Page 1

The computer misuse act 1990: page 1 Freedom of information act 2000: page 1 Data protection act 1998: page 2 Ethical issues: page 2 Charity work of Tesco: page 3

P6- Operational issues in relation to the use of business 4 Security of information – page 5

Backups- page 5 Health and safety- page 6 Organisational policies- page 6 Business continuance plans- page 6 Future plans of the business – page 6-7

The computer misuse act 1990: The computer misuse act of 1990 came about mostly because of R v Gold &Schifreen. A case in which Gold & Schifreen were arrested and tried under the Forgery and Counterfeiting act of 1981 after they had gotten into some of BT’s services and PR Phillips private messages. After this case, the Computer Misuse Act was introduced in order to try and prevent this from happening again and to also give the government the authority to arrest people who gain unauthorised access to computer materials. There are three offences for which one can be arrested for under this act: 1. unauthorised access to computer material, punishable by 6 months' imprisonment or a fine "not exceeding level 5 on the standard scale" (currently £5000); 2. Unauthorised access with intent to commit or facilitate commission of further offences, punishable by 6 months/maximum fine on summary conviction or 5 years/fine on indictment; 3. Unauthorised modification of computer material, subject to the same sentences as section 2 offences. So overall, anyone who attempts to gain access to any data or information that they are not authorised to have access to can be arrested. If the person gains access and has criminal intent (transferring funds, using the data for blackmail, blocking access to those who are authorised etc) can be arrested and finally anyone who alters the code (usually by using worms or virus) can be charged under the third section of the act.

Freedom of information act 2000: The Freedom of Information Act 2000 was implemented to make public sector bodies more open and accountable. It is hoped that the public can better understand how public authorities operate by giving them more access to information in an attempt to try and help the public understand the roles and operating of public authorities. Private companies do not come under this act so all of their information can be kept away from the public however data can still be requested using a Subject Access Request under the Data Protection Act 1998 (which will later be explained). Any company or organization that is publically funded, and or works for the welfare of the general population then they must comply with the rules and regulations of the Freedom Of Information act

2000. Organizations include government departments, local authorities, educational establishments, NHS GPs and dentists, police forces and health authorities. The Freedom of Information Act gives any individual the right to access all recorded information held by public authorities this means any member of the public has the legal right to access all information regarding any subject matter. This could include documents, emails, notes, videos, letters and even audio tapes. Even if the information they want to see doesn’t have any association to the individual requesting it and they are also not legally required to give a reason for their request.

Data protection act 1998: The Data Protection Act 1998 was implemented in March 2000. This act gives individuals a right of access to any of their personal data that a company may have. This personal data qualifies as any information held by a company that relates to an individual. Personal data is often collected when an individual completes the purchase of a good or service from a company. For example, when a customer consistently buys product from Tesco they may get a Tesco’s club card and in order to get the Club-card they need to fill out certain forms giving Tesco’s their personal information. It can consist of contact, bank or any other necessary details needed to facilitate an exchange. The Data Protection Act also protects individuals from having their personal information violated or given to third parties without the consent of the individual. Firms must implement appropriate security measures to prevent unauthorized or prohibited use of personal data, as well as accidental loss or damage to the information. However, much of the data that is collected is sensitive and if it were to fall into the wrong hands (i.e. third parties) could result in fraudulent activities against the individual. This is regarded to be a direct breach of civil liberties. To make sure that all data is handled carefully and fairly, the Data Protection act 1998 was introduced to protect both companies and individuals from things like fraud or any other problems involving the protection of data.

Ethical issues: Use of internet – Almost all companies nowadays use the internet, especially if they are a large organization like Tesco. So therefore they are very likely to have a specific code of practice for their employees whilst using the company’s internet. This code would include what the employees can and cannot do when using the internet at work. For example, in a company like Tesco, their employees may not use the internet whilst at work for any personal gain or interest and they may not use it to commit, attempt to commit or facilitate any illegal activities. As well as the company’s code of conduct when using the internet, the company overall and the employees of the company must adhere to the codes of practice which govern the selling of products on the internet i.e. Tesco’s online shopping service. Whistle blowing – Whistle blowing is when a worker reports suspected wrongdoing at work. Officially this is called ‘making a disclosure in the public interest’. A worker can report things that aren’t right, are illegal or if anyone at work is neglectful of their duties, including if someone’s health and safety is in danger, if there is damage to the environment, a criminal offence is occurring, if the company isn’t obeying the law (like not having the right insurance), or if the company are trying to cover up any wrongdoing

 Use of email – Like the use if the internet, there is a code of conduct that employees must follow when using their own personal email or their work email whilst at work. In the Tesco’s code of conduct, it is stated that employees may not use any of Tesco’s resources for any personal use or gain. This would include the use of both the interne and the emailing system. So employees may only use the internet for business reasons or work related reasons. Charity work of Tesco: Donations- Each Tesco UK store holds a community donation budget to help local organisations with their fundraising events. If a local organisation wants to be considered for a donation they have to write to the Charity/ Community Champion at their local store. Tesco stores receive a large number of requests for their funding and so help as many people as possible. The main aim of Tesco’s charity funding is to provide donations and sponsorship direct to charities and organisations working with children’s education and welfare, elderly people and people with disabilities.

Cancer Research UK and F&F donated stock appeal- In September F&F collaborated with Cancer Research UK to run a donated stock appeal in stores nationwide. Over 300 Extra and Superstores got involved and delivered the appeal with the support of 800 volunteers. Customers brought in their unwanted, high quality items to donate to Cancer Research UK shops and to say thank you we gave customers a £5 off voucher to be redeemed when spending £25 or more on clothing in store. Help feed the people in need, help build a stronger neighbourhood- Generous customers helped to donate an incredible 3.5 million meals during Tesco’s National Food Collection appeal on the 5 and 6 July, the equivalent of 26,000 trolley-loads of food. This was the second National Food Collection that Tesco held in partnership with food redistribution charity FareShare and foodbank charity The Trussell Trust. In conclusion, the main Acts that companies have to abide by include the Computer Misuse Act 1990, the Freedom of Information act 2000 and the Data Protection act 1998. There are also many ethical issues surrounding a business, including the use of their email, their internet and the problem or whistle blowing.

P6- Operational issues in relation to the use of business information.

An organisation such as Tesco receives a lot of information that is required for the successful running of their business. This includes:  Information from their customers that is personal. For example when a customer signs up for a club card they need to give over some of their personal details during the application process of getting a Tesco’s loyalty card. The company would also need the persons address so that they can send them the vouchers that they earn from using their Tesco’s club card in stores. Another way in which a customer personal information is used by the company is when a customer orders shopping online, the company need to know they’re name and address so that their shopping can be delivered to them. They also need to know their bank details so that the money can be taken from the persons account in order to pay for the shopping they have ordered. The people who would have this information would be the H&R department of the company. Some of this information can be assessed by different members of staff within Tesco Ltd. For example anyone who is handling the order of a person’s groceries in the shopping or delivering process and also any in store member of staff if they are dealing with a customer and need to access certain bits of information about that customer.  They receive information from their suppliers for things like when they need to order new stock or when new stock would be available to them. They would receive information about delivery dates of the stock of the company to their stores and if there were any problems with the stock that they receive or with the delivering of their stock then this information would be vital for the company to receive. For a large company like Tesco that deal with a large variation in products and suppliers they receive a lot of different information on a daily basis which needs to be dealt with a processed The people who receive this information would include those who deal with the ordering of the stock. In each store this would be a different person or a different team of people so how this information is handled is slightly different in each of the stores but is overall the same across the whole Tesco team.  They would also receive information from any partnering company’s they may have such as Cancer Research UK who they work with. This information is important for the different projects that Tesco carry out including the charity work that they do. The information that they receive from these companies like Cancer Research would be the work that they do and what Tesco can do to help them like for a charity it would include hoe Tesco can help to raise money for their causes. The people who would receive this information would be the team of people who are in charge of the project or the partnership with the other company such as Cancer Research UK. Some of the information would be passed down onto other members of staff in the company especially if the company along with Tesco and do a promotion of some sort.

Security of information – The security of information is implemented within every company to make sure that personal information that is given to a company remains safe. The security of information follows the data protection act 1998 which protects people from having their personal information given out without their permission to third parties among other things. Tesco are given a lot of information that is personal about both their customers and their employees and the security of information policy that is implemented with the company Tesco stops Tesco from being able to sell a person’s information onto a third party or giving a third party the persons information unless that persons has specifically permission to the company to do so. If permission is not given then the information of that individual should stay private and confidential within the business. The personal information that Tesco have is used for a various amount of reasons which includes personalising a person’s online shopping experience or contacting them in any way such as email to inform them about things such as promotional offers the company may have like their Allesi vouchers etc. However, information about

a person can be shared anonymously outside of the Tesco group as long as it does not contain any personal information with the third party so the person’s personal information remains safe and secure. BackupsTesco have a series of SQL databases where their information that needs to be backed up is kept. The information that is kept on these databases is very important so to make sure that the information is not lost at any point the SQL databases are constantly being backed up every 24 hours so any new information that it put into the database can be backed up as well as old information being re-backed up. The time taken for the backup to occur depends on how much information that is being backed up and as the amount of information that Tesco needs to back up increases, so does the time taken for the back up to occur. Some of the information that is backed up includes their customer details as well as things like their shopping lists or their favourites on their online shopping lists as well as their personal information. As well as this, the SQL database holds information about the company itself including statistical data such as the booking of the company’s spending etc. and more important information that the company may have. Health and safety – Health and safety is very important in any case, but especially within a business because if proper rules and regulations are not set out by the company and an accident occurs and someone gets hurt or their health is damaged then the company could be held liable for this. Within the Tesco team the designated health and safety director is Lucy Neville-Rolfe who is also the executive director of corporate and legal affairs. The Tesco stores of the UK and Ireland run 3 health and safety campaigns each year in order to raise awareness of health and safety within the work place which include safety awards as incentive for people to be more aware about the health and safety of people within the work place whether it be in stores or in Tesco headquarters offices. Tesco have followed the Health and Safety Executive of Directors Guidance (HSEDG) on leading health and safety at work. They have incorporated the rules and regulations that are suggested by the HSEGD. Organisational policiesDifferent companies have specific organisational policies specific to their company. Tesco as a large company have many different organisational policies that they implement with their stores and their offices and their warehouses etc. an example of a policy that they have is that if a person orders something online and cancels their order then the money would go back into their account within 3-5 working days. This is an example of an external organisational policy. And internal organisational policy is something that is implemented within the business for example staff are not allowed to use the internet for their own personal reasons. This may not be the case with all company’s but with Tesco this is one of their many organisational policies. Business continuance plansA continuance plan is a plan that company has in case of an emergency like if there was to be a disaster such as a flood or an earthquake that interrupted the business in any whether it be with the delivering of the products that the company sell or if it affects them more directly like if it was to cause a power cut in their stores. A simple continuance plan for a company like Tesco if their power was to go out would be to simply have generators for the stores to run on until the power was fixed. However most continuance plans are much more elaborate. Sometimes continuance plans are unplanned and used to situations that could not have been anticipated previous to the event. For example during the Icelandic volcanic eruption, the collection and transportation of products from Kenya was stopped due to all planes not being able to fly so instead of flying the products Tesco instead had the products first transported to a hub in Spain by boat which was then picked up from Spain and transported back to the UK via trucks. This meant that the Kenyan farmers could still sell their produce and Tesco could still get the products they needed to sell within their stores. The point of continuance plan is that it helps to stop interruptions within a business and to get the company back to its normal or as close to its normal working order as quickly and efficiently as possible. Future plans of the business – Tesco have three main aims and objective for the future. These include:

1. Creating more and more jobs for young people everywhere. To do this would require an investment of money from the company as they would have to pay more staff salaries and possibly even create new stores in order to generate new jobs. 2. Encourage healthier lifestyles for their customers, which would require them to do things like advertise healthier eating or to try and sell the healthier products for cheaper. 3. To expand the business internationally, this would mean the owners of Tesco would have to invest a lot of money into building and promoting their stores in other countries.

P5p6 maria