Week 12 Flashcards
What are the four major categories of issues because of the internet?
– Information rights – your personal info
– Property rights – how can it be enforced
– Governance –is internet subject to public law?
– Public safety and welfare; gambling, porn, child safety, bullying
why when dealing with IT must there be legal protections?
Information technology is designed to transmit and associate data.
Define privacy
Moral right of individuals to be left alone, free from
surveillance or interference from other individuals or organizations
What is information privacy
Subset of privacy
The claim that certain information should not be collected at all
The claim of individuals to control the use of whatever information is collected about them
What is a web cookie?
A web cookie is a small piece of data stored on the user’s computer by the web browser while browsing a website.
Cookies can also be used to remember
pieces of information that the user previously entered such as names,
addresses, passwords, phone numbers, etc. While cookies offer convenience for users, they also facilitate tracking of users and so have data protection implications
What does GDPR say about cookies
GDPR does not prohibit cookies, but requires users to give permission to use them when they first visit a website.
What sort of data is collected at e commerce sites
Personally identifitable information
– Name, address, phone, e-mail, social security
– Bank & credit accounts, gender, age, occupation,
education
– Preference data (from your browsing habits), transaction data, clickstream
data, browser type
What effect does social networks have on a persons privacy
Encourages sharing personal details
Poses unique challenge to maintaining privacy.
Social networks mean that people post information about themselves and this
information may not be restricted to a limited group.
What is profiling
Creation of digital images that characterize online individual and group behavior
How do advertising networks work on the internet and give an example
– Track consumer and browsing behavior on Web
– Dynamically adjust what user sees on screen
– Build and refresh profiles of consumers
Google Adwords - Businesses pay to get their advertisements ranked at the top of the search results page, based on the keywords that want to target
What are some top adwords
Insurance
Loan
Mortgage
Attorney
Credit
Lawyer
Donate
What is cyberlaw
Laws intended to regulate activities over the internet
– Intellectual property
– Privacy
– Freedom of expression
– Jurisdiction
What are the issues with cyberlaw
Identifying the jurisdiction - usually law is national.
Technology changes very quickly.
What does the data protection act state about collecting data
Obtain and process data fairly
* Specified purpose
* Disclose only if compatible with purpose
* Keep safe and secure
* Accurate, complete and up to date
* Relevant and not excessive
* Retain only as long as necessary
* Comply with access request
What must those holding personal information do?
– Give individuals access to their personal data
– Allow individuals to correct or delete any information that’s incorrect/irrelevant
– Obtain information fairly, openly and transparently
– Use it only for purpose for
which it was originally collected
– Secure it against unauthorised access or loss
– Ensure that it is kept accurate and up to date
- Must not further process data or retain it longer for which it was given
Why can adhering to the data protection act be difficult and give an example
– Conflicts with other legislation
– Lack of clear guidelines
E.G retention of data may be desirable for any possible future criminal
investigation, but this may conflict with data protection law
Explain opt-in and opt- out policies and where they are used
Opt in is the EU standard -You must give your explicit consent to
have data compiled
about you
Opt out is the US standard - Data can be compiled about you unless you
specifically request
otherwise
What regulates government agencies in the US in relation to information systems security
Federal Information Security Management Act of 2002 in the US updated in 2014
by the Federal Information Security Modernization Act and also in 2022 regulates
government agencies in the USA.
Explain informed consent int he US
U.S. firms can gather and redistribute transaction
information without individual’s informed consent – Illegal in Europe
– Opt-in (EU)
– Opt-out (US)
–Many U.S. e-commerce firms merely publish
information practices as part of privacy policy
without providing for any form of informed consent
Explain the European data protection in place
Rules data controllers must adhere to
– Your rights as a data subject
– What can you do if your rights are violated
* Regulates data transfers to non-EU countries - there are some approved countires automatically
What does GDPR stand for
General Data Protection
Regulation
What is Pseudoanonymisation
Preventing processing personal data being attributed to an individual, without extra information.
EX: Replacing a name with a random code (e.g., “John Smith” → “ID12345”)
What is the jurisdiction of the GDPR law and what are fines
International scope
– All organisations providing service in EU whether paid or not. Fine are 4% of annual global turnover or €20 million
What does personal data mean in GDPR
personal data’ means any information, including data that can be combined with other information, relating to an identified or identifiable natural person (‘data subject’)
Define natural person in GDPR
natural person’ is one who can be identified,
directly or indirectly, in particular by reference to
Natural person
- You have to be alive
- It does not refer to companies etc
Personal data can include things that can identify a natural person
- Biometric data e.g. fingerprints
- Car reg number
What is GDPR sesnitive personal data
– racial or ethnic origin,
– political opinions
– religious or philosophical beliefs
– trade union membership
– processing of genetic data
– biometric data
– data concerning health
– data concerning a natural person’s sex life
What does processing mean as per GDPR
Performing any operations on personal data, such as:
– obtaining
– organising
– disclosing the data to a third party
– erasing or destroying the data
Define data controller as per GDPR
Data Controller: is the person or organisation who decides why the data is collected & how the data is collected
Define data processor as per GDPR
Data Processor: A person or organisation that processes personal data on behalf of a data
controller, but is not an employee of the DC above
Data might be outsourced to an external company EX: marketing strategist, data entry, analaysts
What are the main principles of GDPR
Data is processed in transparent way
Collected for a specifict and legitimate purpose
Limited to what is relevant
Data is kept no longer than necessary
Processed in a manner ensuring security of the data
What are the different reasons an employee may interact with processing of data
Contract
Legal obligation
Vital interest
Public task
Legitimate interests
What are the GDPR Controller obligations
- Privacy by design
- Ensure processors are GDPR compliant
- Keep data control records
- Keep data secure
- Report data breaches
- Carry out impact assessments
- Appoint a data protection officer (DPO)
- Comply with certification
- Ensure data transfer outside the EU is sufficiently
compliant
What are the rights we have under GDPR
- Transparency
- Subject access rights (no fee)
- Right to rectify
- Right to erasure
- Right to restriction of processing
- Right to data portability (new)- right of data transfer in machine readable format
- Right to object
- Right not to be subject to automated decision
taking
What are the GDPR requirements of data holders
Make an inventory of all personal data you hold and examine it under the following headings:
– Why are you holding it?
– How did you obtain it and why?
– How long will you retain it and how to dispose of it?
– How secure is it?
– Do you share it with 3rd parties and on what basis?
* Many organisation don’t really know what data
they have
Give an example of a past data breaching/ GDPR investigation case
On 21/9/2020 the Irish DPC started investigating
Instagram re insufficient controls on under 18s
opening accounts
– Certain data on U-18s made public
– European countries did not agree on penalty
EU Data Protection Boards amended decision
– €405 million fine imposed.
How do actuaries interact with GDPR
Actuaries must ensure that customers have given
consent for any analysis that they wish to
conduct.
– Consent policies have to be updated
* Actuaries must be careful of local stores of data
* Pseudonymisation should be systematic
* Customers have a right to know how their data is
processed
What does the DMA stand for
Digital markets act
What is the EU DMA
DMA regulates large gatekeeper businesses
– Allow users install apps from other sources than
the gatekeeper provider
– Prohibit the gatekeeper from favouring its services
– Prohibit data that is not available to third parties
DMA rules enter force in november of this year
What is the EU digital services act
Regulates Very Large Online Platforms 45m users
– illegal content
– transparent advertising
– disinformation
* Companies are required to be transparent in what
they are doing about illegal content
* Companies are required to be transparent in why
people see certain advertisements
What does the criminal justice act 2001 say about computer crime
A person who dishonestly, whether within or
outside the State, operates or causes to be
operated a computer within the State with the
intention of making a gain for himself or herself
or another, or of causing loss to another, is guilty
of an offence
Can employees have their computers monitored?
Yes only is they know about it though - mponitors the employees productivity and behaviour. Employee needs to know:
– That they are being
monitored
– the reasons and
purposes why they
are monitored.
– How the information
is to be used
What can automating process lead to (positives and negative)
- Improved work
conditions - Higher quality
products - Lower (unit) cost
- deskilling of workforce
- elimination of jobs
