Lecture Week 8 Flashcards

1
Q

data subject = ?

A

any living individual who is the subject of personal data held by an organisation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

data controller = ?

A

the natural or legal person who determines the purposes and means of the processing of personal data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

data processing = ?

A

any operation which is performed on personal data

e.g., collection, recording, organisation, structuring etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

personal data = ?

A

any information relating to a natural person

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

natural person = ?

A

a human being who is alive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

what are the principles of data protection?

A
  • lawfulness, fiarness & transparency
  • purpose
  • data minimisation
  • accuracy
  • storage
  • security
  • accountability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

lawfulness, fairness & transparency principle of data protection?

A

controllers need to be 100% transparent while seeking individuals for data collection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

purpose principle of data protection?

A

must be used for a specific purpose the data subjects have given consent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

data minimisation principle of data minimisation?

A

only collect necessary and relevant information

never excessive amounts of data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

accuracy principle for data protection?

A

controllers must verify that the data they process and collect is accurate & not misleading

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

storage principle of data protection?

A

controllers shouldn’t keep personal data for longer than its requirement

subjects must be notified how long the data will be held

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

security principle of data protection?

A

controllers must have security controls in place to protect confidentiality or integrity of personal data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

accountability principle of data protection?

A

every controller must comply with regulatory obligations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

data protection act 2018?

A

a UK law which complements the UK GDPR

mostly refers to UK GDPR but includes UK specific details for a few things e.g.,
- how to process criminal conviction data
- how the intelligence services are allowed to process people’s personal data
- how young someone can consent to information society services’ procession of their personal data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

difference between UK GDPR and GDPR

A

UK-GDPR was developed when the UK left the EU

similar to GDPR but it’s complemented by the DPA2018

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

sensitive personal data = ?

A

information that, if disclosed or misused, can result in data theft or identity fraud

requires an extra layer of security controls (e.g., encryption, password-protected)

17
Q

various forms of sensitive personal data?

A
  • health data
  • genetic data
  • individual data
  • financial data
  • classified data
  • web data
18
Q

health data = ?

A

data linked to an individual’s health condition & medical history

19
Q

genetic data = ?

A

sensitive data associated with inherited characteristics (DNA, RNA, chromosomal information)

20
Q

individual data = ?

A

individual personal data (e.g., sexual orientation, political views, cultural background, race, religion, ethnicity etc.)

21
Q

financial data = ?

A

information linked with credit card details, security codes, banking details etc

22
Q

classified data = ?

A

includes any personal information classified explicitly for non-public disclosure

23
Q

business related data = ?

A

any information relating to a business’ intellectual property, trade secret etc

24
Q

biometric data = ?

A

sensitive data includes individuals’ physical characteristics (e.g., fingerprints, DNA, facial patterns etc.)

25
web data = ?
any information that reveals any individuals' online identification (e.g., IP address, cookies etc.)
26
e-commerce = ?
the act of online selling
27
what does e-commerce law govern?
online payment security standards, policies for your website, accessibility etc.
28
e-commerce regulations?
before customers place their order, online traders must make the following steps clear - 'pay now' to confirm payment - steps to let customers correct errors - T&Cs - VAT number - description of goods/services
29
are there extra rules fo selling digital services
yes
30
e-commerce regulations after an order is placed?
- must confirm the contract ASAP - provide copy of contract either by email or another format - deliver goods within 30 days (unless agreed otherwise)
31
consumer rights act 2015?
outlines what rights consumers have and what company's obligations are as a goods/services provider gives consumers a clear right to the repair/replacement of faulty digital content
32
must websites be reasonably suitable to all?
yes
33
if website uses cookies, what must e-commerce traders do?
include a section dedicated to cookies to clarify them in the company's privacy policy
34
what is an important security measure?
payment card industry data security standard (PCI DSS) essential for compliant online transactions and boosts customer confidence
35
when is an e-signature appropriate or inappropriate?
appropriate in most cases (e.g., typing a name at the end of an email is an e-signature) not appropriate when signing wills or testamentary dispositions (wet ink signature's always required)
36
computer misuse act 1990?
protects personal data held by organisations from unauthorised access and modification illegal acts in relation to this include: - hacking - unauthorised modification of data (spyware)