Presentation is loading. Please wait.

Presentation is loading. Please wait.

1.3 Control of Information In this section you must be able to: Describe the legal rights and obligations on holders of personal data to permit access.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1.3 Control of Information In this section you must be able to: Describe the legal rights and obligations on holders of personal data to permit access."— Presentation transcript:

1 1.3 Control of Information In this section you must be able to: Describe the legal rights and obligations on holders of personal data to permit access. Understand that the sale of entitlement to access to data may mean paying for a more convenient form of access, the right of which already exists. Understand that files on individuals and on organisations that are non-disclosable have commercial value.

2 Obligations on Data Controllers Holders of personal data (data controllers) must: take security measures to safeguard personal data – i.e. to prevent unlawful processing or disclosure only allow access to data for lawful processing, and by the people doing the processing, the data subjects, or their appointed representatives not allow personal data to fall into the hands of a third party without the explicit consent of the data subject

3 Controlling Access Security of personal data can be enhanced by: Careful use of usernames and passwords Taking security measures such as installing a firewall Making use of network security facilities such as access rights and audit logs Follow good procedures and practice – changing password regularly, logging out properly, shredding printed documents The use of encryption for the communication of sensitive information

4 Access Rights Access rights can be used to control access to: –Files and folders –Database fields, records and folders They give administrators control over what information can be: –Viewed –Modified –Created –Deleted To give staff access to only the data they need

5 Encryption and Coding Encryption and coding are often confused: Coding is where codes are used to represent pieces of information as a whole, e.g. in war-time radio broadcasts certain words were used to indicate the invasion was coming Encryption works at a lower level – on each character, or even the pattern of bits, that makes up the message

6 Encryption Examples Some simple methods of encryption use substitution to replace a character in the message with another character, e.g. –Caesar-shift cipher each letter making up the message is shifted by an agreed offset, e.g. if the offset is 1, then A becomes B, B becomes C, C becomes D, etc. this is easy to break even on a short message just by using trial and error –Substitution cipher each letter in the message is mapped to another one in no particular order this can be broken by using frequency analysis and comparing the frequency of letters in the message with the frequency of letters in the language used

7 Encryption Examples Some famous examples of encryption use variations on these methods, e.g. the Enigma machines used a substitution system where the mappings changed after every letter Other options would be to use a language that the person hoping to read the message is less likely to understand: –Navajo was used by US troops in WWII –Welsh was used by British troops in Bosnia

8 Encryption Keys For successful encryption and decryption both communicating parties need to know how the message is to be encrypted, otherwise it will be indecipherable. Information about the technique used to encrypt or decrypt a message is called the key. If you’ve encrypted a message, how to you let the recipient have the key without the risk of it being discovered by the people you’re trying to hide the message from?

9 Encryption Keys There are two types of key: Symmetrical keys, where sender and recipient both use the same key Asymmetric keys, where sender and recipient use different keys –the recipient of the message freely distributes their public key that anyone can use to encrypt and send them a secure message –they hold on to a private key that can be used to decrypt messages encrypted using the public key –it’s a bit like handing out open padlocks for people to put on messages, but keeping the key for yourself.

10 Encryption and the Internet Most encryption on the internet uses public and private keys: –e.g. RSA, SSL and digital certificates/signatures Public keys are usually very large numbers, and the private keys are two factors of the public key The number of bits in the key indicates the number of possible keys –e.g. 128-bit encryption has 2 128 possible keys (i.e. 3.40 x 10 38 combinations to try) This is only practically secure because it takes a very long time (i.e. years) to try them all, by which time your details will be out of date

11 Access to Data & Information “the sale of entitlement to access to data may mean paying for a more convenient form of access, the right of which already exists” For example, CD-ROMs and web-sites of magazines that are available in paper form in libraries You can download past papers for free from exam board web-sites, but you can buy CD-ROMs that allow you to search for questions by topic These paid-for electronic forms of freely available information have benefits in that they can be searched and sorted (and possibly copied and pasted), thereby saving valuable processing time

12 Commercial Value Selling mailing lists is big business Competitors, advertisers and market researchers might all like access to your customers Collecting data about individuals can be costly and time- consuming, and that information can soon become out- of-date as people move, get married, change jobs, etc. It could therefore be financially advantageous to purchase mailing lists of people who actually exist, especially if it contains extra personal information – e.g. hobbies, whether they have children, when their insurance is due, etc. – that can be used to target marketing materials about your goods and services Under the Data Protection Act, however, it would be illegal to disclose this information without consent

Download ppt "1.3 Control of Information In this section you must be able to: Describe the legal rights and obligations on holders of personal data to permit access."

Similar presentations

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
STORAGE AND RETRIEVAL OF INFORMATION

STORAGE AND RETRIEVAL OF INFORMATION
Copyright © 2005 EFT Network, Inc. All Rights Reserved. Automated Recurring Payments Flexible Payment Solution.

Copyright © 2005 EFT Network, Inc. All Rights Reserved. Automated Recurring Payments Flexible Payment Solution.
Review Questions Business 205

Review Questions Business 205
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Numbers on the Internet

Numbers on the Internet
Chapter 17 Controls and Security Measures

Chapter 17 Controls and Security Measures
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.

CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)

Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
Hear IT- An introduction to internet audio media..

Hear IT- An introduction to internet audio media..
Features and Functions of Information Systems. What are information systems?  Information systems consist of software, hardware and communication networks.

Features and Functions of Information Systems. What are information systems?  Information systems consist of software, hardware and communication networks.
PROACTIS: Supplier User Guide Contract Management.

PROACTIS: Supplier User Guide Contract Management.
Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.

Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.
Crypto Party ATX Shameless self-promotion Visit us at https://CryptoPartyATX.orghttps://CryptoPartyATX.org Step-by-step guides on how to encrypt your s,

Crypto Party ATX Shameless self-promotion Visit us at Step-by-step guides on how to encrypt your s,
EMAIL AND SPAM BY OLUWATOBI BAKARE 098611.

AND SPAM BY OLUWATOBI BAKARE

Similar presentations

Ads by Google