Safety & Security of data

Computer misuse act

It was introduced to cover a host of computer crimes that are not covered in the existing laws

Level 1.Unauthorised access to computer material

Lowest level of ofence, this offence is something that many people do in their lives;it could occur at shool or worl

Examples

Someone guessing another user's password and going through their files,changing details or deleting information

Downloading software illegaly

Data protection act

Level 2.Unauthorised access with intent to commit or facilitiate a crime

Very similar to the first offence, this is when someone purposely hacks into someone's account to view information and get data

Example

Fraud

Blackmail

Level 3 . Unauthorised changing or deleting files

This is when someone goes into someone else's account and deletes files in order to cause damage to an indiviual or a company

Example

Intentionally introducing a virus

Risk

5 years in jail plus a fine

Risk

Maximum 5 years in jail plus a fine

Problem with the act

It came into force before the full introduction of the internet and theredfore does not cover all the problems that are now associated with the internet

What is it

An act that allows individuals to have access to information which is held about them on a computer and where approrpriate to have it corrected or deleted

The rights of data subjects

The right to compensation for unauthorised disclosure of data

The right to compensation for innacurate data

The right to compensation for unauthorised access, loss or destruction of data

The right to access the data held about them and to have it rectified or deleted, if inaccurate

When can personal data be processed

The data subject has given their consent

It is legal obligation

It is necessary to protect an individual's vital interest

It is necessary for the administration of justice

Who are the data controllers?

They are those who control the contents and use of a collection of a personal data and lialise with the data subjects

Add data controllers have to register

Their name and address

A descriptio of the data subjects and why data about them is being held

The data being held and how they intend to use it

A description of sources from which the data is obtained

A description of the person whom it is intended to disclose data

Any overseas countries to which data may be transferred to

8 principles of data protection act

4.Data shall be accurate and where necessary up to date

5.Data should not be kept longer than necessary for the registered purpose

6.Data shall be processed in accordance with the rights of the data subject

7.Data shall be held securely

8.Data shall not be transferred to a country or territory outisde of the EU unless there is a adequate data protection legislation in operation

3.Data shall be adequate,relevant and not excessive in relation to the purpose

2.Data shall be obtained only for one of more specific purposes and must not be processed in any other way

1.Data shall be processed fairly and lawfully

Problems with holding data

Everyone has the right to see the data held about them,they can do this by visiting the place,giving proof of identity of writing to the place where the data is held or telephoning and asking to see the data

This could carry an administration fee

If the data is incorecct they can get it changed or claim compensation if the error caused a loss or distress

Data could affect a criminal investifation or the outcome of a court case or even identify another person who has not given consent

Threats to an ICT system

Different type of threats which can be suffered by the ICT system

Paedophiles

Hackers and crackers

VIruses

Blackmailing and stalking

Natural disasters

Internal threats

Hardware failure

Faulty procedures

Poorly trained staff

Use of laptops

Dishonest employees

Protecting from these threats

Biometric methods

Backup

Training staff

Installing virus checkers

FIngerprint recognition

Voice recognition

Face recognition

Iris recognition

Infra-red scans to examine pattern of blood vesels

What is a comptuer crime?

An illegal act commited using a computer

Example

stealing money by hacking into someone's internet banking account

Stealing goods by using stolen credit cards to order goods on the internet

What is malpractice?

Breaking the rules set out by the organisation whose computer you are using - intentionally or accidentally

Examples

An employee who cannot remember their password so they write it on a post-it-note and stick it on their screen so that other employees can see

Sharing a USB stick with another colleague who is allowed to bring it home;they could carry a virus from their home

Copyright,design and patents act

Law deisgned to stop the use of software or hardware without permission of the owner,or without the relevant licence