Data protection This means ensuring that stored data

Data protection • This means ensuring that stored data does not get changed, removed or accessed accidentally or by unauthorised people. • Data can be corrupted, stolen or lost in many different ways, and it is essential that these are prevented.

Questions to consider • Why do we need to protect data? • How might we protect it?

What do we need to protect data against?

How might we protect it?

What do we need to protect data against? • • Corruption or hardware breakdown Mistakes by users Unauthorised access Theft of equipment Fire, floods, etc Viruses Intentional damage

How might we protect it? • • Regular backups Passwords Encryption Verification and validation Log of users Virus checking Physical security

Hacking This is the breaking of codes and passwords to gain unauthorised entry into computer systems. Write a report for the Head teacher on the implication of hacking for the school. Use the WWW and other sources to investigate the issues.

How can computer crime be prevented? • • • No networking Dedicated phone lines Choice of passwords Check of attempts to access Record of users/times

Viruses • • • What is a virus? What do they do? How do they spread? What effect does the Internet have? How can they be removed? How can they be prevented?

Viruses • • • What is a virus? They are small programs which are written to affect a computer’s operating system without the user knowing they are there. What do they do? They may delete files, make other programs to strange things, display silly messages on the screen, etc. How do they spread? They copy themselves onto disks and across networks. What effect does the Internet have? Viruses can attach themselves to emails or web pages for much more efficient transmission than before. How can they be removed? Programs are available which check for known viruses automatically and alert the user who can then run a virus removal program. How can they be prevented? They can’t, but people who create them can be prosecuted and users can minimise the problem by keeping their virus checking software up-to-date.

Data Protection Principles Personal data must: • be obtained fairly and processed lawfully • be held for specified purposes • not be used for any reason incompatible with its original purpose • be relevant and adequate for the purpose • be accurate and up-to-date • not be kept longer than necessary • be made available to the individual concerned and provision made for correction • be kept secure

Data protection people • Data user is the person or organisation which collects/stores personal data for specific purposes • Data subject is a person whose data is collected/stored • Data Protection Registrar keeps the records of what data users are registered to collect data for.

Data Protection exemptions: no need to register • • • Domestic/recreational data Data which is public by law National Security data Payroll, pensions, accounts Private members’ clubs Mailing list (as long as subject has given permission to be included)

Data Protection exemptions: may disclose without purpose being registered • To subject or with consent of subject • To employees of data user to carry out registered purposes • Prevention/detection of crime. Legal purposes • Tax and national security • In emergency, for medical purposes

Data Protection exemptions: data purposes with no subject access rights • • Tax, prevention/detection of crime Statistics/research Backup Incriminating for data user