Computer Law And Data Security
Share View PDF | Print View | Views: 2063 |
THE DATA PROTECTION ACT
This Law covers the storage of personal data about members of the public on a computer system.
What is personal data?
Information about yourself that you don't want other people to know.
e.g. How much money you have in your bank account
Details of a criminal record
National Insurance Number
Who stores personal information about the public?
Banks, Building Societies,
Insurance Companies, Social Security,
Doctor (NHS), DVLC, Inland revenue (Tax)
Why is a law needed?
It is much easier to copy, look at, alter, corrupt, distribute computer data and it not be noticed.
Principles of the Data-Protection Act. ( What the Law says )
Data Users ( the people who hold personal data ) MUST register with the
Data Protection Registrar giving details about what data is being stored; what
it will be used for; how it was obtained and the address of the data user.
The User must then follow the following principles.
1. Obtain data fairly & lawfully.
2. Only use data for the purpose specified
3. Destroy data when it is no longer required.
4. Data must be accurate & made secure from accidental or deliberate corruption
5. Data MUST NOT be disposed to unauthorised individuals.
6. Only relevant data should be held
7. The data user must permit "data subjects" to see information about themselves.
Rights of the "data Subject"
1. The right to see data stored about them.
2. The right to insist that incorrect dab be changed.
3. The right to compensation if data has been misused.
Who is exempt from the law? ( Who doesn't the law apply to? )
1. Personal / Private use e.g. addresses of family & relations.
2. National security
3. Payroll & Pension databases - Provided not used for anything else.
4. Mailing Lists.
There are also a number of Artist exemptions
Complying with the Law
Data Users should protect personal data by:
1. Passwords ( Hierarchy)
2. Limit physical access to computers & ' lock ' computers
3. Encrypt ( code ) data when it is being transmitted.
Getting Around the Law. Ethics & Morals
Data Users get round the law by:
1. Illegally purchasing data.
2. Building profiles of individuals from a number of sources e.g. Telephone Directory, Saver Cards, Electoral Register
3. Putting a note in very small print at the end of a data capture from which reads Tick here if you do not want this information passed on to other users.
The Consequences of Incorrect Data about an individual
1. Credit / Loan refusal - Credit blacklisted
2. Unable to get a job
OTHER COMPUTER LAWS
The Computer Misuse Act
This law makes it a criminal offence to 'hack' or attempt to 'hack' into a
computer system. ( Hack means to try and find the password. )
Hackers often deliberately damage data with computer viruses. This may cost
a business much money and time to restore data if it is not noticed for a long
time.
Copyright Law
This makes it illegal to produce extra copies of software for sale or for
use on other machines. The illegal copying and resale of software is known
as Software Piracy. Software Companies try to solve this problem through
a number of methods including:
# Dongles
# Codes
# Unique registration
# Single installation only
The Federation Against Software Theft ( FAST ) attempts to enforce this law.
Other Computer Related Crime
1. Fraud - Stealing money from Bank Accounts using Electronic Fund Transfer systems.
2. Obscene Publication Act - The Internet has been used by individuals for the sale & distribution of pornographic images.
DATA SECURITY
Any data ( information ) input and stored on a computer system can
easily be damaged ( corrupted ) or lost.
Causes of Data Corruption & Loss - Accidental
1. Fire
2. Accidental Deletion
3. Disc Damage - Head Crash, Exposure to Magnetic Field.
Causes of Data Corruption & Loss - Malicious ( with intent )
1. Virus
2. Deletion
3. Alteration ( Fraud )
Methods to make sure data is kept secure
1. Write Protect Floppy discs.
2. Make Back-Ups onto Tape Drives and store at other locations/ fireproof sales. Backups must be made on a regular basis on different tapes. Use an Ancestral system. ( Grandfather, father, Son or similar)
3. Make important Flies read-only (Access rights )
4. Password Protection of important flies
5. ID & Passwords required to access data flies when you log-on. On Networks use a Hierarchy of Passwords controlling read/write privileges. Change passwords on a regular basis.
6. Scan discs on a regular basis for presence of a Virus & remove if present.
7. Audit Log of all access to a system ( Networks ). Log the time, date, file used, Computer station. Very important in Banks to prevent fraud. This will help detect who has caused the damage. Can be used to track "Hackers" on the Internet.
8. Use a Temporary Power Supply unit to take over in the event of a mains electricity failure.
9. During TRANSACTION processing. e.g. Airline ticket booking Always Back up each transaction in real time ( as it happens) onto floppy or a remote hard disc drive.
Disaster Recovery Techniques
What to do when information is lost or damaged?
1. Utility software that can ''Undelete'' a file that may have accidentally been deleted.
2. Utility Software that can retrieve data from damaged sectors of a disc. ( So long as the File Allocation Table is not damaged )
3. Virus removal ( Cleaning) that can disinfect discs and files which have been infected.
4. Re-install files from back-up media. e.g. tape Drive back to disc.
About the Author
by: Admin
Total views: 2063
Word Count: 1185
Date: Wed, 2 Aug 2006 Time: 12:00 AM
0 comments
Rating: Not yet rated
Login to vote
