LO4 (Legislation) Flashcards
UK Legislation: - What is the Purpose of Data Protection Act (2018) ?
Protects personal/confidential data of individuals stored on computers & processed by organizations.
UK Legislation: - What actions do organizations need to take to comply with the DPA ?
1) Businesses need appoint & register member of staff at act as an org’s data controller. The Data Controller responsible for communication with Info Commissioner & Ensuring principles of the DPA aren’t broken.
2) Strong Security Measures to protect data being accessed/transferred with out authorization. This could be in the form of physical/logical protection methods enforced by a business.
3) Training staff- Aware of their responsibilities and each principle adhered to - for e.g. they should know data can only be used for specified reasons when collected & shouldn’t be passed to others without permission.
4) Data subjects given opportunity to alter data to make changes if incorrect. Data should be deleted when no longer needed. Orgs must periodically assess accuracy & relevance of storing each data subject’s info.
What are the six principles of the DPA ?
1) Data must be collected lawfully & processed fairly
2) Collected data can only be used for specified reasons
3) Data must be relevant & not excessive
4) Data must be accurate & up-to-date
5) Data must not be stored for longer than necessary
6) Data must be stored & processed securely
How does the Data Protection Act Work ?
Data Subject = Stored individual’s data
An employee within an org appointed as data controller is responsible for registering with info commissioner.
Info Commissioner = Individual in UK responsible for managing several laws significantly the DPA.
When registering with the info’s commissioner, org’s data controller clear on exactly: -
- What info they’re collecting
- Why it’s being collected
- What the data will be used for
What are the rights of data subjects ?
Orgs provide must requested info within 40 days
Org’s DC must be written & told exactly what info is required to access.
Individual must verify & identify using appropriate ID only data subject can request their data.
Administrative fee should be paid to the org
What impact does the DPA have on organizations ?
Applies to any info a busi keeps on employees, customers or account holders.
Likely to inform many elements of business operations from recruitment, managing staff records, marketing or collection of CCTV footage.
What are the consequences of failing to comply with the DPA?
Any orgs who are found to be in breach of DPA (2018) could be penalized up to £500,000 by ICO.
Each & every business in the EU needs to comply with GDPR or they could be at risk of fines, imprisonment, reputational risk & loss of business.
UK Legislation: - What is the Purpose of the Computer Misuse Act (1990) ?
Attempts to stop & punish those who use computers inappropriately
What are three principles of the Computer Misuse Act that need to be adhered ?
1) No unauthorized access to data for e.g. hacking a computer system
2) No unauthorized access to data used for illegal activities - for e.g. accessing for personal data to use as blackmail or identity theft.
3) No unauthorized modification of data - for e.g. spreading a virus to change data.
What are the consequences of failing to comply with the Computer Misuse Act ?
Breaking any of the three principles result in fines & prison sentence if proved it was done on purpose and not by accident.
What is the purpose of the Freedom of the Information Act ?
Allows people request to public authorities to release info. For e.g. local councils, gov departments, unis & hospitals.
FOI request submitted in letter/email & reply from org required within 20 days of receiving request.
Requests will not be accepted such as for e.g. processing request would be too expensive or it involves sensitive info protected by DPA.
What is the purpose of the Copyright, Designs & Patents Acts (1998) ?
Criminal offence to replicate work that isn’t your own without the permission of the creator/copyright holder. Refers to text, music, images, videos & software.
Creators of copyrighted work can take ownership of their work & control how it’s used.
Other must ask permission to use work other copyright holder can ask for it to be removed or demand a fee for it.
Owning copyright of image might not prevent others from copying & using it. Thi means owner can bring legal proceedings in courts to those who have stolen their work.
What acts does the Copyright, Designs & Patents Act (1998) prohibit ?
Importing & downloading illegally copied materials.
Making copies of copyright material to sell to others.
Possessing equipment used to copy copyrighted material
Distributing enought copyrighted material to have a not noticeable effect on the copyright holder.
What is the purpose of Privacy & Electronics Communications Regulations Act ?
Regulates how orgs communication with individuals
What do organsiations/businesses have to do in order to comply with the Privacy & Electronics Communications Regulations Act ?
Offence to contact an indiviudal unless they opted in to recieve communication. Managed by using tickboxes on online stores where you must opt in promotional material.
Orgs clearly state who they are contacting when contacting customers for e.g. displaying phone number when calling.
Orgs must explain how cookies on their websites work
Customers can select or deselect methods such as as email, phone calll & text messages.
Done with tickboxes when signing up.
Orgs only contact customers through communication channels customers have previously permitted.
