Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lesson 3 Protecting ICT systems Data Protection Act 1998.

Published byMoris Tate Modified over 6 years ago

Similar presentations

Presentation on theme: "Lesson 3 Protecting ICT systems Data Protection Act 1998."— Presentation transcript:

1 Lesson 3 Protecting ICT systems Data Protection Act 1998

2 Protecting ICT systems
Why protect computer systems ? Q and A

3 Internal threats to data security
Disk crash – when data literally turns to dust Faulty procedures – staff training inadequate leading to data corruption Natural disasters Staff working from home – disk, data Dishonest employees (& students)

4 External threats Unauthorised access to data (see Computer Misuse Act) by ‘Hackers’ Virus’ loaded from outside sources Thought: Ask a bank how many times their security has been breached ? What would happen if they responded truthfully ?

5 Computing and the NHSnet
Government spending watchdog, the National Audit Office, is to investigate a £6.2bn programme to install a computer system at the NHS. (31/08/04) What will be the benefits ? Q & A

6 Worries Can anyone look at my records ? Policed by
Access on a need basis only Policed by Audit and monitoring will enforce

7 Benefits (NHSnet) The system is designed to link every GP's surgery and hospital in England and provide online records for up to 50 million patients. The government hopes every patient will have their own online record by 2010. NHS IT director general Richard Granger says people will start to feel the benefits of the system by 2005. According to health officials, the system will allow information about patients to be mobile for the first time.

8 Disadvantages (NHS) How much is the data worth ? Insurance companies
Anti-abortionists Blackmailers Personal records Lawyers Drug companies Funeral parlours

9 System Protection Q & A How can I protect my system ?

10 System Protection Methods
Physical User id + Password Restriction by user / location / time Audit and accounting Data encryption pre-transmission

11 Encryption for security
How safe is my 512-bit RSA encryption key ? Cracked by Dutch National Research for Mathematics and Computer Science in 1999 but it took scientists at 11 sites, in 6 countries, with 292 computers and 35 years of processing time

12 Encryption for personal use
Q and A Is strong encryption (512) a good idea ?

13 Data Safety (Types of backup)
Online backup (disk shadowing, RAID – Redundant Array of Inexpensive Disks) Standalone backups Incremental backups Periodic backups

14 Data Safety (Protection)
Anti-virus software Staff vetting Staff training Hardware pre-installation survey

15 Test 1 Describe four separate measures that can be taken to prevent accidental or deliberate misuse of data on a stand-alone computer.

16 Data Protection Act Became law in 1984
In-line with European Data Protection Directive (Data Protection Act 1998 – implemented March 2000) See also Freedom of Information Act 2000 The Telecommunications (Data Protection and Privacy) Regulations 1999

17 Data Protection Key Words
Personal data – name, address Automatically processed – processed on a computer system. Are paper records covered ? Data users – Sole trader to multi-national Data subjects – you and me

18 Data Protection Act 1984, 1998 8 Principles
Personal data must be obtained and processed fairly and lawfully Held for the lawful purposes described in the data user’s register entry Used for those purposes and disclosed only to those people described in the register entry Adequate, relevant and not excessive in relation to the purposes for which they are held

19 DPA 1984, 1998 contd 5 Accurate and where necessary up-to-date
Held no longer than necessary for the designated purpose. Accessible to the individual concerned who, where appropriate, has the right to have information about themselves corrected or erased. Surrounded by proper security

20 The Data Protection Registrar
Duties include register of data users Disseminating information regarding the DPA Promoting compliance with the Data Protection Principles Encourage Codes of Practice Consider complaints under Act or Principles

21 DPR contd 6 Prosecute offenders

22 Data User’s Registry Entry
Must show their name, address etc Whose personal data they store Items of data held Purpose of holding data Source whereby data obtained Disclosed to whom Any overseas transfer of data

23 DPA 1984, 1998 Exemptions Payroll, pensions, accounts nor addresses for distribution Personal, family data Data subjects may be prevented from viewing data collated for research Data may be provided to subject’s agent (lawyer etc)

24 DPA 1984, 1998 Exemption In connection with National Security
For prevention of crime For the collection of Tax and Duty

25 DPA – Rights of Data Subjects
Civil court rights Compensation for unauthorised disclosure Compensation for inaccurate data Access to data and apply for corrections Compensation for unauthorised access, loss or destruction of data

26 Test 2 A company is storing details of its customers on a database. Describe three obligations the company has under the DPA.

Download ppt "Lesson 3 Protecting ICT systems Data Protection Act 1998."

Similar presentations

Administrative Systems and the Law What you need to know to produce an oral presentation for Unit 7 When the presentations will take place Resources you.

Administrative Systems and the Law What you need to know to produce an oral presentation for Unit 7 When the presentations will take place Resources you.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Legislation & ICT By Savannah Inkster. By Savannah Computer Laws 1.Data Protection ActData Protection Act 2.Computer Misuse ActComputer Misuse Act 3.Copyright,

Legislation & ICT By Savannah Inkster. By Savannah Computer Laws 1.Data Protection ActData Protection Act 2.Computer Misuse ActComputer Misuse Act 3.Copyright,
University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.

University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Data Protection Act.

Data Protection Act.
Data Protection Act 1998. Description The Data Protection Act controls how your personal information can be used and protects from the misuse of your.

Data Protection Act Description The Data Protection Act controls how your personal information can be used and protects from the misuse of your.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
The Data Protection Act

The Data Protection Act
Data Protection Act. Lesson Objectives To understand the data protection act.

Data Protection Act. Lesson Objectives To understand the data protection act.
The Legal Framework Can you work out which slide each bullet point should go on?!

The Legal Framework Can you work out which slide each bullet point should go on?!
CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.

CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.
UNIT 3C Security of Information. SECURITY OF INFORMATION Firms use passwords to prevent unauthorised access to computer files. They should be made up.

UNIT 3C Security of Information. SECURITY OF INFORMATION Firms use passwords to prevent unauthorised access to computer files. They should be made up.
Regulation of Personal Information Daniel Pettitt, Leon Sewell and Matthew Pallot.

Regulation of Personal Information Daniel Pettitt, Leon Sewell and Matthew Pallot.
Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.

Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.
Data Protection and Computer Misuse Act material Modified by Eric from Mary’s slides.

Data Protection and Computer Misuse Act material Modified by Eric from Mary’s slides.
Elma Graham. To understand what data protection is To reflect on how data protection affects you To consider how you would safeguard the data of others.

Elma Graham. To understand what data protection is To reflect on how data protection affects you To consider how you would safeguard the data of others.
OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.

OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.
Data Protection Act AS Module 1 10.8 Heathcote Ch. 12.

Data Protection Act AS Module Heathcote Ch. 12.

Similar presentations

Ads by Google