P3 explain the issues related to the use of information

 

Legal issues

The data protection act 1998

1.      Personal Data-this data type is made up of facts and opinions about a person, this data can be a person’s name, address, date of birth, marital status and current bank balance.

2.      Data Subject- the data subject is the name for the person the data has been collected from.

3.      Data User- the data user is the person who needs to accesses the data on a person, EG doctor, police and employer.

4.       Data Controller- the data controller is the person who is in charge of the organisation that is collecting the data, one of their jobs is to apply for permission to collect, use and store the data from the subject.

5.      Data Commissioner-the Data Commissioner is responsible for enforcing the data protection act, they also give permission to the Commissioner.

 

The 8 principles

1.      Personal data should be obtained and processed fairly and lawfully.

This means that the user of the information needs to tell you if they are using information about you and they need to tell you what it’s for.

2.      Personal data can be held only for specified and lawful purposes.

The data collector needs to state why they are collecting the information when getting permission. If they use the information for other uses they are breaking the law.

3.      Personal data should be adequate, relevant and not excessive for the required purpose.

Organisations should only collect the information they need and no more, EG a school may need to know the phone number of the parent of one of the students but they do not need to know the name of the grandmother.

4.      Personal data should be accurate and kept up-to-date.

Businesses and companies need to be careful not to get the wrong information about a subject. schools do this by sending out annual form with all the information about a student this is then checked by the  parents  and made up to date.

5.      Personal data should not be kept for longer than is necessary.

Organisations need to only keep personal information for a reasonable amount of time. A school can keep all the information on a student for about 5 years to use for referencing but after that they must remove it from the system. 

6.      Data must be processed in accordance with the rights of the data subject.

If the information comes from a person, that person can make changes to the information if there are any mistakes but only to the correct information.

7.      Appropriate security measures must be taken against unauthorised access.

This means that all the information needs to be protected from hackers or people without the needed access

8.      Personal data cannot be transferred to countries outside the E.U. unless the country has similar legislation to the D.P.A.

This means that if a company needs to trade their information to a different country that country needs to use laws just like the D.P.A.

 

Freedom of information act

The F.O.I act means that the person that the information was taken from and the organisation that has the information can ask for information from any and all public authorities such as the police, the government, the NHS, a college or a school. The authority then has 20 days to give them the information. The authority can still refuse the request for the information if the authority believes it to be exempt from the act.

The computer misuse act 1990

Before 1990 there were no laws agents hacking in the UK but after that the government decided to bring in the computer misuse act which consisted of 3 main laws.

1.       Unauthorised Access to Computer Material

2.       Unauthorised Access with Intent to Commit or Facilitate a Crime

3.       Unauthorised Modification of Computer Material.

Ethical issues

When someone joins an organisation they will need to read and accept the code of practice, so they can use the computers with in the organisation.

The purpose of the code of practice is to make it more clear what the rules are when using the computer facilities  

·       Use of Emails-

In organisations it is normally prohibited to send threatening, harassing or spamming emails within the company as this can course stress to other members of staff and may result in the staff member be in fired and in extreme cases arrested. The user is also not allowed to send large amounts of emails without premonition as this could result in overloading the network. To stop this from happening the network usually has a limit on the number of emails you can sent in a set time.

·        Use of the Internet-

One of the big things laid out in the code of conduct is the use of the internet. On a company’s network some websites like pornographic, gambling and social media will be banned to prevent staff from using these sits with in work hours most of these websites will be stated in the code of practise. One way around this is to give the staff log in and passwords that record the users IP address.

 

·        Whistle Blowing-

whistle blowing is when a employee reports a second member of staff for breaking the code of conduct for the company. this can be more servicer if mistakes are made when evolving the public as this can open up path ways for hackers.