Ethical, legal, privacy and data security

Question 1

Ethical definition

Answer 1

It’s about knowing what’s right and wrong and choosing to do what’s right, even when it’s hard.

Question 2

Ethical issues in IT

Answer 2

Privacy: Collecting personal data without consent, or sharing it without permission, violates people’s privacy rights.
Security: Failing to protect sensitive information from hackers or other threats can lead to data breaches and harm to individuals.
Accessibility: Not ensuring that technology is accessible to everyone, regardless of disabilities or socioeconomic status, can lead to exclusion and unfairness.
Workplace Issues: Monitoring employees’ digital activities excessively or without their knowledge can violate their privacy and trust.

Question 3

BCS Code of conduct

Answer 3

The BCS Code of Conduct is like a guidebook for IT professionals. It lays out the rules and principles they should follow to do their job ethically and responsibly.

Question 4

Legal issues

Answer 4

Computer crime(Computer Misuses Act 1990)
Protecting personal data
(Data Protection Act (1998, 2018),
GDPR)

Question 5

Computer Crime and abuse

Answer 5

Theft
Hacking
Spamming
Denial of service attack
Sniffing
Identify theft

Question 6

Theft definition

Answer 6

Theft is taking something that doesn’t belong to you without permission.

Question 7

Hacking

Answer 7

Hacking is like breaking into a digital lock without permission.

Question 8

Spamming

Answer 8

Spamming is like sending lots of unwanted messages to people, usually through email or social media.

Question 9

Denial of service

Answer 9

It’s when someone floods a website or online service with so much traffic that it becomes overwhelmed and can’t work properly for legitimate users.

Question 10

Sniffing

Answer 10

In the digital world, it’s when someone intercepts and eavesdrops on data being sent between computers or devices over a network, like spying on private information being transmitted over Wi-Fi.

Question 11

Identify theft

Answer 11

Identity theft is like someone pretending to be you, using your personal information without permission.

Question 12

Computer Misuse Act 1990

Answer 12

The Computer Misuse Act 1990 is a law in the UK that makes it illegal to misuse computers and related technology.
The Act helps protect against hacking, unauthorized access, and other cybercrimes.
Section 1 is the basic offence of hacking (including failed attempts).
Section 2 comes in when the hacking leads to another offence (e.g. theft).
Section 3 covers the use viruses, worms; also phishing and DoS.

Question 13

Privacy

Answer 13

Privacy refers to the protection of sensitive information stored within the database.
Privacy is the ability of an individual/group to stop data or information about
themselves from becoming known to people other than those whom they
choose to give access

Question 14

Data protection Act

Answer 14

The Data Protection Act 1998 was a UK law that aimed to protect individuals’ personal data stored by organizations.

Question 15

Data Protection Act (1998)
8 key principles:

Answer 15

1. Personal data should be processed fairly and lawfully and only if necessary
2. Personal data shall be obtained for one or more specified purposes, and not
   processed further for other purposes
3. Personal data should be adequate, relevant and not excessive
4. Personal data should be accurate and kept up to date
5. Personal data should not be kept for longer than is necessary for the original
   purpose
6. Personal data shall be processed in accordance with the rights of data subjects
   under this Act
7. Appropriate technical and organisational measures shall be taken against
   unlawful processing, accidental loss, destruction or damage of personal data
8. Personal data should not be transferred to a country outside of the EU unless
   they ensure an adequate level of protection for the rights and freedoms of
   data subjects in relation to the processing of personal data

Question 16

The Data Protection (2018)

Answer 16

The Data Protection Act 2018 is a UK law that governs how personal data is handled.

Question 17

The Data Protection Act (2018) 6 key principles:

Answer 17

1.)Requirement that processing be lawful, fair and transparent.
2.)Requirement that the purposes of processing be specified, explicit and
legitimate.
3.)Requirement that personal data be adequate, relevant and not excessive.
4.)Requirement that personal data be accurate and kept up to date
5.)Requirement that personal data be kept for no longer than is necessary
6.)Requirement that personal data be processed in a secure manner.

Question 18

General Data Protection Regulation

Answer 18

It’s a law that makes sure companies and organizations handle your data responsibly and keep it safe.
The EU General Data Protection Regulation (GDPR) has now come to replace
the for Data Protection Directive 95/46/EC. It was created to:
* Harmonise data privacy laws Europe wide,
* Effectively empower all EU citizens data privacy
* Remodel the way organisations in the region approach data privacy.

Question 19

Consent

Answer 19

It’s when you agree to something, like sharing your information or participating in an activity, with full understanding of what you’re agreeing to.

Question 20

Individual rights

Answer 20

1.)The right to be informed
2.) The right of access
3.)The right to rectification
4.)The right to erasure
5.)The right to restrict processing
6.)The right to data portability
7.)The right to object
8.)Rights in relation to automated decision making and profiling.

Question 21

Data security

Answer 21

Security can be breached in different ways:
-Theft and fraud.
-Loss of integrity – damage or loss of data.
-Loss of confidentiality – rights of organisation to secrecy.
-Loss of privacy – rights of control over personal data.
-Loss of availability – system down-time.
-A security breach can be catastrophic to an organisation leading to:
-Lost revenue
-Unexpected repair costs
-Damaged reputation
-Legal liability
-Loss of IP / competitive advantage

Question 22

Threats to security

Answer 22

Hardware
Users
Programmers/operators
Communication networks
Database

Question 23

Reducing security risks

Answer 23

Authorisation
Backup and recovery
Encryption
Redundant Array of Inexpensive Disks
Firewalls

Question 24

Legal Issues

Answer 24

Intellectual property
Copy rights
Patents

Question 25

Intellectual property

Answer 25

It’s a set of rules that protect things you invent, write, or design so that others can’t copy or use them without your permission.

Question 26

Copyright

Answer 26

It’s a legal right that protects your original works, like books, music, or art, from being copied or used by others without your permission.

Question 27

Patents

Answer 27

They’re a legal protection that gives you exclusive rights to your new and useful inventions for a certain period of time.

Question 28

IPR issues for software

Answer 28

4 main types of license:
Commercial(Perpetual use)
Commercial(annual use)
Shareware
Freeware

Patentability
Copyright

Question 29

IPR issues for data

Answer 29

There is a lucrative market for customer transaction
histories.
So long as no data protection issues sharing limited data
may be a valuable revenue stream.
Need to treat as IP and protect with appropriate license
terms