1.5.1 computing related legislation UNFINISHED Flashcards
Give the names of all legislation that exists
The Copyright, Designs and Patents Act 1988 (use of copyrighted material)
The Data Protection Act 1998 (DPA 2018 = Updated version).
The Computer Misuse Act 1990.
The Regulation of Investigatory Powers Act 2000.
Fill the Gap:
The Data Protection Act 2018 = UK’s implementation of ____.
The DPA 2018 = UK’s implementation of GDPR.
What recent changes were made to The General Data Protection Regulation (GDPR), describe what standard was made and what this does to protect.
The GDPR in EU law creates a European standard to protect individuals and regulates how companies + organisations may collect, hold, and use personal data.
What is the main role of DPA
controls how your personal info is used by companies and the UK government
What are the 7 principles of the DPA 2018?
- Personal Data must be fairly and lawfully processed
- Data stored on an individual must be adequate, relevant and not excessive
- Personal Data must be accurate and up to date
- Data must not be kept/retained for longer than necessary
- Data must be obtained for specified, explicit and legitimate purposes
- Personal data must be handled in a way that ensures security (protect against unlawful or unauthorised processing, data must be kept secure)
- Data must be processed in accordance with people’s rights
- Personal Data must not be transferred outside of the EU without adequate protection
Give example of Personal data an organisation can store
- Name
- Address
- Bank details
- D.O.B
Give examples of sensitive information that requires stronger legal protection
- Race
- Ethnic background
- Political opinions
- Religious beliefs
- Trade union membership
- Genetics
- Biometrics (where used for identification)
- Health
- Sexual orientation
Fill the gaps:
There are separate safeguards for __________ data relating to criminal convictions and offences.
- personal
Under DPA 2018, you have right to find out what?
information government and other organisations store about you.
What can you do as a data subject ands on what basis?
Make a formal complaint / write to the organisation and ask for copy of the information they hold about you.
You can do this if you think your data has been misused or that organisation holding it hasn’t kept it secure to request data an organisation holds about you
What do Data Subject have the right to request for?
- be informed about how their data is being used
- access personal data
- have incorrect data amended / data erased
- stop or restrict the processing of your data (right of compensation)
- object to how your data is processed in certain circumstances (complain to Information Commissioner)
- automated decision-making processes (without human involvement)
- Profiling I.e. to predict your behaviour or interests (as can be done by cookies)
If a data subject writes to an organisation, what must that data controller do?
they are legally required to give you a copy of information they hold about you if you request it.
There are some situations when organisations are allowed to withhold information. What are these situations?
If the information is about:
- the prevention, detection or investigation of a crime
- national security or the armed forces
- the assessment or collection of tax
- judicial or ministerial appointments
Were there any legal provisions in UK law governing use and misuse of computer systems before 1990?
NO!
Until Computer Misuse Act 1990, there were no legal provisions in UK law governing use and misuse of computer systems.
What are the powers given to the government under RIPA?
- mass surveillance of communications
- MONITORING of an individuals internet activities/history
- covert/extended surveillance can be carried out
- can demand access to protected data
- can demand that ISPs/Businesses give access to customer communications/history
- can demand that ISPs/Businesses install equipment to facilitate surveillance
- can demand that encryption keys are handed over (force handover of encryption keys) / force individuals to decrypt data
- can keep existence of searches and what found private in court
Why were further laws like Regulation of Investigatory Powers Act 2000 enacted?
- use of computers has become so widespread
- take into account technological growth + widespread use of encryption.
