LO4

avatar
Created by
Sophie _Xx

Cards (9)

  • Rights of data subject under the DPA
    • must be told exactly what their personal data is being used for
    • Able to make a subject access request to have all their data collected on them from an organisation
    • The SAR must be giving within 40 days unless a valid reason
    • Possible fee payed for large amounts of data requested
    • Must identify themselves as only they can get data on themselves
  • What the data controller must do under the DPA
    • Ensure data security is strong with backups and tiered levels of access etc.
    • Staff should be trained to be aware of their responsibilities when having knowledge of personal data (not to share)
    • personal data is allowed to be deleted or changed by the data subject
  • Principles of the DPA
    1. data must be collected lawfully and processed fairly
    2. Collected data must only be used for the reason specified
    3. Data must be relevant and not excessive
    4. Data must be accurate and up-to-date
    5. Data must not be kept longer than necessary
    6. Data must be stored and processed securely
    7. Organisations must state what they are using the data for
    8. Personal data shouldnt be shared without the consent of the data subject
  • What are the 3 stages of the computer misuse act?
    1. No unauthorised access to data
    2. No unauthorised access to data that could be used for further illegal activities
    3. No unauthorised modification of data
  • What is the Freedom of Information Act

    Allows people to request public authorities, like councils, unis and hospitals, to release information.
  • What is a freedom of information request

    Under Freedom of information act, its a request for public authorities to release information. Must be formally submitted in a letter or email and reply must be within 20 days of request.
  • When cant a freedom of information request be allowed?

    Too expensive or involves sensitive information protected by the DPA.
  • Who is RIPA more targeted at?
    Public bodies
  • What does RIPA allow if criminal activity is suspected?
    • Surveillance to track the suspect (undercover police, bugs etc)
    • ISP's must provide access to suspects online communications
    • locked/encrypted data may be accessed
    • ISPs can install surveillance equipment or software to track online acitivity of suspect
    • Access must be granted to personal information