Data Protection Issues – Compliance Within Computing Organisations, The Causes, Effects and Consequences.
Extracts from this essay...
Project and Professional Studies Unit Data Protection Issues - Compliance Within Computing Organisations, The Causes, Effects and Consequences. Page 1. Introduction to the data protection bill 1998 2 1.1 The Eight Principles of The Data Protection Act 2 i. Fairly and lawfully processed 2 ii. Processed for one or more limited lawful purposes 2 iii. Adequate, relevant and not excessive 2 iv. Accurate and valid and where necessary kept up to date 3 v. Personal data processed for any purpose shall not be kept longer than deemed necessary 3 vi. Processed in accordance with the data subject's rights under this Act 3 vii. Securely protected by appropriate technical and organisational measures 3 viii. Personal data will not be transferred to Countries without adequate protection 3 2. Registration For Data Protection Act 4 3. Exclusions and Exceptions 4 4. Typical Example Of Active Data Protection Environments 5 Employer/Employee Relationships 5. Enforcement Of Data Protection 5 6. Implications For System Designers 6 Protection from potential dangers 7. Implications For Customers 8 The Fear Off Online Transactions 8. Summary 9 APPENDIX THE PROBLEMS WITH DATA PROTECTION AND NEW TECHNOLOGY EXAMPLE 1 - Marks and Spencers deny security threat. 10 EXAMPLE 2 - Halifax Net share dealing system breached. 10 EXAMPLE 3 - Egg admits security breach. 10 EXAMPLE 4 - Powergen's lax security condemned 10 EXAMPLE 5 - Barclays security breach forces online service to close. 11 EXAMPLE 6 - Crackers fell Cabinet Office Web site. 11 Bibliography 12 1. Introduction to the data protection bill 1998 We've probably all heard of it, but just what is it - 'The Data Protection Act'? The much maligned and often misquoted and even misunderstood. Well, naturally it's about data, and according to Websters Online Dictionary - data is: a collection of facts from which conclusions may be drawn, and so we are looking at the aspect of it's protection and it's associated issues.
5. Enforcement Of Data Protection Data controller's in contravention of the Act are served an 'enforcement notice' by the Acts Commissioner or Registrar. This requires him or her to comply with the Principle or Principles in question, and to do either or both of the following- to refrain from processing any personal data, or any personal data of a description specified in the notice, or to refrain from processing them for a purpose so specified or in a manner so specified. At this point the Commissioner shall consider whether the contravention has caused or is likely to cause any person damage or distress. The Commissioner puts in place an agreed time span of data amendment, to be rectified by the controller, unless the severity grants an immediate response within a fixed seven-day period. It is believed that failure to comply will lead to severe financial punishments being levied through magistrates Court fines (up to £2,000 or greater via High Court) or even closure of business organisations by the de-registration notice issued. Research has revealed records of these events as follows: Cases tried under the Data Protection Act 1991/2 1992/3 1993/4 No. of charges under the PDA 27 68 36 For non-registration 26 63 28 Of which acquitted 0 3 0 (source: Bott.) At the same time it would appear that the number of business registrations is not meeting the expected number. The cost of employing full-time data protection officers per business is believed to be the reason behind the apathy shown towards this Act. It is considered by many to be also unworkable due to lack of localised Government funding, resulting in a catch-me-if-you-can scenario. 6. Implications For System Designers Protection from potential dangers The cost of implementing secure methods of protecting data must be taken into account long before the data is actually accumulated. Provisions should therefore be made and contingency plans laid out which stipulate business reactions to impending threats or changes to the storage environment.
"There was a breach of IT procedure, caused by human error". The Egg spokeswoman also claimed that future system updates would be completed when the site is not live to protect customers. (Adapted from Wakefield, J) EXAMPLE 4 Powergen's lax security condemned More than 7,000 Powergen customers advised to cancel their credit cards following one of the biggest online security breaches in the UK so far, 7 July 2000. The breach revealed names, addresses and credit card information of customers who have used Powergen's Web site to pay their bills.. The Data Protection Registrar is concerned about the situation. "We would expect any data collector to provide adequate security," says compliance manger Lorraine Godkin. "This is a breach of a principle of the Data Protection act." (Adapted from Knight, W. and Wearden, G) EXAMPLE 5 Barclays security breach forces online service to close. UK bank Barclays was hit by an online security breach Monday morning 31 July 2000, which allowed at least four customers to access the bank details of other Barclays customers. The breach follows the introduction of new security infrastructure designed to strengthen the bank's defences Saturday evening and forced the company to close its online services. According to a Barclays spokeswoman the breach occurred whenever two users attempted to log in at precisely the same moment. Barclays says the glitch did not become apparent during initial testing and was only uncovered when thousands of users tried to use the service simultaneously. (Adapted from Knight, W.3) EXAMPLE 6 Crackers fell Cabinet Office Web site. The Cabinet Office's web site was brought to it's knees on 13 July 2000, as code hackers began defacing the site and forcing its hosting company to take it off line. The spokesman admits that, as a prominent government Internet destination, the Cabinet Office Web site is constantly being targeted by computer attackers. "There have been hacking attacks in the past but we've been able to fend them off," he says. "We obviously take security very seriously and it is constantly under review." (Adapted from Knight, W.
Found what you're looking for?
- Start learning 29% faster today
- Over 150,000 essays available
- Just £6.99 a month
- Over 180,000 student essays
- Every subject and level covered
- Thousands of essays marked by teachers