1 / 28

Data Protection

Data Protection. Mrs. Ghazaal AS Level. Confidentiality is ensuring that information is accessible only to those authorised to have access and is one of the fundamentals of information security. Confidentiality. Data protection legislation

sebastian-moore
Download Presentation

Data Protection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data Protection Mrs. Ghazaal AS Level

  2. Confidentiality is ensuring that information is accessible only to those authorised to have access and is one of the fundamentals of information security. Confidentiality

  3. Data protection legislation • Data protection acts exist in most countries. These set down rules for keeping data private as well as confidential. • Many organisations hold personal information about individuals • Loyalty card schemes • Doctors/Dentists • Banks • Schools • Police

  4. The Act was the consequence of increasing concern about the number of computer-based systems that stored data. People were concerned about how secure this data was, how accurately it was recorded, and the purposes to which it was being put. Data Protection Act

  5. Personal data should be processed fairly and lawfully. This principle also sets out the criteria that should be met for processing to be lawful (ex. The data subject has given their consent) • Personal data shall be obtained for only one or more specified purposes and shall not be processed any further for purposes incompatible with the original purpose • Personal data shall be adequate, relevant, and not excessive in relation to the purpose for which it is being processed. (ex. Itunes would not need to know about your personal finances) • Personal data shall be accurate and up-to-date.(If important information must be sent to you, your current address should be available) • Personal data shall not be kept for longer than is necessary to fulfill the original purpose. (If you are no longer a member of a gym, the fitness center should not keep your personal details on their computer) • Personal data shall be processed in accordance with the rights of the data subject (As a data subject you have the right to a description of the data being held on you) • Personal data shall be held securely and appropriate technical and organisational measures shall be taken to prevent unauthorised access and/or processing (you would not want your medical history to be accessed illegally) • Personal data shall not be transferred outside the EU without appropriate safeguards being put in place (not transferred to any country outside the EU without similar legislation; your data must not be allowed into the hands of another country unless for a lawful reason. They must also keep it secure) 8 Principles

  6. There are exceptions to the rules. You cannot see data being held on you if it is being collected to: • Prevent a crime • Ensure National Security • Calculate taxes, pensions, etc. Exemptions

  7. The data subject is the individual on whom a data user holds information. Under the terms of the Act the data subject: • Has the right to access data that is held on them (they may choose to pay a fee to the data user in order to have it made available to them more quickly) • Has the right be compensated if the data held on them is inaccurate and they can show that the inaccuracy has caused them damage • Had the right to be compensated if data held on them has been accessed by unauthorised users • Has the right to insist on the modification of data held on them that is inaccurate. Rights of the data subject

  8. Everyone working for or with an organisation that records, handles, stores or otherwise comes across information has a personal common law duty of confidence to clients and to his or her employer. Companies usually expect workers to sign an agreement to this effect, and organisations are strongly advised to include a duty of confidence requirement in employment contracts. Clients who feel that confidence has been breached should be able to use complaints procedures against the organisation. In order for a duty of confidence to exist, the employee must be asked to treat the information as confidential/it must be obvious that the information is given in confidence. Employer will ask the employee to sign a confidentiality agreement. Duty of Confidence

  9. Organisations are accountable for their decisions to pass on information. Only the minimum identifiable information should be used. • Security measures – under the Data Protection Act security measures must be in place within an organisation to protect computerised information. Organisations

  10. Information about individuals without mentioning the person by name is called anonymised information. Where anonymised information would be sufficient for a particular purpose, identifiable information should be omitted wherever possible.  Anonymised Information

  11. Personal details of individuals are combined to provide information without naming those individuals. However, if the amount of data is small individuals could still be identified Aggregated Information

  12. Scenario 1 • Questions 1 and 2 Midtown Bank in the UK operates an online banking system. Some customers have had difficulties when using this system and so the bank has introduced phone banking. The bank has a call centre in Mumbai, India. When using phone banking, customers are asked to provide the same personal details as when using the online system. Customers are asked to provide three characters from their password. These are never the same three characters in successive logins. The bank stores a lot of personal information about its customers. • Explain the social and ethical implications of bank workers being able to access customers’ personal information. Past Paper Question

  13. Bank workers have a personal duty of confidence to individuals whose data is stored • Bank workers should have a personal duty of confidence to their employer • Workers must not tell any unauthorised person about personal data which is held • Bank must not use information for any reason except with the permission of the individual • Workers must be asked to treat the information as confidential/it must be obvious to them that the information is given in confidence • Employer should ask employee to sign a confidentiality agreement • Bank should take responsibility for any information which is passed on • Only the least amount of information that could identify the individual should be used • Online services allow organisations to have access to the most private of data. Examples – names, addresses, phone numbers, financial situation • Information should not be passed on from organisation to organisation without authorisation from the individual • Anonymised information should always omit personal details wherever possible • Aggregated information should never identify individuals • Companies/workers must ensure the security of customer data • Workers must ensure only relevant data is used • Workers should ensure they only use up to date/accurate information

  14. Scenario 1 • Questions 1 and 2 Oslo Banking is a large banking organisation which offers its customers loans, mortgages and insurance as well as managing their accounts. The organisation also uses an online banking system which lets customers access their account through the internet. The personal data of the customers are kept on the bank’s central computer. The bank uses a variety of security methods to prevent hackers from accessing the data either directly or by phishing or pharming. In addition, the bank needs to take steps to safeguard the privacy of customer data. The bank is currently undertaking a large advertising campaign to boost the image of the organisation. It has decided to use multimedia presentations in shopping malls to do this. • Other than security methods, describe four ways the bank can safeguard the privacy and confidentiality of customer data. Past Paper Question

  15. Abiding by data protection rules • Workers must not share any customer data with anybody outside the organisation. • Workers should sign a confidentiality agreement • Employees should have a duty of fidelity • Information about an individual should not be passed from one organisation to another without permission of the individual • Information should be anonymised where possible • Information should be aggregated where possible [4]

  16. Health and Safetyhttp://www.teach-ict.com/as_a2_ict_new/ocr/AS_G061/317_role_impact_ict/health_safety/miniweb/index.htmFor more information about health and safety topics visit this mini-tutorialPast Paper Questions

  17. Vision and posture problems • Upper back and neck problems are often caused by bad positioning of a computer screen, or bad lighting. Typical symptoms include neck pain, shoulder pain, weakness of the arm and hand muscles and headaches. • Postural low back pain is caused by prolonged sitting or standing. • Visual problems such as eye irritation and eye strain are amongst the most frequently reported complaints by computer users caused by glare from the screen, poor positioning of the screen, improper workspace lighting, and poor quality copy material. • Increase in repetitive strain injury (RSI) • It is felt that the increased use of online services may have an effect on the degree of RSI which computer users will experience. This is more likely to be the case with the telephone operators at call centres than with other users. • Call centreoperators don’t hold a phone in their hand all day. This means they are unlikely to get cubital tunnel syndrome. Health

  18. Need for increased safety measures against electrocution, fire etc. • Safety measures need to be taken at online centres. • Safety measures should include methods of protection against electrocution – don’t overload sockets, automatic fuse trips etc. The presence of CO2 fire extinguishers etc. Safety

  19. Scenario 1 • Questions 1 and 2 Midtown Bank in the UK operates an online banking system. Some customers have had difficulties when using this system and so the bank has introduced phone banking. The bank has a call centre in Mumbai, India. When using phone banking, customers are asked to provide the same personal details as when using the online system. Customers are asked to provide three characters from their password. These are never the same three characters in successive logins. The bank stores a lot of personal information about its customers. • Call centre operators sit at computer terminals for long periods of time. Describe how health problems result from this computer use Past Paper Question #1

  20. Typing at a keyboard continuously can cause RSI/wrist problems/finger problems • Gripping a mouse and repetitive clicking can cause RSI/wrist problems/finger problems/ carpal tunnel syndrome • Sitting in the same position all day can cause lower back pain • Sitting in the same position all day can cause deep vein thrombosis • Staring at a computer screen all day can cause eye strain/headaches • Poor positioning of screen can cause upper back/neck/shoulder pain • Glare from screen can cause eye strain/headaches

  21. Scenario 3 • Questions 4 and 5 Sellafield food shops is a national chain of supermarkets in the UK. They have recently implemented a website for their customers, who can now order their shopping online and have it delivered to their home. They have also created an overseas call centre so that if customers have problems with the website they can contact the company to fix these problems. The management of the call centreis to introduce shorter working periods (shifts) due to pressure from the workers. • Describe some of the health and safety problems which might occur because of the call centreoperators’ use of computers. Past Paper Question #2

  22. Staring at a computer screen all day can cause problems with one’s sight. • Typing at a keyboard continuously can cause RSI. • Gripping a mouse and repetitive clicking can cause carpal tunnel syndrome/ RSI • Sitting in the same position/with wrong posture all day can cause lower back pain. • Staring at a computer screen all day can cause eye strain/headaches. • Poor positioning of screen can cause upper back/neck/shoulder pain/ eyestrain/headaches. • Glare from screen can cause eye strain/headaches. • Too many plugs connected to a socket can be a fire hazard. • Bare wires/spilt drinks can cause electrocution. • Trailing wires can cause tripping.

  23. Scenario 3 • Questions 4 and 5 Windscale is a national chain of banks in the UK. They have had a computer system for many years to manage customer accounts and also the payroll of their employees. They have a website for their customers, who can do all their banking online. They are concerned that their system is not as secure as it might be. At the moment customers are only required to type in a username and a password to access their accounts. Many bank workers in the existing branches use computers all day. The working patterns of some employees have been affected by the introduction of online banking. • Health and safety problems may occur because of the bank workers’ continual use of computers. • Describe how these problems can be reduced. Past Paper Question #3

  24. Use ergonometric/ergonomic keyboards • Get up and walk around every so often • Improve the lighting in the room/ have anti glare screens • Height, position and distance from worker of screens/keyboards should be optimised • Good quality seating that supports the back/sitting in an appropriate position • Height-adjustable seating • Don’t overload sockets • Only allow qualified electricians to install electrical equipment • Equipment should be checked regularly • Cabling should be tied up/trunked • Electrical equipment must be located away from water supplies • Do not take drinks near electrical equipment • Have several carbon dioxide fire extinguishers • Benching/workdesks should be sturdy enough to take the weight of heavy equipment/do not allow heavy equipment to overhang

  25. Scenario 2 • Questions 2, 3 and 4 Grafton mail order catalogue company currently operates by receiving orders from its customers by phone. They have a telephone call centre in Wales. They are going to extend the way they receive orders by having an online system. The company has a database of customer orders and their personal details. Grafton has employed Oscar to supervise the development of the new system as he has excellent time management skills. (June 2011) • Describe four health issues that will affect some of the call centre operators when using computers all day. Past Paper Question #4

  26. Staring at a computer screen continuously can cause problems with one’s sight • Typing at a keyboard continuously can cause RSI • Gripping a mouse and repetitive clicking can cause carpal tunnel syndrome/RSI • Sitting in the same position/with wrong posture all day can cause lower back pain • Staring at a computer screen all day can cause eye strain/headaches • Poor positioning of screen can cause upper back/neck/shoulder pain/eyestrain/headaches • Glare from screen can cause eye strain/headaches

  27. Scenario 3 • Questions 4 to 9 ICE Refrigerators Ltd is an English company which manufactures refrigerators. It advertises the refrigerators using its website as well as selling them on line to individual customers. It used to have a number of stores in many town centres. Since the introduction of online shopping it has reduced the number of stores it owns. The company currently has two separate databases. One contains customer banking and contact details. The other database contains information about on-line sales including details of the customers who bought the refrigerators. A systems analyst has been employed to look at the current system and recommend any changes which would make it more efficient. The company also wishes to provide a help line service to its customers. It will be advertising this offer on the website but at the moment the company is undecided on whether the centreshould be overseas or in the UK. November 2011 • The call centre will consist of a large room containing a number of desktop computers. • Describe two safety issues faced by the operators and for each one give a precaution which should be taken to prevent it. Past Paper Question #5

  28. Two matched pairs from: • Too many plugs connected to a socket/overheating of computers can be a fire hazard • Make sure there are enough sockets in the room/don’t overload sockets/CO2 fire extinguisher/use LCD monitors/have adequate ventilation/don’t place computers too close together/make sure ventilation holes are not blocked • Bare wires/spilt drinks can cause electrocution/Don’t allow food and drink inside room/ensure all wires are fully insulated • Trailing cables can cause tripping/Ensure adequate trunking is in place/place cables under carpet/use WiFi devices • Heavy equipment may fall and injure somebody/ensure desks or tables are large enough and sturdy

More Related