LO4 Flashcards
Data Protection Act
- Data must be collected lawfully and processed fairly.
- Collected data must only be used for the reasons specified.
- Data must be relevant and not excessive.
- Data must be accurate and up-to-date.
- Data must not be stored for longer than necessary,
- Data must be stored and processed securely.
Under the Data Protection Act, individuals have a right of access to any information that is stored about them by public bodies.
Computer Misuse Act (1990)
Three main principles:
1. No unauthorised access to data.
Example: Hacking a computer system.
2. No unauthorised access to data that could be used for further illegal activities.
Example: Accessing personal data to use as blackmail or identity theft.
3. No unauthorised modification of data.
Example: Spreading a virus to change data.
Freedom of Information Act (2000)
This act allows people to request public authorities to release information. Public authorities include local councils, government departments, universities and hospitals.
A freedom of information request must be formally submitted in a letter or email and a reply from the organisation is required within twenty days of receiving the request.
It can be rejected if the request seems too expensive if sensitive information may be leaked that would affect the data protection act.
Regulation of Investigatory Powers Act
This act (often shortened to RIPA) was introduced in response to the increase in both criminal and terrorist activities on the internet, it is used to monitor and access online communication of suspected criminals. If criminal activity is suspected by an individual then this act grants the following powers:
- Internet Service Providers (ISPs) must provide access to the suspect’s online communication, such as emails or social media.
- Locked or encrypted data may be accessed such as online messages.
- ISPs could install surveillance equipment or software to track the suspect’s online activity.
- Surveillance may take place to physically track the suspect, e.g. in private vans or by undercover officers in public spaces.
- Access must be granted to personal information.
Copyright, Designs & Patents Act
This act makes it a criminal offence to copy work that is not your own without the permission of the creator or the copyright holder. This can refer to text, images, music, videos or software.
Owning the copyright of an image might not prevent others from copying and using it but this act means that the owner can bring legal proceedings in court to those who have stolen their work.
Creators of copyrighted work can take ownership of their work and control how it is used. Others must ask for permission to use the work otherwise the copyright holder can ask for it to be removed or demand a fee for its use.
Information Commissioner’s Office (ICO) Codes of Practice
There are seven sections to this act, revolving around the protection of personal data. It was introduced because there was little legislation about biometric data, and to update older laws. IT-related sections are summarised below:
Part 1 - States how biometric data (e.g. fingerprints and DNA) is stored, handled and collected. For example, parents must give consent before their child gives biometric data to a school. Also, biometric data for suspects of minor offences is deleted after the case is closed.
Part 2 - Creates new regulation for CCTV and ANPR (automatic number plate recognition) use.
Part 5 - The Disclosure & Barring Service (DBS) was created to run background checks on anyone wanting to work with children or vulnerable people.
Part 6 - Extends the Freedom of Information Act (2000) allowing for wider requests to be made.
Protection of Freedoms Act (2012)
The information commissioner is the senior government official in charge of the country’s freedom of information requests and the protection of personal data.
The Information Commissioner’s Office describes itself as “The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals”.
The ICO publishes codes of practices about various data protection and privacy topics, usually related to explaining the Data Protection Act. For example, the ICO has a code of practice regarding how organisations should share data and another code of practice about the use of CCTV.
Privacy and Electronic Communications Regulations
This law (which was updated in 2011) regulates how organisations can communicate with individuals.
Companies must stick to the following rules:
It is an offence to directly contact an individual unless they have specifically opted-in to receive communication. This is commonly managed by using tick boxes on online stores where you must opt-in to receiving promotional material.
Companies must clearly state who they are when contacting customers, such as displaying the phone number when calling - and not ‘hiding’ the number.
Organisations must explain how cookies are used on their website.
Companies must only contact customers through communication channels that the customer has previously permitted. This can be done with tick boxes when signing up. Customers can select or de-select methods such as email, phone calls and text messages.
The Information Commissioner’s Office (ICO) is responsible for this regulation and can fine companies that commit unsolicited communication up to £500,000. It is the customer who benefits and is protected by this regulation.
Equality Act
The government states that “The Equality Act legally protects people from discrimination in the workplace and in wider society.”
Discrimination because of protected characteristics such as gender, race, religion, age and disability are specifically punishable by legal action.
The aim of the act is to end discrimination in the workplace and open up fair opportunities for every employee regardless of behavioural or physical characteristics that are outside of their control.
UNCRPD
UNCRPD stands for United Nations Convention on the Rights of Persons with Disabilities.
This is a United Nations human right that states disabled people should be able to ‘access information systems’ (article 9) and ‘use digital means to express their opinion’ (article 21).
Safe Harbour / EU Privacy Sheild scheme
Personal data can be sent between European countries (such as the UK) and the United States because of a protection scheme which was known as the ‘Safe Harbour’ scheme (between 2000 and 2015) and the ‘EU-US Privacy Shield’ (between 2015 and 2020).
Green IT
Using computers and IT resources in an efficient and environmentally responsible way to reduce an organisation’s carbon footprint.
To ‘reduce carbon footprint’ means to decrease the amount of pollution (such as CO2) produced by an organisation and to engage in more eco-friendly practice.
Global Requirements of Green IT
- Using more cloud storage technology, enabling fewer individual storage devices to be purchased, reducing emissions.
- Using social media more widely to contact voters - saving money by posting fewer letters and leaflets.
- Increasing the use of teleconferencing and video calls - reducing the need for unnecessary travel to meetings and avoiding the generation of heavy pollution.