Legalisation And Privacy Flashcards
What are the 6 rules for lawful processing of data?
• Consent to the task
• Legal obligation
• Public task
• Contract (to fullfil a contract eg housing)
• Vital interests (safety interests)
• Legitimate interests (clear benefit to user / company)
How might a company collect data? (Other than sign in) (4)
• 3rd parties – other companies can sell or share the data
• Cookies track users as they browse websites
• Paper registration forms
• CCTV
What are the rules for the collection of personal data?
• Only collect the data for a specific purpose
• Make sure the data is accurate
• Data that is not necessary for the specific purpose may not
be collected
Which laws would protect somebodies information from being stolen?
Computer misuse act 1990
Data protection act 2018
What must an organisation do with data in order for it to be lawful
• The data is kept accurate and up to date
• It is not kept any longer than necessary
• It must not be transferred to other countries unless they can keep it protected
• Customers must be told of a data breach within 72 hours of
it happening
What basic ways can data be secured? (3)
• Using passwords for any systems with access to the data
• Encrypting the data
• Only allowing access to those users that need it
What ways might more sensitive data be protected?
• CCTV
• Security guards
• Two-factor authentication
What main rights does the data protection act give? (5)
- The right to view and change data stored about you for free
- The right to need consent to have marketing sent to you
- The right to withdraw consent
- The right to change data if it is innacurate
- The right to be forgotten (deleted after a certain time)
