Learning Intention Legislations impact on security of information By the end of this lesson you will: Be able to name the relevant legislation Identify the key points of the legislation Understand the effect this has on an organisation

WHAT ARE THE COMMAND WORDS & HOW DO THEY AFFECT OUR ANSWER? Homework Questions WHAT ARE THE COMMAND WORDS & HOW DO THEY AFFECT OUR ANSWER? Outline 2 offences under the Computer Misuse Act 1990 (2 marks) Describe ways in which an organisation can prevent computer viruses. (6 marks) E-mail is an important method of communication. Describe the impact of e-mail on an organisation. (4 marks) Due Friday 25 October

Legislation relating to security & confidentiality of information & computer misuse Data Protection Act 1984 & 1998 Freedom of Information Act 2000 Copyrights, Designs & Patents Act 1988 Computer Misuse Act 1990

Data Protection Act 1984 & 1998 The main purpose of this act is to balance the rights of those that lawfully hold our data for processing purposes, and our own rights. Key words relating to the Data Protection Act Personal Data – data about a living individual Data Subject – the individual that the data is about. We have rights that must not be infringed by organisations that hold and process out data Data Controller – the individual/organisation that holds the data e.g. school, college, bank, hospital etc. Data controllers have certain obligations that they must adhere to when holding and processing personal data

Data Controller Obligations They must notify the Information Commissioner’s Office to let them know what personal data they are holding and why. They must also pay a fee and register as a data controller. There are 8 principals that they must adhere to Fairly & lawfully obtained and processed Accurate & up-to-date Adequate, relevant and not excessive Processed for limited purposes Held securely Not retained for longer than necessary Processed in accordance with the individuals rights Not be transferred to countries outside the EU unless the country has adequate protection for the individual

Rights of Individual Subject access – you can find out what is held on computer about you Prevent processing – you can ask a data controller not to process the information Direct marketing – you can ask that your data is not used for direct marketing Automatic decision making – you can object to decisions being made on your behalf on account of the data held Compensation – you can claim compensation for damage or distress if the Act is breached Rectify, block, erase and destroy – if the data is not accurate of has opinions based on inaccurate information you can apply to the courts to force the data controller to rectify, block, erase or destroy the data

What do we mean by fairly processed? The data subject must have consented to the processing The processing must be necessary The processing is necessary under a legal obligation, for example, disclosure to check for criminal records of anyone working with minors The processing is necessary to protect the interests of the data subject It is needed to carry out a public function It is necessary to pursue the legitimate interests of the data controller or third parties (unless it could unjustifiably prejudice the interest of the individual)

Freedom of Information Act 2000 This act: Applies to public authorities Gives a statutory right to information Provides for the release of exempt information in the public interest

Freedom of Information Act 2000 To comply with FOI public authorities must Establish a publication scheme which means they commit to publishing information Classify what information they will publish, such as staff policies Indicate if there will be a charge for publishing the information Therefore the FOI Act means that information previously regarded as “secret” will ultimately be available to everyone

Copyright, Designs & Patents Act 1998 Gives the authors of written and recorded works rights about how their works can be used Works covered by the Act include books, films, music and computer programmes Purpose of the Act is to ensure exclusive ownership of the work is retained and no unauthorised copying of the work takes place

Copyright, Designs & Patents Act 1998 The Act gives the author/owner rights over their material regarding Copying, adapting and distributing Electronic communication (including broadcasting) Renting or lending to the public Public performances of the work

Copyright, Designs & Patents Act 1998 Organisations must be careful not to infringe copyright when it comes to computer software. Each organisation must ensure that They have purchased enough licences for their use Employees do not copy software The content of CD-ROMS is not printed or copied CDs and software are not copied Information from the internet is not copied without permission

Computer Misuse Act 1990 This Act makes it illegal to carry out offences against computer systems or the data held on the system. 3 specific offences relate to: Unauthorised access to computer material Unauthorised access with the intention of committing further offences Unauthorised modification of computer material

Computer Misuse Act 1990 Access – it is an offence to log on to a computer system using the login details of a colleague or friend; this also applies to people who hack into computer systems Further offences – it is an offence to access a computer system with the intention of deleting or modifying data (you can commit an offence even if you do not succeed in your aim) Modification – it is an offence to modify information on a computer system if you have not been authorised to do so

Legislation relating to security & confidentiality of information & computer misuse Data Protection Act 1984 & 1998 Freedom of Information Act 2000 Copyrights, Designs & Patents Act 1988 Computer Misuse Act 1990

Outline 2 offences under the Computer Homework Solutions Outline 2 offences under the Computer Misuse Act 1990 (2 marks) Unauthorised access of computer material. Unauthorised access with the intent to commit or help further offences. Unauthorised changes to contents of any computer.

Homework Solutions Describe ways in which an organisation can prevent computer viruses. (6 marks) Install high quality antivirus software on all computers and ensure that antivirus software is updated regularly. Firewalls can be installed to prevent outside sources accessing system/data. This is important to organisations which run web-sites. Forbid employees from using disks which have been used on computer systems out with the organisation unless checked on a standalone PC. Install software which filters “spam” e-mails. The user can then releases/mark as safe/deletes the email as required. Inform and advise staff on organisational procedures e.g. organise training, hands-on demonstrations, prevention of downloading software etc.

Homework Solutions E-mail is an important method of communication. Describe the impact of e-mail on an organisation. (4 marks)

Class Questions List 3 principals of the Data Protection Act Give one example of how an organisation might infringe copyright law when using software Identify 2 pieces of legislation that staff using ICT should be familiar with

Class Questions - Solutions List 3 principals of the Data Protection Act data must be Fairly & lawfully obtained & processed Accurate & up to date Adequate Relevant & not excessive Processed for limited purposes Held securely Not retained for linger than necessary Processed in accordance with the individuals rights Not be transferred to countries outside the EU

Class Questions - Solutions Give one example of how an organisation might infringe copyright law when using software Examples include They have not purchased enough licences for their use Employees copy software The content of CD-ROMS is printed or copied CDs and software are copied Information from the internet is copied without permission

Class Questions - Solutions Identify 2 pieces of legislation that staff using ICT should be familiar with

Outline More than naming, but not a detailed description. Candidate will not be expected to develop their answers. Solution

Homework Questions Due Tuesday 6 October Describe the effect of poor file management to an organisation. (2 marks) Establishing good practice in electronic file management is important to all organisation. Discuss the benefits of this and the consequences of poor file management. (8 marks) Due Tuesday 6 October

No marks for simply naming Describe Award one mark for outline plus one for additional comment, illustration or example. Three ways must be described to gain full marks. No marks for simply naming Solution