P6 Review the laws related to security and privacy of data.
Computer
Misuse Act (1990)
The computer misuse act covers 3 different aspects;
Unauthorised access to computer material, this is things like using another person’s password and username without their permission (or using a trap to find out their password) editing, deleting or moving any data without permission all fall under the unauthorised access to computer material.
It also covers unauthorised access to computer systems, which is when a computer system is used without permission for anything malicious, like creating a Trojan, creating a backdoor for hackers, or giving people administration rights when they’re not supposed to have them.
Finally it covers unauthorised modification of computer material, and this includes offences such as editing data for personal gain, for example bank account details or modifying when you were clocked into work to avoid getting disciplined for being late. It also includes the distribution of viruses.
Copyright, Designs and Patents Act (1998)
This covers things such as media, music, videos, podcasts, pictures and images, written material, a design of a unique hardware product or software program.
When something has been copyrighted or patented, this means that no one can use the music, video, image etc, without the permission of the creator. If someone is found using the copyrighted material without consent, then the holder of the copyright has the right to sue them under the copyright, design and patents act. In order to avoid this is it always important to ask permission before using images.
Data Protection Acts (1984, 1998 and 2000)
The Data Protection Acts are, as the name suggests, acts which cover how personal information can be accessed and used. It doesn’t cover data from computers; it also covers paper based information. There are 8 basic principles to the act
The computer misuse act covers 3 different aspects;
Unauthorised access to computer material, this is things like using another person’s password and username without their permission (or using a trap to find out their password) editing, deleting or moving any data without permission all fall under the unauthorised access to computer material.
It also covers unauthorised access to computer systems, which is when a computer system is used without permission for anything malicious, like creating a Trojan, creating a backdoor for hackers, or giving people administration rights when they’re not supposed to have them.
Finally it covers unauthorised modification of computer material, and this includes offences such as editing data for personal gain, for example bank account details or modifying when you were clocked into work to avoid getting disciplined for being late. It also includes the distribution of viruses.
Copyright, Designs and Patents Act (1998)
This covers things such as media, music, videos, podcasts, pictures and images, written material, a design of a unique hardware product or software program.
When something has been copyrighted or patented, this means that no one can use the music, video, image etc, without the permission of the creator. If someone is found using the copyrighted material without consent, then the holder of the copyright has the right to sue them under the copyright, design and patents act. In order to avoid this is it always important to ask permission before using images.
Data Protection Acts (1984, 1998 and 2000)
The Data Protection Acts are, as the name suggests, acts which cover how personal information can be accessed and used. It doesn’t cover data from computers; it also covers paper based information. There are 8 basic principles to the act
1. It must be
collected and used fairly and inside the law.
2. It must only
be held and used for the reasons given to the Information Commissioner.
3. It can only
be used for those registered purposes and only be disclosed to those people
mentioned in the register entry. You cannot give it away or sell it unless you
said you would to begin with.
4. The information held
must be adequate, relevant and not excessive when compared with the purpose
stated in the register. So you must have enough detail but not too much for the
job that you are doing with the data.
5. It must be
accurate and be kept up to date. There is a duty to keep it up to date, for
example to change an address when people move.
6. It must not
be kept longer than is necessary for the registered purpose. It is alright to
keep information for certain lengths of time but not indefinitely. This rule
means that it would be wrong to keep information about past customers longer
than a few years at most.
7. The
information must be kept safe and secure. This includes keeping the information
backed up and away from any unauthorised access. It would be wrong to leave
personal data open to be viewed by just anyone.
8. The files
may not be transferred outside of the European Economic Area (that's the EU
plus some small European countries) unless the country that the data is being
sent to has a suitable data protection law. This part of the DPA has led
to some countries passing similar laws to allow computer data centres to be
located in their area.
(ref for 8 principals:
http://www.bbc.co.uk/schools/gcsebitesize/ict/legal/0dataprotectionactrev5.shtml)
Freedom of Information Act (2000)
The freedom of information act means that anyone can request any
official government information with regards to the government, public
authorities, the NHS, schools and universities, public services such as the
police etc. personal information may not be realised as this would breach the
data protection act. There are a few different circumstances in which you
wouldn’t be able to receive the information, some of these include, if the
information applies to an organisation’s security, is related to a current
ongoing investigation by police or other public authorities or if it is covered
by the official secrets act.
No comments:
Post a Comment