1 / 15

Control of Information

Control of Information. Who holds information about you?. Many organisations hold personal data about you Government School GP/Hospitals Banks/Building Societies. Shops Who else?. Personal Information Information about a named or identifiable individual. Rights and obligations.

geri
Download Presentation

Control of Information

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Control of Information

  2. Who holds information about you? • Many organisations hold personal data about you • Government • School • GP/Hospitals • Banks/Building Societies. • Shops • Who else? Personal Information Information about a named or identifiable individual

  3. Rights and obligations • These organisations all have legitimate reasons for holding this data but as data holders they have… Legal Obligations • These are covered in more detail in 10.9 but in summary the Data Protection Act covers the legal obligations of data holders and the rights of data subjects

  4. Rights of the Data Subject • As a data subject you have a legal right of access under the Data Protection Act to data stored about you. This access includes the right to know: • What data is stored • How it is processed • Who has access to it • The data controller has up to 40 days to respond to a written request for this information Note: This has been simplified for 10.3 and is covered in more detail in 10.9

  5. Obligations of Data Controllers • Holders of personal data (data controllers) have a legal obligation to: • Take security measures to safeguard personal data e.g. prevent unlawful access/disclosure • Only allow access to data for lawful processing • Ensure that data is not passed to third parties without the explicit consent of the data subject

  6. Controlling Access 1 • There are a number of security measures that can be taken to safeguard personal data: • Careful selection of usernames and passwords • Installation of firewalls to prevent external access

  7. Controlling Access 2 • Standard procedures e.g. not leaving computers logged in, shredding paper documents, taking care of portable computers • The use of encryption for communicating sensitive data • Encryption means scrambling the data so that it can only be read be somebody who has the key to unencrypt the data • Network tools such as Access Rights (permitted levels of access)

  8. Access Rights 1 • Access to specific programs, files or folders on the network • Access to databases at file, record or field level • Explain the database example using Moodle • Access Rights can be used to control:

  9. Access Rights 2 • View • Modify/Edit • Create/Add • Delete • Administrators can use access rights/levels to control staffs’ ability to: Access rights ensure that staff only have access to the data they need Data • Different members of staff in an organisation will have different levels of access.

  10. Paying for Access to Data What does this mean in English? “Understand that the sale of entitlement to access to data may mean paying for a more convenient form of access, the right of which already exists.” AQA specification Some data although available for free may not be in the most useful format. You may therefore be prepared to pay somebody to make it available in a different format e.g. on a searchable CD or summarised into a report.

  11. Paying for Access to Data 2 • Original UK census data is available to the public at the Public Records Office at Kew, London. • Many amateur genealogists prefer to pay to obtain the data held there in CD or online format

  12. Commercial Value of Data “Understand that files on individuals and on organisations that are non-disclosable have commercial value” AQA specification What does this mean in English? Data has commercial value i.e. organisations can sell your personal data to other organisations. You often grant organisations this right when giving them personal data!

  13. Commercial Value of Data 2 • What type of data do organisations buy/sell? • Personal & Family Attributes • Holiday & Travel • Financial Products • Fitness & Sporting Activities • Newspaper/Magazine Readership • Grocery Shopping Preferences • Technology Usage • Entertainment, Interests & Hobbies • Look at this website for a full list of data that can be bought – you might be surprised!

  14. Commercial Value of Data 3 Why are businesses, advertisers and market research people prepared to pay for access to data? • Collecting personal data is costly, time consuming and it can age quickly • It can make more financial sense to buy this data from other organisations that have already collected and checked the data

  15. Revision • Use your textbook/Internet sources to make supplementary notes on the control of information under the headings • Rights/obligations • Access rights/levels • Paying for access • Commercial value • Answer the questions on this worksheet www.fatmax.org/as1/103/control1.doc

More Related