• Join over 1.2 million students every month
  • Accelerate your learning by 29%
  • Unlimited access from just £6.99 per month
  1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. 7
  8. 8
  9. 9
  10. 10
  11. 11
  12. 12
  13. 13
  14. 14
  15. 15
  16. 16
  17. 17
  18. 18
  19. 19
  20. 20
  21. 21
  22. 22
  23. 23
  24. 24
  25. 25
  26. 26
  27. 27
  28. 28
  29. 29
  30. 30
  31. 31
  • Level: GCSE
  • Subject: ICT
  • Word count: 7021

Data Protection Act

Extracts from this document...


Semester Two Lecturer: Stuart Merrick Contents Pages - Introduction 4 - Executive Summary 4 - Analysis - Subheadings - 5-24 1.0 Question 1: 5-14 What is Data Protection Act (1998) and eight essential principles 1.1 First Principle 7 1.1.1 Conditions for processing (Schedule 2 of the Act) 8 1.1.2 Conditions of processing sensitive personal data 8 (Schedule 3 of the Act) 1.1.3 The fair Processing requirements 9 (Schedule 1 Part II paragraph 1 to 4) Paragraph 1 1.1.4 Paragraph 2 and 3 - Information to be provided to date 9 subject 2.1 Second Principle 10 3.1 Third Principle 10 4.1 Fourth Principle 11 5.1 Fifth Principle 12 6.1 Sixth Principle 12 7.1 Seventh Principle 13 8.1 Eighth Principle 14 1.2 Question 2: 15-17 Freedom of information Act (2000) 1.2.1 What is a Publication Scheme 16 1.2.2 What new rights will the public have 17 1.3 Question 3: Privacy and Electronic Communication (EC Directive) Regulation 2003 18-20 1.4 Question 4: Privacy / Security of Medical Records 20-24 - Conclusion 25 - Bibliography Question 1: Data Protection Act (1998) and eight essential principles 26 Question 2: Freedom of information Act (2000) 28 Question 3: Privacy and Electronic Communication (EC Directive) Regulation 2003 29 Question 4: Privacy / Security of Medical Records 29-31 Introduction For my module computing I have to find research and produce detailed report on freedom of information and the need for security. The information commissioner's office enforces and oversees the Data Protection Act 1998 and the Freedom of Information Act 2000. I need to read and understand knowledge respecting private lives of individuals and encourage the openness and accountability of public authorities. In the report my aims and objectives will be to cover the following aspects: - What is Data Protection Act 1998 and identify and describe 8 principles. - What is the Freedom Information Act 2000 and how does it build on the Data Protection Act - Privacy and Electronic Communication (EC Directive) Regulation 2003 came into force 11th December 2003. ...read more.


- Failing to comply with right to require data controller to rectify, block, erase or destroy inaccurate or incomplete data or cease holding such data in a way with incompatible with data controller's legitimate purpose. Personal data cannot be used or disclosed in any manner which is incompatible with the purpose of which it is held. 7.1 Seventh Principle "Appropriate technical and organizational measures shall be taken against unauthorized or lawful processing of personal data and against accidental loss or destruction of or damage to 'personal data'" The act gives some further guidance on matters which should be taken into account in deciding whether security measures are 'appropriate'. These are as follow - Taking in account the state of technological development at any time and the cost of implementing any measures, the measures must ensure a level of security appropriate to: harm that might result from a breach of security and the nature of the data to be protected. - The data controller must take reasonable steps to ensure the reliability of staff having access to the personal data. It is encouraged to consider the use of privacy enhancing techniques as part of their obligations under Seventh Principle. The Principle relates to the security of the processing as a whole and the measures to be taken by data controllers to provide security against any breaches of the Act rather than just breaches of security. Appropriate technical and organisation measures shall be taken against unauthorised access or lawful processing of personal data and against accidental loss, disclosure or destruction of, damage to personal data. Organisation holding personal data should consider physical factors, such as controlling access to the data banks and taking precautions against fire or natural disaster to the building or room. Also consider trustworthiness of staff and have measures of staff breaches including security measures and password on computer. 8.1 Eighth Principles "Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ...read more.


Tripwire & controls over loading of uncertified software Systems vulnerability analysis tools Detect unintended system vulnerabilities SATAN, crack, National Computer Security Association Table 2: Disclosure threats to security technologies Threats Principles Countermeasures Insider abuse Accidental disclosures Insider curiosity Insider subornation Secondary Users Outsider intrusion Education, alerts, reminder Education, authentication, authorization, audit trail, rights management tools (future possibility) Same above Rights management tools (future possibility) All available obstacles and system management precautions Table 2 above shows the disclosures of threats to available tools. The threats of medical records on information can cause. Security and privacy of medical records is a 'people's problem'. Technology can ensure that the personnel access information have a right and need to know, and that information gets from one place to another accurately and securely. Technology can do very little to ensure the person receiving the information will handle it according to confidentiality standards. It depends on ethics and an affective supervisory and legal structure that provide sanctions against detected misuse. In the real world information systems will always be vulnerable. Conclusion Everybody should be entitled to keep their private business and information to themselves unless they give their consent. Most major advances in technology also entail unintended consequences. Computerised records have enabled healthcare providers to efficiently gather and evaluate medical information via modern database and database enabled technologies the potential misuse of this information has also increased. The principle for fair use of information has been agreed upon for at least 25 years. The most fundamental principles of fair use of information are that no secondary use of medical information should take place unless authorised by the patient.1 Medical records on computers security art in various countries but of the complex interplay between human, political, technical aspects. 16 Technology can be a great help for professionals in the interest of their patients but several occasions absolute guarantees of confidentiality are difficult to assure once the information is in the system. 17All patients have a right to be treated justly. ...read more.

The above preview is unformatted text

This student written piece of work is one of many that can be found in our GCSE Legislation & The Legal Framework section.

Found what you're looking for?

  • Start learning 29% faster today
  • 150,000+ documents available
  • Just £6.99 a month

Not the one? Search for your essay title...
  • Join over 1.2 million students every month
  • Accelerate your learning by 29%
  • Unlimited access from just £6.99 per month

See related essaysSee related essays

Related GCSE Legislation & The Legal Framework essays

  1. Peer reviewed

    The Data Protection Act

    4 star(s)

    She keeps information about student's progress which is confidential between her and her each of her students. For example she must make she that she protects this information from falling into the wrong hands (i.e. into other students hands so that they are able to compare reports).

  2. What is the purpose of the Data Protection Act?

    Explain the term data user and describe their responsibilities A data user is someone that holds personal details about us on their computer system. 5. What are the advantages and disadvantages of transferring personal data between computers of different companies?

  1. Discussing legislation - Data Protection act, Copyright, Computer Misuse, Health and Safety at Work ...

    Data must be accurate and kept up to date where necessary 5. Data should not be kept for longer than is necessary for the specified purpose 6. Data processing should meet the legal rights of the data subjects 7. Data holders should protect the data against loss, theft or corruption

  2. The Data Protection Act 1998 - questions and answers

    If you want to process personal data you must be registered with the Data Protection Commissioner. Registration (which will be called notification under the 1998 Act) is a simple procedure. You call the Commissioner's hotline on 01625 545745, state the name and address of your business and the nature of your business.

  1. The Legislation That Protects Individuals and Groups using IT. Use of It by myself ...

    Breaking this agreement usually also breaks the Data Protection Act and they can face very serious charges. Mr Ajaib can sue and take the companies to court. But some sites take advantage of long drawn-out agreements. They usually take advantage of those signing up by making them agree to allow their data to be used for the company's own needs.

  2. 3E-The legislation that protects individuals and groups from the misuse of ICT

    This ultimately keeps his personal data personal and precludes the misuse and amendments of his data. However, there is also a downfall of the impact of the data protection law upon MR. Obrien. If the organisation Mr. Obrien is working at which is the Lammas secondary school have a secured data storage and hackers still gain easy access to Mr.

  1. Data Protection Act

    On this form the school have to say why they are sending out the form and why the information is being collected. It also has to say what will happen to the data. On the sheet it will probably say we are collecting this data to find out information about

  2. Right of privacy under Hong Kong's current laws

    Articles 28, 29 and 30 in the BL5 address individual privacy. Art 286 protect personal privacy. Journalists will be prosecuted if they collect information by means of unlawful bodily search, arrest, detention or imprisonment. Unlawful search of one's home is also not allowed under the Art 297.

  • Over 160,000 pieces
    of student written work
  • Annotated by
    experienced teachers
  • Ideas and feedback to
    improve your own work