4.1 - application to PHPS Flashcards
PHPS holds personal details relating to its customers registration details when logging onto the PHPS website.
Discuss the impacts of the Data Protection Act (DPA) on PHPS when handling this personal information. [10 marks]
- A data controller must be appointed and register with the Information Commissioner. This person is responsible for ensuring PHPS complies with the DPA.
- PHPS should then follow the 8 principles of the DPA when handling customer’s personal information.
- They need to be CLEAR to the customers on what type of INFORMATION (e.g payment details, names, contact numbers…etc) they are collecting & what they are using it for which is to MANAGE PARCEL DELIVERIES.
- Also the data should be relevant to them managing parcel deliveries, while also checking the data is ACCURATE AND UP TO DATA prior to making parcel deliveries.
- Once the deliveries are completed, they should remove the data.
Finally, they need to make sure the data is secure by implementing security measures (e.g encryption) and doing regular data backups. This then prevents another breach from happening again, and them then having a loss of reputation / a decline in customers + trust.
Their customers also have the right to modify their data if it is incorrect through them making a SAR (Subject Access Request)
When PHPS operates internationally what should it make sure other companies do ?
they should make sure the other companies comply with the DPA act as well/ or get consent from the customer for when they are handling their data.
The Data
Protection Act (DPA) needs to be considered by PHPS as they store personal details.
Discuss the impacts and consequences to PHPS of non-compliance with the DPA.
Impacts:
Financial impacts include:
~ Fine from ICO
~Compensation to data holders
~Reduction in customers
~Stop of business activities
Operational disruption:
~If a data breach has occurred
Time:
~Security or logical / physical measures will
need to be reviewed & increased
~Any other valid suggestion
Consequences:
~ Damage to reputation
~Loss of customers / MAT
~Less income for PHBC
~Increased costs
~New hardware
~New software
~New security protection
~Staff training
~Loss of trust
~Customers / MAT who have
contact data stored
~Any other valid suggestion
15 (b) Explain why PHPS does not have to respond to a FoI request. - 4 marks
PHPS is a business (1) who are not
covered by the FoI Act (1)
Only public authorities / those
funded by the state are covered by
this Act (1)
Discuss the implications of the copyright, design and patents act when using these photographs (10)
An Act passed to ensure that
people who create a
photo/image/music/text can be paid
if it is used.
To provide protection to the
creators of work if it is stolen or
used without their permission
The creator of an image can charge
PHPS for their image to be used or
ask PHPS to acknowledge them as
the creator of the photo on the
website.
The Act enables the ownership of a
work to be established.
A UK–based communications company recently had a breach in security relating to its customer
database.
Explain how the Computer Misuse Act (CMA) has been broken during this security breach. [6]
Makes it illegal to gain unauthorised
access to computer material (1) the
breach (1) means that access has
been gained (1)
Unauthorised access with the intent
to commit further offences (1) data
may have been stolen (1) to enable
identity theft to take place (1)
Unauthorised alterations may have
been made (1) account details may
have been changed (1) to the
benefit of the hackers (1)
Examples include:
-The breach means that access has
been gained to the hardware /
software
-Changes to data / information may
have been made
-Data / information may have been
stolen
-Identity theft may occur if personal
details have been stolen
-Details may have been changed to
the benefit of the students
Customers can choose to receive or opt-out of receiving marketing communications from PHPS.
Identify the regulation that relates to this. [1 mark]
-> Privacy and Electronic
Communications Regulation /PECR (1).
Explain one action that should be taken by PHPS to comply with the PECR. [3]
To only contact customer (1) if box
has been ticked (1) /not to contact
customer (1) if box has not been
ticked (1).
To display (1) their telephone
number (1) if contacting a customer
by phone (1).
if cookies (1) are set on the website
(1) explaining what they will do and
why (1)
Discuss, using examples, how the Protection of Freedoms Act (2012) should be considered by police
forces when they are carrying out criminal investigations. [10 marks]
Biometric data must be deleted of
suspects who are not convicted of
any offence.
The processing of biometric
information must be discontinued if
any parent of the child objects.
Criminal records disclosure is
required for anyone working or
involved in activities with vulnerable
groups.
Certain data should be provided in
an electronic form suitable for reuse.
Schools and colleges to obtain
consent of one parent of a child
under 18 for acquiring and
processing the child’s biometric
information.
The child has the right to stop the
processing of their biometric
information regardless of any
parental consent.
The processing of biometric
information must be discontinued if
any parent of the child objects.
The Chief Executive is concerned that PHPS does not fully meet information security and
data protection legislation in the UK.
Explain two possible effects on PHPS if it were to lose or mishandle personal information of customers. - 4 marks
Loss of reputation (1) because
custimers will not trust the PHPS if
they hear about any loss or
mishandling of personal information
(1).
Fines from the UK Information
Commissioner ’s Office (1) because
they might have broken the Data
Protection Act (1998).
Reduced customers (1) because
customers will not want their personal
data held by PHPS (1)
Competitors can enter the competition using a web-based or paper-based form.
Explain how the Equality Act should be considered when creating the entry forms. [10]
It protects competitors from
discrimination due to their personal characteristics (gender, age, race..etc)
Competitors cannot be treated any
differently because of a protected
characteristics.
All competitors should be able to
access the entry forms
The entry forms must be supplied in
a format as requested by the
competitor
Questions on the entry form must
not be biased towards / against any
of the protected characteristics
Any other valid suggestion
Protected characteristics:
- age
- disability
- gender reassignment
-marriage and civil partnership
- pregnancy and maternity
- race
- religion or belief
- sex / sexual orientation.
15(a)
Explain the purpose of the Freedom of Information (FoI) Act [3 marks]
Enables the general public (1) the
right to access information about
the activities (1) carried out by a
public authority (1
PHPS are considering new computer systems to manage parcel booking and track deliveries. The company wants to use Green IT to improve its sustainability and reputation
Describe the purpose of Green IT (3)
To use computers / IT resources (1) in an efficient / environmentally responsible way (1)
To reduce waste (1) by recycling resources / computers (1) To reduce carbon footprint (1)
To help reduce global warming (1)
Any other valid suggestion
PHPS is redeveloping its parcel booking website.
Identify and describe one feature that should be included on the website to ensure compliance with the UNCRPD (4)
Screen reader (1st) reads the text (1) on the webpage (1) for people with sight problems (1)
Alt Tags (1st) on images (1) reading software (1) can describe the image (1)
Type of font (1) can be changed (1) as some fonts / example are easier (1) to read than others / example (1)
