• Join over 1.2 million students every month
  • Accelerate your learning by 29%
  • Unlimited access from just £6.99 per month
Page
  1. 1
    1
  2. 2
    2
  3. 3
    3
  4. 4
    4
  5. 5
    5
  6. 6
    6
  7. 7
    7
  8. 8
    8
  9. 9
    9
  10. 10
    10
  11. 11
    11
  12. 12
    12
  13. 13
    13
  14. 14
    14
  15. 15
    15
  16. 16
    16
  17. 17
    17
  18. 18
    18
  19. 19
    19
  20. 20
    20
  21. 21
    21
  22. 22
    22
  23. 23
    23
  24. 24
    24
  25. 25
    25
  26. 26
    26
  27. 27
    27
  28. 28
    28
  29. 29
    29
  30. 30
    30
  31. 31
    31
  • Level: GCSE
  • Subject: ICT
  • Word count: 7021

Data Protection Act

Extracts from this document...

Introduction

Semester Two Lecturer: Stuart Merrick Contents Pages - Introduction 4 - Executive Summary 4 - Analysis - Subheadings - 5-24 1.0 Question 1: 5-14 What is Data Protection Act (1998) and eight essential principles 1.1 First Principle 7 1.1.1 Conditions for processing (Schedule 2 of the Act) 8 1.1.2 Conditions of processing sensitive personal data 8 (Schedule 3 of the Act) 1.1.3 The fair Processing requirements 9 (Schedule 1 Part II paragraph 1 to 4) Paragraph 1 1.1.4 Paragraph 2 and 3 - Information to be provided to date 9 subject 2.1 Second Principle 10 3.1 Third Principle 10 4.1 Fourth Principle 11 5.1 Fifth Principle 12 6.1 Sixth Principle 12 7.1 Seventh Principle 13 8.1 Eighth Principle 14 1.2 Question 2: 15-17 Freedom of information Act (2000) 1.2.1 What is a Publication Scheme 16 1.2.2 What new rights will the public have 17 1.3 Question 3: Privacy and Electronic Communication (EC Directive) Regulation 2003 18-20 1.4 Question 4: Privacy / Security of Medical Records 20-24 - Conclusion 25 - Bibliography Question 1: Data Protection Act (1998) and eight essential principles 26 Question 2: Freedom of information Act (2000) 28 Question 3: Privacy and Electronic Communication (EC Directive) Regulation 2003 29 Question 4: Privacy / Security of Medical Records 29-31 Introduction For my module computing I have to find research and produce detailed report on freedom of information and the need for security. The information commissioner's office enforces and oversees the Data Protection Act 1998 and the Freedom of Information Act 2000. I need to read and understand knowledge respecting private lives of individuals and encourage the openness and accountability of public authorities. In the report my aims and objectives will be to cover the following aspects: - What is Data Protection Act 1998 and identify and describe 8 principles. - What is the Freedom Information Act 2000 and how does it build on the Data Protection Act - Privacy and Electronic Communication (EC Directive) Regulation 2003 came into force 11th December 2003. ...read more.

Middle

- Failing to comply with right to require data controller to rectify, block, erase or destroy inaccurate or incomplete data or cease holding such data in a way with incompatible with data controller's legitimate purpose. Personal data cannot be used or disclosed in any manner which is incompatible with the purpose of which it is held. 7.1 Seventh Principle "Appropriate technical and organizational measures shall be taken against unauthorized or lawful processing of personal data and against accidental loss or destruction of or damage to 'personal data'" The act gives some further guidance on matters which should be taken into account in deciding whether security measures are 'appropriate'. These are as follow - Taking in account the state of technological development at any time and the cost of implementing any measures, the measures must ensure a level of security appropriate to: harm that might result from a breach of security and the nature of the data to be protected. - The data controller must take reasonable steps to ensure the reliability of staff having access to the personal data. It is encouraged to consider the use of privacy enhancing techniques as part of their obligations under Seventh Principle. The Principle relates to the security of the processing as a whole and the measures to be taken by data controllers to provide security against any breaches of the Act rather than just breaches of security. Appropriate technical and organisation measures shall be taken against unauthorised access or lawful processing of personal data and against accidental loss, disclosure or destruction of, damage to personal data. Organisation holding personal data should consider physical factors, such as controlling access to the data banks and taking precautions against fire or natural disaster to the building or room. Also consider trustworthiness of staff and have measures of staff breaches including security measures and password on computer. 8.1 Eighth Principles "Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ...read more.

Conclusion

Tripwire & controls over loading of uncertified software Systems vulnerability analysis tools Detect unintended system vulnerabilities SATAN, crack, National Computer Security Association Table 2: Disclosure threats to security technologies Threats Principles Countermeasures Insider abuse Accidental disclosures Insider curiosity Insider subornation Secondary Users Outsider intrusion Education, alerts, reminder Education, authentication, authorization, audit trail, rights management tools (future possibility) Same above Rights management tools (future possibility) All available obstacles and system management precautions Table 2 above shows the disclosures of threats to available tools. The threats of medical records on information can cause. Security and privacy of medical records is a 'people's problem'. Technology can ensure that the personnel access information have a right and need to know, and that information gets from one place to another accurately and securely. Technology can do very little to ensure the person receiving the information will handle it according to confidentiality standards. It depends on ethics and an affective supervisory and legal structure that provide sanctions against detected misuse. In the real world information systems will always be vulnerable. Conclusion Everybody should be entitled to keep their private business and information to themselves unless they give their consent. Most major advances in technology also entail unintended consequences. Computerised records have enabled healthcare providers to efficiently gather and evaluate medical information via modern database and database enabled technologies the potential misuse of this information has also increased. The principle for fair use of information has been agreed upon for at least 25 years. The most fundamental principles of fair use of information are that no secondary use of medical information should take place unless authorised by the patient.1 Medical records on computers security art in various countries but of the complex interplay between human, political, technical aspects. 16 Technology can be a great help for professionals in the interest of their patients but several occasions absolute guarantees of confidentiality are difficult to assure once the information is in the system. 17All patients have a right to be treated justly. ...read more.

The above preview is unformatted text

This student written piece of work is one of many that can be found in our GCSE Legislation & The Legal Framework section.

Found what you're looking for?

  • Start learning 29% faster today
  • 150,000+ documents available
  • Just £6.99 a month

Not the one? Search for your essay title...
  • Join over 1.2 million students every month
  • Accelerate your learning by 29%
  • Unlimited access from just £6.99 per month

See related essaysSee related essays

Related GCSE Legislation & The Legal Framework essays

  1. Peer reviewed

    The Data Protection Act

    4 star(s)

    She keeps information about student's progress which is confidential between her and her each of her students. For example she must make she that she protects this information from falling into the wrong hands (i.e. into other students hands so that they are able to compare reports).

  2. What is the purpose of the Data Protection Act?

    Explain the term data user and describe their responsibilities A data user is someone that holds personal details about us on their computer system. 5. What are the advantages and disadvantages of transferring personal data between computers of different companies?

  1. The Data Protection Act 1998 - questions and answers

    If you want to process personal data you must be registered with the Data Protection Commissioner. Registration (which will be called notification under the 1998 Act) is a simple procedure. You call the Commissioner's hotline on 01625 545745, state the name and address of your business and the nature of your business.

  2. Discussing legislation - Data Protection act, Copyright, Computer Misuse, Health and Safety at Work ...

    The Data Protection act 1. Data must not be processed unless there is a specific lawful reason to do so. 2. Data must only be obtained and used for the stated purposes 3. Data should be adequate, relevant and not excessive for the specified use 4.

  1. The Legislation That Protects Individuals and Groups using IT. Use of It by myself ...

    of the sites who would then pester him through his e-mail, sending advertisements and other sales offers. But the Data Protection Act really comes into play when Mr Ajaib uses sites where he enters important details such as an address or credit card details.

  2. 3E-The legislation that protects individuals and groups from the misuse of ICT

    restrict the access of his personal data and only allow access if it is necessary. The data protection act can be very advantageous to MR. Obrien who is an individual in employment. The act ensures more personal confidentiality and secures his personal data from hackers and individuals who intend on

  1. ICT - Data Protection

    This allows databases to be used across an organisation and be shared between organisations very quickly. Misuse of information With more and more organisations using computers to store and process personal information, there was a danger the information could be misused or could get into the wrong hands.

  2. Outline the Data Protection Act and give examples of breaches.

    Neither is it regarded as fair to have a notice in tiny print ? that is difficult to locate or read. 1. Be kept secure against loss, damage and unauthorised and unlawful processing - This principle is about having reliable security for the personal information.

  • Over 160,000 pieces
    of student written work
  • Annotated by
    experienced teachers
  • Ideas and feedback to
    improve your own work