Legal issues The data protection act The data protection act This is an act that was created to ensure that the personal data of people and customers are kept secure and safe for hackers or anybody else who should be able to see it, it also says that the persons data that is being held has the right to see that data whenever they ask to do so and are able to change that data if it is required. The company that is collecting data must first register with the DPA registrar and must stat what they are going to use the information for and comply with the eight principles of the DPA.

What is personal data? Personal data is any type of information about you as a person that can give any indication as to you as an individual this can be things like D.o.B, name, home address, phone number and religion and as part of the data protection act if a company has this information about they must keep as safe and secure as they can and keep it confidential for your safety

The data controller The data controller is the person who has control over the data and the person who goes to the registrar with the request to begin collecting the data and most likely the owner of the organisation

The data user This is the person who uses or need access to the data like a doctor will need access to your medical records while your school most likely would not need to concern themselves with it but they would need your home address to send letters out or phone number to call your parents

The data commissioner This is the person who is responsible for enforcing the data protection act and this will be the person who will point out who is breaking the law

What are the eight principles? These are the principles that any company has to follow if they are keeping data about you and not following these principles is breaking the law the principles are: Principles Personal data should be obtained and processed fairly and lawfully.

What they mean This principle means that you need to be informed that one the data is being collected about you and the also what it is going to be used for so you can say yes or no to having the data collected.

Personal data can be held only for specified and lawful purposes.

Personal data should be adequate, relevant and not excessive for the required purpose.

Personal data should be accurate and kept upto-date.

Personal data should not be kept for longer than is necessary.

Data must be processed in accordance with the rights of the data subject.

Appropriate security measures must be taken against unauthorised access.

Personal data cannot be transferred to countries outside the E.U. unless the country has similar legislation to the D.P.A.

this principle says that when the data controller applies for the permission to collect data they need to state what they are going to use it for and they are only allowed to use it for that purpose if they us it for anything else and have not stated so they will have broken the law and have not used the data lawfully. This principle states that if a person or company is collecting data they must only collect data that they will need or are going to use so if they were asking for the names of your family members for no explained reason then they are not collecting relevant data thus making it excessive and not following this principle. This says that the data that a person or company has is kept up to date and is not incorrect and they must ask you at least once a year to confirm if the data that they have still valid however you are also able to call the company and ask them to change the data if you are able to prove that the data is incorrect. This says that the data should be kept for it’s given purpose and no longer for instance if you changed your phone number there is no reason for them to keep the old on since it would be incorrect and invalid This means that the data that a company has about a person that the person has every right to look at and see the data change it if they see fit however they can only change it to the right thing not the wrong thing. This means that the company holding your data must do all that they can to keep your data safe and away hackers or even other employees that do not have the right authorisation to see it This means that if a company is going to send data to another country them must have and data protection law that is similar to the UK’s Data protection act (1998) since if the country does not have similar laws this means that there is a chance that people who should not see your data may see thus breaking the law of what you sign up when giving your data to that company

The freedom of information act (2000) What is the freedom of information act (2000)? This act is about the availability of information for public entities like NHS, police, schools and colleges this act can even be acted upon when in a job interview since you can ask to see the interviewers notes if they made any if

Who can ask for information? any person can asks to have or see some information from an organisation they have 20 days to provide the information to you otherwise they could be taken to court in the refusal to give over the information they can only do this if the information is exempt from the act and

How can information be exempt from the act? Things that make the information exempt from the act is: if the release of the information could be prejudice, breech of national security and damage to commercial interests

The computer misuse act (1990) What is the computer misuse act (1990)? This was an act that was created to combat the malicious intent of computer system hackers since in the 1990 there was a number of cases where computer system hackers had caused a disturbance that cause the law to enforce the new act and protect people computer privacy.

How do you know if you are breeching the computer misuse act? You will know if you have breached the computer misuse act because if you accessed computer material without permission which means going into a company’s files or looking at their file without the right authorisation, access unauthorized data with the intent to commit a crime this is going into a company’s files and intending to commit a crime but being caught before you could do so, or the changing of computer data without permission this is where you go into a company’s files and deleting or changing them these are the 3 main rules that if you have broken any of them you have broken the law in connection to the computer misuse act.

What are the punishments for breaking the computer misuse act? The first offence will get you up to six months in a prison or a large fine or possible both for breaking it again you will get up to 5 years in prison or a large fine or both and doing it one more time will get you the same as the second punishment there is also a punishment which is one over the third where you can get five years in prison and a unlimited fine which means they can fine you for as much as they want since there is not limit on it.

Codes of practice Most organisations will have something called the codes of practice which is where the company will outline what their computer facilities can be used for and how far you can go with the private uses of the computes like checking email This also outlines the kind of websites that the works can look at stuff like gambling and pornography are banned by using software to block access also small use of the computer for private purposes are ok how that can be hard to distinguish form professional work Whistleblowing is also covered on the codes of practice since if someone sees or detects someone misusing the system this makes sure that the person who is whistleblowing is protected and kept anonymous as well as the system administrator who is usually the first to notice the misuse of the system since they can see everything that the computer in the company are being used for the definition for whistleblowing is someone who speaks out on a person or organization regarding immoral or illegal activity.

Operational issues Security of information The security of information is where a person or company keeps a person’s information safe so that no one who does not have the right authorisation is able to see it most places will have an it department that is made to keep the personal data of people safe from others the company will also allow those who information is based off to come in and change it so that it is up to date they would do this because for example you may have moved house or changed phone number so you will need to change the information so that they are still able to contact you.

Backups Having backups are very important since if something were to go wrong where you lose all you’re the data on a system how will you get it back this is what backups are for they work like a continuance plan since you are prepared for if the worst is to happen a company will usually keep lots of backups and update on weekly or monthly bases the IT departments that the company has will also practice recovering data from the backups so that they can do it fast as they can if data is lost for any reason.

Health and Safety When working with computers there are still health and safety issues that you will have to deal with this will include things like the position of monitors and how long someone is using that monitor for, the position of chairs and desks and if the workers have any support that they require like back support and foot rests and finally any department that has a computer will need to have breaks so that they do not damage their eyes because of the monitor.

Business continuance plan For any company or organisation that keeps control over data they will need to have a continuance plan this is something that if the worst is to happen to a company concerning the data that they have they will still be able to function without the data being lost this can be done with things like backups where if the data comes off the system all they need to do find the backups replace the data and they can continue as normal, the continuance plan is usually made up by the IT department so before the event even happens they should be ready to do it as fast they can to minimize problems .

Costs When it comes to organisation money needs to be spent to make an IT system the most efficient that it can be but when paying for an IT system the total amount of benefits that it grants to the organisation must exceed the total price of the system so it can give large profit but there are also other things you need to take into account to know if it is going to be efficient this includes things like the resources required to run the system, the cost of development, the price, the installation and the training need to use it. The IT system is the going to take up one of the largest parts of the budget also there is going to on-going changes needed like upgrading when needed and if it were to brake and since it is a new system you are going to need to pay for training people to use it and if anybody new comes on they will also need to be trained so all these things need to be taken into account when buying a new system and you need a lot of money to spare.