Responsibilities placed on companies that hold data by the relevant legislation
Data Protection Act
Computer Misuse Act
The storage and processing of personal data. The right to accurate storage storage and proportional use.
Fines of up to £500,000
Unauthorised access
Unauthorised access with intent to commit crime
Unauthorised modification of material
Two years in prison
Five years in prison
Ten years in prison
There are eight principles with which all records for Data Protection must comply...
Fairly and lawfully processed
Processed for limited purposes
Adequate, relevant and not excessive
Accurate and up to date
Not kept for longer than is necessary
Processed in line with your rights
Secure
Not transferred to other countries without adequate protection
The act entitles everyone to read all their own medical records and the records held about you by your place of study.
There are certain exceptions to this, and a charge may be levied.
It is needed to protect data and IT systems from attacks by:
Hackers
Fraud and theft
Copyright infringement
Abuse
Cyber bullying
Trolling
Harassment
Copying someone else's data without their permission or acknowledgement is against the law and both morally and ethically inappropriate.
The Data Protection Act 1998 extends beyond the obvious restrictions in sharing data and also includes rules about disclosing and the use of data.
The law requires businesses to notify the ICO as to why they are using CCTV.
It would not be morally or ethically acceptable for a business to use CCTV for observing staff working.