Www.ICT-Teacher.com. Objectives  Legislation:  Understand that implementation of legislation will impact on procedures within an organisation.  Describe.

Slides:

Advertisements

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Advertisements

Unit 4- Assignment 3 P5, P6, M2 BTEC Business Level 3.

Apples Physical, Technological and Human Resources

Data Security and legal issues Starter :- 5 Minutes Make a list of all the companies and organisations that you believe holds data on you. Write down what.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

Legal Implications of ICT. In this section will look at: Legal Implications of ICT: ☼ Data Protection Act 1998 ◦ The 8 Principles, ◦ The Data Subject.

Legislation & ICT By Savannah Inkster. By Savannah Computer Laws 1.Data Protection ActData Protection Act 2.Computer Misuse ActComputer Misuse Act 3.Copyright,

Legislation in ICT.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

Functional areas Retail Business.

Factors to be taken into account when designing ICT Security Policies

Health and Safety Legislation

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Legislation in ICT. Data Protection Act (1998) What is the Data Protection Act (1998) and why was it created? What are the eight principles of the Data.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Act. Lesson Objectives To understand the data protection act.

Higher Administration

UNIT 3C Security of Information. SECURITY OF INFORMATION Firms use passwords to prevent unauthorised access to computer files. They should be made up.

Disaster Planning and Security Policies. Threats to data DeliberateTerrorism Criminal vandalism/sabotage White collar crime Accidental Floods and fire,

General Purpose Packages

Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the.

HIPAA PRIVACY AND SECURITY AWARENESS.

Law Additional Exercise ANSWERS. Question #1 (a) Any one of: gain unauthorised access (1st) to computer material (1) gain (unauthorised) access to computer.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Use of U.T. Austin Property Computers: Security & Acceptable Use The University of Texas at Austin General Compliance Training Program.

Information Systems Security Operational Control for Information Security.

Copyright legislation Copyright (Computer Programs) Regulations 1992 Elma Graham.

Jenkins Independent Schools NETWORK STAFF USER CONTRACT Acceptable Use Policy 2007 – 2008.

Data Protection Act AS Module Heathcote Ch. 12.

13.6 Legal Aspects Corporate IT Security Policy. Objectives Understand the need for a corporate information technology security policy and its role within.

D ATABASE A DMINISTRATION L ECTURE N O 3 Muhammad Abrar.

The Data Protection Act By Ian Hughes Data should not be kept longer than is necessary for the specified purpose. Data processing should meet the.

The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;

The health and safety act was introduced to protect the welfare of people of the workplace. Before being introduced in 1974 it was estimated that 8.

Data protection This means ensuring that stored data does not get changed, removed or accessed accidentally or by unauthorised people. Data can be corrupted,

SECURITY OF DATA By: ADRIAN PERHAM. Issues of privacy; Threats to IT systems; Data integrity; Standard clerical procedures; Security measures taken to.

ICT and the Law: We are going to look at 3 areas.  The Copyright, Design, and Patents Act controls Illegal Copying  The Computer Misuse Act prevents.

The Computer Misuse Act of1990 The Copyright, Designs & Patents Act of

Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,

Legal Implications You need to know about the following:

How these affect the use of computers. There are 4 main types of legislation that affect the use of computers. 1.Data Protection Act 2.Copyright 3.Computer.

M ORAL AND ETHICAL ISSUES. Use and Abuse of Personal and Private Data All the information stored on Computer is governed by law or legislation. The main.

Intellectual Property. Confidential Information Duty not to disclose confidential information about a business that would cause harm to the business or.

Legal framework Look at the legal compliance and framework a business is subject to.

LEGAL IMPLICATION OF THE USE OF COMPUTER Lower Sixth Computing Lesson Prepared by: T.Fina.

Protecting Data. Privacy Everyone has a right to privacy Data is held by many organisations –Employers –Shops –Banks –Insurance companies –etc.

ICT Legislation  Copyright, Designs and Patents Act (1988);  Computer Misuse Act (1990);  Health and Safety at Work Act (1974);  EU Health and Safety.

Privacy Audit and Privacy Seal Barbara Körffer & Dr. Thomas Probst Independent Centre for Privacy Protection Independent Centre for Privacy ProtectionSchleswig-Holstein.

Operational Issues. Operational Changes It is important to organisations to ensure that they abide by the Law when caring for the safety of their employees,

Implementation of legislation (Chapter 47) By Haley Court.

Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.

ICT, Communication & related Legislations. Produced by Neil Liggett. Acts of Law – shared data & information.

Primary/secondary data sources Health and safety Security of Data Data Protection Act.

Welcome to the ICT Department Unit 3_5 Security Policies.

Section 4 Policies and legislation AQA ICT A2 Level © Nelson Thornes Section 4: Policies and Legislation Legislation – practical implications.

Learning Intention Legislations impact on security of information

Explaining strategies to ensure compliance with workplace legislation

Handling Personal Data

Legislation in ICT.

IS4680 Security Auditing for Compliance

Data Protection Legislation

Move this to online module slides 11-56

General Data Protection Regulation

Health and Safety! By jack Hughes.

Code of conduct Year 13.

Legislation in ICT.

How it affects policies and procedures

Presentation transcript:

Objectives  Legislation:  Understand that implementation of legislation will impact on procedures within an organisation.  Describe the methods of enforcing and controlling data protection legislation within an organisation.  Describe the methods of enforcing and controlling software misuse legislation within an organisation.  Describe the methods of enforcing and controlling health and safety legislation within an organisation.  Discuss the implications of the various types of legislation.

Objectives  Audit requirements:  Understand that many information systems are subject to audit.  Understand the impact of audit on data and information control.  Describe the need for audit and the role of audit management/software tools in information systems.  Understand the function of audit trails and describe applications of use, e.g. ordering systems; student tracking; police vehicle enquiries.

Regulations 1. Data Protection Act 1984 & Computer Misuse Act Copyright Designs & Patents Act Health and Safety Regulations 1992.

Data Protection Act 1998  Consists of eight data protection principals.  Applies to organisations that hold personal data.  Personal data must be kept secure, should be accurate, and must not be misused.  Employees with access need to understand the implications of the Act.  A security manager or administrator put in control of access to the data.  Operating procedures to ensure privacy.

Data Protection Policy  Customer service: Company policy available to interested parties; Data subject told what data is kept and why; Data to be accurate, and errors corrected; Data only used for the purpose it was collected; Data only sold on if the subject has consented; Data only collected with consent in general; Data subject allowed access and their concerns listened to.

Data Protection Policy  Organisation: Company policy publicised for all staff concerned; Staff to be held accountable over privacy issues and could be liable under the Act if they leak data; Issues of privacy to be part of the information system, including security, accuracy and up-dating; A security policy adopted with an administrator; The security policy to deal with accidental as well as malicious damage and theft; Staff to be aware of policy on passwords, physical security, back-up of files, with regular checks performed on security by the administrator.

Buying and Selling Personal Data  A company may be in business just to collect private data to sell to other companies.  The data subject has to have given permission for it to be traded.  This may have been granted unknowingly by a tick box not being ticked etc.

Enforcing Data Protection  Data protection controller in the organisation to advise staff and enforce rules.  Employees aware of their responsibilities.  Follow up any incidents to ensure no breaches have taken place.  Hardware kept in secure areas.  Staff must not keep a personal copy of the database.

Enforcing Data Protection  Staff to be trained properly in the use of personal data in a database, and aware of the obligations of the organisation under the Act.  Passwords must be hard to break, and changed regularly.  Staff must not bring in personal software.  A log of all access should be kept as a record of individual access.  Levels of access should be differentiated for different job users.

Software Misuse Act 1990  Employees need to be aware of:  Have a clear job description of what they are allowed to do, and not allowed to do.  Not to introduce unauthorised software.  No unauthorised work done on the system.  Data disks have to be scanned for viruses if used outside the system.  Separation of duties whereby no one person is responsible for everything, different parts have different managers.  Controllers to do regular audit checks of who has used the database and what have they accessed.

Software Copyright  It is illegal to copy software or run software that is not licensed for the purpose.  The company information systems administrator is responsible for the licence.  He must run an audit of what and how many of each software is used and delete any that is used over the licence agreement.  Ensure there is enough licences for the company work to be done.  Educate the staff of the consequences to them and the company.  Ensure that staff are aware of the legalities and sign a written agreement.

Health and Safety  Each organisation should have a Health and safety officer to check and report to management the state of the environment, the furniture and the equipment that is used by staff.  Good staff training and proper use of computers in the working environment, including the correct posture, breaks to stop eye strain and RSI, etc.  Eye tests should be offered regularly and glasses supplied if needed.  Faulty equipment should be changed promptly.  Regular evaluation of work space should be done to protect the workforce and minimise claims made against the organisation.

Audit Requirements  A systematic assessment of the entire computer system including the hardware and software.  There is special software that does an audit trail e.g.:  A trail can track the progress of an item ordered by ‘phone until its despatch.  The payment can be checked against the order in case of any queries, and for stocktaking purposes.

Fraud  An audit check will uncover fraud.  It will check any irregularities in orders and payments and report back to the administrator.  Staff are to be made aware of these procedures to deter the possibility of fraud.  Staff logging in bogus customers etc will be detected during an audit check and a customer tracking system.