A Journal of Policy and Practice
Added on 2022-09-12
12 Pages2797 Words13 Views
Running head: PROFESSIONAL ISSUES
Professional Issues
Name of the Student:
Name of the University:
Author note:
Professional Issues
Name of the Student:
Name of the University:
Author note:
1
PROFESSIONAL ISSUES
Table of Contents
Answer to Question 1:.....................................................................................................................2
Answer to question 2:......................................................................................................................4
Answer to Question 3:.....................................................................................................................6
Reference:........................................................................................................................................9
PROFESSIONAL ISSUES
Table of Contents
Answer to Question 1:.....................................................................................................................2
Answer to question 2:......................................................................................................................4
Answer to Question 3:.....................................................................................................................6
Reference:........................................................................................................................................9
2
PROFESSIONAL ISSUES
Answer to Question 1:
a) Data is an important asset of an organization. Thus it has to be protected at all cost. As a
data controller, it is my duty to abide by the rules and the regulations of the data
protection act. On the other hand the Information commissioner ensures that the privacy
of the data is maintained while an individual is using information system for the transfer
of data (Bainbridge, 2008). The data controller before handing over the data to the third
party should confirm the purpose of the data. He or she should prevent the data from
being misused. Lastly, it is the duty of the data controller to mention the areas in which
data should not be used or should be avoided.
b) As per the Data Protection Act, Art 4, Personal data is the data that defines an
individual’s or a community’s genetic, physical, commercial, mental, culture,
physiological, identity. These data are extremely sensitive in nature as it gives ample of
information regarding an individual (Bainbridge, 2008). These data are not meant for any
third party access and needs encryption while transferred over internet. The information
like the credit card details, account data, personnel number or addresses are vulnerable
and needs protection against external access. These are termed as the personal data
because without permission third party access to these data are denied.
c) As per the Data Protection Act of United Kingdom, the company takes full responsibility
of the data that is in the database of the customer. The way in which the information
given by the customer is used by the organization is informed to the customer.
The right to access: The access to the personal data of the customer is
restricted and only after informing the customer or in presence of the
customer is accessed by the third party (Bainbridge, 2008).
PROFESSIONAL ISSUES
Answer to Question 1:
a) Data is an important asset of an organization. Thus it has to be protected at all cost. As a
data controller, it is my duty to abide by the rules and the regulations of the data
protection act. On the other hand the Information commissioner ensures that the privacy
of the data is maintained while an individual is using information system for the transfer
of data (Bainbridge, 2008). The data controller before handing over the data to the third
party should confirm the purpose of the data. He or she should prevent the data from
being misused. Lastly, it is the duty of the data controller to mention the areas in which
data should not be used or should be avoided.
b) As per the Data Protection Act, Art 4, Personal data is the data that defines an
individual’s or a community’s genetic, physical, commercial, mental, culture,
physiological, identity. These data are extremely sensitive in nature as it gives ample of
information regarding an individual (Bainbridge, 2008). These data are not meant for any
third party access and needs encryption while transferred over internet. The information
like the credit card details, account data, personnel number or addresses are vulnerable
and needs protection against external access. These are termed as the personal data
because without permission third party access to these data are denied.
c) As per the Data Protection Act of United Kingdom, the company takes full responsibility
of the data that is in the database of the customer. The way in which the information
given by the customer is used by the organization is informed to the customer.
The right to access: The access to the personal data of the customer is
restricted and only after informing the customer or in presence of the
customer is accessed by the third party (Bainbridge, 2008).
3
PROFESSIONAL ISSUES
Right to the rectification of the user data: The incorrect data is often
updated to the correct ones.
Removal of the sensitive data after usage: According to the act, the
sensitive information after usage is removed from the database of the
organization such that they are not misused at any cost (Barham, 2014).
The right to prevent processing of data: This act also allows the customers
to decide how their data is processed in the organization and how and
where the organization is planning to use the data.
d) As the controller of the data for the organization, it is my duty to ensure that the third
party access of the data is restricted. Thus I will not provide the customer email Ids to the
friend as it is incorrect ethically. The customer’s database does not only contains the
email addresses, it also contains other information as well which if disclosed can harm
the integrity and privacy of the data (Gotterbarn, Miller&Rogerson, 1999). The act of the
data protection says that the organization must stay lawful and transparent to the
customer while the data privacy is ensured. As an e commerce website, the business is
the main criteria. The sharing of certain details helps in the process of the expansion of
the business which is important as well. Thus the customer email can only be shared ones
the organization has asked for the permission from the customer themselves.
e) The Data Protection Act 1998: This act states that “Appropriate technical and
organisational measures shall be taken against unauthorised or unlawful processing of
Personal Data and against accidental loss or damage”. Thus as the data controller for the
organization, a proper security control access must be implemented such that similar
incident can be prevented in the future. The details that has been altered can be restored
PROFESSIONAL ISSUES
Right to the rectification of the user data: The incorrect data is often
updated to the correct ones.
Removal of the sensitive data after usage: According to the act, the
sensitive information after usage is removed from the database of the
organization such that they are not misused at any cost (Barham, 2014).
The right to prevent processing of data: This act also allows the customers
to decide how their data is processed in the organization and how and
where the organization is planning to use the data.
d) As the controller of the data for the organization, it is my duty to ensure that the third
party access of the data is restricted. Thus I will not provide the customer email Ids to the
friend as it is incorrect ethically. The customer’s database does not only contains the
email addresses, it also contains other information as well which if disclosed can harm
the integrity and privacy of the data (Gotterbarn, Miller&Rogerson, 1999). The act of the
data protection says that the organization must stay lawful and transparent to the
customer while the data privacy is ensured. As an e commerce website, the business is
the main criteria. The sharing of certain details helps in the process of the expansion of
the business which is important as well. Thus the customer email can only be shared ones
the organization has asked for the permission from the customer themselves.
e) The Data Protection Act 1998: This act states that “Appropriate technical and
organisational measures shall be taken against unauthorised or unlawful processing of
Personal Data and against accidental loss or damage”. Thus as the data controller for the
organization, a proper security control access must be implemented such that similar
incident can be prevented in the future. The details that has been altered can be restored
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Security Risk Analysislg...
|4
|763
|256
Patching Rhododendron Applicationlg...
|4
|883
|113
Liability of Directors in Dronebotics Case Studylg...
|8
|3136
|47
Applications and Technology Conference (LISAT)lg...
|11
|1209
|12
Network Security: Importance, Aims, Issues, Current Techniques, and Future Solutionslg...
|8
|3208
|244
Information Assurance And Deviceslg...
|3
|409
|20