2.Learning Aim A3

Question 1

What is the primary purpose of the Data Protection Act (1998)?

Answer 1

To protect the privacy of individuals by ensuring that their personal information is processed in an ethical manner.

Question 2

What significant law replaced the Data Protection Act (1998) in the EU?

Answer 2

General Data Protection Regulations (GDPR) enforced on May 25, 2018.

Question 3

What is the maximum fine for breaching GDPR?

Answer 3

€20 million or 4% of a business’s annual turnover, whichever is largest.

Question 4

What body is responsible for investigating data protection violations in the UK?

Answer 4

Information Commissioners Office (ICO).

Question 5

Fill in the blank: The Data Protection Act (1998) covers data stored on _______.

Answer 5

paper and audio data.

Question 6

What principle was added to the GDPR that was not in the Data Protection Act (1998)?

Answer 6

Accountability principle.

Question 7

What does the Computer Misuse Act (1990) protect users against?

Answer 7

Theft and damage of information stored using IT systems.

Question 8

What is the punishment for unauthorized access to computer material under the Computer Misuse Act?

Answer 8

Up to 2 years in prison and/or a large fine.

Question 9

True or False: The Computer Misuse Act (1990) only applies to successful hacking attempts.

Answer 9

False.

Question 10

What additional offence was added by the Police and Justice Act (2006)?

Answer 10

Making, supplying or obtaining anything which can be used in computer misuse offences.

Question 11

What does the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations (2000) allow organizations to do?

Answer 11

Monitor communications over their network.

Question 12

List one of the purposes for which organizations can monitor communications under the Telecommunications Regulations.

Answer 12

• To establish the existence of facts and ascertain compliance with regulations
• In the interests of national security
• To prevent or detect crime
• To investigate or detect unauthorized use of the network
• To secure and ensure the effective operation of the network

Question 13

What three classes of fraud are defined in the Fraud Act (2006)?

Answer 13

• Fraud by false representation
• Fraud by failing to disclose information
• Fraud by abuse of power

Question 14

What is the maximum punishment for fraud under the Fraud Act (2006)?

Answer 14

Up to 10 years imprisonment.

Question 15

What does the Health and Safety at Work Act (1974) require employers to do?

Answer 15

Perform a risk assessment and ensure the health, safety, and welfare of employees.

Question 16

What is one duty of employees under the Health and Safety at Work Act?

Answer 16

Take care of their own health & safety and that of others.

Question 17

What can the Health & Safety Executive do if a business is found guilty of an HSWA offence?

Answer 17

Impose an unlimited fine and/or a prison term of up to 2 years.

Question 18

Fill in the blank: The Health & Safety at Work Act is enforced by the _______.

Answer 18

Health & Safety Executive (HSE).

Question 19

What happened to the punishment for unauthorized access under the Police and Justice Act (2006)?

Answer 19

Increased to 2 years imprisonment.

Question 20

What is the consequence of breaching the Data Protection Act (1998)?

Answer 20

A fine of up to £500,000.

Question 21

What is a key feature of the accountability principle under GDPR?

Answer 21

Organizations must have appropriate measures and records to demonstrate compliance.

Question 22

True or False: The Computer Misuse Act (1990) only applies to traditional hacking.

Answer 22

False.