4.1 Uk legislation & regulation relating to storing and use of information

Question 1

What is the Data protection act/GDPR?

Answer 1

This act protects the data of individuals that is stored on computers and the processed by organisations

Question 2

What is a data subject?

Answer 2

each person who has their data stored

Question 3

what is a data controller?

Answer 3

an employee within an organisation who are responsible for registering with the Information Commissioner

Question 4

What is the Information Commissioner?

Answer 4

The person in the UK who is responsible for managing several laws (Daya Protection act)

Question 5

What is the 1st principle of the Data protection act?

Answer 5

1. Data must be collected lawfully and processed fairly in a way that is clear to individuals

Question 6

What is the 2nd principle of the Data protection act?

Answer 6

2. Data must only be collected for specific reasons and not to be used for anything beyond that

Question 7

What is the 3rd principle of the Data protection act?

Answer 7

3. Data must be relevant and not excessive for the intended purpose.

Question 8

What is the 4th principle of the Data protection act?

Answer 8

4. Accuracy – Data must be kept accurate and up to date, with mechanisms to correct or delete incorrect information.

Question 9

What is the 5th principle of the Data protection act?

Answer 9

5. Data must not be kept no longer than necessary

Question 10

what is the sixth principle of the data protection act?

Answer 10

6. Data must be protected against unauthorized access, loss, or damage using appropriate security measures.

Question 11

What is one action an organisation must stick to when following the data protection act?

Answer 11

There must be strong security measures in practice to protect data from being accessed or transferred without unauthorisation.

This could be physical or digital security measures

Question 12

What is another action an organisation must stick to when following the data protection act?

Answer 12

staff must be trained so that they are clearly aware of the responsibilities. For example. They should know that these can only be used for reasons specified when it is collected and should not be transmitted to others without permission from the data subject.

Question 13

What is another action an organisation must stick to when following the data protection act?

Answer 13

Data subjects have the right to make SAR and receive a copy of their data. Companies must accept this request by asking the data subject for identification verification I’m presenting the data to them securely.

Question 14

What is one right at the subject has?

Answer 14

The individual must verify their identity with valid ID

The organisation must provide the requested information within 40 days .

Question 15

What is the computer misuse act?

Answer 15

Act attempts to punish those use computers inappropriately
Breaking these rules could lead to fines and persecution

Question 16

what is the first principle of the computer misuse act?

Answer 16

No unauthorised access to data.

Question 17

What is the 2nd principle of the Computer misuse act?

Answer 17

No unauthored access to data that could be used for illegal crimes

Question 18

what is the 3rd principle of the Computer misuse act?

Answer 18

No unauthorised modification of data
E.g. Actions that damage, delete, alter, or disrupt computer systems, such as spreading viruses, malware, or launching denial-of-service (DoS) attacks.

Question 19

what is the regulation of investigaritory powers act 2000? (RIPA)

Answer 19

This act was introduced to monitor and access online communication of suspected criminals

Question 20

what can an Internet service provider do?

Answer 20

• Must provide access to the suspects online communication such as emails/social media
• ISPs could install surveillance software to track the suspects online activity.

Question 21

What is the Freedom in Information act 2000?

Answer 21

this act allows people to request public authorities to release information

Question 22

How should a Freedom of Information request be done?

Answer 22

Formally submitted in a letter or email with the reply from the organisation within 20 days

Question 23

What is the Copyright, Designs and Patents act 1988?

Answer 23

This act makes it a criminal offence to copy work that is not your work without permission from the owner

Question 24

what kind of owner do if their work has been copyrighted?

Answer 24

The owner can bring legal proceedings in court to someone who has stole their work

Question 25

What does the Copright act prohibit?

Answer 25

- Making copies of copyrighted material to sell to others. • Importing and downloading illegally copied material (except for personal use). • Distributing enough copyrighted material to have a noticeable effect on the copyright holder. • Possessing equipment used to copy copyrighted material, as part of a business.

Question 26

What is the Protection of Freedoms act 2012?

Answer 26

designed to protect civil liberties and personal privacy

Question 27

What is the 1st part of the protection of freedoms act 2012

Answer 27

states how biometric data is stored, handled and collected. Immediate deletion if someone is arrested but not charged. • Deletion after 3 years if a person is charged but not convicted (unless extended by a judge). • Retention of data only for serious offenses like murder or terrorism.

Question 28

What is 2nd part of this act?

Answer 28

Regulation for CCTV and ANPR The law introduced guidelines for how public bodies, such as councils and police, use: •CCTV (Closed-Circuit Television) – to prevent excessive surveillance of the public. •ANPR (Automatic Number Plate Recognition) – to ensure fair use of vehicle tracking systems.

Question 29

what is the Privacy and electronic communications regulations Act 2003?

Answer 29

regulates how an organisation can communicate with individuals

Question 30

What are the rules of this act?

Answer 30

It is an offence to directly contact an individual unless they have specifically opted in to receive communication This is commonly managed by using tick boxes on online stores where you must opt-in to receiving promotional material.

Question 31

What is another rule?

Answer 31

Companies must clearly state who they are when contacting customers, such as displaying the phone number when calling - and not 'hiding' the number.

Question 32

What is another rule?

Answer 32

Organisations must explain how cookies are used on their website.

Question 33

what is the Information of Commissioners code of practice ?

Answer 33

The ICO publishes code of practices about a various data protection and privacy topics.

Question 34

what is One code of practice?

Answer 34

how Organisations should share data

Question 35

what is the Equality act 2010?

Answer 35

Legally protects people from discrimination in the workplace and in wider society

Question 36

what is the aim of this act?

Answer 36

to end discrimination in the work place open up fair opportunities for every employee regardless of physical or behavioural characteristics that are outside of their control.