1.5 (Legal, ethical and moral issues) Flashcards
Why was the DPA created?
The DPA was created to protect user’s rights and safety online.
What does personal data mean in relation to the DPA?
Facts, opinions about an individual
What does data mean in relation to the DPA?
DoB, name, NI# etc.
What does processing mean in relation to the DPA?
Collection and storage of personal data (search history, sorting data, comparing records)
What does data subject mean in relation to the DPA?
The person that data is being collected about
What does data controller mean in relation to the DPA?
The person in charge of the organisation which is collecting and storing data.
What does data processor mean in relation to the DPA?
Data is usually processed by third parties who aren’t part of the data controller’s organisation
What does recipient mean in relation to the DPA?
Anyone employed to access, use or process personal data as part of their job
What does information commissioner mean in relation to the DPA?
The person with overall responsibility for enforcing the DPA across the UK
Name 4 of the 8 principles of the DPA (challenge - name all 8)
Personal data should be obtained and processed fairly and lawfully.
Personal data shall only be obtained for specified and lawful processes.
Personal data should be adequate, relevant and not excessive (i.e only collect the necessary data) for the required purpose.
Personal data should be accurate and kept up-to-date.
Personal data should not be kept for longer than is necessary.
Data must be processed in accordance with the DPA.
Data must be stored securely to prevent unauthorised access.
Data cannot be transferred outside the EU unless the country has a similar legislation to the DPA.
Why was the computer misuse act created?
To prevent unethical use of computers i.e hacking, to reduce internet crime and to make unauthorised access to, the modification and deletion of, data a legal offense.
What four offenses is the CMA comprised of?
Unauthorised access to data.
Unauthorised access to data with malicious intent.
Unauthorised modification of data.
Creating, distributing and obtaining anything which may be used (e.g. viruses, trojans) to violate the computer misuse act.
What is the difference between having unauthorised access to data and having unauthorised access to data with malicious intent?
The difference between the first two offenses is that the first one usually involves accessing data through a method other than hacking (e.g. someone leaving their computer logged in, you guessing their password etc.) and the offender only views files, whereas the second one usually involves accessing data through a malicious method (e.g. spyware, keylogging) with the intent of stealing bank information (for example).
What does RIPA stand for?
Regulation of Investigatory Powers Act
What was RIPA designed to do?
This act was designed to make it an offense for anyone who is not authorised (by the act) to carry out the monitoring and surveillance of communications.
