T5 - Legislation Flashcards
Data protection:
about looking after the personal data of people
The Data Protection Act (2018) is the law that covers this
Organisations that collect personal data must:
Only collect the data for a specific purpose
Make sure the data is accurate
Data that is not necessary for the specific purpose may not be collected
Data can come from user sign-up details
Data collection sources:
3rd parties – other companies can sell or share the data
Cookies track users as they browse websites
Paper registration forms
CCTV
Viewing habits with streaming services
Data processing:
Reasons for lawful processing:
Consent
Legal obligation
Public task
Contract
Vital interests
Legitimate interests
Consent meaning and eg
A person has agreed to their data being used
A tick box to consent to receive a newsletter
Contract meaning and eg
Processing is needed for a contract
A contract for buying a house
Legal obligation meaning and eg
Processing the data is needed to meet the law
Keeping tax records
Vital interests meaning and eg
Processing is needed to protect someone’s life
A teacher gives a collapsed student’s name to a paramedic
Public task meaning and eg
For performing an official task
A criminal court
Legitimate interests meaning and eg
There is a clear benefit to the user or company
Processing customer data
Data storage: conditions
The data is kept accurate and up to date
It is not kept any longer than necessary
It must not be transferred to other countries unless they can keep it protected
Customers must be told of a data breach within 72 hours of it happening
Methods of securing data:
Using passwords for any systems with access to the data
Encrypting the data
Only allowing access to those users that need it
CCTV
Security guards
Two-factor authentication
The Data Protection Act (2018) gives a number
of rights:
The right to view data stored about you by organisations for free
You must consent to having marketing sent to you – this consent must be ‘opt-in’
The right to withdraw consent
The right to make changes to your data if it is inaccurate
The right to be forgotten
Penalties from the Data Protection Act include:
Issuing warnings to the organisation
Order the organisation to comply
Privacy: Every time you log on to a web site
data about your visit may be collected and stored
Privacy: Every time you use your phone to make a call,
data about the number called, time and date called, and the duration of the call, is collected and stored
The Data Protection Act (2018): The right to withdraw consent
– mailing lists have an unsubscribe link for this
The Data Protection Act (2018): The right to be forgotten
– allows you to delete your personal data
Privacy online: Many online services such as search engines and social media are free to use
These services are paid for by targeted advertising
Cookies
- are sent to a user’s computer from
web sites. - Users must consent to receiving cookies
Cookies allow websites to:
Store data such as the contents of your shopping basket
Remember that you are logged into a website
Remember who you are
Track you
Target advertising to you
The Computer Misuse Act (1990) created the following offences:
Unauthorised access to computer material
Unauthorised access with intent to commit or facilitate a crime
Unauthorised modification of software or data
Making, supplying or obtaining anything which can be used in computer misuse offences
Penalties: for violating The Computer Misuse Act (1990)
Fine
10 yrs in prison
Unauthorised access
- is where a person gains access to a computer system without permission
