Ethical, legal, privacy and data security Flashcards
5 (30 cards)
Ethical definition
It’s about knowing what’s right and wrong and choosing to do what’s right, even when it’s hard.
Ethical issues in IT
Privacy: Collecting personal data without consent, or sharing it without permission, violates people’s privacy rights.
Security: Failing to protect sensitive information from hackers or other threats can lead to data breaches and harm to individuals.
Accessibility: Not ensuring that technology is accessible to everyone, regardless of disabilities or socioeconomic status, can lead to exclusion and unfairness.
Workplace Issues: Monitoring employees’ digital activities excessively or without their knowledge can violate their privacy and trust.
BCS Code of conduct
The BCS Code of Conduct is like a guidebook for IT professionals. It lays out the rules and principles they should follow to do their job ethically and responsibly.
Legal issues
Computer crime(Computer Misuses Act 1990)
Protecting personal data
(Data Protection Act (1998, 2018),
GDPR)
Computer Crime and abuse
Theft
Hacking
Spamming
Denial of service attack
Sniffing
Identify theft
Theft definition
Theft is taking something that doesn’t belong to you without permission.
Hacking
Hacking is like breaking into a digital lock without permission.
Spamming
Spamming is like sending lots of unwanted messages to people, usually through email or social media.
Denial of service
It’s when someone floods a website or online service with so much traffic that it becomes overwhelmed and can’t work properly for legitimate users.
Sniffing
In the digital world, it’s when someone intercepts and eavesdrops on data being sent between computers or devices over a network, like spying on private information being transmitted over Wi-Fi.
Identify theft
Identity theft is like someone pretending to be you, using your personal information without permission.
Computer Misuse Act 1990
The Computer Misuse Act 1990 is a law in the UK that makes it illegal to misuse computers and related technology.
The Act helps protect against hacking, unauthorized access, and other cybercrimes.
Section 1 is the basic offence of hacking (including failed attempts).
Section 2 comes in when the hacking leads to another offence (e.g. theft).
Section 3 covers the use viruses, worms; also phishing and DoS.
Privacy
Privacy refers to the protection of sensitive information stored within the database.
Privacy is the ability of an individual/group to stop data or information about
themselves from becoming known to people other than those whom they
choose to give access
Data protection Act
The Data Protection Act 1998 was a UK law that aimed to protect individuals’ personal data stored by organizations.
Data Protection Act (1998)
8 key principles:
- Personal data should be processed fairly and lawfully and only if necessary
- Personal data shall be obtained for one or more specified purposes, and not
processed further for other purposes - Personal data should be adequate, relevant and not excessive
- Personal data should be accurate and kept up to date
- Personal data should not be kept for longer than is necessary for the original
purpose - Personal data shall be processed in accordance with the rights of data subjects
under this Act - Appropriate technical and organisational measures shall be taken against
unlawful processing, accidental loss, destruction or damage of personal data - Personal data should not be transferred to a country outside of the EU unless
they ensure an adequate level of protection for the rights and freedoms of
data subjects in relation to the processing of personal data
The Data Protection (2018)
The Data Protection Act 2018 is a UK law that governs how personal data is handled.
The Data Protection Act (2018) 6 key principles:
1.)Requirement that processing be lawful, fair and transparent.
2.)Requirement that the purposes of processing be specified, explicit and
legitimate.
3.)Requirement that personal data be adequate, relevant and not excessive.
4.)Requirement that personal data be accurate and kept up to date
5.)Requirement that personal data be kept for no longer than is necessary
6.)Requirement that personal data be processed in a secure manner.
General Data Protection Regulation
It’s a law that makes sure companies and organizations handle your data responsibly and keep it safe.
The EU General Data Protection Regulation (GDPR) has now come to replace
the for Data Protection Directive 95/46/EC. It was created to:
* Harmonise data privacy laws Europe wide,
* Effectively empower all EU citizens data privacy
* Remodel the way organisations in the region approach data privacy.
Consent
It’s when you agree to something, like sharing your information or participating in an activity, with full understanding of what you’re agreeing to.
Individual rights
1.)The right to be informed
2.) The right of access
3.)The right to rectification
4.)The right to erasure
5.)The right to restrict processing
6.)The right to data portability
7.)The right to object
8.)Rights in relation to automated decision making and profiling.
Data security
Security can be breached in different ways:
-Theft and fraud.
-Loss of integrity – damage or loss of data.
-Loss of confidentiality – rights of organisation to secrecy.
-Loss of privacy – rights of control over personal data.
-Loss of availability – system down-time.
-A security breach can be catastrophic to an organisation leading to:
-Lost revenue
-Unexpected repair costs
-Damaged reputation
-Legal liability
-Loss of IP / competitive advantage
Threats to security
Hardware
Users
Programmers/operators
Communication networks
Database
Reducing security risks
Authorisation
Backup and recovery
Encryption
Redundant Array of Inexpensive Disks
Firewalls
Legal Issues
Intellectual property
Copy rights
Patents
