Page 1



Page 1 – Introduction, Computer Misuse Act, Freedom of Information Act (law) Page 2 – Freedom of Information Act continued, The Data Protection Act (law) Page 3 – Charities and Sponsorship, Whistleblowing (ethics) Page 4 – Whistleblowing continued, Use of email, Use of internet Page 5 - Health and Safety at work, Conclusion Page 6 - Operational issues – Security of information, Backups Page 7 – Organisational policies, Business continuance plans, Costs Page 8 – Bibliography

P5 Explain the legal and ethical issues in relation to the use of business information Introduction I will be discussing the legal and ethical issues in relation and in terms of the business information which Halifax uses. Ethical issues are a set of moral principles - what is morally right and wrong. Legal issues are to do with queries relating to the protections that law or systems should provide. I will be describing The Computer Misuse Act 1990, The Freedom of Information Act 2000 & The Data Protection Act 1998 (law). The 3 ethical issues I will be describing are use of email, whistleblowing and use of the internet. Ethical issues that may challenge a Bank relate to how they store your information or what they do with it – they need to obey the laws of the land but they may also want to use your information in their business – to market and sell you other products or to give information to other organisations – or they may have employees who might steal and they should always tell the customer if something has happened – even though this may be very bad publicity for them. LAW The Computer Misuse Act was passed in 1990 and was set up to stop people from being able to hack computer accounts and steal other people’s data or money. It is now against the law to take or steal any person’s computer details and use them without permission. This act is split into three sections in which it makes illegal if you have; unauthorized access to computer material, unauthorized access to computer systems with intent to commit another offence and unauthorized modification of computer material. Having researched computer misuse within Halifax there were not any incidents in the company relating to this. However this Act is very important to Banks such as Halifax because they hold the public’s personal information. For example their home addresses phone numbers and bank details. If employees at Halifax were found to be misusing or hacking information they could receive a penalty of £5,000 and up to 6 months imprisonment. In 2000 The Freedom of Information Act was put into place to give members of the public a right to see their own or any public recorded information on the screen or over the phone when being served if they wished to. You can request information from publicly funded organizations such as schools, police, hospitals, doctor’s surgeries and universities. This applies a lot to Banks as they serve customers everyday behind a screen and also customers ring up with their problems or questions. You would think that Banks wouldn’t have any problems with keeping your information secure, accurate and safe, however in 2011 it was found that a number of Banks have had over 100 breaches, Halifax having the least with 83 breaches with complaints where they have held inaccurate information about their clients and failed to give clients information

properly about themselves. This is an issue as customers are supposed to feel comfortable and trusted with their bank. Most Banks like the Halifax publish their own privacy policy (see left) where they tell their customers about the policies and procedures and rules and practices that they will follow to make sure your data and information is kept safe and will not be shared with other people or organisations unless you are happy for this to happen. Protecting clients and customers personal information is very important in a business. The Data Protection Act was founded in 1998. It controls how people’s personal data is used by different organizations. Everyone who is responsible for using data has to follow very strict rules. They need to make the information is used fairly and accurately. At Halifax their client’s information is kept by Bank of Scotland plc which trades as Halifax. Halifax should only share your information if you give consent although HM Revenue & Customs or other authorities can demand it or if it is required by the Bank or others to help investigate or prevent a crime and if it is needed by subcontractors to manage your records. A recent example of this is an incident which happened this year where Halifax actually had a complaint by two of their customers – a couple where fraudsters had taken around £12,000 of their savings. Halifax managed to restore the couple’s money and after the couple had shredded their platinum card, Halifax had still failed to send a new card and information to the right address and sent it to the fraudsters address instead. This has completely ruined the trust the couple had for Halifax. A Halifax spokesman said: "The person who fraudulently withdrew funds did answer the security questions correctly. Unfortunately, errors were made on our behalf with regard to issuing the new cards, and we are sorry for the problems this has caused. We take customer security very seriously, and we have strict controls to ensure any unusual or potentially fraudulent activity is flagged and responded to."

Halifax have given the couple £576 for the stress and grieve they had to deal with. The couple has cut their connections with Halifax and is very disappointed.

Charities and Sponsorship Halifax supports disadvantaged communities by donating money. They sponsor sports for young people and grants through the Lloyds TSB Foundations – investing £83 million in communities across the UK in 2012. In 2009 Halifax colleagues volunteered over 71,000 hours to Charities and community groups across the UK. Donations of £325,000 were made through volunteering programmers. ETHICS I will now be discussing the 3 ethical issues; use of email, whistleblowing and use of the internet. Whistleblowing Whistleblowing is when someone in an organisation uncovers a wrong doing or activity which is happening within the organisation and bring it to the attention of someone trusted in authority. This happens in many businesses and the worker cannot be sacked for doing this as they are protected by the law, it could also be seen as unfair dismissal. Whistle blowing could be seen as awkward because an employee may be seen to be telling tales about a colleague or work friend or their employer. An example of this within Halifax is where recently an executive of HBOS (Halifax Bank of Scotland) has claimed to have been sacked for whistleblowing. He repeatedly says that he warned HBOS that they were taking risks with financial stability and consumer protection.

Use of email When using email to connect with colleagues, clients, friends or family sometimes you need to be cautious as this is written communication that could be misused or copied. For example when an employer of Halifax is using company email they are representing the company. They need to be sending emails in a professional manner and should not, for example, use inappropriate language. Employees should never share their passwords or computer information as this could lead to people hacking each other’s computer and getting people in to trouble. It’s important that all companies have clear policies in regard to using emails for personal use. Taking advantage of using company emails could result in an employer losing their job and not being trustworthy – this would mean they would find it difficult to obtain a different job. The stages in which a company would often use if they found inappropriate use of email depending how wrong the matter was would usually start with a soft or verbal warning then a written warning, probation, suspension, demotion and termination.

Use of internet Similar to email, using the internet at work can be risky if you don’t use it properly. Most companies have a code of practice for what their employees can and can’t use the internet for. You also need to respect others around you and especially at work understand that it is not your personal property. Everyone can see what is on the internet and gives ways and ideas for employees who may want to share secrets about their company. Companies can also monitor what employees are looking at when they are working – this could lead to an employee being sacked if they are looking at something inappropriate. Having completed some research Halifax has had no reported incidents within their company misusing the internet. However I did find an important example of this where a few companies have had to ban social media sites on their work computers as employees have been abusing the use. Organisations such as the Metropolitan Police and other government run organisations need to be particularly careful. I found that more than 1,700 people working for 65 public institutions have been dismissed or disciplined for internet or email misuse in the past three years.

Health and Safety at work Many jobs require employees to be sitting at desks using the computer. Working for long hours sitting at a computer screen can be unhealthy. If the computer or chair is not correctly positioned this could strain your back. Employers are legally required to take any injuries or problems seriously. For example if an employee had hurt their back it would be the company’s responsibility to supply the right type of equipment e.g. an orthopedic chair. There are standard procedures that employers are supposed to use at work to ensure a person’s desk and set up are correct – these are called Work Station Assessments.

Typical example of how you should sit correctly whilst at a computer screen

There are many laws and regulations which cover issues of Health and Safety at work – obviously the Health and Safety Act itself, but also Provision and Use of Work Equipment Regulations 1992, The Workplace, Health, Safety and Welfare Regulations 1992 and Health and Safety (Display Screen Equipment) Regulations 1992 – which is the regulation that requires an employer to conduct work station assessments.

CONCLUSION Businesses have to consider a lot of ethical and legal issues just operate their business. For a Bank these might be quite complex and difficult – they basically operate a business with customers’ money and they use a lot of technology and computers. Banks use the internet more and more to provide services to their customers and so they face a lot of legal requirements that they must understand and make sure that they comply with. A Bank like the Halifax is a commercial, for profit organisation and it needs to be very competitive with other Banks – some of the ethical issues it faces are again quite difficult for it to deal with – perhaps the most challenging is where information or money has been stolen from it and whilst it should be the right thing to do to tell customers and the public what has happened – this can be so damaging to its reputation and hurt its competition to attract new customers from other Banks that it may be tempted to cover up such issues – even if it replaces any customer data or money that is stolen.

P6 – Explain the operational issues in relation to the use of business information Here I will be discussing the operational issues used in Halifax. Operational issues are concerned with: -

Security of information Backups Health and safety Organisational policies Business continuance plans Costs

Security of information Security of information is the protection of privacy, and reliability of data. Businesses have to make sure that they have the correct information available when needed. They also need to make sure the computers they use have anti-virus software as some viruses can wipe information and data. Halifax holds a large number of its customer’s personal information and would require this policy as they need to make sure it is up to date and that it is in a secure place. Halifax have information on their website about how they protect their customers. When customers are using Halifax’s services there is: secure sign in, automatic sign out, fraud detection systems, suspend account – where they will temporarily disable accounts which have had a number of incorrect sign in attempts, telephone masking.

Backups When you backup your work or any information that is important to you it basically duplicates the files on a different piece of hardware or media (such as a backup tape, cd or dvd. It is very important to do this especially with large companies and they would not want to lose vital information. This would apply to Halifax as they are a Bank which holds lots of information about different customers. If they ever lost this information they would be seen as unreliable and would lose their customers. A backup strategy also means that the business can recover its services and operations if a disaster occurs. Halifax have lots of branches and they will backup their data away from the branch so if the

branch was put out of action (for example a flood or fire) then the customers could still access their accounts from another branch or hardware that was held centrally – in a data centre for example. Organisational Policies Halifax has a lot of organisational policies to make sure that its employees know what to do and how to behave. Halifax is a Bank and so is regulated by the FCA (Financial Conduct Authority). This regulator is responsible for making sure that Banks operate correctly – so the Halifax will have a number of policies for its staff – relating to Anti-Bribery, Money Laundering and fraud. This means that employees need to be trained in these areas and policies and that Halifax need to have procedures and audit controls to check that these policies are being followed. Business Continuance Plans Businesses need to have plans to make sure that they can continue their business if a disaster or an event affects their operations. These are called DR (disaster recovery) or BCP (business continuity planning) plans. As I mentioned above a backup procedure or strategy. Such plans would mean Halifax need to know what likely disaster might occur (for example the loss of a branch or an epidemic that meant lots of employees in a certain area would be off sick (bird flu). They then need to know how they would continue their business if this event occurred and what they would need to do or what facilities and equipment they would need to recover from such a disaster so they could continue to operate. Plans will need to be tested regularly to make sure that they work and so Halifax would need to test the plans at least once a year – they might close a branch down and pretend that it has been hit by a disaster (flood) and see how they could recover and continue to serve their customers.

Costs The cost of all the operational issues above can be quite high. BCP plans and equipment and training for employees will be an overhead on the business. The business will need to continually review the policies and plans that it has in place and to have induction procedures and training for new employees and this is a cost to the business. Most businesses, including Halifax, will have a risk management policy to look at each area of operational risk to decide what the likely risk to the business is and what actions need to be taken. This is how the business will determine what costs it must incur to protect against a high risk and what it might be able to manage with less costs as the risk is lower.

Bibliography =X&ei=EFuOUrLaAc3M0AWz8IDwCw&ved=0CAcQ_AUoAQ&biw=1920&bih=988#facr c=_&imgdii=_&imgrc=PyLhF8YXgYOYoM%3A%3Bm6yShuzWtfZRCM%3Bhttp%253A 3B483

P5 and p6  
P5 and p6