Flashcards in U1T4 - Legal Considerations Deck (30)
What are the 3 main parts of current ICT legislation?
Data protection act, copyright designs + patent act + computer misuse act.
Why was the data protection act created?
Increased volume of info stored on comps meant there was a need to control what was stored to protect personal data and has 8 principles. They all describe how personal data should be treated. It also specifies roles of key people.
What are the 8 principles of the data protection act?
Personal data should be....
Processed fairly + lawfully with consent of data subject, only used for specified purpose, adequate + relevant for intended purpose, accurate + up to date, not kept for longer than necessary, processed in accordance with rights of data subject, held securely with no unauthorised access + not transferred out of EU.
What is a data subject?
Individual who is subject of personal data.
What is the (information) commissioner?
Responsible for enforcing data protection act, promoting good practice from those responsible for processing personal data + make gen public aware of rights under act.
What is the data controller?
Person in company responsible for controlling how personal data processed.
What has been the impact of data protection legislation?
Protects rights of individuals which organisations store data about. Organisation held responsible for security, accuracy + conditions of use of data. If they don't, they may be punished. All organisations must have policies in place to follow legislation e.g. validation + verification. Ensuring data is up-to-date may involve regular contact w/ data subject to verify their data. Keeping security involves implementing security measures like physical access, system access, firewalls, + back-ups. Must also provide training for staff to comply with legislation.
Why was the Copyright Designs + Patent Act created?
Protect “intellectual property” rights of individuals +
organisations that create + produce original material. e.g. Books, articles, music, films + software.
What is software piracy?
Involves illegal copying, modifying or downloading software. This means avoiding the price of buying software. Can also be ‘theft’ by 1 company of ideas + methods of other ICT companies. Can result in higher prices for those legally buying software + discourages software houses from being innovative in creating new software.
How can organisations follow the copyright designs + patents legislation?
When organisations use computer networks to buy software, they also buy a software licence for users. They are legally allowed to distribute software to that num of users. To enforce the law, they must ensure all employees know the Act + consequences of breaking it. Must carry out audits on software it uses + monitor who has access to it. Must comply w/ Licensing
agreements + control access to software. Unauthorised software mustn't be permitted into the office.
Why was the Computer Misuse Act created?
Prevent computer crimes involving unlawful access to info systems/data files. Unauthorised access to comp material is an offence, unauthorised access w/ intent to commit/facilitate commission of further offences is also an offence + unauthorised mod of comp material is a further offence. Identifies spec crimes like comp viruses + hacking into comps.
How can organisations comply with the computer misuse act?
Employees could use company resources to hack other companies +if it were shown that organisation was negligent in preventing this, it could be partly liable. It must have policies to ensure employees are aware of the terms + consequences of the Act. This would include an “Acceptable Use” policy with disciplinary procedures. Comp use should be audited + suspect activity fully investigated. Username + passwords means access is controlled so employees only have access necessary to complete their work.
What are some of the ethical considerations in terms of the ICT legislation?
Proliferation of digital communication, content + connectivity provides num of ethical challenges.
What are the ethical issues in terms of ICT legislation?
Reading private emails, employee's emails for security + ensuring rules aren't broken, disclosing email reading policy. Can we monitor website visited + keep logs (porn) Can we play key loggers on comps to see what users type, screen capture programs? Should we tell users we are doing this? Can we look at user's files + pics? This isn't about legislation.
Legally, we can monitor all this but what are the ethical aspects of doing so. You could use info to blackmail/embarrass someone. If you can read email, can you go through their bag + desk?
What are some examples of ethical dilemmas?
If you learn company secrets by checking emails etc, can you share that knowledge with new company? Should you share docs showing company is violating laws? Is it diff if you signed a non-disclosure agreement? If you learn something about a client that affects other clients, do you tell them? May also be easy to make companies more afraid so you provide more and more expensive security to them. Promising more than you can deliver to get more money i.e. saying it's completely secure when it can never be 100% secure. Voluntary professional associations like ACM have made own ethical + professional codes which can be used as guidelines for other organisations.
Describe digital theft + copyright violation.
Digitising means it's easy to 'steal' songs, films etc.
Can a friend share a song they bought with you without you paying for it?
Describe the issue of privacy.
We give lots data online through searches + social media posts. Many of our clicks create data that is sold to marketers + other third parties.
What is ethics?
Accumulation of values + principles that address questions of what is good/bad in human affairs. Searches for reasons as to why you should or shouldn't do something.
What is the ACM?
Association for Computing Machinery.
What is the new version of the DPA?
What is the mnemonic for the DPA?
Could Peter Really Afford To Pick Stacy Trumpton
Consent, Purpose, Relevant, Accurate, Time, Processed, Security, Transfer.
What are some examples of breaking the computer misuse act?
Watching friend put in password + downloading their pics using it. Access friend's phone + steal bank details to transfer money into your account. Use booter tool to knock friend from online game. Hack into NASA system. Download + deploy malware onto friend's computer - even if you didn't get to use it.
What are the 6 rights the DPA gives the data subject?
Right of access to their data, right of correction of inaccurate data, right to prevent use of distressing info, right to prevent direct marketing, right to prevent automatic decisions based on data + right to complain to commissioner.
Discuss the main ethical considerations relating to use of personal info by companies.
Legislation lags behind DT developments, ethics fills this gap. Ethical dilemmas created by gathering, storing + using personal data. Can be used for purposes other than intended but ethics say why not done. Can get data legitly but use it in a way a data subject doesn't know about. Can obtain irrelevant data. Data users must understand changes and change their conduct around data for morals.
What are the main ethical considerations in terms of automated decision making?
Who are the beneficians of the decision? What is the impact of the decision on the individual? Is the decision based on info over which the individual has no control? Is the decision based on biased data?
What are the main ethical considerations in terms of online censorship?
How is the individual’s right to freedom of expression/access to info protected? What rights have govt/organisations to restrict/monitor internet use? Who owns data published on internet? Who regulates online environment across national/regional boundaries?
What are the main ethical considerations in terms of monitoring personal behaviour?
What is being monitored? Is it ok to check how employees use work computers? (Social media) Is it acceptable to check emails for security, use CCTV? Should people know about this monitoring? Who does it benefit?
What are the main ethical considerations in terms of AI?
Job losses, fair distribution of wealth created by machines, effect of human interaction with robots, security of AI systems.
What are the main ethical considerations in terms of the capture, storage + analysis of personal info?
Who benefits? What is it used for? Using cookies + if not accepting them, not being allowed to access website how does it impact data subject?