• Join over 1.2 million students every month
  • Accelerate your learning by 29%
  • Unlimited access from just £6.99 per month
  1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. 7
  8. 8
  9. 9
  10. 10
  11. 11
  12. 12
  13. 13
  14. 14
  15. 15
  16. 16
  17. 17
  18. 18
  19. 19
  20. 20
  21. 21
  22. 22
  23. 23
  24. 24
  25. 25
  26. 26
  27. 27
  28. 28
  29. 29
  30. 30
  31. 31
  • Level: GCSE
  • Subject: ICT
  • Word count: 7021

Data Protection Act

Extracts from this document...


Semester Two Lecturer: Stuart Merrick Contents Pages - Introduction 4 - Executive Summary 4 - Analysis - Subheadings - 5-24 1.0 Question 1: 5-14 What is Data Protection Act (1998) and eight essential principles 1.1 First Principle 7 1.1.1 Conditions for processing (Schedule 2 of the Act) 8 1.1.2 Conditions of processing sensitive personal data 8 (Schedule 3 of the Act) 1.1.3 The fair Processing requirements 9 (Schedule 1 Part II paragraph 1 to 4) Paragraph 1 1.1.4 Paragraph 2 and 3 - Information to be provided to date 9 subject 2.1 Second Principle 10 3.1 Third Principle 10 4.1 Fourth Principle 11 5.1 Fifth Principle 12 6.1 Sixth Principle 12 7.1 Seventh Principle 13 8.1 Eighth Principle 14 1.2 Question 2: 15-17 Freedom of information Act (2000) 1.2.1 What is a Publication Scheme 16 1.2.2 What new rights will the public have 17 1.3 Question 3: Privacy and Electronic Communication (EC Directive) Regulation 2003 18-20 1.4 Question 4: Privacy / Security of Medical Records 20-24 - Conclusion 25 - Bibliography Question 1: Data Protection Act (1998) and eight essential principles 26 Question 2: Freedom of information Act (2000) 28 Question 3: Privacy and Electronic Communication (EC Directive) Regulation 2003 29 Question 4: Privacy / Security of Medical Records 29-31 Introduction For my module computing I have to find research and produce detailed report on freedom of information and the need for security. The information commissioner's office enforces and oversees the Data Protection Act 1998 and the Freedom of Information Act 2000. I need to read and understand knowledge respecting private lives of individuals and encourage the openness and accountability of public authorities. In the report my aims and objectives will be to cover the following aspects: - What is Data Protection Act 1998 and identify and describe 8 principles. - What is the Freedom Information Act 2000 and how does it build on the Data Protection Act - Privacy and Electronic Communication (EC Directive) Regulation 2003 came into force 11th December 2003. ...read more.


- Failing to comply with right to require data controller to rectify, block, erase or destroy inaccurate or incomplete data or cease holding such data in a way with incompatible with data controller's legitimate purpose. Personal data cannot be used or disclosed in any manner which is incompatible with the purpose of which it is held. 7.1 Seventh Principle "Appropriate technical and organizational measures shall be taken against unauthorized or lawful processing of personal data and against accidental loss or destruction of or damage to 'personal data'" The act gives some further guidance on matters which should be taken into account in deciding whether security measures are 'appropriate'. These are as follow - Taking in account the state of technological development at any time and the cost of implementing any measures, the measures must ensure a level of security appropriate to: harm that might result from a breach of security and the nature of the data to be protected. - The data controller must take reasonable steps to ensure the reliability of staff having access to the personal data. It is encouraged to consider the use of privacy enhancing techniques as part of their obligations under Seventh Principle. The Principle relates to the security of the processing as a whole and the measures to be taken by data controllers to provide security against any breaches of the Act rather than just breaches of security. Appropriate technical and organisation measures shall be taken against unauthorised access or lawful processing of personal data and against accidental loss, disclosure or destruction of, damage to personal data. Organisation holding personal data should consider physical factors, such as controlling access to the data banks and taking precautions against fire or natural disaster to the building or room. Also consider trustworthiness of staff and have measures of staff breaches including security measures and password on computer. 8.1 Eighth Principles "Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ...read more.


Tripwire & controls over loading of uncertified software Systems vulnerability analysis tools Detect unintended system vulnerabilities SATAN, crack, National Computer Security Association Table 2: Disclosure threats to security technologies Threats Principles Countermeasures Insider abuse Accidental disclosures Insider curiosity Insider subornation Secondary Users Outsider intrusion Education, alerts, reminder Education, authentication, authorization, audit trail, rights management tools (future possibility) Same above Rights management tools (future possibility) All available obstacles and system management precautions Table 2 above shows the disclosures of threats to available tools. The threats of medical records on information can cause. Security and privacy of medical records is a 'people's problem'. Technology can ensure that the personnel access information have a right and need to know, and that information gets from one place to another accurately and securely. Technology can do very little to ensure the person receiving the information will handle it according to confidentiality standards. It depends on ethics and an affective supervisory and legal structure that provide sanctions against detected misuse. In the real world information systems will always be vulnerable. Conclusion Everybody should be entitled to keep their private business and information to themselves unless they give their consent. Most major advances in technology also entail unintended consequences. Computerised records have enabled healthcare providers to efficiently gather and evaluate medical information via modern database and database enabled technologies the potential misuse of this information has also increased. The principle for fair use of information has been agreed upon for at least 25 years. The most fundamental principles of fair use of information are that no secondary use of medical information should take place unless authorised by the patient.1 Medical records on computers security art in various countries but of the complex interplay between human, political, technical aspects. 16 Technology can be a great help for professionals in the interest of their patients but several occasions absolute guarantees of confidentiality are difficult to assure once the information is in the system. 17All patients have a right to be treated justly. ...read more.

The above preview is unformatted text

This student written piece of work is one of many that can be found in our GCSE Legislation & The Legal Framework section.

Found what you're looking for?

  • Start learning 29% faster today
  • 150,000+ documents available
  • Just £6.99 a month

Not the one? Search for your essay title...
  • Join over 1.2 million students every month
  • Accelerate your learning by 29%
  • Unlimited access from just £6.99 per month

See related essaysSee related essays

Related GCSE Legislation & The Legal Framework essays

  1. Peer reviewed

    The Data Protection Act

    4 star(s)

    She keeps information about student's progress which is confidential between her and her each of her students. For example she must make she that she protects this information from falling into the wrong hands (i.e. into other students hands so that they are able to compare reports).

  2. File management and standard ways of working.

    to be put in place to protect data where ever you keep the data apart from on the computer. For human threats the limits that should be taken is to limit the amount of access to any data that should have, usernames, passwords and firewalls on to stop anyone from hacking into files that they don't illegally have access to.

  1. The Data Protection Act 1998 - questions and answers

    it or carrying out any operations on it including organisation, adaptations or alteration of it, retrieval, consultation or use of it, disclosure, transmission or dissemination of it and blocking, erasure or destruction of it. What do I have to do if I want to process personal data?

  2. The Legislation That Protects Individuals and Groups using IT. Use of It by myself ...

    Sites usually require an email, a name, data of birth and other personal data, sometimes even including an address. These aren't too harmless when breaking the Data Protection Act. For example, the most that can happen would be that Mr Ajaib's e-mail address would be given out to the sponsors

  1. 3E-The legislation that protects individuals and groups from the misuse of ICT

    Thus the legislation protects Mr. Obrien from the misuse of he's personal data. In order to abide by the law, Mr. Obrien shall agree on the condition stated by the organisation and give his personal data. This condition is that the data will be used in accordance to the law and as an individual; Mr.

  2. ICT - Data Protection

    This allows databases to be used across an organisation and be shared between organisations very quickly. Misuse of information With more and more organisations using computers to store and process personal information, there was a danger the information could be misused or could get into the wrong hands.

  1. The legislation that protects individuals and groups from the misuse of ICT

    The health and safety at work act has been around for a long time, well over 100 years. It allows the workforce to be protected whilst at work preventing them from being put at any risk or faced with a dangerous situation.

  2. Outline the Data Protection Act and give examples of breaches.

    Neither is it regarded as fair to have a notice in tiny print ? that is difficult to locate or read. 1. Be kept secure against loss, damage and unauthorised and unlawful processing - This principle is about having reliable security for the personal information.

  • Over 160,000 pieces
    of student written work
  • Annotated by
    experienced teachers
  • Ideas and feedback to
    improve your own work