Notesale: Turn your study into money

Document Preview

Extracts from the notes are below, to see the PDF you'll receive please use the links above

---

Unit 26: Managing Business Information

P4: Describe the legal issues an organisation must consider in using business information

Tesco with other organisations in the UK, is required to comply with different data laws set
by the Government
...
is secure
...

Tesco collects a lot of personal information from those parties for example the customer
(name, email, home address, phone number, etc
...

The overall point of the Data Protection Act 1998 is to prevent data losses, breaches, hacks
and to make sure private information stays private
...

In order to make sure that businesses comply with this Act, the government has set out eight
key principles, so therefore if the business follows all of these, it ensures they are managing
data in the right way and they aren't breaching the law
...
They also need to tell the individual that they can access and change
the information in which the business stores, as this is their information, so they should be
able to see it and also change it if there have been any errors in entering the initial data
...

The third principle states that “Personal data must be adequate, relevant and not excessive”,
so therefore Tesco should only collect data for the purposes that they state, and they
shouldn’t collect data which is not relevant to the subject matter, so if they are using the
personal data for marketing purposes, they wouldn’t need to collect financial information, so
therefore the data needs to be kept to a minimum, so only basic personal information should
be collected, if it’s relevant to the purpose stated
...

The fifth principle states that “Personal data must not be kept for any longer than is
necessary”, so for example if a Tesco customer decides to deactivate their online account,

then Tesco needs to ensure the data is deleted from their database, as this customer data is
no longer required and no longer has a purpose, so therefore Tesco would need to stick to
this principle of not keeping the data for any longer than they should
...

The seventh principle states that “Personal data must be kept secure”, so therefore Tesco
needs to make sure that there are certain methods in place to prevent data loss and
tampering, such as firewalls, passwords, protected servers, etc
...

The final principle states that “Personal data must not be transferred outside the European
Economic Area without adequate protection” and this falls under two different principles
stated above, those being “Personal data must be kept secure” and “Personal data must be
processed for specified lawful purposes”, so therefore, if data does move internally within
Tesco outside the European Economic Area, so they need to ensure the data stays secure,
and doesn’t suffer any breaches, tamperings, etc, for the time that the data is being used
outside of the European Economic Area
...
The public would also be able to
request information from public authorities such as the government, NHS, schools, police,
etc
...

The key principle behind the Freedom of Information Act 2000 is that the public, or in
Tesco’s case, customers and employees have the right to request and view information
regarding Tesco’s activities, and in the principles, it outlines that the person requesting the
information doesn’t need to express a direct reason for requesting the information, however,
if the organisation does refuse to share their activities/information, they need to give a
justification to why they are refusing to share the information
...
The Act controls three different
offences relating to computer access, those being unauthorised access to computer
material, unauthorised access with the intent to commit other offences and unauthorised
access with the intent to damage/edit data
...
As a result of this Act,
several penalties have been put in place, in the case where there has been unauthorised
access
...
If in
another case, someone gains access to a computer without permission in order to steal data
or carry out another offence, they would receive a sentence of up to 10 years in prison and
can receive a huge fine, depending on the severity of the crime and damage caused
...
If this potential
damage extends to causing harm to human life, such as implanting malware into a hospital
database where human lives are at stake or puts national security at risk, i
...
leaking
government documents, the sentence could be life imprisonment
...
As the customer/employee within Tesco for
example has given up some of their personal information, which needs to stay secure at all
costs such as their home address, and in the case of the employees, their financial
information such as their account number and sort code as well as the salary that Tesco
pays them, so therefore it is vital that this data stays secure as if not, then people's privacy is
at risk, and as a result of the neglect from an organisation like Tesco, they would be
breaching legislations as stated above, and they would also be under fire from the people
who had their information leaked and as a result may face lawsuits, as the
customers/employees trusted them with their private information and were under the
impression that the data would be safe
...
simplybusiness
...
uk/knowledge/articles/2010/04/2010-04-23-data-protection-k
ey-responsibilities-for-small-businesses/
https://ico
...
uk/for-organisations/guide-to-freedom-of-information/what-is-the-foi-act/
https://www
...
co
...
health-ni
...
uk/articles/computer-misuse-act-1990



---