Lecture Week 8 Flashcards
data subject = ?
any living individual who is the subject of personal data held by an organisation
data controller = ?
the natural or legal person who determines the purposes and means of the processing of personal data
data processing = ?
any operation which is performed on personal data
e.g., collection, recording, organisation, structuring etc.
personal data = ?
any information relating to a natural person
natural person = ?
a human being who is alive
what are the principles of data protection?
- lawfulness, fiarness & transparency
- purpose
- data minimisation
- accuracy
- storage
- security
- accountability
lawfulness, fairness & transparency principle of data protection?
controllers need to be 100% transparent while seeking individuals for data collection
purpose principle of data protection?
must be used for a specific purpose the data subjects have given consent
data minimisation principle of data minimisation?
only collect necessary and relevant information
never excessive amounts of data
accuracy principle for data protection?
controllers must verify that the data they process and collect is accurate & not misleading
storage principle of data protection?
controllers shouldn’t keep personal data for longer than its requirement
subjects must be notified how long the data will be held
security principle of data protection?
controllers must have security controls in place to protect confidentiality or integrity of personal data
accountability principle of data protection?
every controller must comply with regulatory obligations
data protection act 2018?
a UK law which complements the UK GDPR
mostly refers to UK GDPR but includes UK specific details for a few things e.g.,
- how to process criminal conviction data
- how the intelligence services are allowed to process people’s personal data
- how young someone can consent to information society services’ procession of their personal data
difference between UK GDPR and GDPR
UK-GDPR was developed when the UK left the EU
similar to GDPR but it’s complemented by the DPA2018
sensitive personal data = ?
information that, if disclosed or misused, can result in data theft or identity fraud
requires an extra layer of security controls (e.g., encryption, password-protected)
various forms of sensitive personal data?
- health data
- genetic data
- individual data
- financial data
- classified data
- web data
health data = ?
data linked to an individual’s health condition & medical history
genetic data = ?
sensitive data associated with inherited characteristics (DNA, RNA, chromosomal information)
individual data = ?
individual personal data (e.g., sexual orientation, political views, cultural background, race, religion, ethnicity etc.)
financial data = ?
information linked with credit card details, security codes, banking details etc
classified data = ?
includes any personal information classified explicitly for non-public disclosure
business related data = ?
any information relating to a business’ intellectual property, trade secret etc
biometric data = ?
sensitive data includes individuals’ physical characteristics (e.g., fingerprints, DNA, facial patterns etc.)
web data = ?
any information that reveals any individuals’ online identification (e.g., IP address, cookies etc.)
e-commerce = ?
the act of online selling
what does e-commerce law govern?
online payment security standards, policies for your website, accessibility etc.
e-commerce regulations?
before customers place their order, online traders must make the following steps clear
- ‘pay now’ to confirm payment
- steps to let customers correct errors
- T&Cs
- VAT number
- description of goods/services
are there extra rules fo selling digital services
yes
e-commerce regulations after an order is placed?
- must confirm the contract ASAP
- provide copy of contract either by email or another format
- deliver goods within 30 days (unless agreed otherwise)
consumer rights act 2015?
outlines what rights consumers have and what company’s obligations are as a goods/services provider
gives consumers a clear right to the repair/replacement of faulty digital content
must websites be reasonably suitable to all?
yes
if website uses cookies, what must e-commerce traders do?
include a section dedicated to cookies to clarify them in the company’s privacy policy
what is an important security measure?
payment card industry data security standard (PCI DSS)
essential for compliant online transactions and boosts customer confidence
when is an e-signature appropriate or inappropriate?
appropriate in most cases (e.g., typing a name at the end of an email is an e-signature)
not appropriate when signing wills or testamentary dispositions (wet ink signature’s always required)
computer misuse act 1990?
protects personal data held by organisations from unauthorised access and modification
illegal acts in relation to this include:
- hacking
- unauthorised modification of data (spyware)
