Lecture Week 8

Question 1

data subject = ?

Answer 1

any living individual who is the subject of personal data held by an organisation

Question 2

data controller = ?

Answer 2

the natural or legal person who determines the purposes and means of the processing of personal data

Question 3

data processing = ?

Answer 3

any operation which is performed on personal data

e.g., collection, recording, organisation, structuring etc.

Question 4

personal data = ?

Answer 4

any information relating to a natural person

Question 5

natural person = ?

Answer 5

a human being who is alive

Question 6

what are the principles of data protection?

Answer 6

• lawfulness, fiarness & transparency
• purpose
• data minimisation
• accuracy
• storage
• security
• accountability

Question 7

lawfulness, fairness & transparency principle of data protection?

Answer 7

controllers need to be 100% transparent while seeking individuals for data collection

Question 8

purpose principle of data protection?

Answer 8

must be used for a specific purpose the data subjects have given consent

Question 9

data minimisation principle of data minimisation?

Answer 9

only collect necessary and relevant information

never excessive amounts of data

Question 10

accuracy principle for data protection?

Answer 10

controllers must verify that the data they process and collect is accurate & not misleading

Question 11

storage principle of data protection?

Answer 11

controllers shouldn’t keep personal data for longer than its requirement

subjects must be notified how long the data will be held

Question 12

security principle of data protection?

Answer 12

controllers must have security controls in place to protect confidentiality or integrity of personal data

Question 13

accountability principle of data protection?

Answer 13

every controller must comply with regulatory obligations

Question 14

data protection act 2018?

Answer 14

a UK law which complements the UK GDPR

mostly refers to UK GDPR but includes UK specific details for a few things e.g.,
- how to process criminal conviction data
- how the intelligence services are allowed to process people’s personal data
- how young someone can consent to information society services’ procession of their personal data

Question 15

difference between UK GDPR and GDPR

Answer 15

UK-GDPR was developed when the UK left the EU

similar to GDPR but it’s complemented by the DPA2018

Question 16

sensitive personal data = ?

Answer 16

information that, if disclosed or misused, can result in data theft or identity fraud

requires an extra layer of security controls (e.g., encryption, password-protected)

Question 17

various forms of sensitive personal data?

Answer 17

• health data
• genetic data
• individual data
• financial data
• classified data
• web data

Question 18

health data = ?

Answer 18

data linked to an individual’s health condition & medical history

Question 19

genetic data = ?

Answer 19

sensitive data associated with inherited characteristics (DNA, RNA, chromosomal information)

Question 20

individual data = ?

Answer 20

individual personal data (e.g., sexual orientation, political views, cultural background, race, religion, ethnicity etc.)

Question 21

financial data = ?

Answer 21

information linked with credit card details, security codes, banking details etc

Question 22

classified data = ?

Answer 22

includes any personal information classified explicitly for non-public disclosure

Question 23

business related data = ?

Answer 23

any information relating to a business’ intellectual property, trade secret etc

Question 24

biometric data = ?

Answer 24

sensitive data includes individuals’ physical characteristics (e.g., fingerprints, DNA, facial patterns etc.)

Question 25

web data = ?

Answer 25

any information that reveals any individuals’ online identification (e.g., IP address, cookies etc.)

Question 26

e-commerce = ?

Answer 26

the act of online selling

Question 27

what does e-commerce law govern?

Answer 27

online payment security standards, policies for your website, accessibility etc.

Question 28

e-commerce regulations?

Answer 28

before customers place their order, online traders must make the following steps clear
- ‘pay now’ to confirm payment
- steps to let customers correct errors
- T&Cs
- VAT number
- description of goods/services

Question 29

are there extra rules fo selling digital services

Answer 29

yes

Question 30

e-commerce regulations after an order is placed?

Answer 30

• must confirm the contract ASAP
• provide copy of contract either by email or another format
• deliver goods within 30 days (unless agreed otherwise)

Question 31

consumer rights act 2015?

Answer 31

outlines what rights consumers have and what company’s obligations are as a goods/services provider

gives consumers a clear right to the repair/replacement of faulty digital content

Question 32

must websites be reasonably suitable to all?

Answer 32

yes

Question 33

if website uses cookies, what must e-commerce traders do?

Answer 33

include a section dedicated to cookies to clarify them in the company’s privacy policy

Question 34

what is an important security measure?

Answer 34

payment card industry data security standard (PCI DSS)

essential for compliant online transactions and boosts customer confidence

Question 35

when is an e-signature appropriate or inappropriate?

Answer 35

appropriate in most cases (e.g., typing a name at the end of an email is an e-signature)

not appropriate when signing wills or testamentary dispositions (wet ink signature’s always required)

Question 36

computer misuse act 1990?

Answer 36

protects personal data held by organisations from unauthorised access and modification

illegal acts in relation to this include:
- hacking
- unauthorised modification of data (spyware)