4.1 UK Legislation Flashcards
What does the Data protection act 2018 do for individuals?
Protected the data of individuals that is stored on computers and processed by organisations
How does the data protection act work (TOPIC)
What is a data subject?
A person who has their data stored
How does the data protection act work (TOPIC)
What must an employee in an organisation be appointed as and what is their responsibility within that role?
Appointed as a data controller
Responsible for registering with the information commissioner
When registering with the information commissioner, what must the data controller be clear on?
What information they are collecting
Why it is being collected
What the data will be used for
What are the six principles of the data protection act?
1) Data must be collected lawfully and processed fairly
2) collected data must only be used for reasons specified
3) Data must be relevant and not excessive
4) Data must be accurate and up to date
5) Data must not be stored longer than necessary
6) Data must be stored and processed securely
What are the actions organisations must take to stick to the data protection act 2018?
1) Company appointing and registering a member of staff as the data controller (What are they responsible for?)
They also ensure that principles of the DPA aren’t breached
2) Strong security measures, to protect data from being accessed without authorisation (Physical or digital protection methods, think of unit 1)
3) staff should be trained, so they clearly are aware of their responsibilities and each principle
e.g “Data can only be used for the reasons specified and should not be passed to other without permission of the owner”
4) data subjects given the opportunity to alter their data and make changes if it’s incorrect.
Data should be deleted when it’s no longer needed
Organisations should periodically assess both the accuracy and relevance of storing each data subjects information
5)Data subjects can make a SAR (Subject access request) to attain a copy of the data
Companies must abide by this request verifying the users identity and presenting the data to them securely
What are the Rights of data subjects?
The right to access any information that is stored about them by public bodies
What are the Rights of data subjects (TOPIC)
How can an individual access their data, outline the processes involved
Must submit a SAR (What is a SAR?)
1) The Organisation’s data controller must be written to and told exactly what information is required to access
2) Administrative fee paid to the organisation
3) Organisation must provide the requested information within 40 days
4) individual must verify their identity using appropriate ID
Only data subject can request their data
Computer misuse act 1990
Was established to punish those who use computers inappropriately
Computer misuse act 1990 (TOPIC)
What happens if an individuals breaks the three principles?
State what the three principles are
Could result in fines and a jail sentence if done on purpose
1) No Unauthorised access to data
E.g Hacking a computer system
2) No unauthorised access to data that could be used for further legal activities
E.g Accessing personal data to use as blackmail or identify theft
3) No unauthorised modification of data
E.g Spreading a virus to change data
Freedom of information act (2000)
Allows people to request public authorities to release information
Local councils
Governments
Universities
Hospitals
Departments
How can one qualify for a freedom of information request?
(Freedom of information act 2020)
How can one qualify for a freedom of information request?
(Freedom of information act 2020)
Provide an example of a simple freedom of information request
(Freedom of information act 2020)
Average response time of the local ambulance services
FOIR can be denied if:
The request would be too expensive
Involves sensitive information (Data protection act 2018)
Regulation of Investigatory Powers Act (2000)
Used to monitor and access online communication of suspected criminals
If criminal activity is suspected by an individual what are the following powers of this act?
(Regulation of investigatory powers act 2000)
1) Internet service provides (ISP’S) must provide access to the suspects online communication
E.g emails, social media
2) Locked or encrypted data may be accessed
E.g Online messages
3) ISP’s can install surveillance equipment or software to track the suspects online activity
4) Surveillance may take place to physically track the suspect
E.g undercover officers
5) Access must be granted to personal information
Copyright, Designs & Patents act (1998)
Makes it a criminal offence to copy work that is not your own without the permission of the creator
E.g Images, Videos, software, text
Copyright, Designs & Patents act (1998)
What does the act allow for the owner to do if they catch someone copyrighting their content?
The owner can bring legal proceedings in court to those who have stolen their work
Copyright, Designs & Patents act (1998)
True or false?
Creators of copyrighted work can take ownership of their work and control how it is used?
True
Creators of copyrighted work can take ownership of their work and control how it is used
Copyright, Designs & Patents Act (1998)
How can others gain access to a creators set of content?
Can the creator attain a profit through providing their content?
Others must ask for permission to use the work
The creator can demand a fee for its use
*The creator can ask for their content to be removed or ^
Copyright, Designs & Patents Act (1998)
What does the act specially prohibit?
Making copies of copyrighted material to sell to others
Importing and downloading illegally copied material
Distributing enough copyrighted material to have a noticeable effect on the copyright holder
Possessing equipment used to copy copyrighted material
Information Commissions Office (ICO) Codes of practice
Information commissioner is in charge of the country’s freedom of information requests and the protection of personal data
ICO publishes codes of practice about data protection and privacy topics, related to the data protection act
E.g How organisations should share data or the use of CCTV
Information Commissioners office (ICO) Codes of practice
The ICO Offers help and support to both individuals and organisations
True or false?
True
The ICO Offers help and support to both individuals and organisations
Example for individuals
Giving access to students to their exam results
Example for organisations
Support with legal electronic marketing
Protection of Freedoms act (2012)
This act was introduced due to little legislation about biometric data and to update older laws
Protection of Freedoms Act (2012)
Outline and explain the “specific parts of the legislation” IT students need to know
Part 1
How biometric data is stored, handled and collected
E.g Parents must give consent before their child gives biometric data to a school
Part 2
New regulations for CCTV and ANPR (Automatic number plate recognition)
Part 5
Disclosure & Barring service created to run background checks on vulnerable people or anyone wanting to work with children
Part 6
Extends the freedom of information act (2000) allowing for wider requests to be made
