Page
  1. 1
    1
  2. 2
    2
  3. 3
    3
  4. 4
    4
  5. 5
    5
  6. 6
    6
  7. 7
    7
  8. 8
    8
  9. 9
    9
  10. 10
    10
  11. 11
    11
  12. 12
    12
  13. 13
    13
  14. 14
    14
  • Level: GCSE
  • Subject: ICT
  • Document length: 4127 words

Data Protection Issues – Compliance Within Computing Organisations, The Causes, Effects and Consequences.

Extracts from this essay...

Introduction

Project and Professional Studies Unit Data Protection Issues - Compliance Within Computing Organisations, The Causes, Effects and Consequences. Page 1. Introduction to the data protection bill 1998 2 1.1 The Eight Principles of The Data Protection Act 2 i. Fairly and lawfully processed 2 ii. Processed for one or more limited lawful purposes 2 iii. Adequate, relevant and not excessive 2 iv. Accurate and valid and where necessary kept up to date 3 v. Personal data processed for any purpose shall not be kept longer than deemed necessary 3 vi. Processed in accordance with the data subject's rights under this Act 3 vii. Securely protected by appropriate technical and organisational measures 3 viii. Personal data will not be transferred to Countries without adequate protection 3 2. Registration For Data Protection Act 4 3. Exclusions and Exceptions 4 4. Typical Example Of Active Data Protection Environments 5 Employer/Employee Relationships 5. Enforcement Of Data Protection 5 6. Implications For System Designers 6 Protection from potential dangers 7. Implications For Customers 8 The Fear Off Online Transactions 8. Summary 9 APPENDIX THE PROBLEMS WITH DATA PROTECTION AND NEW TECHNOLOGY EXAMPLE 1 - Marks and Spencers deny security threat. 10 EXAMPLE 2 - Halifax Net share dealing system breached. 10 EXAMPLE 3 - Egg admits security breach. 10 EXAMPLE 4 - Powergen's lax security condemned 10 EXAMPLE 5 - Barclays security breach forces online service to close. 11 EXAMPLE 6 - Crackers fell Cabinet Office Web site. 11 Bibliography 12 1. Introduction to the data protection bill 1998 We've probably all heard of it, but just what is it - 'The Data Protection Act'? The much maligned and often misquoted and even misunderstood. Well, naturally it's about data, and according to Websters Online Dictionary - data is: a collection of facts from which conclusions may be drawn, and so we are looking at the aspect of it's protection and it's associated issues.

Middle

5. Enforcement Of Data Protection Data controller's in contravention of the Act are served an 'enforcement notice' by the Acts Commissioner or Registrar. This requires him or her to comply with the Principle or Principles in question, and to do either or both of the following- to refrain from processing any personal data, or any personal data of a description specified in the notice, or to refrain from processing them for a purpose so specified or in a manner so specified. At this point the Commissioner shall consider whether the contravention has caused or is likely to cause any person damage or distress. The Commissioner puts in place an agreed time span of data amendment, to be rectified by the controller, unless the severity grants an immediate response within a fixed seven-day period. It is believed that failure to comply will lead to severe financial punishments being levied through magistrates Court fines (up to £2,000 or greater via High Court) or even closure of business organisations by the de-registration notice issued. Research has revealed records of these events as follows: Cases tried under the Data Protection Act 1991/2 1992/3 1993/4 No. of charges under the PDA 27 68 36 For non-registration 26 63 28 Of which acquitted 0 3 0 (source: Bott.) At the same time it would appear that the number of business registrations is not meeting the expected number. The cost of employing full-time data protection officers per business is believed to be the reason behind the apathy shown towards this Act. It is considered by many to be also unworkable due to lack of localised Government funding, resulting in a catch-me-if-you-can scenario. 6. Implications For System Designers Protection from potential dangers The cost of implementing secure methods of protecting data must be taken into account long before the data is actually accumulated. Provisions should therefore be made and contingency plans laid out which stipulate business reactions to impending threats or changes to the storage environment.

Conclusion

"There was a breach of IT procedure, caused by human error". The Egg spokeswoman also claimed that future system updates would be completed when the site is not live to protect customers. (Adapted from Wakefield, J) EXAMPLE 4 Powergen's lax security condemned More than 7,000 Powergen customers advised to cancel their credit cards following one of the biggest online security breaches in the UK so far, 7 July 2000. The breach revealed names, addresses and credit card information of customers who have used Powergen's Web site to pay their bills.. The Data Protection Registrar is concerned about the situation. "We would expect any data collector to provide adequate security," says compliance manger Lorraine Godkin. "This is a breach of a principle of the Data Protection act." (Adapted from Knight, W. and Wearden, G) EXAMPLE 5 Barclays security breach forces online service to close. UK bank Barclays was hit by an online security breach Monday morning 31 July 2000, which allowed at least four customers to access the bank details of other Barclays customers. The breach follows the introduction of new security infrastructure designed to strengthen the bank's defences Saturday evening and forced the company to close its online services. According to a Barclays spokeswoman the breach occurred whenever two users attempted to log in at precisely the same moment. Barclays says the glitch did not become apparent during initial testing and was only uncovered when thousands of users tried to use the service simultaneously. (Adapted from Knight, W.3) EXAMPLE 6 Crackers fell Cabinet Office Web site. The Cabinet Office's web site was brought to it's knees on 13 July 2000, as code hackers began defacing the site and forcing its hosting company to take it off line. The spokesman admits that, as a prominent government Internet destination, the Cabinet Office Web site is constantly being targeted by computer attackers. "There have been hacking attacks in the past but we've been able to fend them off," he says. "We obviously take security very seriously and it is constantly under review." (Adapted from Knight, W.

The above preview is unformatted text

Found what you're looking for?

  • Start learning 29% faster today
  • Over 150,000 essays available
  • Just £6.99 a month

Not the one? Search for your essay title...
  • Over 180,000 student essays
  • Every subject and level covered
  • Thousands of essays marked by teachers

See related essaysSee related essays

Related GCSE Legislation & The Legal Framework essays

  1. ICT - Data Protection

    A Right to Prevent Direct Marketing A data subject may stop their data being used in attempts to sell them things (e.g. by junk mail or cold telephone calls.) A Right to Prevent Automatic Decisions A data subject may specify that they do not want a data user to make

  2. The social, legal, moral aspects of I.C.T. In this report, I am going to ...

    The use of television and cable is also used through satellite. Now internet can be accessed through phone and via text, images and videos can be sent in seconds. The legal aspect of ICT The increasing use of ICT and its effects many new laws have had to be made.

  1. The Data Protection Act 1998 - questions and answers

    Appropriate security measures must be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of or damage to personal data. Personal data must not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate

  2. The following report will compare differences between internal and external information sources relevant to ...

    The data gathered could be used to produce information/reports, which could then be used to forecast future material/labour requirements. The gathering of information within these organisations basically allows them to; * Record - evidence and details, in order to; * Monitor - with a view to improving performance e.g.

  1. Discussing legislation - Data Protection act, Copyright, Computer Misuse, Health and Safety at Work ...

    * Consult with employees on health and safety matters * Provide a save environment for customers or visitors who use the work place * Have a written code of conduct, rules regarding training and supervision, and rules on basic safety procedures Evaluation: All of these acts affect the community as

  2. Data Protection Act

    The eight principles are sometimes referred to 'good information handling' which the data controller are required to comply with. The principles are set out in part I of Schedule 1 of the Act. Part II of Schedule 1 comprises the interpretation provisions which expand upon the First, Second, Fourth, Sixth, Seventh and Eighth Principles.

  1. Privacy and Data Protection: IT Law

    2 c) It does not apply to the processing of personal data by a natural person in the course of a purely personal or household activity (Art. 3) or in the course of an activity falling outside the scope of Community law, such as operations concerning public security, defence or

  2. 3E-The legislation that protects individuals and groups from the misuse of ICT

    The law doesn't specify what she can do to overcome this matter because she cannot accuse anyone but the computer psycho who is anonymous and nearly impossible to track down. Nevertheless, like many man made invention and human thoughts/thinking, the law has a specific improvement which could be made.

  • Over 180,000 essays
    written by students
  • Annotated by
    experienced teachers
  • Ideas and feedback to write
    your own great essays

Marked by a teacher

This essay has been marked by one of our great teachers. You can read the full teachers notes when you download the essay.

Peer reviewed

This essay has been reviewed by one of our specialist student essay reviewing squad. Read the full review on the essay page.

Peer reviewed

This essay has been reviewed by one of our specialist student essay reviewing squad. Read the full review under the essay preview on this page.