U1T4 - Legal Considerations Flashcards
Individual, social + legal considerations Legislation + Ethical Considerations,
What are the 3 main parts of current ICT legislation?
Data protection act, copyright designs + patent act + computer misuse act.
Why was the data protection act created?
Increased volume of info stored on comps meant there was a need to control what was stored to protect personal data and has 8 principles. They all describe how personal data should be treated. It also specifies roles of key people.
What are the 8 principles of the data protection act?
Personal data should be….
Processed fairly + lawfully with consent of data subject, only used for specified purpose, adequate + relevant for intended purpose, accurate + up to date, not kept for longer than necessary, processed in accordance with rights of data subject, held securely with no unauthorised access + not transferred out of EU.
What is a data subject?
Individual who is subject of personal data.
What is the (information) commissioner?
Responsible for enforcing data protection act, promoting good practice from those responsible for processing personal data + make gen public aware of rights under act.
What is the data controller?
Person in company responsible for controlling how personal data processed.
What has been the impact of data protection legislation?
Protects rights of individuals which organisations store data about. Organisation held responsible for security, accuracy + conditions of use of data. If they don’t, they may be punished. All organisations must have policies in place to follow legislation e.g. validation + verification. Ensuring data is up-to-date may involve regular contact w/ data subject to verify their data. Keeping security involves implementing security measures like physical access, system access, firewalls, + back-ups. Must also provide training for staff to comply with legislation.
Why was the Copyright Designs + Patent Act created?
Protect “intellectual property” rights of individuals +
organisations that create + produce original material. e.g. Books, articles, music, films + software.
What is software piracy?
Involves illegal copying, modifying or downloading software. This means avoiding the price of buying software. Can also be ‘theft’ by 1 company of ideas + methods of other ICT companies. Can result in higher prices for those legally buying software + discourages software houses from being innovative in creating new software.
How can organisations follow the copyright designs + patents legislation?
When organisations use computer networks to buy software, they also buy a software licence for users. They are legally allowed to distribute software to that num of users. To enforce the law, they must ensure all employees know the Act + consequences of breaking it. Must carry out audits on software it uses + monitor who has access to it. Must comply w/ Licensing
agreements + control access to software. Unauthorised software mustn’t be permitted into the office.
Why was the Computer Misuse Act created?
Prevent computer crimes involving unlawful access to info systems/data files. Unauthorised access to comp material is an offence, unauthorised access w/ intent to commit/facilitate commission of further offences is also an offence + unauthorised mod of comp material is a further offence. Identifies spec crimes like comp viruses + hacking into comps.
How can organisations comply with the computer misuse act?
Employees could use company resources to hack other companies +if it were shown that organisation was negligent in preventing this, it could be partly liable. It must have policies to ensure employees are aware of the terms + consequences of the Act. This would include an “Acceptable Use” policy with disciplinary procedures. Comp use should be audited + suspect activity fully investigated. Username + passwords means access is controlled so employees only have access necessary to complete their work.
What are some of the ethical considerations in terms of the ICT legislation?
Proliferation of digital communication, content + connectivity provides num of ethical challenges.
What are the ethical issues in terms of ICT legislation?
Reading private emails, employee’s emails for security + ensuring rules aren’t broken, disclosing email reading policy. Can we monitor website visited + keep logs (porn) Can we play key loggers on comps to see what users type, screen capture programs? Should we tell users we are doing this? Can we look at user’s files + pics? This isn’t about legislation.
Legally, we can monitor all this but what are the ethical aspects of doing so. You could use info to blackmail/embarrass someone. If you can read email, can you go through their bag + desk?
What are some examples of ethical dilemmas?
If you learn company secrets by checking emails etc, can you share that knowledge with new company? Should you share docs showing company is violating laws? Is it diff if you signed a non-disclosure agreement? If you learn something about a client that affects other clients, do you tell them? May also be easy to make companies more afraid so you provide more and more expensive security to them. Promising more than you can deliver to get more money i.e. saying it’s completely secure when it can never be 100% secure. Voluntary professional associations like ACM have made own ethical + professional codes which can be used as guidelines for other organisations.
