Information SystemsUnit 3

Information, Laws and EthicsInformation, Laws and Ethics

Demonstrate an understanding of the Demonstrate an understanding of the issues related to use of informationissues related to use of information

explain the issues related to the use of information (P3)

Assess how issues related to the use of information affect an organisation (M2)

Legal issues, Ethical issues

Legal IssuesLegal Issues

There are many laws that affect the use of information.

Three of these are the:

Data Protection Act 1998 Freedom of Information Act 2000 Computer Misuse Act 1990

Data Protection ActData Protection Act

Data Protection Act 1998

The Data Protection Act 1998 provides a framework to ensure that personal information is handled properly.

It also gives individuals the right to know what information is held about them.

Data Protection ActData Protection Act

The Act works in two ways1. Anyone who processes personal information must register

with the DPA registrar and comply with eight principles.These make sure that personal information is:

fairly and lawfully processed processed for limited purposes adequate, relevant and not excessive accurate and up to date not kept for longer than is necessary processed in line with your rights secure not transferred to other countries without adequate protection.

Data Protection ActData Protection Act

2. The Act also provides individuals with important rights.

These include the right to find out what personal information is held on computerand

most paper records

Freedom of Information ActFreedom of Information Act

The Freedom of Information Act 2000 access to official information gives individuals or organisations the right to ask for

information from any public authority, including central and local

government, the police, the NHS and colleges and schools.

20 days to provide the information refuse if the information is exempt:

eg if releasing the information could interfere with national security or damage commercial interests

Computer Misuse ActComputer Misuse Act The Computer Misuse Act 1990 details three offences:

unauthorised access to any computer program or data most common form of this is using someone else’s user ID and password

unauthorised access with intent to commit a serious crime unauthorised modification of computer contents

impairing the operation of a computer, a program or the reliability of data

preventing access to any program or data Examples of this are the introduction of a virus, modifying or

destroying another user’s files or changing financial or administrative data

Some minor changes to tighten up this Act were introduced as a small part of the Police and Justice Act 2006.

This made unauthorised acts with intent to impair the operation of a computer illegal

Work on your AssignmentWork on your Assignment

You must now start to look at the scenario provided You must now start to look at the scenario provided at the start of this unit and apply it to the tasksat the start of this unit and apply it to the tasks

Work on the relevant sections for the assignment P3 Work on the relevant sections for the assignment P3 & M2& M2

Follow the assignment writing frameFollow the assignment writing frame

Main Heading (heading size 1)Main Heading (heading size 1) - Legal, Ethical and Operational Issues [P3, - Legal, Ethical and Operational Issues [P3, M2]M2]

Heading (heading size 2)Heading (heading size 2) – – Legal IssuesLegal IssuesSub Heading (heading size 3) – Sub Heading (heading size 3) – Data Protection Act 1998Data Protection Act 1998

Sub Heading (heading size 3) – Sub Heading (heading size 3) – Freedom of Information Act 2000Freedom of Information Act 2000Sub Heading (heading size 3) – Sub Heading (heading size 3) – Computer Misuse Act 1990Computer Misuse Act 1990

BREAKTIMEBack at 14:45

DO NOT BE LATE

Ethical IssuesEthical IssuesCodes of PracticeCodes of Practice

Codes of Practice Many organisations will have a code of practice

Clear states what uses can be made of their computing facilities

main uses of computing facilities will be to support the purpose of the organisation

code of practice often defines the extent to which private use of the computer system is permitted Examples of items included in a code of practice

are: Use of email Use of the internet Whistle blowing

Ethical IssuesEthical IssuesCodes of Practice - Use of EmailCodes of Practice - Use of Email

Threatening or harassment banned

Spamming or unsolicited email banned

Limited use for personal email sometimes allowed

However, this is dependant on the organisation and the level of security within it All outside contact via electronic methods may not

be allowed

Ethical IssuesEthical IssuesCodes of Practice - Use of the InternetCodes of Practice - Use of the Internet

Inappropriate websites

Eg gambling Banned – code of practice and filtering

software

Personal use can be allowed – code of conduct

Ethical IssuesEthical IssuesCodes of Practice - Use of the InternetCodes of Practice - Use of the Internet

Inappropriate websites

Posting to websites banned unless own organisational server

where restrictions apply

Whistle blowing Computer users who identify others misuse

are protected – code of practice IT Administrators usually first to detect

misuse

Ethical IssuesEthical IssuesOrganisational PoliciesOrganisational Policies

An organisation’s policies may have a significant effect on how it treats information

operates on a need-to-know basis is likely to impose policies restricting access to information

For example, it may keep its databases, files and email servers in a secure central data centre

IT security and data centre staff may put in place tight controls on who can access or update this data

Ethical IssuesEthical IssuesOrganisational PoliciesOrganisational Policies

A decentralised organisation with decentralised computing is also likely to restrict access to information

security restrictions could include: Access to files, databases or email

limited or no direct connectivity between the organisation’s computers

This could unintentionally prevent staff at one location accessing information held at another location, even though they may need access

Work on your AssignmentWork on your Assignment

You must now start to look at the scenario provided at the start of this

unit and apply it to the tasks

Work on the relevant sections for the assignment P3 & M2

SummarySummary Today you haveToday you have

Demonstrated an understanding of the issues Demonstrated an understanding of the issues related to use of informationrelated to use of information

You have done this byYou have done this by

explaining the legal and ethical issues related to the explaining the legal and ethical issues related to the use of information (P3)use of information (P3)

assessing how legal and ethical issues related to the assessing how legal and ethical issues related to the use of information affect an organisation (M2) use of information affect an organisation (M2)