Data Protection Act
By Valdrin Osmani
Contents Page 3 – Legal Issues Computer Misuse Act Freedom of Information Act Data Protection Act Page 4 – Ethical Issues and Sponsors Whistle blowing Internet Email The Sponsors of Nationwide Page 5 – Data Protection Act Overall The 8 principles of the Data Protection Act Page 6 – Operational Issues of Nationwide Fundamental Issues Policy/Procedure Security of Information Back Ups Health and Safety Page 7 – Operational Issues Organisational Policies Business Continuance Plans Additional Resources Cost of Development Increasing Sophistication
Data Protection Act Introduction There will be many topics discussed in this assignment; these are legal and ethical issues. I am going to describe the 3 laws which are Computer Misuse Act 1990, Freedom of Information Act 2000 and Data Protection Act 1998. I am also going to describe 3 ethical issues which are the use of email, whistleblowing and use of internet. So am going to describe the laws and ethical issues of my company. Also I am going to write if Nationwide (my company) sponsors Fair Trade or a charity. Computer Misuse Act: An Act to make provision for securing computer material against unauthorised access or modification; and for connected purposes. Since that time people are not allowed to access computers without authorisation, without permission. These are the punishments a person commits this crime: 1. Unauthorised access to computer material, punishable by 6 months' imprisonment
or a fine "not exceeding level 5 on the standard scale" (currently £5000); 2. Unauthorised access with intent to commit or facilitate commission of further
offences, punishable by 6 months/maximum fine on summary conviction or 5 years/fine on indictment; 3. Unauthorised modification of computer material, subject to the same sentences as
section 2 offences. Freedom of Information Act: An Act to make provision for the disclosure of information held by public authorities or by persons providing services for them and to amend the Data Protection Act 1998 and the Public Records Act 1958; and for connected purposes. This means that people are allowed to see their information such as there bank information or other things freely and are not allowed to be denied access if it is there information. Data Protection Act: An Act to make new provision for the regulation of the processing of information relating to individuals, including the obtaining, holding, use or disclosure of such information. The Data Protection Act controls how your personal information is used by organisations, businesses or the government. Everyone who is responsible for using data has to follow strict rules called ‘data protection principles’. Data Protection Act: Your personal information will only be processed by Nationwide Building Society for the purposes as notified to the Information Commissioner. You may request a written copy of the details held about you. A fee of £10 is payable. This is what nationwide say and this the only time your personal information will be processed.
There are 3 main ethical issues which are used within Nationwide. The use of email is one of them which is used everywhere. When you want to access your account nationwide may ask for your email address so they can send you letters online to inform you about new things they do. If a person needs to change their password for an account they have they can access their email because they might not know it. That is why emails are very useful for all accounts these days and can only be used on computers and are one of the main ways people get their information. Whistleblowing can be used by everyone but it is mainly used by people, which means they can spread information about a company to everyone. This can be done by informing a person, or putting it on a social networking site such as Facebook, Twitter, Instagram, etc. It is mainly used when someone such as an employee knows something bad about the company and then they spread the word and inform many people about it. Definition of Whistleblowing: Whistleblowing is when a worker reports suspected wrongdoing at work. Officially this is called ‘making a disclosure in the public interest’. A worker can report things that aren’t right, are illegal or if anyone at work is neglecting their duties. The use of internet is one of the biggest things in the world, everyone uses it. It is a big network and is very useful. People can access bank information securely, shop online; go on social networking sites and talk. All the big companies in the world use it, whether someone want to buy groceries, clothes, technology, etc. Nationwide like other banks uses the internet, they have a website. On the website you can find out more information about Nationwide, but one of the main things people will use it for is to access their bank information. You have to write a code and some number form your card and you will end up seeing you bank information there such as savings, current account, ISA, etc. This is very useful and is very secure and hard to go into someone’s account easily which reassures customers. It is also secure and if anyone does go in they are breaking the law and it is fraud. Nationwide do not sponsor any charity organisations, but they do sponsor an English football league in the lower divisions. Their competitor Barclays sponsors the division 1 league, which is called the Barclays Premier League. But Nationwide also sponsors the England National Football Team which puts a good image on them because it shows they are supporting the country. But the deal the football league is a £12 million three year deal. The new deal sees sponsorship revenue rise by 33% from £3 million to £4million.
The Data Protection Act 1998 (DPA) is a United Kingdom Act of Parliament which defines UK law on the processing of data on identifiable living people. It is the main piece of legislation that governs the protection of personal data in the UK. Although the Act itself does not mention privacy, it was enacted to bring UK law into line with the EU data protection directive of 1995 which required Member States to protect people's fundamental rights and freedoms and in particular their right to privacy with respect to the processing of personal data. In practice it provides a way for individuals to control information about themselves. Most of the Act does not apply to domestic use, for example keeping a personal address book. Anyone holding personal data for other purposes is legally obliged to comply with this Act, subject to some exemptions. The Act defines eight data protection principles. It also requires companies and individuals to keep personal information to themselves. Data Protection Principles 1. Personal data shall be processed fairly and lawfully and, in particular, shall not be
processed unless1. at least one of the conditions in Schedule 2 is met, and 2. In the case of sensitive personal data, at least one of the conditions in
Schedule 3 is also met. 2. Personal data shall be obtained only for one or more specified and lawful purposes,
and shall not be further processed in any manner incompatible with that purpose or those purposes. 3. Personal data shall be adequate, relevant and not excessive in relation to the
purpose or purposes for which they are processed. 4. Personal data shall be accurate and, where necessary, kept up to date. 5. Personal data processed for any purpose or purposes shall not be kept for longer
than is necessary for that purpose or those purposes. 6. About the rights of individuals e.g. personal data shall be processed in accordance
with the rights of data subjects (individuals). 7. Appropriate technical and organisational measures shall be taken against
unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. 8. Personal data shall not be transferred to a country or territory outside the European
Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
P6 Nationwide is unlike other companies will receive a lot of people’s information in detail because it is needed. Shops will not have to ask for a lot of information if someone makes an account with them. But because nationwide is far more complex it will need more information from the person because they are going to be keeping that persons money and will have to keeps it 100% secure. Nationwide receives the information it requires from people such as a CRB check which is needed if you have a criminal record or are blacklisted for various charges. This could mean that you can’t get a credit card or a debit card. They will also ask for identification, house address, etc. They need every piece of information because that person’s money is going to go in and out from the bank. The member of staff will be someone who is probably experienced and knows what they are doing when they are registering you in the company and are taking the information. The person will be someone who nationwide trust and someone who has also gone through various checks before being employed. This is so that nationwide have trustworthy workers who know what they are doing and someone who reassures the customer. Nationwide requires many policies and procedures for many different things. This is so that there business runs well and helps the business be better. These policies/procedures are security of information, backups, health and safety, organisational policies, business continuance plans (future plans for the business) and costs (how much will it cost). This procedure will take a few days at it is a big thing this is because they have to set up a meeting for you to give in all your information. Security of information is dealt with at a branch of Nationwide, this is so that all the information they are getting is safe and is done face to face and not on the internet or telephone. When they take in the information they will make backups and store them in multiple areas just in case it is deleted or not found they will have will be able to provide and extra copy. This will mean they won’t have to hassle the customer to come back in give information meaning it will save more time and get everything done quicker. They have many things for health and safety which nationwide may use but this will be within the branches they have and not really on websites. They have fire detectors installed, so if there is a fire it will done on the water which is on the ceiling to spray all over the shop. They also have fire extinguishers for different types of usage some for electricity and some for fires. A lot of the safety procedures have to be done because of the law meaning if a company doesn’t follow the procedures they can get a big fine. When you walk into the branch there is a clear pathway for someone to walk and nothing in the way which could make someone fall and get injured. If the floor is wet they put up a sign which says caution, wet floor to inform customers that the floor is wet and they should walk carefully.
Nationwide have many policies within the business such as the information they hold has to be safe and not told to anyone accept the customers who they got the information from. Meaning all the information is confidential; they have to check your identity and they always have to keep you updated and the computer systems they have are always updated to help the keep the business well and make the employees happy with the new system they have. They have a business continuance plan to make try and make changes for the future of the business and to try and improve it every time and invest more for the business in the future to always make it better. They may plan to make more branches so that people can go to nationwide easier and quicker if they need to. Improve the branches and make them as good as they can, etc. This will cost around £1 million this is because they will have to make multiple branches which will cost expensive to build. They will also have to pay rent and many other things. To improve the branches will also be in that £1million that they are paying. This will mean they will try and improve the branches they already have. They may have to change the computer systems this is because if they keep the same computer system. This is because it is good to keep the business modern and well updated with everything. It will also be good because the old computers will have to be thrown out because they have the old system and won’t run smoothly with new systems. This is good because if they have fast computers it will get things done quicker and easier. An average computer costs around £500 meaning they have to install hundreds or thousands because of all the branches they have all over the nation. They will also have to have people come in and install the programs and the computers, etc. The overall cost will be around £100,000. This is a big investment but will improve the business and make it better and more modern which means it could beat its competitors. The change in technology could affect the business in many ways positively and negatively. It could be positive because the businesses computers will run smoother and better and will look better because they have new updated computers. But it could mean that employees might struggle with the new system on the computers and could mean they might struggle a bit in the beginning which means it might slow things down. But they will adapt to it after a while meaning they will get used to it and will comfortable after a while.