• Join over 1.2 million students every month
  • Accelerate your learning by 29%
  • Unlimited access from just £6.99 per month
  1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. 7
  8. 8
  9. 9
  10. 10
  11. 11
  12. 12
  13. 13
  14. 14
  15. 15
  16. 16
  17. 17
  18. 18
  19. 19
  20. 20
  21. 21
  22. 22
  23. 23
  24. 24
  25. 25
  26. 26
  27. 27
  28. 28
  29. 29
  30. 30
  31. 31
  • Level: GCSE
  • Subject: ICT
  • Word count: 7021

Data Protection Act

Extracts from this document...


Semester Two Lecturer: Stuart Merrick Contents Pages - Introduction 4 - Executive Summary 4 - Analysis - Subheadings - 5-24 1.0 Question 1: 5-14 What is Data Protection Act (1998) and eight essential principles 1.1 First Principle 7 1.1.1 Conditions for processing (Schedule 2 of the Act) 8 1.1.2 Conditions of processing sensitive personal data 8 (Schedule 3 of the Act) 1.1.3 The fair Processing requirements 9 (Schedule 1 Part II paragraph 1 to 4) Paragraph 1 1.1.4 Paragraph 2 and 3 - Information to be provided to date 9 subject 2.1 Second Principle 10 3.1 Third Principle 10 4.1 Fourth Principle 11 5.1 Fifth Principle 12 6.1 Sixth Principle 12 7.1 Seventh Principle 13 8.1 Eighth Principle 14 1.2 Question 2: 15-17 Freedom of information Act (2000) 1.2.1 What is a Publication Scheme 16 1.2.2 What new rights will the public have 17 1.3 Question 3: Privacy and Electronic Communication (EC Directive) Regulation 2003 18-20 1.4 Question 4: Privacy / Security of Medical Records 20-24 - Conclusion 25 - Bibliography Question 1: Data Protection Act (1998) and eight essential principles 26 Question 2: Freedom of information Act (2000) 28 Question 3: Privacy and Electronic Communication (EC Directive) Regulation 2003 29 Question 4: Privacy / Security of Medical Records 29-31 Introduction For my module computing I have to find research and produce detailed report on freedom of information and the need for security. The information commissioner's office enforces and oversees the Data Protection Act 1998 and the Freedom of Information Act 2000. I need to read and understand knowledge respecting private lives of individuals and encourage the openness and accountability of public authorities. In the report my aims and objectives will be to cover the following aspects: - What is Data Protection Act 1998 and identify and describe 8 principles. - What is the Freedom Information Act 2000 and how does it build on the Data Protection Act - Privacy and Electronic Communication (EC Directive) Regulation 2003 came into force 11th December 2003. ...read more.


- Failing to comply with right to require data controller to rectify, block, erase or destroy inaccurate or incomplete data or cease holding such data in a way with incompatible with data controller's legitimate purpose. Personal data cannot be used or disclosed in any manner which is incompatible with the purpose of which it is held. 7.1 Seventh Principle "Appropriate technical and organizational measures shall be taken against unauthorized or lawful processing of personal data and against accidental loss or destruction of or damage to 'personal data'" The act gives some further guidance on matters which should be taken into account in deciding whether security measures are 'appropriate'. These are as follow - Taking in account the state of technological development at any time and the cost of implementing any measures, the measures must ensure a level of security appropriate to: harm that might result from a breach of security and the nature of the data to be protected. - The data controller must take reasonable steps to ensure the reliability of staff having access to the personal data. It is encouraged to consider the use of privacy enhancing techniques as part of their obligations under Seventh Principle. The Principle relates to the security of the processing as a whole and the measures to be taken by data controllers to provide security against any breaches of the Act rather than just breaches of security. Appropriate technical and organisation measures shall be taken against unauthorised access or lawful processing of personal data and against accidental loss, disclosure or destruction of, damage to personal data. Organisation holding personal data should consider physical factors, such as controlling access to the data banks and taking precautions against fire or natural disaster to the building or room. Also consider trustworthiness of staff and have measures of staff breaches including security measures and password on computer. 8.1 Eighth Principles "Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ...read more.


Tripwire & controls over loading of uncertified software Systems vulnerability analysis tools Detect unintended system vulnerabilities SATAN, crack, National Computer Security Association Table 2: Disclosure threats to security technologies Threats Principles Countermeasures Insider abuse Accidental disclosures Insider curiosity Insider subornation Secondary Users Outsider intrusion Education, alerts, reminder Education, authentication, authorization, audit trail, rights management tools (future possibility) Same above Rights management tools (future possibility) All available obstacles and system management precautions Table 2 above shows the disclosures of threats to available tools. The threats of medical records on information can cause. Security and privacy of medical records is a 'people's problem'. Technology can ensure that the personnel access information have a right and need to know, and that information gets from one place to another accurately and securely. Technology can do very little to ensure the person receiving the information will handle it according to confidentiality standards. It depends on ethics and an affective supervisory and legal structure that provide sanctions against detected misuse. In the real world information systems will always be vulnerable. Conclusion Everybody should be entitled to keep their private business and information to themselves unless they give their consent. Most major advances in technology also entail unintended consequences. Computerised records have enabled healthcare providers to efficiently gather and evaluate medical information via modern database and database enabled technologies the potential misuse of this information has also increased. The principle for fair use of information has been agreed upon for at least 25 years. The most fundamental principles of fair use of information are that no secondary use of medical information should take place unless authorised by the patient.1 Medical records on computers security art in various countries but of the complex interplay between human, political, technical aspects. 16 Technology can be a great help for professionals in the interest of their patients but several occasions absolute guarantees of confidentiality are difficult to assure once the information is in the system. 17All patients have a right to be treated justly. ...read more.

The above preview is unformatted text

This student written piece of work is one of many that can be found in our GCSE Legislation & The Legal Framework section.

Found what you're looking for?

  • Start learning 29% faster today
  • 150,000+ documents available
  • Just £6.99 a month

Not the one? Search for your essay title...
  • Join over 1.2 million students every month
  • Accelerate your learning by 29%
  • Unlimited access from just £6.99 per month

See related essaysSee related essays

Related GCSE Legislation & The Legal Framework essays

  1. Peer reviewed

    The Main Features and Difficulties Regarding the Regulation of E-Commerce

    4 star(s)

    Such data as confidential business documents, medical records, financial information and other personal details would not be wholly private if strong encryption would not be allowed. Thus the national proposals of the USA and UK are not accepted by OECD which follows the International Treaties regarding these fundamental rights.

  2. Data Protection Act

    Also if the school wants to share the information with third person parties then they must contact my parents. If they don't then they could be prosecuted as this is illegal. This stops my details like phone and email getting out to marketing companies contacting me.

  1. Discussing legislation - Data Protection act, Copyright, Computer Misuse, Health and Safety at Work ...

    Data must be accurate and kept up to date where necessary 5. Data should not be kept for longer than is necessary for the specified purpose 6. Data processing should meet the legal rights of the data subjects 7. Data holders should protect the data against loss, theft or corruption

  2. The Data Protection Act 1998 - questions and answers

    If you want to process personal data you must be registered with the Data Protection Commissioner. Registration (which will be called notification under the 1998 Act) is a simple procedure. You call the Commissioner's hotline on 01625 545745, state the name and address of your business and the nature of your business.

  1. The legislation that protects individuals and groups from the misuse of ICT

    However Mr. Wojcik feels for someone who is quiet it wouldn't have any impact because the employer would be unaware that the employee needed something. To improve the impact that the law is having upon Mr. Wojcik there could be a checklist brought in which includes everything that is covered by the law, so then Mr.

  2. 3E-The legislation that protects individuals and groups from the misuse of ICT

    With the data protection act in place, MR. Obrien can give his personal details to organisation without any worries because he knows the data protection act ensures confidentiality of his personal information and if any flaws were found in his data, Mr.

  1. Leaflet design for Finding Nemo.

    3. 4. 5. 6. (Poster) Research I looked for graphics on the Internet. I used a programme called google, as mentioned above, to act as my search engine to find the pictures I needed. I typed in Finding Nemo on the images section, and it came up with a

  2. Privacy and Data Protection: IT Law

    the US: Since the freedom of speech is written down explicitly in the Bill of Rights, it is superior to the only implicitly mentioned right to privacy.8 The Supreme Court has judged though, that mere advertisement is lower speech and can be regulated, but the choice has to be given

  • Over 160,000 pieces
    of student written work
  • Annotated by
    experienced teachers
  • Ideas and feedback to
    improve your own work