Presentation is loading. Please wait.

Presentation is loading. Please wait.

Legal and Ethical Issues

Published byBuck Holland Modified over 5 years ago

Similar presentations

Presentation on theme: "Legal and Ethical Issues"— Presentation transcript:

1 Legal and Ethical Issues
Information Systems Legal and Ethical Issues

2 Business Simulation Business simulation functional areas
Purpose of Information data capture and storage systems for: Personnel, Purchasing, Operations, Sales, Finance Business Simulation

3 Legal and Ethical Issues
Legal Issues: Data Protection Act 1998 Freedom of Information 2000 Computer Misuse Act 1990 Legal and Ethical Issues

4 What are the eight principles of the Data Protection Act 1998?

5 Data Protection Act 1998 Framework for handling data
Gives individuals right to know what info is held If you process data you must register with DPA registrar and ensure that personal information is: Fairly and lawfully processed Processed for limited purposes Adequate, relevant and not excessive Accurate and up-to-date Not kept for longer than necessary Processed in-line with your rights Secure Not transferred to other countries without adequate protection Data Protection Act 1998

6 Freedom of Information Act 2000
Access to official information Individuals or organisations have right to request information from who? How long do they have to respond? Can the information be withheld: if so on what grounds? Freedom of Information Act 2000

7 Freedom of Information Act 2000
Access to official information Individuals or organisations have right to request information from: Any public authority – including local and central government The police NHS Colleges and schools They have 20 days to provide the information. May refuse if the information is exempt eg if releasing the information could prejudice national security or damage commercial interests. Freedom of Information Act 2000

8 Computer Misuse Act 1990 How many offences are there? What are they?
What other act(s) cover this area? Computer Misuse Act 1990

9 Computer Misuse Act 1990 Three offences:
Unauthorised access to any computer programme or data eg using someone else’s logon ID and password Unauthorised access with intent to commit a serious crime Unauthorised modification of computer contents. I.e. impairing the operation of a computer, a program or the reliability of data, includes preventing access to any program or data. E.g. the introduction of a virus, modifying another users files or changing financial or administrative data. Minor changes to tighten up act introduced through Police and Justice Act 2006, made unauthorised acts with intent to impair the operation of a computer illegal. Computer Misuse Act 1990

10 Ethical issues Codes of Practice Organisational Policies
Information ownership Ethical issues

11 Make clear what use can be made of computing resources
to support purpose of organisation Often define how much private use Eg Use of – threatening/harassing, spam, limited private use Use of the internet – inappropriate classes, eg pornography, gambling. Limited personal use. Rules on postings to organisation’s web-server. Personal pages. Whistle-blowing – protect users who draw attention to other’s misuse. Protect IT administrators (run servers and first to spot)! Codes of Practice

12 Codes of Practice Activity:
Carry out research to find examples of computer codes of practice Produce a code of practice for a top secret military or government establishment eg Credenhill or Cheltenham. Produce a code of practice for a small web design or computer consultancy company. List the areas in which these are similar; List the areas in which they are different. Explain why they differ. Codes of Practice

13 Organisational Policies
Might depend on hierarchy. If organisation is ‘need-to-know’ will be many restrictions on access to information. E.g. Databases, servers and files in secure central data centre. IT security and data centre staff control tight security on access (including updates). Decentralised organisation may have limited access for geographical reasons. May be few restrictions on site but limited connectivity between sites. Organisational Policies

14 Information ownership
Data Dept. that produced data should own every field in every record. Responsibility for making sure it is: Accurate. Consistent, timely. Information Many owners may have originated the data to produce a piece of information. Often dept responsible for defining or running the program that produces the information owns it. Other than IT information eg network performance IT should not be responsible for information ownership. IT should be guardians, not owners. Information ownership

15 Operational issues Security of information Back-ups Health and Safety
Organisational Policies Business Continuance Plan Costs Impact of increasing sophistication of systems Operational issues

16 Security of information
Users expect data to be kept secure: i.e. safe from unauthorised or unexpected access, alteration or destruction. Management specify who can look at and update information e.g. small organisation, simple structure anyone can look, list of who can update. Larger organisations more complex rules. May require a log of who has accessed or updated information. IT dept have responsibility to advise on security and implement rules. Security of information

17 Good practice to make frequent back-ups in case of physical or processing problems.
Full back-up – all information Partial back-up – only information which has changed since last full back-up. IT department should practise recovering backed-up files – Restore from full back-up, apply partial back-ups to check they are working. Back-ups

18 Health and Safety Relatively low risk
Regulations relating to screens and monitors, position and use. Positioning of keyboards, mice, chairs, tables. Computer users are entitled to eye-tests. Breaks away from the computer (look out of window) Other existing office, or other workplace environment, laws apply. Health and Safety

19 Organisational Policies
Policy for use of information systems E.g. keeping information confidential Procedure for correcting anomalous information Can apply equally to computer-based and non-computer based systems. Organisational Policies

20 Business Continuance Plan
How operations can continue if any major system (or combination of systems) should fail. These could be IT systems. The service delivered may be more limited. E.g. Dual network, attach alternate terminals to each network; complete failure of one network means that at half terminals keep working. E.g. retailer may opt for more tills or point of sale terminals than really required to allow for failures. May have two servers to allow for server failure. Cost implication, decisions based on analysis of risk: How likely is the failure x cost of failure = justification for ‘redundant’ items. Cannot cover everything. Business Continuance Plan

21 Business Continuance Plan
Case study: A business has offices in Upton-on Severn, area known to flood. Office building includes basement and four storeys above ground. Where should it install the servers for its information systems? What actions should the BCP include in the event of flooding? One day the staff arrive to find water cascading through all the storeys of the building due to a leak; there was an old air-conditioning reservoir on the roof and this had sprung a leak. The building has to be closed for several weeks while the leak is fixed and building dries out and is cleaned. What actions should be initiated from the BCP? Are there any additional actions that would be useful? How can the effects of the leak be minimised? What could have been done to prevent this incident? Business Continuance Plan

22 Costs Total benefits of IT system >> cost of system
Considerations Additional resources required One-off costs of new equipment purchase and installation User tests and training on-going (running) costs Cost of development Can be a large part of budget On-going updates and modifications. Costs

23 Impact of increasing sophistication of systems
Early systems based on manual systems: little training , simple software. Systems and computing becoming increasingly complex and sophisticated. Requirements More trained personnel: user training – basic computing features, equipment, new processes, transactions, queries, reports. More complex software: development software hides complexity from application builder. Builder can focus on business problems. Creates better, more complex systems – great until it all goes wrong then need development software expert and business software specialist. Impact of increasing sophistication of systems

24 Activity Customer information and constraints
Focus on organisation that uses customer information: e.g. local council, college, shop, restaurant Consider legal, ethical, operational and other constraints. What constraints affect the way the organisation uses customer information? How does the organisation deal with these constraints? Activity

Download ppt "Legal and Ethical Issues"

Similar presentations

Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?

Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?
Unit 4- Assignment 3 P5, P6, M2 BTEC Business Level 3.

Unit 4- Assignment 3 P5, P6, M2 BTEC Business Level 3.
BT2103 Developing Small Systems for Business Lecture 2 Databases, Data Management, And The Legal Framework.

BT2103 Developing Small Systems for Business Lecture 2 Databases, Data Management, And The Legal Framework.
Legal Implications of ICT. In this section will look at: Legal Implications of ICT: ☼ Data Protection Act 1998 ◦ The 8 Principles, ◦ The Data Subject.

Legal Implications of ICT. In this section will look at: Legal Implications of ICT: ☼ Data Protection Act 1998 ◦ The 8 Principles, ◦ The Data Subject.
Legislation & ICT By Savannah Inkster. By Savannah Computer Laws 1.Data Protection ActData Protection Act 2.Computer Misuse ActComputer Misuse Act 3.Copyright,

Legislation & ICT By Savannah Inkster. By Savannah Computer Laws 1.Data Protection ActData Protection Act 2.Computer Misuse ActComputer Misuse Act 3.Copyright,
The Health and safety Act, is an act to make further provision for securing the health and safety and welfare of persons at work.For protecting others.

The Health and safety Act, is an act to make further provision for securing the health and safety and welfare of persons at work.For protecting others.
Higher Administration and IT Administrative Practices.

Higher Administration and IT Administrative Practices.
Health and Safety Legislation

Health and Safety Legislation
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
The Legal Framework Can you work out which slide each bullet point should go on?!

The Legal Framework Can you work out which slide each bullet point should go on?!
CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.

CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.
UNIT 3C Security of Information. SECURITY OF INFORMATION Firms use passwords to prevent unauthorised access to computer files. They should be made up.

UNIT 3C Security of Information. SECURITY OF INFORMATION Firms use passwords to prevent unauthorised access to computer files. They should be made up.
General Purpose Packages

General Purpose Packages
Charlotte Greene EDTC 630 A document of set rules by the school district that explains what you can and cannot do with district owned information systems.

Charlotte Greene EDTC 630 A document of set rules by the school district that explains what you can and cannot do with district owned information systems.
OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.

OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.
Information: Policy, Strategy and Systems Module Overview

Information: Policy, Strategy and Systems Module Overview
DATA PROTECTION & FREEDOM OF INFORMATION. What is the difference between Data Protection & Freedom of Information? The Data Protection Act allows you.

DATA PROTECTION & FREEDOM OF INFORMATION. What is the difference between Data Protection & Freedom of Information? The Data Protection Act allows you.
Data Protection Corporate training 2012. Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.

Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
IT and the LAW. The Computer Misuse Act of 1990 In the early 1980s in the UK, hacking was not illegal. Some universities stipulated that hacking, especially.

IT and the LAW. The Computer Misuse Act of 1990 In the early 1980s in the UK, hacking was not illegal. Some universities stipulated that hacking, especially.

Similar presentations

Ads by Google