When a company is either extracting the information they have obtained or using it to optimise their performance there are several legal acts they need ensure they are not breaching by doing so. These are the Data Protection Act 1998, Freedom of the Information Act 2000 and the Computer Misuse act 1990.
Data Protection Act 1998
The Data Protection Act 1998 (DPA) is an Act of Parliament of the United Kingdom of Great Britain and Northern Ireland which defines UK law on the processing of data on identifiable living people. It is the main piece of legislation that governs the protection of personal data in the UK.
(https://en.wikipedia.org/wiki/Data_Protection_Act_1998)
(https://www.gov.uk/data-protection/the-data-protection-act)
The Data
…show more content…
It provides individuals or organisations with the right to request information held by a public authority. The public authority must tell the applicant whether it holds the information, which it must supply within 20 working days, in the requested format.
This act ensures that:
- No one needs reasoning behind why they are requesting the information; however a reason not to give them the information is required.
- Everybody has the right to access their own official information, however all information should be kept private.
Computer Misuse Act 1990
Anyone who works with electronic data or information is liable to comply with this legislation
- The computer Misuse Act is designed to protect computer users against wilful attacks and theft of information
- Offences under the act include hacking, unauthorised access to computer systems and purposefully spreading malicious and damaging software (malware), such as viruses.
- Unauthorised access to modify computers include altering software and data, changing passwords and settings to prevent others accessing the system, interfering with the normal operation of the system to its detriment.
- The act makes it an offence to access or even attempt to access a computer system without the
This check was put in place to safeguard people who are vulnerable such as children and persons with a disability.
Organisations are required to keep data to meet legislative and regulatory law, such as pay records to supply to HMRC for tax and NI contributions and records of training given to staff to confirm with Health and Safety Act and Fire regulations.
Data protection is a very important piece of legislation that was brought into power in 1998, because it has been designed to prevent confidential and personal information being passed on to other people and any relevant companies without a person’s consent. This also means that any information that is stored of children should be kept in either a password protected or lockable location.
covers correct storage and sharing of both manual and electronic information. There are eight principles put in place by the Data Protection Act 1998 to make sure that information is handled properly:
Information Commissioner’s Office (2012) Introduction to The Data Protection Act 1998. [Online] Available from: http://www.ico.org.uk/~/media/documents/library/Corporate/Research_and_reports/ico_presentation_EVOC_20120528.ashx [Accessed: 11th October 2013]
This act was introduced to prevent users hacking. This also stops them entering a computer, programs or files without authorisation, this act is in place to prevent users to use the internet without permission to cause an act of crime and also prevents unauthorised modifications to a computer. This act does not allow any attacks on a server as this is illegal.
Identify relevant legal requirements and procedures covering confidentiality data protection and the disclosure of information.
The Data Protection Act 1998 is a piece of legislation which defines the law on processing data of people living within the United Kingdom.
Another piece of legislation that can affect the management of confidential information is the Freedom of Information Act 2000. Anyone is allowed to request information that has been recorded by any public-sector organisation, for example:
The Data Protection Act states that you must only collect information that you need for a specific purpose and keep it secure, ensure that it is relevant and up to date to guarantee that no changes in medication or health status goes unnoticed or unaccounted
b) Freedom of Information Act (2000) – FOI ‘provides public access to information held by public authorities. It does this in two ways: public authorities are obliged to publish certain information about their activities; and members of the public are entitled to request information from public authorities.’ (https://ico.org.uk/for-organisations/guide-to-freedom-of-information/what-is-the-foi-act/)
Data Protection Act 1998 – gives individuals the right to know what information is held about them, and those that processes personal information must comply with eight principles, which makes sure that personal information is fairly and lawfully processed; processed for limited purposes; adequate, relevant and not excessive; accurate and up to date; not kept for longer than is necessary; processed in line with your rights; secure; not transferred to other countries without adequate protection;
The Freedom of information Act 2000 gives people the right to access recorded information for public sector organisations. The Act determines that it would be reasonable for the company to disclose policies surrounding HRM and certain types of data such as numbers of employees, diversity information, the pay of some employees (very senior staff), pay bands and details of expenses. Some personal information may be released providing it does not breach data protection laws
The Data Protection Act 1998 defines UK law on the processing of data on identifiable living people. The act contains eight principles, which all organisations processing personal information must conform to, these are:
Person who break into someone else’s computer system will have a maximum of £2000 fine and a six months prison.