In the final piece of unit 3, I will be investigating the laws and legislations which protect and affect the people through the ICT they use from units 3A to 3D. These legislations all aim to aid the public and aim to locate people breaking the legislation. They essentially moderate the use of technology to make sure they follow certain rules. They prevent exploitation of technology. The laws/legislative acts I will be talking about in this case are the Data Protection Act of 1998, the Computer Misuse Act of 1990 and the Copyright, Design and Patents Act of 1988.
Data Protection Act 1998
What is it?
The Data Protection Act is essentially a legislative act that aims to keep data regarding citizens of the country private and out of the hands of 3rd parties. This law is a ‘United Kingdom Act of Parliament’, meaning it was made in the UK and only affects citizens of the UK. It gives people a protection of their personal data, preventing a breach of human rights and promoting and enforcing freedom, freedom being the act of allowing citizens to keep their personal information in the hands of only those consented to.
The UK government-using this act-aim in keeping data of customers, members, or other such relations to an organisation only within that organisation. This means that companies outside the organisation which aim to use this information for other reasons are not permitted to do so and this is inspected and punished in accordance to the Data Protection Act 1998.
It abides by every UK citizen’s fundamental right and right to privacy in respect to the processing of personal data. Individuals are given the ability to control information about them. In terms of technology, the data protection act gives the right to people who have personal information stored about them by any organisation(s). This includes the right to see what personal information of theirs has been stored. The act also requires each respective organisation to protect the data that is stored from loss, theft or corruption. The act instils its law by convicting any who break the act to be fined and required to pay compensation to the data. In other serious cases, e.g. regarding a corrupt organisation, a jail sentence can be applied.
Brief history of the Data Protection Act
The Data Protection Act 1998 was a replacement and consolidation of the earlier Data Protection Act 1984 and the Access to Personal Files Act 1987. All organisations who process personal information have to register with the ‘Information Commissioner’s Office’. This is to ensure that all handling of personal data can be observed and any breach can be prosecuted. Organisations are also prosecuted if they handle personal data without registering to the Information Commissioner’s Office (ICO). The ICO reports directly to Parliament.
What does it consist of?
The Data Protection Act consists of 8 principles.
1. Data must not be processed unless there is a specific lawful reason to do so.
2. Data must only be obtained and used for the stated purposes
3. Data should be adequate, relevant and not excessive for the specified use
4. Data must be accurate and kept up to date where necessary
5. Data should not be kept for longer than is necessary for the specified purpose
6. Data processing should meet the legal rights of the data subjects
7. Data holders should protect the data against loss, theft or corruption – it should not be able to be viewed by just anyone
8. Data should not be transferred outside the EU unless the country has adequate data protection law
Taken from ‘www.pass-ict.co.uk’
These principles which make up the Data Protection Act essentially provide a basis of what exactly the act pertains to as well as when charges will be placed, if necessary (when a breach of rights each individual has over his personal data occurs).
Examples of the Data Protection Act being broken
Identity theft is an example of a breach of the Data Protection Act. Identity theft occurs most when people apply to jobs in hopes of accessing confidential customer data, most commonly banks and other financial institutions. Using this information, criminals can not only steal your money but more importantly steal your identity. With just personal details, individuals can take out a loan, open a bank account and do many other things-all under someone else’s name. Money can then be transferred and the bill left for the original owner with little to no trace of who took out the loan or opened the bank account. In essence, using someone else’s identity in any fraudulent way directly breaks the Data Protection Act and goes against the law, with anyone caught having to face the appropriate charge.
Leak of information
Another example is a leak of private information. Leaks can happen when security procedures aren’t taken properly and the web server becomes vulnerable or a hacker gives out the information by finding weaknesses in security. Organisations have to make sure, under the Data Protection Act, to maintain strict security procedures. A leak enabling people to access customer’s strictly private data directly goes against the Data Protection Act. That’s why it is important to keep up security in an organisation.
An example of this would be the Cahoot breach. Cahoot is an internet bank that, as a bank, naturally holds personal data of all its customers. However, due to a loop in security, customers were temporarily able to access other customer’s accounts, thus viewing all their personal information. This could have been extremely fatal if Cahoot didn’t fix the problem quick enough. Cahoot could have been in big trouble and that’s why the Data Protection Act is important. It gives an incentive for organisations to maintain strict security procedures in fear of breaking the Data Protection Act and facing charges.
Misuse of facilities
With people’s jobs involving access to databases and such, people have the ability to go through personal information. The Data Protection Act acts as a way to stop people doing this. Going through personal information you are not prohibited to or are not part of your job is a breach of the act and can lead to charges.
An example would be a certain constable misusing confidential police records to check personal data on workmates for reasons unrelated to work.
Geraldine Tabor worked as a Dorset Police Constable and used the police records to look into personal information of people she knew, completely unrelated to work purposes. She was taken to court for misusing confidential data and thus breaking the Data Protection Act.
As shown, there are numerous ways to break the Data Protection Act. With the act being in place, it prevents all of these things from happening. Without the risk of facing the charges of breaking the act, these fraudulent criminal acts would be much more common. The Data Protection Act is there to give a warning to people on what is allowed and what is breaking other people’s rights to their data. It gives a guideline on what to do and keeps people’s rights in place. It gives companies an incentive to protect their data and not give it to third parties, gives a warning to those with the intention to steal other people’s identities and also gives a warning to people who want to misuse their privilege of having access to confidential data by using it for personal needs.
How does it affect:
3A – Technology used by myself
Swipe Card system
The Swipe Card system is one used by the school I attend. To enrol at the school, you are obligated to enter all contact information and any other more personal data regarding you as a pupil. It goes from your date of birth, your phone number, your address to your medical conditions, your GP contact and various other details. With all this information and the vast number of pupils in one school, it is vital that the school protect it as pupils can be in danger if certain people gain access to this information.
This is where the Data Protection Act comes in. It ensures that the school keeps this information exactly how it is-private. The Data Protection Act is extremely important in this case. Children are extremely vulnerable to various dangers in this world. Abuse of children is a major problem. If someone dangerous got a hold of these children’s information, they can be in danger or threatened in various ways. They can be stalked, harassed and a whole range of other criminal offences. But the Data Protection Act keeps the wrong people from accessing this personal data and makes sure the school keeps it safe. I, as a student, can feel much more secure knowing the act is in place and protects the information I have given to the school.
But if the Data Protection Act is broken, then my safety is put into compromise. But this gives me the right to hold charges against the school for breaking the act and breaching my rights. It further gives an incentive to the school to keep my data personal and safe. Swipe cards are also made safe by not holding actual information. They merely refer back to the school database.