chance of severe damage on the individual, the first aid must also be checked regularly for any deficiencies otherwise a further hazard may arise. All incidents involving members of public, students, staff or machinery/equipment and buildings that cause injury/damage or have the potential to must be reported, recorded and carefully examined in accordance with the health and safety procedures and statutory legislation. Anyone who considers that has concerns about any aspect of their work activity, as it may cause them injury or ill health to themselves or even others must report their findings immediately to their respective managers as appropriate. Also, any issues identified in tools/equipment in the workplace must be extracted from work immediately and then reported to the appropriate personnel.
The Health and Safety at Work Regulations 1999 positions responsibility on companies to evaluate and manage risks to their workers and others potential hazardous work activities. Managers have to also make preparations to ensure that the health and safety of the working environment is to a maximum quality. This includes the creation of procedures in-case of emergencies, suitable information & training for personnel and for health officials if appropriate. Staff must work carefully in conjunction with their training and instructions to avoid any potential issues. Workers must also alert the manager or the person accountable for health and safety of any immediate/hazardous danger to the health and safety of the workers or any flaws in their health and safety regulations. In-order to stop the issues involved with health and safety, the health and safety at work act was created. This act includes the safe operation and maintenance of the working environment so that the machinery and equipment doesn’t malfunction and potentially cause injury to the workers. The maintenance of safe access to and from the workplace so that people don’t cause damage and harm when they are unprepared for a dangerous situation. The safe use/handling of dangerous substances & facilities are also important to avoid issues involved with health and safety. All potentially dangerous items should have the correct safety procedures and regulations to prevent and damage to personnel. In-order for the workers to understand their job properly and be able to perform their job with little risk they will need to have advanced training in the field of work. This will give them a better understanding of what hazards there are to their job and what precautions that may need to undertake to help prevent them.
Companies will make organisational policies to correspond with codes of practise linked with the legislative requirements of the government. A company can produce policies which can change the how their information is managed, accessed & even analysed. A company may have a policy that members of the public are not allowed to use their computer system, to protect their system from potential hacker attacks. When a organisation has employed a new worker they might make them sign a non-disclosure agreement, this prevents that member of staff from speaking about information that they have gained while working for the company with anybody outside of the business. Any other organisational policies should always be understandable and consistent so that the workers are able to comprehend the responsibilities that the policy demands of them. The policy should also meet the legal requirements of the government, this includes not breaching the data protection act whilst still allowing for the freedom of information acts legislation to apply. The organisation should take full account for their policies impacts as they may hinder the work speed of their employees. The organisational policies shouldn’t impede in the productive working relationships between all the members of staff, if an organisational policy did then it would be counter productive to the company as it may cause issues with communication issues between the staff.
An issue with the cost of the system upgrades is that they require additional resources to enhance and make them up to standard. System upgrades are extremely costly especially if they are being made from scratch. System upgrades can require new computer equipment such as Ethernet cables to allow for a linked computer system, as-well as a lot of time delays to install the new system and transfer it onto the old systems. The cost of systems will also require a lot of testing for any flaws in the new system as it may not be compatible with the old system. Training may also be vital for both new and old workers so that they know how to operate the new system. The cost for systems upgrades will also rise when there is a need for additional resources from the IT department. Upgrading the systems can also be costly as it takes up precious time and resources. The cost of development is also linked to the system upgrades as there is a large costs to develop the systems in the first place. The development costs would consist of the obtaining and developing of any new systems or resources. The development costs will also involve the potentials charges that any future developments will cost to finance. The development of any resource in an organisation is often necessary in-order to keep the organisation at a modern standard.
As organisations are ever-growing they require more complex systems and thus need higher standards of training, this training will intern have a much higher cost and cause the organisation to lose a great sum of money because of it. There is also a greater need for more trainer workers so that they can take over operations if needs be, this requires a even greater deal of money to pay for all the personnel's training. The training must also be very specific to their field of work for example, an IT manager must have comprehensive skills in updated programming and software so that the organisation is up to date on with their work. The costs of modification can vary greatly depending on what is being altered. Small scale modification has little costs to the company this includes feature such as, adding a new piece of software to the computer system that is full compatible. These modifications are often quite cheap, only having small impacts on the company. While not all modifications are small and cheap, some modification require a lot of resources & time to uphold. These usually have great impacts on the company and help prevent other issues from arising, like backup system allowing for files to be retrieved if lost. If the outcome of the modification is not greater than the cost to obtain it then it is classified as a financial issue to the organisation, and shouldn’t be performed.
When corporations rely greatly on computers they need to have a continuance plan in-order to make sure that they have a plan if a disastrous event happens, such as an man made incident possibly involving theft or even a natural disaster like a flood. A continuance plan is used in case of such events so that the staff have a detailed plan that they can follow. In any continuance plan it’s essential to identify any threats to the system. These could be risks like loose cabling, building integrity and equipment malfunction. The plan must include how the organisation is affected if a threat does cause damage, then the best course of action to take from the specific threat. The continuance plan then must also take into account what implications, implementing these resolutions would have on the organisation as a whole. Also the threat should either be neutralised or minimalized as much as possible to stop such occurrences from happening again.
D1: compare legal, ethical and operational issues that may affect organisations
Copyrights are made to protect the creations of an individual while codes of practice are used to stop individuals from abusing the creation in both public and private organisations. Both of them are against plagiarism as it is a form of theft from the current rights holder, with a private organisation like Kellogg's they want to keep their secret recipe under a secure location. Copyrights affect the music industry greatly as if artists didn't copyright their work as their own them others can take their work and sell it as their own. The copyright laws see that if some is distributing the music of another artist without the right holders permission, then they are charged with a breach in the copyright act. On the other hand, codes of practice are used to regulate a public organisational environment such as a school computer system, they are placed so that there aren't any unethical or impractical activities being carried out. The codes of practice refers to the regulations that are in place to be used as a deterrent to possible offenders and for reference if there is an offender.
Copyright is also able to affect large private industrial organisations such as mobile phone companies. This is due to the fact that some phones, such as Apple’s iPhone, are copyrighted so that other phone companies don’t steal the name and design of that particular product. This is due to the fact that if there designs were stolen then there competitors could release their phone to a better quality using the original design of the phone. This is different from codes of practice, which use there regulations to stop people from committing an offence, such as discrimination, in the first place.
This means that if a culprit within an organisation decides to discriminate against another individual then they will be disciplined accordingly using internal punishment systems or even exclusion if necessary. In some respects, copyright is similar to codes of practice as they are both forms of regulations which must be both regulated and abided by for all individuals. Whilst most the codes of practice have consequences if they are broken, they are usually deal within quickly but if a copyright law was to be broken then it can end up in a drawn out court case with many different legal repercussions.
D1: compare legal, ethical and operational issues that may affect organisations
Reporting bad practices involves the discussion between either an external or internal worker to highlight a concern that they have with an organisation. This is very different from organisation policies which concern the regulations and procedures that the organisation requires of their workers to fulfil their job properly. A common form of reporting bad practices would be whistleblowing. Whistleblowing can be used in companies such as a baby food manufacture factory, if the baby food was being filled with unhealthy nutrients that may danger a babies life. One of the staff could decide to whistle-blow on the organisation so that they are made to follow proper legislation and are brought to justice. Another organisational type affected by the reporting of bad practices would be public companies such as the national health service (NHS). If the NHS makes a mistake and ends up having the wrong procedures in place for an operation, this could be reported to their management to have the regulations changed for the benefit of their patients.
While reporting bad practices is an ethical issue it is important to create organisational policies to stop these issues from occurring in the first place. An organisation policy may include providing services to disabled individuals or people of a different language. The staff may be trained to handle these categories of people and be able to assist them using the newly learned skills. An example of how organisation policies affect an organisation could be that with a school, where there may be a policy that blocks their students from inappropriate websites.
A non for profit (charity) company like the British Red Cross may keep specific storage policies, which requires the information to be archived within a paper based filing system or even a more reliable computer database system. The organisational policies and the reporting of bad practices involve the policies/regulations set out by an organisation to help improve the flow on information and the interests in health and safety of an organisation. Reporting bad practices consists of the individual speaking about any concerns the have, while the organisational policies involve the company themselves showing their workers how they should operate when perform a job role.
D1: compare legal, ethical and operational issues that may affect organisations
The security of information describes the protection of the data from potential threats such as manipulation of data, theft of information and even unintentional misconfiguration of information. The data protection act defines the laws & legislation of the local government to safeguard the recorded sensitive information held by organisations. Security information is vital for any organisation such as a soft drinks company, as they don’t want their secret recipes to be stolen by rival companies then rebranded and sold as an original product lowering their own drink sales. The security of information is able to protect private companies from data fraud and information manipulation. Companies such as Sony have found that if their data isn’t protected effectively then their customers private details may be unlawfully distributed without consent.
On the other hand, the data protection act would be used to keep peoples information secure in an public organisation such as a hospital. The hospital has to involuntary store the medical information that they gain and keep tight security on it. The data protection act means that if the organisation were to leak this information without permission, they would have to be disciplined according with the legislation on the data protection act. This is different from operation issues such as the recording of security information as they would need to use some of the information covered by the data protection act if an emergency were to arise then they can give specific details to the necessary reciprocate. In a private company such as Mercedes they have very secure computer systems to mitigate any chance of misuse of data.
This would affect the organisation by taking up precious resources that could be used to sell more products, instead of having to protect their computer systems. The security information and the data protection act are similar because they are both forms of protection for both data and information. The data protection act is obligatory and must be upheld at all times, otherwise the practices will be classified as against the law. On the other hand the security information must be kept by the company, there is no necessity to uphold the security of information company as long as it doesn’t violate any legislation, but the company decide to hold its information securely as it is in their best interests.