Transcript The Law of Information

The Law of Information
General Purpose Packages
Why Do We Need Laws?
Flow of information
A wide area network such as the Internet allows users to
access and share the same information from anywhere
in the world. The exchange of accurate and up to date
information can help to make a company more efficient.
However this information could possibly get into
the wrong hands
Why Do We Need Laws?
• Personal Privacy
– With all this information potentially changing hands
some people are very worried that information about
them could be accessed.
– What if the data held about YOU was incorrect or out
of date. How might it affect you?
– So we have the Data Protection Act. It was brought in
to protect people and their personal data. The act was
introduced in 1984 and updated in 1998.
Data Protection Act 1984
• Data Controller
– The person, business or organisation controlling the collection,
contents and use of personal data. E.g. The school
• Data User
– An authorised user within the organisation or business. E.g.
The teacher.
• Data Subject
– The people who have information held
about them. E.g. YOU!
• Data Protection Register
– Holds the details about who holds information
on members of the public.
– This can be found in a public library.
Data Protection Act 1984
The data protection principals
• Data must be:
1.
2.
3.
4.
5.
6.
7.
8.
Obtained Lawfully & Fairly
Held for reasons listed by data user
Used for reasons listed by data user
Adequate, relevant & not excessive
Accurate & up-to-date
Kept no longer than necessary
Made available to data subject on request
Protected against unauthorised use.
Data Protection Act 1984
Data Subject Rights
• The Data Subject has the right to:
– Know what & why information held about them.
– Inspect the information
– Have incorrect information changed
– Apply for compensation if incorrect information
has causes distress.
• Certain exceptions exist, for example the police,
government and your doctor do not need to show
you this information.
Computer Misuse Act 1990
It is illegal to:
• Access computer
material without
authorisation
• Unauthorised
access with intent
to commit other
offences
Computer Misuse Act 1990
• Unauthorised modification of computer
material
– Changing software or data to perform
different operations or changes the content.
– Preventing access to authorised users
– Interfering with system so that it doesn’t run
properly
• Penalties are up to five years in
prison and fines!
Precautions
• Once data is stored in the computer system the
data controller must protect it against loss or
damage.
• This can be done by:
– Creating regular backups including multiple copies.
– Taking measures to prevent unauthorised hacking.
Data Security Measures
• Physical security measures
– Fit security locks on computer
rooms
– Have security keys on computer
workstations
– Install workstations without disk
drives
Data Security Measures
• System security measures
– Set up IDs and passwords for access to different
levels
– Encode data (encryption)
– Install anti-virus software
– Use audit software to trace who has accessed
accounts
– Advanced security systems
• fingerprint or voice recognition
Computer Designs & Patents Act
1988
• Most published material (including text,
images, video, music, software etc) is
protected by the Copyright, Design and
Patents Act 1988.
Computer Designs & Patents Act
1988
• Copyright may be infringed if you:
– Copy a work (including scanning or storing
electronically)
– Issue copies to the public
– Perform, show or play the work in public
– Broadcast the work or include it in a cable
programme
– Make an adaptation of the work
Computer Designs & Patents Act
1988
• If you do any of these without
permission, you are liable to be
held personally responsible.
Infringing the law may be a
criminal offence.
• To avoid this always ask
permission first!