If the reason for using the information is not a reasonable move from the original purpose, you need to get the customer’s okay. If you are selling the information, you need to get permission.
Principle 2
Principle 2 is pretty much the same as principle one when you go in detail. Practically all it says is that you cannot disclose information that in reasonable opinion was unfair or wasn’t collected for the purpose it is being used for.
When you do disclose personal information, you must send a privacy notification and obtain permission, either at the time of collection or prior to disclosing the information. You do not have to have a privacy notification if you are a not-for-profit organisation and your purpose is obvious, e.g. a not-for-profit diving company is hosting a diving competition, using their list of competitive divers to invite them along to the NFP Diving Incorporated Competition.
Introduction to Principles 3, 4 & 5
Principles 3, 4 and 5 are similar to each other and you should know how they are connected. The ways that they are connected include if you no do update your information (Principle 4) it becomes inadequate (Principle 3) and if information is kept is kept longer than necessary (Principle 5), it may become irrelevant and excessive (Principle 3).
To keep compliant with all these principles you can check that validity of the information by regularly taking samples to ensure it is up to date. You can also add, change or delete records to keep up to date.
Principle 3
The third principle of the Date Protection Act states that. Data should be “adequate, relevant and not excessive” [1]. This means that:-
- You should sufficient data the intended purpose you collected in the information for.
- With no more than necessary to carry out the job in hand.
When collecting information you only collect what is relevant to fulfill the purpose and no more than what you need, you can do this by designing the forms, questionnaires or members’ sign up page to only collect the information you need.
Example: A website has a member’s feature that allows you to sign up to receive extra information and services, if one of the people does not sign on for a long enough period of time, the account information becomes irrelevant and excessive, eg one or two years since they last logged on. This practice is known as ‘data minimisation’.
When you are dealing with sensitive personal information, it is important you collect the minimum amount of information you need to carry out the purpose you collected it for. If specific information needs to be collected about individuals, have the information, but only about the individuals who require the information gathered about them, eg send newsletters in large print.
If a diving group (BAD) decides to go on a diving trip, it might be necessary to collect extra information, like blood group in case of injury, special dietary needs like peanut allergies or vegetarianism. These types information gathering can only be considered relevant and not excessive if they are going on the trip, and for general customers, they would be considered excessive.
Data you collect should be sufficient for its intended purpose, eg buying something from the shop, you shouldn’t take credit card details but not delivery details because this becomes insufficient for the purpose as you have payment details but nowhere to send the product they purchased.
If somebody is applying to you to amend their records, they cannot amend opinions, only facts. Any opinion which is obtained and kept on a person’s record should be written in a way that it can be interpreted correctly and it should contain the date when it was written, the author’s name and position. If any information is referred to, it must be made clear where the referred information can be found.
Principle 4
The fourth principle of the Data Protection Act states “Personal data shall be accurate and, where necessary, kept up to date” [1]. With this principle you must keep the data up to date where it is reasonable to do so. The law acknowledges that it is not possible to double check all the 10,000 records you may have (obviously the number changes with the size of the company, e.g. Bolton Area divers may only have a few hundred). Under the fourth principle, you should:
- Take reasonable steps to correctly record the information you receive.
- Ensure the source of the data is clearly visible
- If the accuracy of the information is challenged take due consideration of the challenge.
- Make the decision whether the information held needs to be updated.
You are allowed to keep previous facts, such as previous addresses, but only if it is appropriate to keep such information. The correction of mistakes does not necessarily mean deleting that mistake, if somebody bought something on a driving website, based in Bolton, and they were accidently changed too much delivery (eg £13.50 when normal charge is £1.99) and then the mistake was rectified, it was still factual that they were changed £13.50. Both records would be on there, both the original and amended charge. This could be beneficial to the company as it shows why they have refunded money. You can delete the original error if it was misleading to the correct fact. When you need to compile the information, make sure the information has veracity.
The data must also be kept up to date. For the information that needs to be kept up to date, eg postal addresses, more effort should be made to keep it current so that orders can be sent to the correct address. For example when they get a pay rise, it is updated on the payroll system.
The accuracy of the information does not have to be correct if you correctly recorded the information given to you, and have make reasonable steps to check that the information holds water, or you got the information from third parties and checked the validity. If the integrity of the information is questioned you take necessary steps to see it is correct and who is accessing it.
To ensure the personal data is accurate, you need to make appropriate checks. For example, if you are going to employ a web maintainer, you need to check that he has an acceptable standard of English and he has qualifications relating to his programming in HTML, CSS and JavaScript. It may not be check on that he cycled from Lands End to John O’Groats even though this should show determination.
If the veracity of the information is called into question you should ensure it accurate and correct and if not you should amend or delete it. The individual could provide documentary evidence, such as birth certificates and paper invoices. When the integrity of the information in dispute it is good practice to flag up the information that is in dispute, but this is not required by the Data Protection Act. If you do then find out the information is inaccurate then you will then be covered by the act.
When recording opinions, it just be stated that they are opinions and if necessary, must be stated whose opinions they are. For instance Bolton Area Divers have records on how well their divers are doing. The awarded levels are factual, but the comment “this diver has no common sense and should not be allowed to go diving,” is opinion. If necessary it should state that it is Andy Brooks’ opinion and his role/ranking within the diving club.
If the opinion is based on evidence that is later found to be incorrect, the opinion and the incorrect evidence can be ordered to be deleted.
Principle 5
Principle 5 is the fifth principle of the Data Protection Act and covers how long the data should be kept. The act says that you cannot retain information for longer than necessary to fulfil the purpose(s) for which it was intended.
The four things you need to consider in relation to principle 5 are:-
- Review how long you keep the data
- Review whether the data you are keeping is still relevant for the purpose(s)
- Any information no longer needed is securely deleted, i.e. delete it from Windows and then ensure the data is then overwritten a few times, or paper documents are shredded and/or burnt.
- Update the information, archive the information or securely delete the information if it goes out of date.
If you keep the information you have too long, this could have an adverse effect on the company, for instance, if you used the old information by mistake. If you have too much data it will take you longer to find it if people make requests for it. If you hold the data for too long, it becomes excessive, which is against the Data Protection Act. If you keep data for long periods of time it becomes more and more difficult to ensure it is correct. All the information you hold needs to be kept secure, even it is not relevant to you anymore.
If you use common sense and good business practise, you can determine when data needs to be deleted, eg, if somebody says “your membership prices are too expensive, your staff are all snotty and your website is rubbish and I’d rather stick pins in my eyes than come back here”, then it is obvious that they aren’t going to have more communications with you so can delete membership records of him.
Principle 7
Principle 7 is the section that deals with security of the information. This principle states that you should take appropriate technical and organisation measures against unlawful and unauthorised processing. You should also protect against accidental damage, loss or theft of data or otherwise data being taken out of your possession.
Technical and organisation measures you need to have in place are:
- You must have in place security that is fit for the type of information which is kept on paper or in digital form.
- Make it clear and transparent who is in charge of ensuring security of the information you hold.
- The company must have the correct “physical and technical security, with robust policies and procedures and reliable, well trained staff.” [1]
- The company should be prepared to respond responsibly, quickly and effectively if a breach happens.
There is no definition of the words “appropriate action” but you are expected to assess for the right security for the size of the company and to the risk to the information (the information may be sensitive, private or damaging or distressing to the person it relates to) you hold if it is leaked, hacked or otherwise released to the public. You are also expected from time to time review your technical securities for any updates the security systems might require. The physical and technical securities are good to have in place but are not sufficient on their own.
You will need things like:-
- Information risks assessments.
- Have a culture of security awareness within the organisation (BAD).
- A responsible and designated person for information security, who has the necessary authority and equipment available to them to fulfil this role.
The staff in your organisation should be familiar with the company’s security policies and the eight principles of the data protection act, especially the ones that relates to BAD. The company should have initial and refresher courses covering.
- The organisation’s (BAD) requirements when following the Data Protection Act and the restrictions when using personal information.
- The staff members made aware of protecting personal data and that if they misuse the information they are committing a criminal offence. They can misuse information by deliberately trying to access the information, or disclose it when the person in question has no authority to do so.
- The correct procedures to identify whether the person calling has the right to access the information.
- The staff members are made aware of the dangers of misleading people into believing they are somebody else, in the attempt to gain information, i.e. phishing attacks.
- The staff have to be made aware that computer use will be limited to avoid getting malware.
NB. This training relies on the individual in question being reliable and having moral integrity.
The physical security of Bolton Area Divers will have to comply with the Data Protection Act. There will have to be quality doors and locks where required with adequate protection such as alarms and CCTV with security lighting. Other measures include responsible paper disposal, knowing where visitors are at all times (maybe with a guide) and keeping portable equipment in your property throughout, i.e. laptops not being lost or stolen.
The security of your computer is vital due to most of the information is now stored on digital form on a hard drive. The following things are to be taken account of when designing security.
- Computer security has to be proportional to the size of the company and the use of the information within the organisation.
- Your organisation is supposed to have up to date security measures but organisation can consider cost when purchasing new (new to them) security measures.
- If you have members of staff who work from home you have to ensure that data is secure from their home across the open network.
- The security measures should be proportionate and appropriate to the security risk and the consequence of an information breach.
If a security breach occurs, you are supposed to effectively manage the breach.
The correct way of handling a security breach is:-
- Whenever a security breach happens, you are supposed to contain and recover. You are supposed to respond to the breach and where necessary you are suppose to use data recovery and damage limitation plans.
- When a breach occurs you should assess the situation. You should assess the impact on individuals and how likely they are to be affected.
- You should the relevant people when a breach occurs. You should be clear about why you are contacting the people and what the individuals concerned should do about the attack. You consider notifying the following bodies: the ICO, other regulatory bodies; the police, bands, the media and other third party bodies. You should also contact the individual concerned.
- Investigate the cause of the breach and if necessary you should update your policies and procedures according to the effectiveness of your response.
Q3. (P3, EM2)
Surely for each of these issues there must be some kind of security feature that can prevent / minimise the impact? What kind of protection should we have in place to try and prevent these issues?
Explain the security risks and protection mechanisms involved in website performance.
Data Protection Act of 1998
General Protection Mechanisms
You need to have good Firewalls, anti-malware, training in data protection and refresher courses and other courses which would be helpful such as digital security. Companies which have Codes of Conduct to help with Data Protection will find these useful and you need clearly defined person to be ‘Data Controller’. You need physical security measures like biometrics, good quality locks and doors to help ensure data retention. It is a good idea when handling sensitive information or any sort of information to use common sense.
Principle Specific Measures
Principle 1
To prevent and minimise the potential unlawfulness of Data processing, you should have strong Data Processing Ethics Policies, which clearly lay out how fairly you are processing data and have a clear layout of how Principle 1 affects your processing of data and consider going on Data Protection refresher courses.
Principle 2
To protect yourself from Principle 2, when people phone or other similar situations, you should confirm to whom you are talking. If you want to disclose information you have gathered for marketing purposes, you need to either tell them when you have collected the information or if a new purpose arises, then contact the people you collected the data from before you are able to release the information to marketing companies. You should also make clear what type of Company you are so you know what procedure you need to follow with regard to notifying the people the data originated from.
Principle 3
To minimise any adverse effects arising from Principle 3, before you collect data, decide the purpose for which you are using it, decide how much you need to fulfil the purpose and what sort of notices you may need to provide. By doing this, you would only collect enough information which you need and nothing excessive. Design questionnaires beforehand so the information you gather can be the most relevant and the best information you can attain for the purpose you are using it.
Principle 4
To protect yourself from the fourth Principle, you can employ Data Integrity Officers, i.e., spellcheckers and proof readers. From time to time, check and make sure your information is correct, contact customers to ask them to update any data, have a notice saying, “If any information is incorrect, please notify us” and/or have a notice saying if any of your information changes, you should let us know.
Make it clearly visible where you get your sources from, e.g., a website, TV or publications, etc. This is not a legal thing NOT to do it, but is good practice to flag up any disputed information as in dispute.
Principle 5
To protect yourself from the fifth Principle, it would be advisable to have a computer programme which flags up old information for renewal. It is advisable to have a clearly set out timetable within which you can reasonably foresee you need the information for and having any historical, statistical or scientific data being clearly marked and distinguishable from the other data you hold. Any old information you have needs to be securely removed from your possession to avoid using this by mistake.
Principle 7
To protect yourself from the seventh principle, it would be advisable to invest in the proper security measures such as anti-malware. When answering the phone, you need to correctly identify the person you are speaking to in order to establish whether that person has the right to the information. You need to invest in paper shredders, incinerators and software which permanently deletes unnecessary information. You must have good quality biometric security and physical security to ensure the data is kept secure and have Emergency Policies in case of burglary, fire, espionage or other types of disasters. If some data gets out which is not meant to, the organisation must be prepared to come out to the relevant bodies to declare that this event has happened. A trustworthy and responsible person should be appointed as a Data Controller. A good idea to avoid information being leaked would be to perform information security assessments. Train your staff and have a security aware culture.
Q4. (EM2)
Are there any advantages and/or drawbacks to the solutions you have offered?
General Advantages/Drawbacks
The drawbacks are you have to pay for Firewalls and anti-malware, pay for the training involved and courses, pay for someone to write up the Code of Conduct and employ a Data Controller or assign an existing staff member as a Data Controller, pay for the security measures, e.g. biometrics and physical security.
The advantages are you have computer systems which are protected from malware, trained staff. You have a designated person who is responsible for the data within the Company.
You need to have good Firewalls, anti-malware, training in data protection and refresher courses and other courses which would be helpful such as digital security. Companies which have Codes of Conduct to help with Data Protection will find these useful and you need clearly defined person to be ‘Data Controller’. You need physical security measures like biometrics, good quality locks and doors to help ensure data retention. It is a good idea when handling sensitive information or any sort of information to use common sense.
Specific Advantages/Drawbacks
Principle 1
The drawbacks to Principle 1 will be you will have to pay someone to write up the Ethics Policy and have to send people on Data Protection courses and the expense this will involve.
The advantages are that you won’t be getting sued for unlawfully processing data. You are not spending ages processing tons of unfair data.
Principle 2
The drawbacks of this will be people get annoyed when you keep asking who they are. Unless you employ sneaky tactics, you are not going to get people to sign up for marketing information. The ones that do are probably email addresses they have set up and never look at to avoid getting spam emails in their ‘real’ email address. The rest of the people are the ones who are not familiar with the web and/or don’t understand that they have signed up for marketing emails, etc. If you change your mind about the purpose you use the information for, unless it’s a reasonable progression on what you already use it for, you need to contact everybody you acquired information from. Another drawback being having to notify everybody what the information is for unless this is obvious.
The advantages for Principle 2 are that you are within the law and you are not giving out information about Tom to Harry, for example. You only give out personal information to the correct people. Supplying lists of clients’ addresses (email addresses, home addresses, etc.) can be a source of making money providing you have the address holder’s permission. This means you stay within the law.
Principle 3
A disadvantage to Principle 3 is you have to spend money perfecting and designing questionnaires and spending money on the time it takes to narrow down what information is necessary.
The advantages of Principle 3 are that you are not spending extra money gathering information you don’t need. Your questionnaires return relevant information and it doesn’t take as long sifting through the information. You are within the law while following Principle 3. The information you gather has a clear and defined direction and purpose.
Principle 4
The drawbacks of Principle 4 are having to employ or appoint a Data Integrity Officer, having to spend money on programmes and/or time to check the integrity of data. Ignoring this Principle can lead to data overload, i.e. information kept for longer than necessary leading to too much data being kept, e.g., keeping previous addresses. You could potentially use out of date or irrelevant information, causing you to produce incorrect data or information. Having to spend extra money and flagging up disputed information is a disadvantage.
The advantages are that your information is accurate and up to date and you have more space on your hard drives from keeping information no longer than necessary. Having a dedicated person who can double check data is correct and up to date, will ensure that the Company doesn’t alienate customers by sending stuff to a wrong address, for example.
Principle 5
Principle 5 has basically the same advantages and drawbacks as Principle 4, with a few exceptions:-
The drawbacks are that it costs money to get the programmes and the time it takes to define how long the information should be kept for.
The advantages are that your hard drive space is freed up and you have a programme to decide when the information is getting old.
Principle 7
The drawbacks of implementing Principle 7 are that anti-malware programmes are expensive to buy. You have to train staff in correctly answering the phone, i.e. asking security questions, etc. You have to invest in equipment such as specialised programmes and securely disposing of paper. You will have to spend some money on good quality security measures such as biometrics, doors and locks, etc. You will have to spend money on emergency policies to cover disasters. Telling the media you have lost personal information could be damaging to your reputation but is necessary under the seventh Principle. Risk assessments and staff training costs money.
The advantages of Principle 7 are you have quality anti-malware to protect your computers, you are clear who you are talking to on the phone, you have some way of securely disposing of sensitive documents and software to permanently delete data. You have good quality security measures like biometrics and locks and bolts and you have good emergency policies in case of disasters and a Data Controller. Your customers are aware that their information could be used in an unlawful way when your Company tells the media.
Q4. (P2)
OK I have heard a lot about programming languages for the internet and am really confused. So…
What is the difference between server side code and client side code?
Server side code is code viewed and used by the server and the client cannot see the server side code and client side code is code that the client can see, like CSS and other languages to make web pages look nice.
When programming in server side code language, you are programming what the server should do. The client cannot manipulate, change or input anything with the server side code. The browser cannot see server side code because when your browser sends a request to the server, the server processes the request and sends the request back as an HTML file.
When programming in client side code, you are programming what the browser would do, so the user can change, manipulate or input in the client side code, ie., user input forms, changing the size of the text or on some sites like iGoogle, changing the way out of the site.
Is there any difference performance wise between them?
Yes, the difference in performance is that the server side code is slower on the server but it is more secure because the user cannot see the code. The browser’s possible incompatibility errors will not arise with server side code because the server sends out basic HTML file(s). Potential security risks may arise if there is poor programming which could lead to hackers deciphering which language your website is written in.
The client side code receives more information so takes longer to load and is generally less secure because the users can see all the code and what language the website is written in. A difficulty can arise when using client side code when using old versions of browsers which may not have been around when the programming language or standard was created which would cause some problems with compatibility.
When hosting games on servers, this can slow down the database as connections need to be kept open for games to be constantly refreshed. Client side code cannot be used to access and download files from BAD computers.
Is there any security issues using one over the other?
With client side programming, the programme language which the website works within is revealed but minimum server information is revealed.
With server side coding, the programme language within which the website works is not revealed but if the website is programmed badly, a hacker could find out information about the server and database and cause havoc on your website.
You can protect yourself from this type of stuff by having some sort of validation which would prevent this.
I’ve heard of HTML, CSS, ASP, JavaScript, Java, VBScript, XML and XLST to name but a few can you explain these to me including when they would be used?
What is HTML?
HTML stands for Hyper Text Markup Language – it’s not a programming language, it is a markup language. It is designed to tell the web browsers how to display the text and images sent by the server. Markup languages comprise of markup tags which describe a specific type of information that is being sent by the server. The tags are keywords enclosed within angle brackets which have an opening<p> and closing</p> tag, like around the opening and closing words. All tags have a start tag and an end tag, with a few exceptions e.g. line break. When compiled by the web browser, the tags are not included in the web page which people see. HTML documents are generally referred to (once they have been compiled by the web browser) as web pages.
What Is CSS?
CSS, or Cascading Style Sheets, describes how elements within a web page should appear. They are generally stored in their own separate file(s) with the extension .CSS. With the amendment of one file, you can change the whole website. External CSS files can save a lot of work on designing the website. Originally, HTML was only designed for transporting text, mainly across universities. When colour was added to HTML it became a long and extensive process, so W3C created CSS. When HTML 4 was introduced, they attempted to remove all formatting from HTML and leave it to the separate CSS file, which nowadays all browsers display, apart from the ones which have plain text browsers for the blind or visually impaired, which have no need for fancy websites.
What is ASP?
ASP stands for Active Server Pages and was created by Microsoft and can be accessed by Windows 95/98 CD and free on Windows 2000 and a part of Windows NT 4.0 and upwards. It runs within IIS (Internet Information Services)
ASP files are the same as HTML files, containing text, HTML, XML as well as script, with scripts being dealt with on the server. ASP has an extension “.asp”.
You can use ASP to edit, or add content to a web page. You can respond to submitted HTML forms and access data or databases and display the results in a browser. It allows for web page customisation and is simple and fast to use. It can be used with or without scripting compatible browsers. When your web browser requests an ASP file, the server sends a plain HTML file in return.
What is JavaScript?
Java and JavaScript are two completely unrelated languages; Java being a low-level language around the same level as C and C++. JavaScript or also known as ECMAScript is as follows:-
JavaScript is the world’s most popular scripting language invented by Netscape to add interactivity to web pages. It supports all major browsers, eg., IE, FireFox, Chrome, etc.
JavaScript has read and write capability of HTML and can dynamically change text. JavaScript can be set to work at a specific time, eg. When a page has finished loading or when typing into an email input field, saying whether the email address is accurate or not.
JavaScript can be put to use to validate data before sending the information to the server, saving process and power on the server. JavaScript can be used to discover the user’s browser and load a specific page to that browser. This is useful when you want Chrome to look different from IE, most commonly from interpretation differences. JavaScript can create cookies, which can be used to gather the user’s information such as visits, number of visits and what pages they view in their sites.
JavaScript is embedded straight into the HTML pages. It is also lightweight and there is no need to purchase a licence to use JavaScript.
What is Java?
Java (and not JavaScript) is a programming language; it’s similar to C and C++ but takes longer to load and requires more memory but its speed has improved since Just-in-time compilation (or dynamic translation). Java is like C, a general purpose language, concurrent, class-based, object-oriented language and was designed so you can write a programme once and use it anywhere with as few implementation dependencies as possible, making it easier to use anywhere.
Java is used 850 million devices worldwide including PCs, mobiles and TVs. It is the programming language used for cutting-edge programmes, including business apps, games and utilities. With the new arrival of internet TVs, it will be put to use for programming widgets.
Java is used on a lot of websites and the website wouldn’t work without Java. This means certain well-known tablets wouldn’t work with Java embedded websites.
Updating Java ensures that you have the latest version of Java and any websites you visit that have Java means they will run smoothly and any security vulnerability will be plugged.
What is VBScript?
VBScript (Visual Basic Script or VBS) is a cut-down version of Microsoft’s Visual Basic programming language. VBS only works with Microsoft’s browser, which is Internet Explorer.
Visual Basic works inside the HTML file and Internet Explorer reads the HTML with the VBS and then interprets the language and runs with the VBScript immediately or at a later date.
VBScript uses the Component Object Model running with the FileSystemObject (FSO) to create, read and update and delete files easily. It is on all PCs from Windows 98 upwards and Windows NT 4.0 Option Pack upwards.
VBS is a general purpose scripting language favoured by system administrators using Microsoft products but may become less used with the introduction of Windows PowerShell. VBS is used outside of the web in such places as industry with such things as human machine interfaces.
The wide use of VBScript is due it being royalty free, provided they display the Visual Basic logo. When VBScript is used in client-side web development inside the browser, VBScript performs similarly to JavaScript. VBScript is also used for server-side processing, mainly in Active Server Pages (ASP). VBScript is used for error messages inside Windows.
What is XML?
XML stands for Extensible Markup Language. “XML was designed for transporting and storing data”[2] but not for displaying data like HTML is. XML is a markup language, which has no defined tags, instead you define your own and W3C recommends you use it. The purpose of XML is transporting data from A to B, storing and structuring the information.
XML would look like
<definition>
<dear>Tom</dear>
<from>Chris</from>
<header1>zenzizenzizenzic</header1>
<body>means a number to the power of 8 i.e. 2&sup8</body>
</definition>
The above definition is self-explanatory. It is To Tom, From Chris, defining what zenzizenzizenzic is. This XML document is just information wrapped in tags; it needs software to display it or for Tom to receive it. It doesn’t matter if it is Header 1 or H1 or anything as long as the tag is predefined.
XML complements HTML. XML is now an important part of the web, it is used for all sorts of applications.
.
What is XSLT?
XSLT stands for Extensible Stylesheet Language Transformations. It transforms XML into other documents such as other XML documents, web browser readable formats (X)HTML and other formats like PDF etc.
XSLT is used like CSS for XML, you take the XML document and the XSLT code and process it and get a stylized document. This means you can decide on the designs such as what elements to include. The processor can perform tests on the data and make decisions based on it.
XSLT uses XPath to navigate through documents to find things that should match into preexisting templates. When the matches have been found the stylized document will be created.
XSLT is a recommended standard from the W3C.
Q5. (P2)
Could you please briefly explain any other issues/factors that could affect the performance of the website.
Web traffic
The traffic on your end, on their end and in the middle of the network can slow down the site. On your end it could be people on Facebook, Farmville, Youtube and playing Flash Games. In the middle it could be how many people in your area are doing bandwidth intensive activities. At the web server side, it could be how many hits they are getting, what else in the web server has to deal with and maybe even Denial of Service attacks.
Processing power
Of your computer
The amount of processing power of your computer can determine how fast a webpage loads the better the processor and the larger amount of RAM your computer has got the faster the web page will load.
Of the server
How much other stuff the server has to process will affect it. How much overall processing power and how much RAM the server has. How many hits and how much server side coding the pages have, will also affect it.
How much needs to be downloaded/uploaded
Some flash games and other sorts of streaming are constantly frames or the next part of the game. How graphically intense the webpage is and how quick the internet connection is to download them. How much data needs to be uploaded, such as validation and file uploads. Downloading is usually up to 20Mbit but uploading normally a lot slower.
Layout of webpage
Different layouts of pages take different times to render. Tables take longer to render, frames take longer to render and download.
Bandwidth
The amount of bandwidth you have on your bandwidth and the server’s bandwidth will affect the performance of the website. If you or the site have used up the allocated bandwidth for the month, the page will not load.
Browser
Some browsers are a lot slower than others. IE generally is the slowest and some specialised versions of Firefox can be slow due to the way they are configured. Crome is the fastest graphical browser, Lynx is a fast text-only browser.
Cookies
The amount of cookies you have on your system can slow down the performance as the computer has to search through a directory full of cookies. If the right cookies for the right websites it can speed your computer up.
What is turned on and off
If you have Javascript turned off, it could load faster, but it wouldn’t load everything. The same with most things like Java, Cookies and Flash, etc.
Malware
Malware, such as spyware will slow your computer down as it will be emailing other people information. Malware can download vast amounts of data over and jam up your bandwidth. It can upload vast amount of unneeded data or delete your files. At worst it could delete crucial files from your computer making access to the Internet impossible. The same with servers as well.