Download presentation
Presentation is loading. Please wait.
1
Legal and Ethical Issues
Information Systems Legal and Ethical Issues
2
Business Simulation Business simulation functional areas
Purpose of Information data capture and storage systems for: Personnel, Purchasing, Operations, Sales, Finance Business Simulation
3
Legal and Ethical Issues
Legal Issues: Data Protection Act 1998 Freedom of Information 2000 Computer Misuse Act 1990 Legal and Ethical Issues
4
What are the eight principles of the Data Protection Act 1998?
5
Data Protection Act 1998 Framework for handling data
Gives individuals right to know what info is held If you process data you must register with DPA registrar and ensure that personal information is: Fairly and lawfully processed Processed for limited purposes Adequate, relevant and not excessive Accurate and up-to-date Not kept for longer than necessary Processed in-line with your rights Secure Not transferred to other countries without adequate protection Data Protection Act 1998
6
Freedom of Information Act 2000
Access to official information Individuals or organisations have right to request information from who? How long do they have to respond? Can the information be withheld: if so on what grounds? Freedom of Information Act 2000
7
Freedom of Information Act 2000
Access to official information Individuals or organisations have right to request information from: Any public authority – including local and central government The police NHS Colleges and schools They have 20 days to provide the information. May refuse if the information is exempt eg if releasing the information could prejudice national security or damage commercial interests. Freedom of Information Act 2000
8
Computer Misuse Act 1990 How many offences are there? What are they?
What other act(s) cover this area? Computer Misuse Act 1990
9
Computer Misuse Act 1990 Three offences:
Unauthorised access to any computer programme or data eg using someone else’s logon ID and password Unauthorised access with intent to commit a serious crime Unauthorised modification of computer contents. I.e. impairing the operation of a computer, a program or the reliability of data, includes preventing access to any program or data. E.g. the introduction of a virus, modifying another users files or changing financial or administrative data. Minor changes to tighten up act introduced through Police and Justice Act 2006, made unauthorised acts with intent to impair the operation of a computer illegal. Computer Misuse Act 1990
10
Ethical issues Codes of Practice Organisational Policies
Information ownership Ethical issues
11
Make clear what use can be made of computing resources
to support purpose of organisation Often define how much private use Eg Use of – threatening/harassing, spam, limited private use Use of the internet – inappropriate classes, eg pornography, gambling. Limited personal use. Rules on postings to organisation’s web-server. Personal pages. Whistle-blowing – protect users who draw attention to other’s misuse. Protect IT administrators (run servers and first to spot)! Codes of Practice
12
Codes of Practice Activity:
Carry out research to find examples of computer codes of practice Produce a code of practice for a top secret military or government establishment eg Credenhill or Cheltenham. Produce a code of practice for a small web design or computer consultancy company. List the areas in which these are similar; List the areas in which they are different. Explain why they differ. Codes of Practice
13
Organisational Policies
Might depend on hierarchy. If organisation is ‘need-to-know’ will be many restrictions on access to information. E.g. Databases, servers and files in secure central data centre. IT security and data centre staff control tight security on access (including updates). Decentralised organisation may have limited access for geographical reasons. May be few restrictions on site but limited connectivity between sites. Organisational Policies
14
Information ownership
Data Dept. that produced data should own every field in every record. Responsibility for making sure it is: Accurate. Consistent, timely. Information Many owners may have originated the data to produce a piece of information. Often dept responsible for defining or running the program that produces the information owns it. Other than IT information eg network performance IT should not be responsible for information ownership. IT should be guardians, not owners. Information ownership
15
Operational issues Security of information Back-ups Health and Safety
Organisational Policies Business Continuance Plan Costs Impact of increasing sophistication of systems Operational issues
16
Security of information
Users expect data to be kept secure: i.e. safe from unauthorised or unexpected access, alteration or destruction. Management specify who can look at and update information e.g. small organisation, simple structure anyone can look, list of who can update. Larger organisations more complex rules. May require a log of who has accessed or updated information. IT dept have responsibility to advise on security and implement rules. Security of information
17
Good practice to make frequent back-ups in case of physical or processing problems.
Full back-up – all information Partial back-up – only information which has changed since last full back-up. IT department should practise recovering backed-up files – Restore from full back-up, apply partial back-ups to check they are working. Back-ups
18
Health and Safety Relatively low risk
Regulations relating to screens and monitors, position and use. Positioning of keyboards, mice, chairs, tables. Computer users are entitled to eye-tests. Breaks away from the computer (look out of window) Other existing office, or other workplace environment, laws apply. Health and Safety
19
Organisational Policies
Policy for use of information systems E.g. keeping information confidential Procedure for correcting anomalous information Can apply equally to computer-based and non-computer based systems. Organisational Policies
20
Business Continuance Plan
How operations can continue if any major system (or combination of systems) should fail. These could be IT systems. The service delivered may be more limited. E.g. Dual network, attach alternate terminals to each network; complete failure of one network means that at half terminals keep working. E.g. retailer may opt for more tills or point of sale terminals than really required to allow for failures. May have two servers to allow for server failure. Cost implication, decisions based on analysis of risk: How likely is the failure x cost of failure = justification for ‘redundant’ items. Cannot cover everything. Business Continuance Plan
21
Business Continuance Plan
Case study: A business has offices in Upton-on Severn, area known to flood. Office building includes basement and four storeys above ground. Where should it install the servers for its information systems? What actions should the BCP include in the event of flooding? One day the staff arrive to find water cascading through all the storeys of the building due to a leak; there was an old air-conditioning reservoir on the roof and this had sprung a leak. The building has to be closed for several weeks while the leak is fixed and building dries out and is cleaned. What actions should be initiated from the BCP? Are there any additional actions that would be useful? How can the effects of the leak be minimised? What could have been done to prevent this incident? Business Continuance Plan
22
Costs Total benefits of IT system >> cost of system
Considerations Additional resources required One-off costs of new equipment purchase and installation User tests and training on-going (running) costs Cost of development Can be a large part of budget On-going updates and modifications. Costs
23
Impact of increasing sophistication of systems
Early systems based on manual systems: little training , simple software. Systems and computing becoming increasingly complex and sophisticated. Requirements More trained personnel: user training – basic computing features, equipment, new processes, transactions, queries, reports. More complex software: development software hides complexity from application builder. Builder can focus on business problems. Creates better, more complex systems – great until it all goes wrong then need development software expert and business software specialist. Impact of increasing sophistication of systems
24
Activity Customer information and constraints
Focus on organisation that uses customer information: e.g. local council, college, shop, restaurant Consider legal, ethical, operational and other constraints. What constraints affect the way the organisation uses customer information? How does the organisation deal with these constraints? Activity
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.