Legal issues
The data protection act 1998
1. Personal Data-this
data type is made up of facts and opinions about a person, this data can be a
person’s name, address, date of birth,
marital status and current bank balance.
2. Data Subject-
the data subject is the name for the person the data has been collected from.
3. Data User- the
data user is the person who needs to accesses the data on a person, EG doctor,
police and employer.
4. Data Controller-
the data controller is the person who is in charge of the organisation that is
collecting the data, one of their jobs is to apply for permission to collect, use and store the data from the subject.
5. Data Commissioner-the Data Commissioner is responsible for enforcing the data protection
act, they also give permission
to the Commissioner.
The 8 principles
1. Personal
data should be obtained and processed fairly and lawfully.
This means that the user of the information
needs to tell you if they are using information about you and they need to tell
you what it’s for.
2. Personal
data can be held only for specified and lawful purposes.
The data collector needs to state why they are
collecting the information when getting permission. If they use the information
for other uses they are breaking the law.
3. Personal
data should be adequate, relevant and not excessive for the required purpose.
Organisations should only collect the
information they need and no more, EG a school may need to know the phone
number of the parent of one of the students but they do not need to know the
name of the grandmother.
4. Personal
data should be accurate and kept up-to-date.
Businesses and companies need to be careful
not to get the wrong information about a subject. schools do this by sending
out annual form with all the information about a student this is then checked
by the parents and made up to date.
5. Personal
data should not be kept for longer than is necessary.
Organisations need to only keep personal information
for a reasonable amount of time. A school can keep all the information on a
student for about 5 years to use for referencing but after that they must
remove it from the system.
6. Data must be processed in accordance
with the rights of the data subject.
If the information comes from a person, that person can make changes to
the information if there are any mistakes but only to the correct information.
7. Appropriate security measures must be
taken against unauthorised access.
This means that all the information needs to be protected from hackers or
people without the needed access
8. Personal data cannot be transferred
to countries outside the E.U. unless the country has similar legislation to the
D.P.A.
This means that if a company needs to trade their information to a
different country that country needs to use laws just like the D.P.A.
Freedom of
information act
The F.O.I act means that the person that the information was
taken from and the organisation that has the information can ask for
information from any and all public authorities such as the police, the
government, the NHS, a college or a school. The authority then has 20 days to
give them the information. The authority can still refuse the request for the
information if the authority believes it to be exempt from the act.
The computer misuse
act 1990
Before 1990 there were no laws agents hacking in the UK but
after that the government decided to bring in the computer misuse act which
consisted of 3 main laws.
1. Unauthorised Access to Computer Material
2. Unauthorised Access with Intent to Commit or
Facilitate a Crime
3. Unauthorised Modification of Computer
Material.
Ethical issues
When someone joins an organisation they will need to read
and accept the code of practice, so they can use the computers with in the
organisation.
The purpose of the
code of practice is to make it more clear what the rules are when using the
computer facilities
·
Use of Emails-
In organisations it is normally prohibited to send
threatening, harassing or spamming emails within the company as this can course
stress to other members of staff and may result in the staff member be in fired
and in extreme cases arrested. The user is also not allowed to send large
amounts of emails without premonition as this could result in overloading the
network. To stop this from happening the network usually has a limit on the
number of emails you can sent in a set time.
·
Use of the Internet-
One of the big things laid out in the code of conduct is the
use of the internet. On a company’s network some websites like pornographic,
gambling and social media will be banned to prevent staff from using these sits
with in work hours most of these websites will be stated in the code of
practise. One way around this is to give the staff log in and passwords that
record the users IP address.