TCPIP

Question 1

DPA - What is the DPA and the purpose of it?

Answer 1

The act that protects our data is called the Data Protection Act. The act came in 1998 to protect our personal data meaning it controls how our personal information is used by organisations, businesses or the government.

Question 2

DPA - What is the 8 principles of the DPA?

Answer 2

Everyone responsible for using data has to follow strict rules called ‘data protection principles’. They must make sure the information is:
• used fairly and lawfully
• used for limited, specifically stated purposes
• used in a way that is adequate, relevant and not excessive
• accurate
• kept for no longer than is absolutely necessary
• handled according to people’s data protection rights
• kept safe and secure
• not transferred outside the European Economic Area without adequate protection

Question 3

DPA - What is the GDPR?

Answer 3

General Data Protection Regulation. The legislation that will “replace” the DPA. (May 25th, 2018)

Question 4

DPA - How many principles does the GDPR have compared to the DPA?

Answer 4

6 principles compared to DPAs 8. However, it has its own sections for individuals rights and overseas transfer

Question 5

DPA - What is the biggest change with the GDPR?

Answer 5

It, compared to the DPA provides a new accountability requirement. This requires anyone it affects (everyone) to show how it complies with the principles.

Question 6

DPA - Who is responisble for protecting data?

Answer 6

Everyone. And if the UK trades with for example china, the person in the company in the UK is in trouble if China has not got the DPA (which they don’t) In a breach the data controller is liable.

Question 7

DPA - Will the GDPR be running alongside the DPA?

Answer 7

No it replaces it, but it will most likely have the same name as the DPA.

Question 8

DPA - Personal data is protected by the DPA, but some things require stronger legal protection. List a few of them.

Answer 8

• Ethnic background
• Political opinions
• Religious beliefs
• Health
• Sexual health
• Criminal records

Question 9

What are the rights of the data subject?

Answer 9

• Right of Subject Access
• Right of Correction
• Right to Prevent Distress
• Right to Prevent Direct Marketing
• Right to Prevent Automatic Decisions
• Right of Complaint to the ICO
• Right to Compensation

Question 10

What is a subject access request?

Answer 10

A way of accessing data an organisation holds about you.

Question 11

How do you perform a subject access request?

Answer 11

To receive a copy of this information you have to do a subject access request. Must apply in writing to the organisation (typically costs £20) Organisations must acknowledge the request and respond by 40 days. However, some types of personal data are exempt and cannot be obtained by a subject access request.

Question 12

What are the different types of EU law?

Answer 12

Regulations, directives and decisions.

Question 13

EU Law - Define: Regulations

Answer 13

Instantly binding from the date of issue and become national law regardless of whether the UK has enacted separate legislation. E.g General Data Protection Regulations 2018 Tachograph Regulations

Question 14

EU Law - Define: Directives

Answer 14

Creates legislation that must be adopted and implemented by the UK within an agreed time period. The UK has created its own legislation to implement a number European Directives e.g an example is the Working Time Directive.

Question 15

EU Law - Define: Decisions

Answer 15

Certain matters what is brought in front of the EU authorities. Does not affect individuals unlike the other two.

Question 16

RIPA - What is RIPA and when was it implemented?

Answer 16

Regulation of Investigatory Powers Act - 2000

Question 17

RIPA - How many parts does RIPA consist of, and what are they?

Answer 17

The RIPA consists of five parts:

• Interception of Communications and the Acquisition and Disclosure of Communications Data
• Surveillance and Covert Human Intelligence Sources
• Investigation of Electronic Data Protected by Encryption
• Scrutiny of Investigatory Powers and Codes of Practice
• Miscellaneous and Supplemental

Question 18

RIPA - What is the main purpose of RIPA?

Answer 18

The main purpose of RIPA is to ensure that the relevant investigatory powers are used in accordance with human rights. Meaning it regulates in which certain public powers may conduct surveillance and access a person’s electronic communications.

Question 19

CMA - What is CMA and when was it implemented?

Answer 19

Computer Misuse Act - 1990

Question 20

CMA - Why was the Computer Misuse Act implemented?

Answer 20

Due to a case which had three offences for unauthorized access and modification. However, the act was felt inadequate by people outside of hacking.

Question 21

CMA - Amendments

Answer 21

2006, 2011 and 2015. The change in 2015 created some controversy. The reason being it permitted certain police officer ranks to ethically hack without criminal liability.

Question 22

SCA - When did the Serious Crime Act come into function?

Answer 22

Serious Crime Act - 2015

Question 23

SCA - What 4 changes do the Serious Crime Act do to the Computer Misuse Act?

Answer 23

• Creates a new offence for serious cyber-attacks, so that the penalties equals the harm caused by the attacks.
• Extends the 3A section of the SCA offence to cover articles or tools for personal use
• Extends the extra-territorial reach of the CMA offences
• Clarify the savings provision for law enforcement agencies.

Question 24

What is the Electronic Communications Act 2000?

Answer 24

The Electronic Communications Act 2000 is an Act of the Parliament of the United Kingdom that:

• Regulates the provision of cryptographic services in the UK (this was repealed) and
• Confirms the legal status of electronic signatures.

Question 25

FOIA - What is the Freedom of Information Act?

Answer 25

The Freedom of Information Act 2000 is an act of the United Kingdom (UK) Parliament defining the ways in which the public may obtain access to government-held information.

Question 26

FOIA - When did the Freedom of Information Act come into function?

Answer 26

2000

Question 27

FOIA - What is the purpose of the Freedom of Information Act?

Answer 27

The Freedom of Information Act (FOIA) is a law that gives you the right to access information from the federal government. It is often described as the law that keeps citizens in the know about their government.

Question 28

FOIA - Who can request information in writing?

Answer 28

Any person or corporation can request information in writing under the act. A request need not be prepared in any particular format, nor does the applicant have to justify the request.

Question 29

FOIA - What are reasons a request may be denied, in the context of the Freedom of Information Act 2000?

Answer 29

A request may be denied for various reasons – for example if granting it would break a law, compromise the safety or health of any individual or endanger national security. A request may also be denied if it is deemed “vexatious.” If a request is denied, the applicant may appeal.

Question 30

What is a data controller?

Answer 30

Data controller is a person or company that collects and keeps data about people (Organisation public or private)

Question 31

What is a data processor?

Answer 31

Data processor any person (other than an employee of the data controller) who processes the data on behalf of the data controller

Question 32

What is the difference between a data controller and a data processor?

Answer 32

The difference is that the controller collects data unlike the processor who processes it on behalf of the data controller

Question 33

Cyber-crimes

Answer 33

Malicious communications, cyber bullying, revenge porn, defamation, trolling, harassment and cyber stalking

Question 34

Role of social media in offences such as revenge porn and cyber bullying

Answer 34

The role of social media providers is that other user may report posted content and the uploaded media is also run through photo-matching technology.

Question 35

What can we do to reduce the cyber bullying?

Answer 35

• Social media may work with organisations to decrease cyber bullying
• Take report serious and follow up
• Campaigns

Question 36

What are some legislation that governs crimes such as cyber bullying and revenge porn?

Answer 36

• Criminal Justice & Courts Act 2015
• Protection of Freedom Act
• Computer Misuse Act 2015 (assuming so at least)
• Freedom of Information Act 2000
o public authorities are obliged to publish certain information about their activities; and
o members of the public are entitled to request information from public authorities.
• Social Media terms and conditions

Question 37

What is professional conduct?

Answer 37

Conduct that is stipulated (fastsatt) by your terms and conditions of employment. Professional Conduct is a standard requirement in every organisation.

Question 38

Difference between professional conduct and personal morals

Answer 38

Personal morals are usually not clearly defined as the terms and conditions of employments. Personal morals might also wary lots because people come from different cultures meaning something that might be normal to do in the US might not be fine to do in the UK.

Question 39

How can professional conduct be maintained in the workplace?

Answer 39

By both parts agreeing to the (professional) conduct, being on the same page, follow-up any breaches on this.

The biggest cause of employee conduct breaches is discriminatory behaviour (whether intended or unintended) So avoiding this would be good.

Other areas to cover:

• Dignity at work policy (bullying and harassment)
• Performance, Discipline, Grievance & Dismissal (formally raising your concerns/grievances with HR)
• Equality and Diversity Policy

Question 40

How may professional conduct be breached and results in a criminal offense?

Answer 40

By for example not breaking the professional conduct that has been agreed upon within an organisation.

Breaking this could mean someone has been bullied or harassment, and especially long term this would be a criminal offence. Employees could also misuse their power at the organisation to steal data and such.

Question 41

DPA - What is personal data?

Answer 41

Personal data is defined as information that can identify a person to one or more factors; physical, physiological, mental, economic, cultural or social identity.

Question 42

What is ICO?

Answer 42

Information Commissioner`s Office

Question 43

What is the purpose of ICO?

Answer 43

Office responsible for the enforcement of the Data Protection Act 1998

Question 44

What is the fee for a breach of the DPA?

Answer 44

Fines of up to £500,000 for serious breaches of the DPA.

Question 45

What is the fee for a breach of the GDPR?

Answer 45

Penalties will reach an upper limit of €20 million or 4% or annual global turnover – whichever is higher.

Question 46

Who is liable, if the provider of a cloud storage decides to outsource their storage solutions?

Answer 46

The cloud provider is still liable

Question 47

What are the four BCS professional conduct principles?

Answer 47

Public Interest
Professional Competence and Integrity
Duty to Relevant Authority
Duty to the Profession

Question 48

How many parts is there to a contract?

Answer 48

Four

Question 49

Who makes the UK legislation?

Answer 49

The parliament

Question 50

DPA - Name some sensitive information that requries stronger legal protection

Answer 50

There is also stronger legal protection for more sensitive information, such as: ethnic background, political opinions, religious beliefs, health, sexual health and criminal records.

Question 51

What did Sean Duffy do?

Answer 51

Troll.

Natasha McBryde, 15, committed suicide after being bullied online. She died instantly after being hit by a passenger train near her home in Bromsgrove, Worcestershire.

• The day after Natasha’s death in February, Duffy posted comments including “I fell asleep on the track lolz” on the Facebook tribute page created by her brother James, 17.
• Four days later he created a YouTube video called “Tasha the Tank Engine” featuring her face superimposed on to the front of the fictional engine.

Question 52

What acts governs trolling/cyber bullying?

Answer 52

• The Communications Act 2003

* The Malicious Communications Act 1998 (More Serious cases)