Presentation on theme: "Information Systems LO2 - Understand the issues related to use of information."— Presentation transcript:
Information Systems LO2 - Understand the issues related to use of information
LO2ScenarioCriteria2Assessment P1 – Explain how organisations use Information P2 – Discuss the Characteristics of Good Information M1 – Assess the improvements which can be made to an identified organisation’s Business Information Systems P3 - Explain the issues related to the use of information D1 – Compare Legal, Ethical and Operational issues that may affect organisations. P4 – Describe the features and functions of Information Systems P5 – Identify the information systems used in a specified organisation M2 – Illustrate the input and output if Information within a specified functional areas of an organisation D2 – Analyse the legal and ethical implications of the illustrated inputs and outputs. P6 – Select Information to support a business decision-making process P7 – Use IT tools to produce management information. M3 – Explain the value of a management information system.
LO2ScenarioCriteria2Assessment P3 - Evidence could be a report or a presentation demonstrating the learners understanding of the issues related to the use of information which must include those in the teaching content. Learners must also evidence the ethical issues and the operational issues. They should explain how these impact on organisations in general. D1 – For a distinction criterion D1, evidence must include a comparison of at least two criteria for each of the legal, ethical and operational issues and how they affect at least two different organisation types. This evidence could be an extension of P3 but should compare the examples. Evidence of effects on the organisation must be clearly explained within the learner evidence.
LO2ScenarioCriteria2Assessment This should be delivered by the tutor and an overview of the legislation related to the use of information and learners should research and discuss these in more details to include a summary of the purpose, implications and where it applies. This may be in small groups presenting to the larger group their findings on: Legislation: ◦ Data Protection Act 1998 ◦ Freedom of Information Act 2000 ◦ Computer Misuse Act 1990 ◦ Copyright. To consolidate learning tutors could provide several brief scenarios to learners which will contain situations regarding legality. The groups could then discuss which legal issues apply. This will stimulate the learner to research further and embed the knowledge pertaining to legal issues. Within the groups discuss the affect different outcomes will have on organisations.
LO2ScenarioCriteria2Assessment Learners should be taught the ethical issues and considerations and should be encouraged to research to find examples in the media where there have been ethical issues within organisations and what they were. This could be done as small groups reporting back or individual work discussed with the group. Learners should then investigate the operational issues that need to be considered with regards to the use of information. Using an example of an identified organisation, class discussion should be initiated regarding topics such as whistle blowing and information ownership both of which learners like to explore. This will embed for the learner the difference between, what is legal and what is ethical. Give examples of operational issues regarding backing up of their work and Health & Safety.
LO2ScenarioCriteria2Assessment This Act applies to personal information about an individual It is aimed at protecting the rights of the individual to privacy. The Act is quite complex but there are basically eight common sense rules - known as the ‘data protection principles’ Gives important rights to the person about whom the data is held about this includes the right to know what information is held, including information held by an employer, and the right to correct information that is wrong ◦ Compensation can be claimed through the courts if an organisation breaches this Act and causes damage, such as financial loss, claim for distress caused as a result of the incident If an organisation holds data on individuals, it must register under the Act ◦ Employees must adhere to the Act and the employer will have rules/ guidelines to follow ◦ The employer will be prosecuted if they break this law and if an employee is found to be negligent, he/she may be liable for prosecution too.
LO2ScenarioCriteria2Assessment The Act defines eight principles of information-handling practice 1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed 2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes 3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed 4. Personal data shall be accurate and, where necessary, kept up to date 5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes 6. Personal data shall be processed in accordance with the rights of data subjects under this Act. 7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data 8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data
LO2ScenarioCriteria2Assessment The act says that data must be: 1. Fairly and lawfully processed (used) 2. Used for limited purposes 3. Adequate and relevant - only what is needed may be used 4. Accurate 5. Not kept for longer than is necessary 6. Accessible to the individual and able to be corrected or removed where necessary 7. Secure 8. Not transferred to countries without adequate protection. Task 1 (P3.1) - Produce a report describing the risks and the measures employees/employers need to consider when dealing within data held What is it?Adhering to Legislation
LO2ScenarioCriteria2Assessment The Freedom of Information Act gives a person the right to ask any public body - such as the local authorities and councils, hospitals and doctors’ surgeries, schools, colleges and universities, the police - for all the information they have on a particular subject. Everyone can make a request for information - there are no restrictions on age, nationality, or the area lived in Unless there’s a good reason, the organisation must provide the information within 20 working days You can also ask for all the personal information they hold on you - some information might be withheld to protect various interests which are allowed for by the Act / If this is the case, then they must say why they have withheld any information There is often no fee attached to making a request under the Freedom of Information Act unless it is in excess of a certain cost limit Administration charges, for photocopying and postage for example, may be levied at the discretion of the organisation. If information is requested about themselves, it will be handled under the Data Protection Act Task 2 (P3.2) - Produce a report describing how employees/employers are obliged to provide information to interested parties What is it?Adhering to Legislation
LO2ScenarioCriteria2Assessment Just buying a book, CD, video or computer program does not give you the right to make copies (even for private use) or play or show them in public. The right to do these things generally belongs to the copyright owner, so you will need their permission to use their material. Task 3 (P3.3) - Produce a report describing the risks and the measures employees/employers need to take to prevent illegal use of resources. What is it?Adhering to Legislation
LO2ScenarioCriteria2Assessment What is protected by copyright? Copyright protects original literary, dramatic, musical and artistic works, published editions of works, sound recordings (including CDs), films (including videos and DVDs) and broadcasts. The creator of the material has the right to control the way their work can be used. Their rights cover such things as: So copyright is a type of ‘intellectual property’ and, like physical property, cannot usually be used without the owner’s permission. What about computer programs and material stored in computers? A computer program is protected as a literary work. Converting a program into or between computer languages and codes counts as ‘adapting’ a work Storing any work in a computer involves ‘copying’ the work Running a computer program or displaying work on a VDU will usually involve ‘copying’ CopyingAdaptingDistributing Communicating through Electronic means to the Public Renting or Lending Copies to the Public Performing in Public
LO2ScenarioCriteria2Assessment What the Law States – Part 1: 1 - Unauthorised access to computer material. (1)A person is guilty of an offence if— ◦ (a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer, or to enable any such access to be secured; ◦ (b) the access he intends to secure, or to enable to be secured, is unauthorised; and ◦ (c) he knows at the time when he causes the computer to perform the function that that is the case. (2)The intent a person has to have to commit an offence under this section need not be directed at— ◦ (a)any particular program or data; ◦ (b)a program or data of any particular kind; or ◦ (c)a program or data held in any particular computer. (3) A person guilty of an offence under this section shall be liable— ◦ (a) on summary conviction in England and Wales, to imprisonment for a term not exceeding 12 months (6 months in Scotland) or to a fine not exceeding the statutory maximum or to both.
LO2ScenarioCriteria2Assessment What the Law States – Part 2: 2 - Unauthorised access with intent to commit or facilitate commission of further offences. (1) A person is guilty of an offence under this section if he commits an offence under section 1 above (“the unauthorised access offence”) with intent— ◦ (a) to commit an offence to which this section applies; or ◦ (b) to facilitate the commission of such an offence (whether by himself or by any other person); (2) It is immaterial for the purposes of this section whether the further offence is to be committed on the same occasion as the unauthorised access offence or on any future occasion. (4) A person may be guilty of an offence under this section even though the facts are such that the commission of the further offence is impossible. (5) A person guilty of an offence under this section shall be liable— ◦ (a) on summary conviction in England and Wales, to imprisonment for a term not exceeding 12 months (6 months in Scotland) or to a fine not exceeding the statutory maximum or to both.
LO2ScenarioCriteria2Assessment What the Law States – Part 3: 3 Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer, (1)A person is guilty of an offence if— ◦ (a) he does any unauthorised act in relation to a computer; ◦ (b) at the time when he does the act he knows that it is unauthorised; and (2)This subsection applies if the person intends by doing the act— ◦ (a) to impair the operation of any computer; ◦ (b) to prevent or hinder access to any program or data held in any computer; ◦ (c) to impair the operation of any such program or the reliability of any such data (3) A person guilty of an offence under this section shall be liable— ◦ (a) on summary conviction in England and Wales, to imprisonment for a term not exceeding 12 months (6 months in Scotland) or to a fine not exceeding the statutory maximum or to both; ◦ (b) on conviction on indictment, to imprisonment for a term not exceeding ten years or to a fine or to both
LO2ScenarioCriteria2Assessment Introduction Hacking has been around almost as long as the Internet; some people just love to try and break into a computer system. Prior to 1990, there was no legislation in place to tackle the problems caused by hacking. Although everyone knew that it was wrong and should be against the law, there was nothing that anyone could do about it. As the problem grew, it became apparent that specific legislation was needed to enable hackers to be prosecuted under the law. So, in 1990, the Computer Misuse Act was passed. The Computer Misuse Act (1990) recognised the following new offences: ◦ Unauthorised access to computer material ◦ Unauthorised access with intent to commit or facilitate a crime ◦ Unauthorised modification of computer material. ◦ Making, supplying or obtaining anything which can be used in computer misuse offences. Task 4 – P3.Identify the impact they might have on the business and individuals, with examples of various different businesses Task 4 (P3.4) - Produce a report describing the Computer Misuse Act, and what protections for companies it provides.
LO2ScenarioCriteria2Assessment At the end of the day the Computer Misuse Act is there to prevent unauthorised access or damage. The things that it covers without mentioning the names include Viruses (creating and planting), Hacking (internally and externally) DDOS, Spam and Junk s, directed damage to systems with the intent on causing any slowdown or hindrance to companies. Despite the 30 years of attempting stopping, hacking and Viruses still happen to this day. Virus checkers, firewalls, constant upgrades and preventative measures like SSL still have weaknesses that can leave companies vulnerable. The Computer Misuse Act does not prevent the damage but is there to punish those caught. The Act only applies to Britain, every other country has their own versions but some countries do not have any. Task 5 – P3.5 - Identify the impact Viruses, Hacking, Spam and attacks might have on 2 selected businesses, with evidenced examples. Task 6 – D1.1 – Compare the legal implications and how this would have an impact on you two companies, with examples. Data ProtectionFreedom of InformationCopyrightData Misuse
LO2ScenarioCriteria2Assessment The legal issues surrounding the use, storage, abuse and malpractice are well known but there are other issues that companies should take into consideration when it comes to the treatment of their corporate information. Legally companies have to pay tax but can get away with it through loopholes. Ethically they should pay tax, the human cost of tax avoidance is huge, hospitals, care, education etc. Legally investors run up debts at banks in order to make more money but ethically it is our money they gamble and the banks money if they profit. In our heads there is a line that is drawn that is the difference between legal and ethical, what we can do and what we should do. Examples of ethical issues that do not necessarily impact on legality when it comes to the use of information include whistle blowing, disability, and how companies use of information in their daily business functions.
LO2ScenarioCriteria2Assessment Whistleblowing – This is the practice of reporting abuses at work on a small or large scale, to legal or ethical bodies, in order for or in the hope of something being done. We have all heard of Wikileaks but whistleblowing has been around for a lot longer than this, it just has not been as easy. Morally telling on your own company for their wrong doings is the right thing to do but there can be consequences such as staff layoffs, reduction in business, more pressure at work, firings etc. Ethically companies should not be doing anything that should involve whistleblowing, ethically they should be doing what is right. Examples of specific cases show that it is a matter of opinion, should a member of staff be responsible for the problems caused for their associates. Look at the following examples and judge whether it was right for the company to be punished or what you would do in the same circumstances: Example 1 Example 1 Example 2 Example 2 Example 3 Example 3 Task 7 – P3.6 – Define the ethical purpose of Whistleblowing with examples of their impact on business functions. Task 8 – D1.2 – Compare the ethical implications of Whistleblowing how this would have an impact on you two companies, with examples.
LO2ScenarioCriteria2Assessment Disability – Under the Equal Opportunities Act it is illegal to discriminate against any form of disability. However disability issues are still a moral and ethical issue within businesses, it costs to put into place access ramps, equipped bathrooms, floor lifts and there are other considerations that companies have to consider. Equal right means disabled people are allowed to operate the telephone but what if their disability includes a speech impediment. Might this impact on customer support, or showroom demonstration if the member of staff is wheelchair bound, or doing something delicate like surgery with Parkinson’s disease. Ethically we should not care but we still consider it. The Law states that there is no leeway, signed contracts waiver some issues, other consider it a moral judgement. Example 1 Example 1 Example 2 Example 2 Example 3 Example 3 Task 9 – P3.7 – Define the ethical implications of Disability access with examples of their impact on business functions. Task 10 – D1.3 – Compare the ethical implications of Disability Access and accommodation and how this would have an impact on you two companies, with examples.
LO2ScenarioCriteria2Assessment Use of Information – Under the Data Protection Act it is illegal to use customer or staff information for any other purpose that that for which it was given or collected. The Law states that there is no leeway, but what if the staff information was going to be beneficial to the company and impact on others such as a member of staff applying for multiple jobs, should this hinder their promotional prospects, or if the person was looking to have a baby, should this impact on their levels of assigned responsibilities. Legally it should not impact on their working day but ethically if a company is aware of information should they act on behalf of the staff member or on the financial future of the company. There have been lots of cases of staff leaving and taking clients with them, this is popular with Share Traders, Lawyers, Builders etc. but ethically what can a company do. Similarly with customer information, a company needs a need survey but already have the data from a previous one, surveys cost money, even if the information is the same, or a company knows a customer is moving home or leaving the country, does the company stop offering rewards. Example 1 Example 1 Example 2 Example 2 Example 3 Example 3 Task 11 – P3.8 – Define the ethical implications of the Use of Information with examples of their impact on business functions. Task 12 – D1.4– Compare the ethical implications of Information Usage and how this would have an impact on you two companies, with examples.
LO2ScenarioCriteria2Assessment Codes of practice (e.g. , internet, internal policies, intellectual property, content) – Under the Human Rights Act it is illegal to use monitor, abuse or spy on staff or customers but most staff sign a waiver when they start work called an Acceptable Use Policy agreement. This gives companies the right to monitor work traffic in the workplace, s, internet traffic, control over intellectual property and content produced by staff. In some companies this monitoring goes as far as measuring bathroom breaks, amount of water cooler time, restricting USB usage, monitoring usage of business laptops at home, and even key-logging. The company’s reasons for doing so are to protect themselves but their ethical arguments are limited. They argue it is for the benefit of staff, for morale, to reduce racism in the workplace or to keep staff on track. What they sometimes fail to measure are the reasons for the distractions. Example 1 Example 2 Example 1Example 2 Example 3 Example 4 Example 3Example 4 Task 13 – P3.9 – Define the ethical implications of the Monitoring, Policies and Intellectual Copyright with examples of their impact on business functions. Task 14 – D1.5 – Compare the ethical implications of Monitoring, Policies and Intellectual Copyright and how this would have an impact on you two companies, with examples.
LO2ScenarioCriteria2Assessment Beyond legality and ethics, Companies have an operational right to protect information and their staff. They also have a duty of care towards their staff, all of which in the longer term usually financially benefits the company. Security of information (e.g. backups) – Legally they should protect all customer and business information, but for the sake of the company how often they back up and how they secure their information is a matter of company policy. In a school all student work changes that day are backup up that night, the whole network is backed up once a week and a second full copy is backed up and kept off site. For larger companies like Banks the information is backed up as soon as there is a transaction made. Most businesses make this decision based on financial needs but operationally this should be a set policy. If the network crashes, companies should minimise losses and downtime, backups are kept for that reason. Task 15 – P3.10 – Define the operational implications in business that companies have to take into consideration with examples of their impact on business functions. Task 16 – D1.6 – Compare the operational implications in business that would have an impact on you two companies, with examples. Security of Information Health and Safety Continuance Planning Organisational Policies Cost
LO2ScenarioCriteria2Assessment Health and safety (e.g. processes, procedures, regulations) – Under the Health and Safety at Work Act, employers are legally obliged to look after the safety of their customers and staff. To do this effectively companies practice their policies, revise, them, improve them and more importantly train their staff to benefit from them. This comes in three stages: ◦ Processes – the act of making a company safe, wheel chair access, barriers, clothing, training on safety measures, fire tests, ladder climbing, object lifting. Procedures are practised, reviewed and improved regularly. ◦ Procedures – the act of informing staff of how to do things and what policies are in place. This can take the form of training, of agreeing to standards, of AUP’s, designating first aiders, fire officers and filling in Risk Assessment Forms. ◦ Regulations - this is the process of updating and informing staff of the legal issues in their work places. All companies are different but the Law is the same, what applies to staff varies depending on their job title but constant reminding and training on the legal measures is standard within most companies. As a teacher we have an annual Child protection policy training session and we have training in Risk Assessment.
LO2ScenarioCriteria2Assessment Continuance Planning – Business continuance is the processes and procedures a company puts in place to ensure that essential functions can continue during and after a disaster. Business continuance planning seeks to prevent interruption of mission-critical services, and to re-establish business as smoothly as possible. Although business continuance is important for any company, it may not be practical for any but the largest to maintain full functioning throughout a disaster crisis. The first step in business continuity planning is deciding which of the organization's functions are essential, and apportioning the available budget accordingly. Once the crucial components are identified, failover mechanisms can be put in place. New technologies, such as cloud computing, digital backing up and disk mirroring over the Internet, make it feasible for a company to maintain up-to-date copies of data in different locations, so that data access can continue uninterrupted if one location is disabled. A business continuance plan should also include: a disaster recovery plan, which specifies a businesses planned strategies for post-failure procedures; a business resumption plan, which specifies a means of maintaining essential services at the crisis location; a business recovery plan, which specifies a means of recovering business functions at an alternate location; and a contingency plan, which specifies a means of dealing with external events that can seriously impact the business.
LO2ScenarioCriteria2Assessment Organisational policies – Every company is different and every company has their own policies. Staff induction is the period of time between starting and facing the employment where staff learn these policies. Mentoring is also in use in certain companies or it is the duty of the line manager to inform staff of policies in place. Some companies have different policies than others in the same business, this could be uniform, time keeping, breaks, company policies on company credit cards, finance claims, travel claims etc. Staff booklets are useful for these as a paper record of company policies. Costs (e.g. for development, modification, training, system upgrades) – How much money and how much time a company spends on development, training and upgrading is up to them, there is no legal restriction on a company to do so but it is a business decision, faster computers or machinery means faster production, this has to be weighed against productivity and profit. Better trained staff are going to be better at their work but are also more likely to seek a better job because of it. Similarly the more a company develops, the more the staff will change with it, new techniques, new production methods, a company can choose to train staff up or replace them, this is an operational decision that can impact on staff morale and working practices.
LO2ScenarioCriteria2Assessment Task 1 (P3.1) - Produce a report describing the risks and the measures employees/employers need to consider when dealing within data held Task 2 (P3.2) - Produce a report describing how employees/employers are obliged to provide information to interested parties Task 3 (P3.3) - Produce a report describing the risks and the measures employees/employers need to take to prevent illegal use of resources. Task 4 (P3.4) - Produce a report describing the Computer Misuse Act, and what protections for companies it provides. Task 5 – P3.5 - Identify the impact Viruses, Hacking, Spam and attacks might have on 2 selected businesses, with evidenced examples. Task 6 – D1.1 – Compare the legal implications and how this would have an impact on you two companies, with examples. Task 7 – P3.6 – Define the ethical purpose of Whistleblowing with examples of their impact on business functions. Task 8 – D1.2 – Compare the ethical implications of Whistleblowing how this would have an impact on you two companies, with examples. Task 9 – P3.7 – Define the ethical implications of Disability access with examples of their impact on business functions. Task 10 – D1.3 – Compare the ethical implications of Disability Access and accommodation and how this would have an impact on you two companies, with examples. Task 11 – P3.8 – Define the ethical implications of the Use of Information with examples of their impact on business functions. Task 12 – D1.4– Compare the ethical implications of Information Usage and how this would have an impact on you two companies, with examples. Task 13 – P3.9 – Define the ethical implications of the Monitoring, Policies and Intellectual Copyright with examples of their impact on business functions. Task 14 – D1.5 – Compare the ethical implications of Monitoring, Policies and Intellectual Copyright and how this would have an impact on you two companies, with examples. Task 15 – P3.10 – Define the operational implications in business that companies have to take into consideration with examples of their impact on business functions. Task 16 – D1.6 – Compare the operational implications in business that would have an impact on you two companies, with examples.