Internal policies and the law Flashcards
What would the risk be of responding to an email?
The risk of opening a virus, spyware, phishing, scamming, hacker.
What would be the risk of opening a hyperlink?
The risk of opening a virus, spyware, phishing, scamming, hacker. or link to fake websites - stealing personal info.
What would be the risk of opening a USB?
The risk of introducing a virus and employee stealing confidential data.
What would be the risk of firing an employee?
Vandalism, theft of data, deliberate disruption of network.
What would be the risk of taking selfies?
The risk of exposing private information
What would be the physical and logical protection methods for a server room?
Logical protection methods - Biometrics, RFID badges; physical protection methods - keypad on the door that only privileged staff have access to.
What does Computer Misuse Act 1990 state it is illegal to do?
- Access someone else’s computer without permission.
- Access someone else’s computer without permission with intention to cause further criminal offences e.g. hacking.
- Altering computer data without permission e.g. creating a virus.
What is the Data Protection Act 1998 (DPA)?
It is a series of rules about how a data controller (company) stores data about data subjects (people).
What are the DPA rules?
- The data must be used within the law.
- It must only be held for the reasons provided to the commissioner.
- The data can only be disclosed to the parties agreed during the registration.
- The data must be kept accurate and up to date - if changes are provided by the subject, the controller must make the appropriate changes.
- The data cannot be stored for longer than agreed.
- The information must be kept safe and secure.
What is the data covered by the DPA?
The data subject must be specifically asked if a data controller wants to store sensitive information about them.
What are the rights of the data subject?
- The data subject has the right to access their information.
- The data subject has the right to correct any inaccuracies.
- the right to prevent distress - the data subject may prevent the use of information if it is likely to cause distress.
- The right to prevent direct marketing.
But these rights only apply if you know exactly who is storing the information about you.
What are the exemptions to the DPA?
- Any data stored by a national security reason is not covered by the DPA - for example, data stored by MI5 or MI6.
- Personal data stored by an individual - for example, if you store a list of your friends addresses or birthdays.
- The taxman does not have to disclose information used to process a crime or fraud detection.
- The data subject does not have the right to see medical information.
- A school pupil does not have the right to see personal files or exam results before publication.
What is the Copyrights, Designs and Patents Act 1998?
it is illegal to:
- Copy
- Change
- Distribute
Anyone else’s property. This includes songs, videos, images, text or software.
What is the Acceptable Use Policy?
Covers the security and use of all the company’s information and IT equipment.
Applies to all employees, contractors and agents.
Covers:
- Password policy.
- Ensuring you leave your PC locked.
- Ensuring you do not write your password down / give it to anyone else.
- Clear desk policy.
- Working off site policy.
What is the Internet and Email usage policy (Not limited to…)?
Individuals must not:
- Use the internet or email for the purposes of harassment or abuse.
- Use profanity, obscenities, or derogatory remarks in communications.
- Access, download, send or receive any data (including images), which could be considered offensive in any way.
- use the internet or email to make personal gains or conduct a personal business.
- Use the email systems in a way that could affect its members, clients, and stakeholders.
