1.5.1 Flashcards
(21 cards)
What is the Data Protection Act 1998?
A law that protects how personal data is handles and prevents misuse.
Who is not subject to the Data Protection Act?
-Domestic i.e writing to family or taking pictures
-Law enforcement
-Intelligence services processing
What are the 8 principles of the Data Protection Act?
1.Personal data must be fairly and lawfully processed (Should be clear what they want and why)
2.personal data must be collected for specified and lawful purposes (Should only be used for the originally use stated)
3.Personal data must be adequate, relevant, and not excessive (Cannot request data that they do not need)
4.Personal data must be kept accurate and up-to-date (If data is wrong or outdated, you have the right to have it deleted/corrected)
5.Personal data will not be kept for longer than necessary (Must delete it when there is no purpose for it)
6.Personal data must be processed in line with people’s rights (If requested, a company must provide a customer with all the data they hold on them)
7.Personal data must be held securely
8.Personal data must not be transferred to countries outside the European Economic Area unless those countries have similar protection laws
What must a company do relating to the Data Protection Act?
-Appoint a member of staff as their Data Controller, responsible for making sure the principles are not breached
-Place physical or digital security measures to prevent data being accessed without consent
-Send a copy of the data if a Subject Access Request is received
What are the rights of an individual under the Data Protection Act?
-To be informed about the collection of their data
-To access the data
-To have inaccurate data rectified
-To withdrawal consent at any time (where relevant)
-To object processing in certain circumstances
-To complain to the Information Commissioner
Case Study for Data Protection Act: British Airways
-Fined £20million by the UK’s data protection authority over data security failings that allowed unauthorised access to payment card credentials to more than 400,000 of their customers.
-They could have prevented this by having more effective security monitoring and regularly penetration testing to fix any errors
What is the Computer Misuse Act 1990?
Protects against the wilful harm & damage of IT systems & data.
What are the 3 primary offences in the Computer Misuse Act?
1.Unauthorised access to computer materials i.e files
2.Unauthorised access with intent to commit further offences
3.Unauthorised modification of computer files
What can be used to minimise the threat from unauthorised access?
-Firewalls
-Digital signatures or Certificates
Case Study for the Computer Misuse Act: Kim Doyle
-A former employee of RAC (insurance company) was found guilty of transferring personal data to accident claims firms without permission.
-This included data such as road traffic accident data, names, phone numbers, and registration numbers.
-She pleaded guilty and was handed an 8 month prison sentence which was suspended for 2 years.
What is the Copyright Designs and Patents Act 1998?
Protects intellectual property of an individual or company, it makes it illegal to copy, modify, or distribute software or other intellectual property without the relevant permission.
Does original work automatically get Copyright applied?
Yes, as long as it is truly original.
What are the primary breaches under the Copyright, Designs, and Patent Act?
-Copying and original work
-Issuing a copy of the original work to the public
-Renting/lending the copy if the original work to the public
-Performing, showing, or playing the original work in public
-Making an adaptation of the original work
What are the secondary breaches under the Copyright, Designs, and Patent Act?
-Importing a copy of original work
-Possessing to dealing with a copy of the original work
-Providing means to make copies of the original work
-Permitting the use of premises for making copies of the original work.
-Provision of props or equipment for a performance of the copy of the original work
Case Study for the Copyright, Designs, and Patents Act: Ed Sheeran v.s Marvin Gaye
-Ed Sheeran had a case brought against him about his song ‘Thinking Out Loud’ when heirs of Gaye’s co-writer argued that Sheeran copied ‘Let’s get It On’s chord progression.
-Ed Sheeran won the case
What is the Regulation of Investigatory Powers Act 2000?
Legislates how organisations can monitor electronic communications.
It covers surveillance, investigation, and interception of communication by public bodies.
What does the act enforce Internet Service Providers (ISP) to do?
Give up information on request from an authorised authority and to ensure that their networks have sufficient hardware installed to facilitate surveillance about a person.
Why is the act controversial?
-Its power extends to small agencies like local councils.
-Some people feel that the act is an invasion of their privacy or that it is used improperly.
-There have been examples of it being used for reasons other than monitoring criminal or terrorist activity.
What does the act allow police and other public bodies to do?
-Demand an ISP to provide access to a customer’s communications.
-Allow mass surveillance of communications.
-Demand access to be granted to protected information.
-Allow monitoring of an individuals internet activities.
-Prevents the existence of such interception activities being revealed in court.
Case Study for the Regulation of Investigatory Powers Act: British Councils
-In 2016, an investigation was completed after councils were given permission to carry out more than 55,000 days of covert surveillance over 5 years which included people walking dogs, feeding pigeons, and fly-tipping.
-A freedom of information request revealed that 186 local authorities (two-thirds of those that responded) used RIPA to gather evidence by secret listening devices, cameras, and private detectives.
