10 mark 6.2/6.3 - PHPS

Question 1

Discuss how the principles of information security, including the risks and impacts, should be considered by PHPS when handling customer and delivery information, to stop a data breach from occuring again. (10)

Answer 1

Principles: The key principle of confidentiality means that only authorised PHPS staff should access customer details such as addresses, payment information, and tracking data. For example, only employees who are managing deliveries or customer accounts should view or edit this data. Integrity is also crucial; the data must be accurate and up-to-date. If a customer’s address is recorded incorrectly due to poor data handling, parcels could be delivered to the wrong location, causing major customer dissatisfaction. Additionally, the principle of availability must be upheld, meaning that customer and parcel tracking information should always be accessible when needed, such as when a customer checks the status of their delivery.

Risks:
There are several risks, such as unauthorised access to data, if hackers break into the PHPS system this could result in data theft of customer’s sensitive information, or accidental loss of parcel information through equipment failure could then lead to the website crashes. Having the data be intentionally changed, will then cause wrong delivery updates.

Impacts:
The impacts could be serious. If PHPS loses customer trust due to a data breach, it could damage their reputation and lead to a loss of business. If tracking information is lost, parcels might not be delivered on time, causing customer complaints. Breaching data laws like GDPR could also lead to fines and legal problems for PHPS.

To prevent this, PHPS should have strong security measures like passwords, encryption, and regular data backups.