4.1 - UK Legislation Flashcards
GDPR/Data Protection Act - Purpose
To protect the data of individuals that is held and processed by organisations on their computers.
Under the DPA, what do the data controllers (these are organisation’s processing the individual’s information) have to do when handling individual’s data?
- Data collected lawfully and processed fairly.
- Be clear about what the data is being used for.
- Must be relevant, accurate and up to date.
- Data must not be stored for longer than necessary. If it is stored longer, it should be removed.
- Data must be processed and stored securely. Provide information security e.g taking backups.
Under the DPA, what are the data subjects allowed to do?
Data subjects = the person who the information is about.
If an organisation does not comply with DPA/GDPR, what are the consequences?
This law applies to all types of businesses/workplaces. If an organisation does not comply they can be banned from processing data and fined
Freedom of Information Act (2000) - Purpose
People can request public authorities to release information in the form of a letter or email. The organisation is then required to reply to the individual within 20 days.
short: allows citizens to request information from public authorities.
note: you cannot request personal info, only general info
Freedom of Information Act (2000) - What are the consequences if a public organisation fails to comply?
Be found in contempt of court for failing to comply with a decision notice, enforcement notice, or information notice.
Freedom of Information Act (2000) - Principles / What public authorities need to do to comply
The main principle is that people have the right to know about the activities of public authorities unless there is a good reason not to such as having access to their own personal data e.g health records.
Protection of Freedoms Act - Purpose
to provide for the destruction, retention, use and other regulation of certain evidential material so its basically providing personal data e.g biometrics.
it requires criminal record checks for those working in vulnerable groups. such as a teacher working in a school
it adds codes of practice to public cameras - CCTV/ANPR (which talks about where they locate it/what type of cameras they use
Protection of Freedoms Act - Principles
Part 1: Discusses how biometric data is handled and collected.
Part 2: Creates new regulation for CCTV and ANPR so that it can be used for automatic number plate recognition use.
Part 5: DBS (Disclosure and Barring Service) created to run background checks for those that wanting to work with kids.
Part 6: Allowing wider requests to be made by extending the FOIA 2000.
Information Commissioner’s Office (ICO) Codes of Practice - what do they do
They provide practical guidance to organisations on how they share personal data that complies with the Data Protection Act.
This mainly affects organisations that are controllers of sharing personal data.
How do organisations adapt to then comply with legislations such as the DPA?
They need to get consent for when they are processing data and can only collect/use the information for a specific purpose.
Regulation of Investigatory Powers Act - 2000
What does it do
hint: criminals/online
Used to monitor and access online communication of suspected criminals so it allows them to carry out surveillance, ‘in the interests of national security’ if a judge approves.
This law applies to certain public authorities e.g the police.
Regulation of Investigatory Powers Act - 2000
What happens if criminal activity is suspected by an individual?
If criminal activity is suspected by an individual this can then happen:
ISPs (internet service providers) can provide access to the suspect’s online communication (e.g: emails, social media)
Tracking the suspect
Access granted to personal info
Installing surveillance equipment/software - to track their online activity.
Locked/encrypted data may be accessed such as online messages.
Privacy and Electronics Communication Regulations - what i it
Regulations that organisations need to comply with when they are communicating with individuals.
It provides PRIVACY RIGHTS for individuals
Privacy and Electronics Communication Regulations - what are the rules do organisations have to then follow when they are communicating with individuals?
1 – It is an offence to communicate directly with the individual unless they have stated so which could be through tick boxes.
2 - Explain how cookies are used on their website.
3 – They need to clearly state who they are when contacting/calling the individual. Their phone number should not be hidden.
4 – They must contact their customers through customer channels they have permitted.
Copyright, Designs and Patterns Act (1988) - what is it and what action can the creators then take?
Makes it a criminal offence to copy work that is not your own without permission.
SHORT WORDS: Designed to protect intellectual property & the creators of them.
E.g: Text, images, music, videos, software.
What does the Copyright, Designs and Patterns Act (1988) prevent individuals from then doing?
Making copies of copyrighted material to sell to others
Importing/downloading illegally copied material.
Using processing equipment to copyright material (such as putting copyrighted images on shirts) for their business.
Computer Misuse Act (1990) - what does it prevent?
This act is more targeted towards individual people
It prevents and stops those who use computers inappropriately.
It punishes hacking and creating malware
Computer Misuse Act 1990 - what does it make it illegal to do or what is considered illegal?
1 – Having unauthorised access to computer systems without permission.
2 - Having unauthorised access to computer systems BUT using it with the aim of doing further illegal activities.
E.g identity theft on a person’s bank details to buy loads of things.
3 – Having unauthorised access to a computer system and MODIFYING/IMPAIRING the data on it.
For example: Malware/Virus could delete important files.
What are the consequences of not complying with CMA?
Police enforce this so it can lead to prison sentences/legal action in court
Equality Act - 2010 - what does it protect people from?
Protects people from discrimination in workplaces and other organisations.
It is illegal to treat someone unfairly because of a protected characteristics (age, gender, disability, religion..etc)
E.g: Being biased when protecting a person’s data due their protected characteristics such as gender, race, religion, age and disability this is then breakimg the DPA and the Equality Act.
