Security of, privacy of and access to personal/confidential information/data
Anonymised information Information about individuals without mentioning the person by name is called anonymised information. Where anonymised information would be sufficient for a particular purpose, organisations should always omit personal details wherever possible.
Aggregated information Aggregated information is where personal details of individuals are combined to provide information without naming those individuals. This could be in the form of medical information regarding a list of patients who are suffering from a certain illness.
Duty of confidence the duty of confidentiality obliges employees to respect the confidentiality of individuals. Information that employees obtain about individuals affairs must be kept confidential, and must not be used for the benefit of persons not authorised by the individual
Duty of fidelity An employee must be loyal to their employer for so long as they work for them. That means that they must not tell any rival companies about their work. Once an employee leaves a company they are free to use the skills and knowledge with their new employer.
Why was suspected child offender allowed to work in a school, which lead to him murdering these two girls?
Because he was only ‘suspected’ and never found guilty. The police wouldn’t realise this data to the school, due to data protection
What is the Data protection legislation? Data protection acts exist in most countries. These set down rules for keeping data private as well as confidential.
What are the eight principles of the DPA? Personal data shall be processed fairly and lawfully. Personal data shall be obtained only for the purpose and shall not be used for anything other than the purpose
Personal data shall be adequate, relevant and not excessive in relation to the purpose (or purposes) for which they are processed.
Personal data shall be accurate and, where necessary, kept up to date. Personal data processed for any purpose shall not be kept for longer than necessary
Personal data shall be processed in accordance with the rights of data subjects. Appropriate security measures shall be taken against unauthorised or unlawful processing data. Including loss / leaks.
Personal data shall not be transferred to a country outside the EU unless that country guarantees the same level of data protection.
Phishing My username My password
Pharming Instead of an being sent with a fake link. Imagine you goto HSBC.ae and the site has been ‘hacked’. It looks correct But you login and it doesn’t work. Pharming is when the site or DNS is hacked, this is down to banks to check this
Spyware Software that is accidently downloaded. Allows ‘creator of the software’ to be able to spy on you. Most anti-virus will detect spyware as well.
Anonymized vs Aggregated
Usefulness of aggregated information
Safe guarding privacy
Duty of Confidence
Anonymized vs aggregated
Problems with aggregated information
Security Measures In order to protect personal information from unauthorized access, a number of security measures need to be put in place: o Usernames – gives individuals access to various parts of the system o Password – prevents unauthorized access to the system o Biometrics - finger print/ eye recoginition as an alternative to passwords o Firewalls – software for preventing hackers to accessing the system o Encryption – scrambles the information so it cant be read by any unauthorized user. A decryption key is issued to authorized users to decrypt data.
Social and Ethical Issues Discuss the following in relation to the breach of data privacy : SOCIAL Issues: How will it impact society? Privacy Reliability and integrity Security ETHICAL Issue: Differentiating between the right and wrong/LAWs Breach of the Data Protection Act Duty of Confidence Duty of infidelity