You are on page 1of 3

THE DATA PROTECTION ACT

This Law covers the storage of personal data about members of the public on a computer
system.

What is personal data?

Information about yourself that you don't want other people to know.

e.g. How much money you have in your bank account


Details of a criminal record
National Insurance Number

Who stores personal information about the public?

Banks, Building Societies,


Insurance Companies, Social Security,
Doctor (NHS), DVLC, Inland revenue (Tax)

Why is a law needed?

It is much easier to copy, look at, alter, corrupt, distribute computer data and it not be noticed.

Principles of the Data-Protection Act. ( What the Law says )

Data Users ( the people who hold personal data ) MUST register with the
Data Protection Registrar giving details about what data is being stored; what
it will be used for; how it was obtained and the address of the data user.

The User must then follow the following principles.

1. Obtain data fairly & lawfully.


2. Only use data for the purpose specified
3. Destroy data when it is no longer required.
4. Data must be accurate & made secure from accidental or deliberate corruption
5. Data MUST NOT be disposed to unauthorised individuals.
6. Only relevant data should be held
7. The data user must permit "data subjects" to see information about themselves.

Rights of the "data Subject"

1. The right to see data stored about them.


2. The right to insist that incorrect dab be changed.
3. The right to compensation if data has been misused.

Who is exempt from the law? ( Who doesn't the law apply to? )

1. Personal / Private use e.g. addresses of family & relations.


2. National security
3. Payroll & Pension databases - Provided not used for anything else.
4. Mailing Lists.

There are also a number of Artist exemptions

Complying with the Law


Data Users should protect personal data by:

1. Passwords ( Hierarchy)
2. Limit physical access to computers & ' lock ' computers
3. Encrypt ( code ) data when it is being transmitted.

Getting Around the Law. Ethics & Morals

Data Users get round the law by:

1. Illegally purchasing data.


2. Building profiles of individuals from a number of sources e.g. Telephone Directory, Saver
Cards, Electoral Register
3. Putting a note in very small print at the end of a data capture from which reads Tick here
if you do not want this information passed on to other users.

The Consequences of Incorrect Data about an individual

1. Credit / Loan refusal - Credit blacklisted


2. Unable to get a job

OTHER COMPUTER LAWS

The Computer Misuse Act

This law makes it a criminal offence to 'hack' or attempt to 'hack' into a


computer system. ( Hack means to try and find the password. )
Hackers often deliberately damage data with computer viruses. This may cost
a business much money and time to restore data if it is not noticed for a long
time.

Copyright Law

This makes it illegal to produce extra copies of software for sale or for
use on other machines. The illegal copying and resale of software is known
as Software Piracy. Software Companies try to solve this problem through
a number of methods including:
# Dongles
# Codes
# Unique registration
# Single installation only

The Federation Against Software Theft ( FAST ) attempts to enforce this law.

Other Computer Related Crime

1. Fraud - Stealing money from Bank Accounts using Electronic Fund Transfer systems.
2. Obscene Publication Act - The Internet has been used by individuals for the sale &
distribution of pornographic images.

DATA SECURITY

Any data ( information ) input and stored on a computer system can


easily be damaged ( corrupted ) or lost.
Causes of Data Corruption & Loss - Accidental

1. Fire
2. Accidental Deletion
3. Disc Damage - Head Crash, Exposure to Magnetic Field.

Causes of Data Corruption & Loss - Malicious ( with intent )

1. Virus
2. Deletion
3. Alteration ( Fraud )

Methods to make sure data is kept secure

1. Write Protect Floppy discs.


2. Make Back-Ups onto Tape Drives and store at other locations/ fireproof sales. Backups
must be made on a regular basis on different tapes. Use an Ancestral system. ( Grandfather,
father, Son or similar)
3. Make important Flies read-only (Access rights )
4. Password Protection of important flies
5. ID & Passwords required to access data flies when you log-on. On Networks use a
Hierarchy of Passwords controlling read/write privileges. Change passwords on a regular
basis.
6. Scan discs on a regular basis for presence of a Virus & remove if present.
7. Audit Log of all access to a system ( Networks ). Log the time, date, file used, Computer
station. Very important in Banks to prevent fraud. This will help detect who has caused the
damage. Can be used to track "Hackers" on the Internet.
8. Use a Temporary Power Supply unit to take over in the event of a mains electricity
failure.
9. During TRANSACTION processing. e.g. Airline ticket booking Always Back up each
transaction in real time ( as it happens) onto floppy or a remote hard disc drive.

Disaster Recovery Techniques

What to do when information is lost or damaged?

1. Utility software that can ''Undelete'' a file that may have accidentally been deleted.
2. Utility Software that can retrieve data from damaged sectors of a disc. ( So long as the
File Allocation Table is not damaged )
3. Virus removal ( Cleaning) that can disinfect discs and files which have been infected.
4. Re-install files from back-up media. e.g. tape Drive back to disc.