Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
20 Cards in this Set
- Front
- Back
|
Freedom of Information Act (2005)
|
1) Gives the right to access recorded data
2) only public authorities are covered (NHS) 3) Deals with individual requests and publication schemes. |
|
|
Limitations of FOI
|
1)Employees sometimes use personal email accounts to avoid FOI - Example of this is civil servants using personal emails.
2) Journalists use this a lot |
|
|
Data protection Act 1998
DPA - Losses |
1) child benefit information 2007
2) patient details 2008 3) MOD loose 658 laptops |
|
|
Rights of a Data subject
|
1) access and rectification
2) informed when data obtained 3) prevent processing likely to cause substantial damage or distress 4) prevent processing for the purposes of direct marketing 5) automated decision taking |
|
|
8 Principals of the Data Protection Act
|
1) Fairly and lawfully processed
2) Processed for limited purposes 3) Adequate, relevant and for limited purposes 4) Accurate 5) not kept longer then necessary 6) Processed in accordance with Data subjects rights 7) secure 8) not transferred to other countries without adequate protection |
|
|
Principal one
|
Personal data should be processed fairly and lawfully in particular should not be processed unless:
1) at least one condition in P2 is met 2) When data is sensitive one condition in P3 is met |
|
|
Principle two
|
Personal data shall be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes
|
|
|
Principle three
|
Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed
|
|
|
Principle four
Principle five |
Personal data shall be accurate and, where necessary, kept up to date
Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes |
|
|
Principle six
|
Personal data shall be processed in accordance with the rights of data subjects under this Act
|
|
|
Principle seven
|
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data
|
|
|
Principle 8
|
Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data
|
|
|
What is Data
|
(a) is being processed by automatic means
(b) is recorded with the intention that it should be processed by automatic means (c) is recorded as part of a relevant filing system (or the intention of such) (d) forms part of an accessible record as defined by S68 |
|
|
What is personal Data
|
means data which relate to a living individual who can be identified
(a) from those data, or (b) from those data and other information which is likely to come into the possession of, the data controller, |
|
|
Data controller
|
A person who determines the purposes for which and the manner in which any personal data are, or are to be, processed
|
|
|
Data subject
|
An individual who is the subject of personal data
|
|
|
Processing
|
Obtaining, recording or holding the information or data, or carrying out any operation on the data including:
Organising, adapting or altering the data Retrieving, consulting or using the data Disclosing the data |
|
|
Conditions for Processing Data
|
1) Individual gives consent to the processing
2) necessary for performance of a contract with the individual 3)required under a legal obligation 4) necessary to protect vital interests of the individual or carry out public functions 5) in order to pursue the legitimate interests of the business |
|
|
Information-centric
|
security is an approach to information security paradigm that emphasizes the security of the information itself rather than the security of networks, applications, or even simply data.
|
|
|
Security analyst Rich Mogull's principles of information-centric security
|
1) Information (data) must be self describing and defending.
2) Policies and controls must account for business context. 3) Information must be protected as it moves from structured to unstructured, in and out of applications, and changing business context. 4) Policies must work consistently through the different defensive layers and technologies we implement. |
