Information Systems Unit 3

Information, Laws and Ethics Demonstrate an understanding of the issues related to use of information explain the issues related to the use of information (P3) Assess how issues related to the use of information affect an organisation (M2) Legal issues, Ethical issues

Legal Issues There are many laws that affect the use of information. Three of these are the: Data Protection Act 1998 Freedom of Information Act 2000 Computer Misuse Act 1990

Data Protection Act Data Protection Act 1998 The Data Protection Act 1998 provides a framework to ensure that personal information is handled properly. It also gives individuals the right to know what information is held about them.

Data Protection Act The Act works in two ways Anyone who processes personal information must register with the DPA registrar and comply with eight principles. These make sure that personal information is: fairly and lawfully processed processed for limited purposes adequate, relevant and not excessive accurate and up to date not kept for longer than is necessary processed in line with your rights secure not transferred to other countries without adequate protection.

Data Protection Act The Act also provides individuals with important rights. These include the right to find out what personal information is held on computer and most paper records

Freedom of Information Act The Freedom of Information Act 2000 access to official information gives individuals or organisations the right to ask for information from any public authority, including central and local government, the police, the NHS and colleges and schools. 20 days to provide the information refuse if the information is exempt: eg if releasing the information could interfere with national security or damage commercial interests

Computer Misuse Act The Computer Misuse Act 1990 details three offences: unauthorised access to any computer program or data most common form of this is using someone else’s user ID and password unauthorised access with intent to commit a serious crime unauthorised modification of computer contents impairing the operation of a computer, a program or the reliability of data preventing access to any program or data Examples of this are the introduction of a virus, modifying or destroying another user’s files or changing financial or administrative data Some minor changes to tighten up this Act were introduced as a small part of the Police and Justice Act 2006. This made unauthorised acts with intent to impair the operation of a computer illegal

Work on your Assignment You must now start to look at the scenario provided at the start of this unit and apply it to the tasks Work on the relevant sections for the assignment P3 & M2 Follow the assignment writing frame Main Heading (heading size 1) - Legal, Ethical and Operational Issues [P3, M2] Heading (heading size 2) – Legal Issues Sub Heading (heading size 3) – Data Protection Act 1998 Sub Heading (heading size 3) – Freedom of Information Act 2000 Sub Heading (heading size 3) – Computer Misuse Act 1990

BREAKTIME Back at 14:45 DO NOT BE LATE

Ethical Issues Codes of Practice Many organisations will have a code of practice Clear states what uses can be made of their computing facilities main uses of computing facilities will be to support the purpose of the organisation code of practice often defines the extent to which private use of the computer system is permitted Examples of items included in a code of practice are: Use of email Use of the internet Whistle blowing

Ethical Issues Codes of Practice - Use of Email Threatening or harassment banned Spamming or unsolicited email Limited use for personal email sometimes allowed However, this is dependant on the organisation and the level of security within it All outside contact via electronic methods may not be allowed

Ethical Issues Codes of Practice - Use of the Internet Inappropriate websites Eg gambling Banned – code of practice and filtering software Personal use can be allowed – code of conduct

Ethical Issues Codes of Practice - Use of the Internet Inappropriate websites Posting to websites banned unless own organisational server where restrictions apply Whistle blowing Computer users who identify others misuse are protected – code of practice IT Administrators usually first to detect misuse

Ethical Issues Organisational Policies An organisation’s policies may have a significant effect on how it treats information operates on a need-to-know basis is likely to impose policies restricting access to information For example, it may keep its databases, files and email servers in a secure central data centre IT security and data centre staff may put in place tight controls on who can access or update this data

Ethical Issues Organisational Policies A decentralised organisation with decentralised computing is also likely to restrict access to information security restrictions could include: Access to files, databases or email limited or no direct connectivity between the organisation’s computers This could unintentionally prevent staff at one location accessing information held at another location, even though they may need access

Work on your Assignment You must now start to look at the scenario provided at the start of this unit and apply it to the tasks Work on the relevant sections for the assignment P3 & M2

Summary Today you have You have done this by Demonstrated an understanding of the issues related to use of information You have done this by explaining the legal and ethical issues related to the use of information (P3) assessing how legal and ethical issues related to the use of information affect an organisation (M2)