Page 1

Legal and Ethical Issues in relation to the use of business information


Contents 1.

Computer Misuse Act (1990) Freedom of information Act (2000)

2.

Data Protection Act 1998 Ethical issues

3.

Backups Health and safety Organisational Policies

4.

Business continuance Plans Cost Reference


The Different laws and ethical issues of Next Computer Misuse Act (1990) The Computer Misuse Act recognised the following: •

Unauthorised access to computer materials

Unauthorised access with intent to commit or facilitate a crime

Unauthorised modification of computer material

Making supplying or obtaining anything which can be used in computer misuse offences

Freedom of information Act (2000) Access to information held by public authorities: •

General right of access to information held by public authorities.

Effect of the exemptions in Part II.

Public authorities.

Amendment of Schedule 1.

Further power to designate public authorities.

Publicly-owned companies.

Public authorities to which Act has limited application.

Request for information.

Fees.

Time for compliance with request.

Means by which communication to be made.

Exemption where cost of compliance exceeds appropriate limit.

Fees for disclosure where cost of compliance exceeds appropriate limit.

Vexatious or repeated requests.

Special provisions relating to public records transferred to Public Record Office, etc.

Duty to provide advice and assistance.


Data Protection Act 1998 Next states that “You have a right to access the personal data that we hold on you. If you would like to see a copy please send a £10 fee and a written request to the Group Data Protection Manager at Head Office, quoting Security and Privacy Enquiry. If you think the information we hold on you is incorrect please contact the Group Data Protection Manager at Head Office or via dataprotection@next.co.uk, quoting Security and Privacy Enquiry.” The Data Protection Act controls how your personal information is used by organisations, businesses or the government. Everyone who is responsible for using data has to follow strict rules called ‘data protection principles’. They must make sure the information is: •

Used fairly and lawfully

Used for limited, specifically stated purposes

Used in a way that is adequate, relevant and not excessive

Accurate

Kept for no longer than is absolutely necessary

Handled according to people’s data protection rights

Kept safe and secure

Not transferred outside the UK without adequate protection

There is stronger legal protection for more sensitive information, such as: •

Ethnic background

Political opinions

Religious beliefs

Health

Sexual health

Criminal records

Ethical Issues


Use of email While writing an email, the language used must be formal. The use of smiley faces and X’s can be seen as inappropriate Whistleblowing This is when someone discloses information on a fellow employee

Use of the internet If you misuse the internet (at your company) by using it for your own personal earns or searching inappropriate things. By law the company is allowed to monitor this as they own it. In consequence you could be fired and/or referred to the authorities. Security of information: Information security management deals with maintaining the availability of organisational information and knowledge. This focuses on digital data, but may also cover records and knowledge management. To make good business decisions it is important for the business to have the correct information available as and when. Companies usually keep their info on the IT systems, however security is must be tightened as there may be a risk of system fusiliers e.g. Viruses. Backups: To minimise the risk of losing vital business information stored on IT servers, large businesses have developed business continuity programmes. Bu producing backups of information of info on serves. Health and safety: Computer equipment is unlikely to be dangerous in itself, it can be used in ways that may be a hazard of staff. Office-based jobs require employees spend the majority of their workings days sat at their desk, sat working on a computer. Bad posture, incorrect positioning of equipment and RSI are health and safety risks that Employees are to take seriously legally. Organisational Policies: Organisation policies that relate to the use of business info can make sure that decisions affecting staff: •

Are understandable and consistent

•

Meet legal requirements


Take full account of their impact

Contributes to productive working relationships

This makes sure that staff have a guideline to help them comply with legislation. For the requirements of the Data Protection Act should work with the organisational policy on the storage and usage of customer data. Decisions made must be consistent as the internal communications are handing customers which is very important. Business continuance Plans: The Business continuance plans are the steps that a company creates in order to make sure it is capable of the surviving a worst case scenario. A step that might be taken in the continuance programme may to make sure the company is producing regular backups of its information:

be

A natural disaster (flooding or fire) may be considered

Accidents (Human error)

Malicious attacks (Deliberate breach of security, or hacking into a computer systems

Employees may need to change the way they work; storing information on a central server rather than on their personal hard drives Cost: Most businesses would see the advantages of implementing some/all of the measures listed. Although, many aspects of information management can cost money; it may be desirable to store backup copies of electronic info on remote server, a small business may not be able to justify the expenses. When choosing what policies to adopt and what measures to take, businesses should consider the implantation and maintenance costs: organisations should consider:

Additional resources needed – The business would need to buy new equipment or employ more staff

Costs of development – The solution is already available. An off the shelf product or service or will the company may need to develop it themselves

Reference: http://www.next.co.uk/WinTC.asp


P5_