The Rights of the Data Subject

The Rights of the Data Subject

According to the DPA you and I, the data subjects, have the following rights:

GCSE ICT - DPA* To view any information an organisation holds about us.

* To request information held about you be up-to-date and accurate.

* Not to have information held about you used for direct marketing.

* Not to have information held about you used in a way that may cause damage or distress.

In 2003 amendments were made to the 1998 Act which increased the powers of the Data Protection Commissioner as well as the level of security demanded of data controllers when dealing with personal data.
GCSE IT Revision must include a look at:

Data security

Great emphasis is placed by the DPA on protecting data from theft or harm. As a result companies use a range of methods to ensure that personal data is safeguarded. In terms of software this may include:

GCSE ICT - Data Protection

    • The use of passwords to prevent general access.
    • Graded access according to the seniority of the employee.
    • A regular change of passwords so that security is kept current.
    • Additional security questions on top of the password.

Physical protection might include:

    • Restricting access to certain computer areas using magnetic card swipes or key codes.
    • Storing servers or back-ups in safes or high security fire-proof rooms.
    • Use of surveillance equipment and alarms to secure the premises.
    • Employment of security guards to monitor security.

The Computer Misuse Act (1990)

GCSE ICT - Unlocked computerThis act was introduced in 1990 and identifies the following three types of activity as illegal:

1.) Unauthorised access to computer material.

2.) Unauthorised access with intent to alter/destroy computer material.

3.) Unauthorised access with intent to commit, or help someone else commit, a crime.

Illegal access to someone else’s computer can be achieved by hacking into their account, either by guessing or working out the password. Unauthorised collection of personal information can also be collected using spyware, key logging software (software that records what people have typed into their own computer) or by phishing (the setting up of fake sites to resemble well known sites).

Once access to someone else’s account has been achieved, a crime has already been committed. Hackers can go even further by stealing financial and sensitive details, transferring money into their own account or by destroying or altering someone’s files.

Punishment for this kind of crime, depending on the severity, can vary from a small fine to many years in jail. The most common defence against this type of threat involves the installation of firewalls, software which builds a defence against cyber attacks.