logo

Law Assignment: Data Protection Law Assignment

   

Added on  2020-06-06

17 Pages3981 Words205 Views
Data Breach - Data Protection Law

Table of ContentsQUESTION 1.............................................................................................................................1A) Explain the concept of a ‘data breach’..............................................................................1B) What are the legal ramifications set out in the UK Data Protection Act (DPA) in relationto the consequences of data breaches?...................................................................................2C) Discuss critically, with reference to some recent examples produced by the UK Information Commissioner’s Office, how regulators have handled data breaches in practice................................................................................................................................................8D) Consider specific mitigations companies could apply to reduce the risk of a data breach and reduce the potential fines as a result..............................................................................10CONCLUSION........................................................................................................................12REFERENCES.........................................................................................................................13BIBLIOGRAPHY....................................................................................................................15

QUESTION 1A) Explain the concept of a ‘data breach’There is no doubt that in today’s climate one of the key threats that data protectionlaws are trying to mitigate is the risk of “data breach”1.The security concern and the concept of ‘data breach’ has increased with the advent ofnew technologies and ever increasing technological threats and bulk data processing, According to the Information Commissioners’ Office, a personal data breach is:“A breach of security leading to the accidental or unlawful destruction, loss, alteration,unauthorised disclosure of, or access to, personal data transmitted, stored or otherwiseprocessed in connection with the provision of a public electronic communications service”.2Recently, there has been major data breaches is large companies in the UK andglobally. One example is Sony who suffered from a number of high profile data breaches. Inthis case, the hackers had broken the security of the company's computers and releasedthousands of items of personal information in an attempt to derail the release of the NorthKorea-themed comedy. Many high-level Sony execs fell victim to fake Apple ID verificationemails which asked individuals to enter the details into a fake form that enabled the hackersto collect personal passwords, and then rely on the fact that these passwords were also usedfor business networks, this way the hackers obtained access to the full Sony Network. This data breach could have been avoided simply by more robust password policieswith mandatory requirement to usage of unique, strong and frequently rotated passwords.This is only an example of the numerous data breaches which took place in the world 3.1Kuner, Christopher. "Data protection law and international jurisdiction on theInternet (part 1)." International Journal of Law and Information Technology. 18(2)(2010): 176-193.2'SecurityBreaches'(Ico.org.uk,2017)<https://ico.org.uk/for-organisations/guide-to-pecr/communications-networks-and-services/security-breaches/> accessed 29 July 20173Ho, Vincent, Ali Dehghantanha, and Kamalanathan Shanmugam. "A guideline toenforce data protection and privacy digital laws in Malaysia." In Computer Researchand Development, 2010 Second International Conference on. pp. 3-6. IEEE, 2010.1

Therefore, it would be assumed that the legislative framework on the concept of databreaches is ‘water tight’.To many people’s surprise, although data breaches represent one of the most seriousconsequences of a privacy breach – and the core focus of most regulatory activities, thenotion of a data breach is not defined under the Data Protection Directive 95/46/EC.However, the PEC Regulations in the UK4 has implement the definition to some extentthrough the amended e-Privacy Directive defining data breach as:“A breach of security leading to the accidental or unlawful destruction, loss,alteration, unauthorized disclosure of, or access to, personal data transmitted, stored orotherwise processed in connection with the provision of a publicly available electroniccommunications service in the Community”5. Although the Data Protection Act has an inclusive definition of what ‘data’ is, theData Protection Directive does not have a definition of what ‘data’ is. Therefore, as Careyexplains, the ‘starting point in the UK is to make a determination as to whether theinformation being processed amounts to ‘data’.6Having said this, the concept of data breaches is one that is defined to some extent bythe legislative framework, however, there are no formal framework for data breaches andeach member of the European Community is at their discretion to implement their ownframework and we discuss the implementation by the UK below. B) What are the legal ramifications set out in the UK Data Protection Act (DPA) in relationto the consequences of data breaches?Firstly, in terms of enforcing the law on data beaches, Part V of the Data ProtectionAct provides ways by which the Information Commissioner can ensure that data controllerscomply with the law. These include the power to serve notices and could require them tosupply information to them. Section 42 of the DPA allows individuals to apply to theCommissioner for an ‘assessment’ to see whether their information is being processeslawfully. There are also safeguards in place within the Act ensuring compliance with the4'What Are PECR?' (Ico.org.uk, 2017) <https://ico.org.uk/for-organisations/guide-to-pecr/introduction/what-are-pecr/> accessed 29 July 20175Protection, Patient, and Affordable Care Act. "Patient protection and affordable careact." Public law. 111 (148) (2010): 1.62

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Network Security Assessment: Part 1 - Vulnerabilities Assessment
|9
|1577
|381

Network Security Assessment: Part 1 - Vulnerabilities Assessment
|9
|1749
|483

Network Security & Its Vulnerabilities | Document
|9
|1749
|130

Legal & professional issues in nursing
|3
|502
|90