Exam code:8525
The Data Protection Act (2018)
What is the Data Protection Act?
-
The Data Protection Act (DPA) is a law that protects personal data from being misused
-
Examples of personal data would include
-
Name
-
Address
-
Date of Birth
-
Race
-
Religion
-
-
Most people that store personal data has to follow the Data Protection Principles although there are a few exemptions:
-
Domestic purposes – if you only use personal data for such things as writing to friends and family or taking pictures for your own enjoyment, you are not subject to the DPA
-
Law enforcement – the Police investigating a crime is not subject to the DPA. E.g. if someone has been suspected of a crime they can’t request to see the evidence about them
-
Intelligence services processing – personal data processed by the intelligence services (eg MI5) is not covered by the DPA
-
The data protection principles
|
Principle |
How does it affect a company? |
Example |
|---|---|---|
|
1. Personal data must be fairly and lawfully processed |
A company has to be clear about what personal data they wish to collect and what they want to use it for. |
A school can request personal data to be able to call guardians in an emergency. |
|
2. Personal data must be collected for specified and lawful purposes |
A company cannot use personal data for any purpose other than what they stated originally. They also cannot pass this data on without permission. |
A company asks for a phone number to call regarding delivery but then uses it to market new products. |
|
3. Personal data must be adequate, relevant and not excessive |
A company cannot request personal data that they do not need right away. |
A bank cannot ask for their customer’s previous trips when opening an account. |
|
4. Personal data must be kept accurate and up to date |
If a company holds personal data that is wrong or out of date then you have a right to have it corrected or deleted. |
If a bank has a customer’s old address then they will not be able to send up to date statements. |
|
5. Personal data will not be kept for longer than is necessary |
A company must delete personal data once they no longer have a need for it. |
If a customer closes their account the company must delete their data. |
|
6. Personal data must be processed in line with people’s rights |
If requested a company must provide a customer with all the personal data they hold on them. |
A hospital has to give a patient’s full records if requested by the patient. |
Computer Misuse Act (1990)
What is the Computer Misuse Act?
-
The Computer Misuse Act (CMA) concerns the malicious use of computers. The act was originally created to make sure that computer hacking was covered within the law
-
It has been updated regularly to ensure it remains relevant
-
Firewalls can be used to prevent external people accessing the system. They are key in preventing DoS or DDos attacks
Primary offences under the CMA
The Computer Misuse Act has 3 primary offences:
-
Unauthorised access to computer materials
E.g. If a student finds out a teacher’s password and then accesses their computer and opens their files -
Unauthorised access with intent to commit further offences
E.g. If the student finds out a teacher’s password and then accesses their computer with the intent to increase their marks on their last test result -
Unauthorised modification of computer files
E.g. If the student finds out a teacher’s password and then accesses their computer and increases their mark on their last test result
The consequences of each offence are worse depending on whether it’s offence 1, 2 or 3 with each offence being punishable with time in prison
Copyright Designs & Patents Act (1988)
What is the Copyright Designs & Patents Act?
-
This protects the intellectual property of an individual or a company
-
It makes it illegal to copy, modify or distribute software or other intellectual property without the relevant permission
-
If original work is original, copyright will be automatically applied and will not expire until 25 – 70 years from the death of the creator depending on the type of work
-
If an individual believes that their work has been copied it is their responsibility to take action under the Copyright Designs and Patents Act
-
Many sites online offer free downloads of copyrighted software/videos which prevents the intellectual copyright holder from earning their income on the work they have created
-
E.g. If someone downloaded videos from Netflix and shared them with others, they would be breaching the act
-
-
The act covers videos and audio where peer-to-peer streaming prevents a copyright owner from receiving an income
What is prohibited under the Copyright, Designs & Patents Act?
Primary breaches:
-
Copying an original work
-
Issuing the copy of the original work to the public
-
Renting/lending the copy of the original work to the public
-
Performing, showing or playing the original work in public
-
Making an adaptation of the original work
Secondary breaches:
-
Importing a copy of original work
-
Possessing or dealing with a copy of the original work
-
Providing means to make copies of the original work
-
Permitting the use of premises for making copies of the original work
-
Provision of props/equipment for a performance of a copy of the original work
Software Licences (Open Source & Proprietary)
What is a software licence?
-
A software licence is a legal agreement that lays out rules for how software can and can’t be used
-
There are two main types of software licence, each with very different rules on usage, distribution and support, they are, open source & proprietary
Features of open source & proprietary software
|
Software Licence |
Features |
|---|---|
|
Open source |
|
|
Proprietary |
|
Advantages & disadvantages of open source & proprietary software
|
Software Licence |
Advantages |
Disadvantages |
|---|---|---|
|
Open source |
|
|
|
Proprietary |
|
|
Worked Example
Highlight one box on each row to identify the legislation that would cover each of the given events [5]
Answer
Responses