Data Protection Act 1998
The Data Protection Act 1998 came into being, to update a previous act. This was to comply with the European Rights Convention, Article 8 – giving people the right of privacy. If any size company collects information about people, in particularly personnel information such as credit card number, address, name, telephone number etc, you must follow the data protection guidelines.
- You must say what the data is for and why you collect it (this you must stick to and not use the data for any other purpose).
- You must register your data collection system with the information commission.
- Personnel data about people must be lawfully obtained
- Data held must be must be accurate.
- You must show information stored about a person to the subject of that data and delete it, if told to by the subject of the data.
- You should not give the information about people to anyone else without permission, except to police only if they need it prevent a crime or to catch a suspect or if they have a warrant.
- You must prevent unauthorised access and processing of data (using appropriate security methods).
- You must not allow personnel data to be accidentally lost, damaged or altered, (using appropriate security methods).
As from April 2010 any company that breaks the act can be fined up to £500,000 dependant on the seriousness of the breach.
Computer Misuse Act 1990
The computer misuse act was started to stop a loop hole in the law, after two people broke into the British Telecom’s Prestel computer system and Prince Philip’s message box in 1985.
This Act states you should not:-
- Access computers which you are unauthorised to access.
- Access computers which you are unauthorised to access, to cause damage or perform other crimes with the information you obtained illegally.
- Modify computers or data you, do not have the right to access.
- Access computers which you are Unauthorized Access, is called a summary offence and penalties are limited to 6 months imprisonment and/or a maximum fine of £5000.
- Access computers which you are unauthorized to access, to cause damage or perform other crimes with information obtained illegally is a serious crime and carries jail terms of up to 5 years and unlimited fines.
- Modify computers or data you, do not have the right to access is again a serious crime and carries a jail terms of up to 5 years and unlimited fines.
Computer and Data security
You must protect your computer against things that can damage it and the data on it
How can we protect computer systems?
- Not making passwords too easy to guess.
- Backing up data on computer systems.
- Using Antivirus/Malware/Spyware checkers (Make sure the spyware /malware/ antivirus software is not fake, to be on safe side use a known one like Kaspersky, Norton, MacAfee (paid), Microsoft Essentials (free) MalwareBytes (good Professional checker).
- Use firewalls, this blocks unauthorized access to your computer.
- When you move away from Computer/workstations Lock it (ctrl-alt-del, Lock Computer)
- Using a Uninterruptible Power Supply (ups)(battery backup that prevents computer being damage due to power cuts).
- Using surge protection.
- Erasing Data on Hard Drives before disposing.
cases where data has been found on hard drives
“A study conducted by Kessler International, a world leader specializing in computer forensics, determined that over 40% of the hard drives listed for sale on eBay still contain personal, private, and sensitive information otherwise thought to be erased.” Kessler International.
“Sensitive information for shooting down intercontinental missiles as well as bank details and NHS records was found on old computers, researchers say”. BBC News.
“Medical records, confidential letters and X-rays of patients in Lanarkshire have been found on second-hand computer hard drives”. BBC News.
Laptops and Security
One of the worst areas for data getting out is data on laptops, below is a list of things to do to secure your business laptop
- Not Leaving your Password with your Laptop Case.
- Be careful what Data you put on your Laptop.
- Encrypt your laptop.
- use screen shield (prevents the laptop screen being view from side).
- Use Laptop desk lock when one is available (device you can use to lock the laptop to a desk).
- Don’t leave the laptop lying Around .
- (2009) Data Protection (3rd Edition) Peter Carey, Oxford University Press.
- (2008) Introduction to information Technology Law (6th Edition) David I. Bainbridge, Pearson Longman.
- (2002) Information Security Best Practices: 205 Basic Rules By George L. Stefanek, Butterworth Heinemann.
- (1990) Computers Under Attack By Peter J. Denning (editor), Published by Addison-Wesley Publishing Co.