University Professional Issues Assignment: Data Protection and Law

Verified

Added on 2022/09/12

AI Summary

This assignment addresses key professional issues related to data protection, computer misuse, and software licensing within the context of a financial services company. The first question examines the responsibilities of a data controller under the UK Data Protection Act 2018, including the handling of customer data, the right to access, rectification, and processing of data, and the ethical considerations of sharing customer information. The second question focuses on the Computer Misuse Act 1990, detailing the three criminal offenses defined by the act and providing examples of how these offenses might be applied in practice. The final question explores software license agreements, specifically the issues a financial company should consider, including license duration and scope, liquidated damages, and intellectual property rights when contracting with a software house. The assignment provides insights into the legal and ethical considerations of data privacy, computer security, and software contracts, all crucial in the modern business environment.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: PROFESSIONAL ISSUES
Professional Issues
Name of the Student:
Name of the University:
Author note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1PROFESSIONAL ISSUES
Table of Contents
Answer to Question 1:.....................................................................................................................2
Answer to question 2:......................................................................................................................4
Answer to Question 3:.....................................................................................................................6
Reference:........................................................................................................................................9

2PROFESSIONAL ISSUES
Answer to Question 1:
a) Data is an important asset of an organization. Thus it has to be protected at all cost. As a
data controller, it is my duty to abide by the rules and the regulations of the data
protection act. On the other hand the Information commissioner ensures that the privacy
of the data is maintained while an individual is using information system for the transfer
of data (Bainbridge, 2008). The data controller before handing over the data to the third
party should confirm the purpose of the data. He or she should prevent the data from
being misused. Lastly, it is the duty of the data controller to mention the areas in which
data should not be used or should be avoided.
b) As per the Data Protection Act, Art 4, Personal data is the data that defines an
individual’s or a community’s genetic, physical, commercial, mental, culture,
physiological, identity. These data are extremely sensitive in nature as it gives ample of
information regarding an individual (Bainbridge, 2008). These data are not meant for any
third party access and needs encryption while transferred over internet. The information
like the credit card details, account data, personnel number or addresses are vulnerable
and needs protection against external access. These are termed as the personal data
because without permission third party access to these data are denied.
c) As per the Data Protection Act of United Kingdom, the company takes full responsibility
of the data that is in the database of the customer. The way in which the information
given by the customer is used by the organization is informed to the customer.
 The right to access: The access to the personal data of the customer is
restricted and only after informing the customer or in presence of the
customer is accessed by the third party (Bainbridge, 2008).

3PROFESSIONAL ISSUES
 Right to the rectification of the user data: The incorrect data is often
updated to the correct ones.
 Removal of the sensitive data after usage: According to the act, the
sensitive information after usage is removed from the database of the
organization such that they are not misused at any cost (Barham, 2014).
 The right to prevent processing of data: This act also allows the customers
to decide how their data is processed in the organization and how and
where the organization is planning to use the data.
d) As the controller of the data for the organization, it is my duty to ensure that the third
party access of the data is restricted. Thus I will not provide the customer email Ids to the
friend as it is incorrect ethically. The customer’s database does not only contains the
email addresses, it also contains other information as well which if disclosed can harm
the integrity and privacy of the data (Gotterbarn, Miller&Rogerson, 1999). The act of the
data protection says that the organization must stay lawful and transparent to the
customer while the data privacy is ensured. As an e commerce website, the business is
the main criteria. The sharing of certain details helps in the process of the expansion of
the business which is important as well. Thus the customer email can only be shared ones
the organization has asked for the permission from the customer themselves.
e) The Data Protection Act 1998: This act states that “Appropriate technical and
organisational measures shall be taken against unauthorised or unlawful processing of
Personal Data and against accidental loss or damage”. Thus as the data controller for the
organization, a proper security control access must be implemented such that similar
incident can be prevented in the future. The details that has been altered can be restored

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4PROFESSIONAL ISSUES
with proper back up, thus the back-up must be kept ready for the emergency purpose for
the organization. According to the Data Protection Act, the customer has the right to
claim for compensation for the loss they are suffering (Granger, 2018). Hence, as the data
controller I should take effective care for the data of the consumer’s for the company.
Computer Misuse Act 1990: According to this act, “A person is guilty if he does any act
which causes an unauthorised modification of the contents of any computer, and at the
time when he does the act he has the requisite intent and the requisite knowledge”. Thus
gaining an unauthorized access to the organizational details and making alterations is an
act of guilty and the person who did this is punishable for this act (Venegas, 2019). As
per the standard of punishment, he or she could be sentenced to 5 years of imprisonment
and a sum of financial compensation.
Answer to question 2:
a) The computer misuse act of 1990 was introduced such that the offences regarding the
misuse of the data can be prevented. As per the recommendations made by the ELC, a
bill was passed for the private members of the organization.Which introduced three
criminal offenses (Carey, 2018). Those are explained in this section.
 The act says that the unauthorized access to the computer system is punishable
with twelve months imprisonment and unlimited fine imposed on them. The
scenario is a bit different in Scotland, where the imprisonment is for six months
and a fine not more than that of the level 5 in the standard scale of fine
imposition.

5PROFESSIONAL ISSUES
For example: a hacker has entered the organizational database and tried to
copy some of the data from the databases or has temporarily made the data
unavailable for the system, will be punished under this section of the act
 The access to the system with intention of causing harm to the system or
initiating offenses that can ignite the flames of other criminal activities is
subjected to five years of imprisonment with monetary penalty.
For example: If a hacker invades the system or a database of an
organization such that the other activities or other impending disaster can
harm the database is punishable under this act of the Computer Misuse.
This act also levy punishments to the hackers’ whose intention was to
insert malicious files into the system.
 If an unauthorized access modifies the information present in the computer
system of an individual or an organization is subjected to ten years of
imprisonment and a fine which depends upon the intensity of the crime (Choi,
2013).
For Example, in this case where the organizational database is not only
hacked but also modified and the data of the customers are exposed on the
display. This is an extreme act of privacy invasion in the system. This
leads to the exposure of sensitive data which is not an idle situation for the
organization and is subjected to punishment under this section of the
Computer data Misuse Act (Macewan, 2008).
b) “They know at the time when they cause the computer to perform the function that
that is the case”this is one of the content of the Computer Misuse Act guilty statements

6PROFESSIONAL ISSUES
(Fafinski, 2013). The sentence implies that if a person access the computer or the system
of his or her employer, he is guilty of accessing a system. This as per the actusreus or the
guilty act is punishable offense. As per the mensrea, or the act of wrong doing, the
employee knows that he or she is not supposed to be accessing the system still continues
to do so. In that case, the Misuse of the computer data act punishes the individual for
accessing the system in which he or she is not authorised to do so.
c) The students were told by the tutor to go and sit in her office and trusted them with the
key of the office. As the student’s get there, the computer displayed the examination
paper of one of their module. They read it and waited for her before she returned.
Technically, the laptop was opened form the beginning, and the student have not
performed any unfair means by touching the system or cracking the codes. Thus they
have not punishable under the misuse of computer act. Again on the other hand, they
have read the question paper which was open which is equivalent to accessing the data
which not meant for the students to access before the examination. Thus under the Data
Privacy Act, it is a punishable offense (Fafinski, 2013).
d) As the trusted employee of the organization, the access of the credit cards details of the
cardholders were applicable for him. Thus, the Computer Misuse Act, section 1, is not
broken as he has the right to access the data. However, according to section 2 of the
computer misuse act 1990, if the access to the system for the misuse of the data is
committed, then the employee is charged of being guilty of committing the crime.
In a similar case, Jayana Morgan, 32, of Wood Green Road, in Birmingham, was
convicted of passing down personal information of the customers and employee details of
the other employees to her own email account, just few weeks before resigning from her

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7PROFESSIONAL ISSUES
post at V12 Sports and Classics Limited. All though, she has admitted her crime in the
court that she has been obtaining data unlawfully. She was charged with £590 for her
crime.
The punishment for committing such crime is 5 years of imprisonment and a lump-sum
amount of charges for doing so.
Answer to Question 3:
a) The Software License agreement is done between the customers and the company which
provides the rights to the consumers to use the software at its own will. It specifies every
details about the software and mentions how exactly the software can be or should be
used. The software license agreement helps covers certain things that can be beneficial
for the software developer and the user of the software. It prevents the abuse or the
misuse of the software (Benfratello & Di Francesco, 2019). If a consumer buys the
software, he or she can replicate it easily. But they cannot sell it in the market openly as
they can be penalized for doing so. It allows the software developer to disclaim warranty.
This helps in solving the demands of the ever unsatisfied consumers. Warranties like the
down-time warranty or loss of data and few more. This way they cannot blame the
developer for their loss. The liability of the developer can be limited with the help of
these license thereby, protecting the consumers from being subjected to the law suits.
Agreeing to the terms and condition before installing the software limits the liability and
the consumer cannot blame the developer for any of the things that follows post
installation. Thus the user license agreement is signed for the purpose of the software
installation or purchase rather than the normal contract for the sales of goods (Masur,
2015).

8PROFESSIONAL ISSUES
b) According to the case that has been provided the following points can be established by
the financial company.
 License agreement: This is a license that helps in the installation of the based on
the software, therefore the copyright of the software is created. A license
agreement is created such that the permission is taken before the installation of
any software (Bainbridge, 2008). This contains mainly of two parts duration and
scope. The duration says how long the purchase will be available for the
software, and scope says where the installation of the software will occur and
how many computer coverage will be provided by the software.
 Liquidated Agreement: It is the penalty the consumer will receive if there is a
delay in product delivery. The money is estimated on the basis of the loss.
 Intellectual property rights: The algorithm that has been developed by the
company must be protected at any cause form the any harm in the future. The
financial organizations should state that the responsibility of the new software
infringes are not theirs (Alberto & Braga, 2017).
 Maintenance: Maintenance is of the most important part of the software housing
and the maintenance has to be performed on a daily basis. The financial
company’s should list their requirement and improvement for updating of the
system.
c) The limitation of the liability is not acceptable as per the Unfair Contract Term act
developed in 1977 (Wilhelmsson & Willett, 2018). The user license act once signed it can
be withdrawn or modified.

9PROFESSIONAL ISSUES
Salvage Association and the CAP financial services were involved in one such cases. The
Salvage Association who wanted their accounting system to be run by the software and
the CAP Financial services limited ensured that. The system provided by the company
was insufficient for Salvage Company. CAP refused to pay extra money for the loss
faced by the company due to the insufficiency of the software. The cause which they
mentioned was software liability limitation.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

10PROFESSIONAL ISSUES
Reference:
Alberto, C., & Braga, P. (2017). The economics of intellectual property rights and the GATT: a
view from the south. In Globalization and Intellectual Property (pp. 27-48). Routledge.
Bainbridge, D. (2008). Introduction to information technology law (6th ed.). Harlow:
Longman.
Barham, C. (2014). Confidentiality and security of information. Anaesthesia & Intensive Care
Medicine, 15(1), 46-48.
Benfratello, L., & Di Francesco, F. (2019). Software License Compliance A quantitative study
on software piracy in Italy.
Carey, P. (2018). Data protection: a practical guide to UK and EU law. Oxford University
Press, Inc..
Choi, M. S. (2013). Assessing the Role of User Computer Self-Efficacy, Cybersecurity
Countermeasures Awareness, and Cybersecurity Skills toward Computer Misuse
Intention at Government Agencies.
Christiansen, J. C. (2016). Contract Negotiations and Software Licensing. Health Informatics-E-
Book: An Interprofessional Approach, 298.
Fafinski, S. (2013). Computer Misuse: Response, regulation and the law. Routledge.
Gotterbarn, D., Miller, K., &Rogerson, S. (1999). Computer society and ACM approve
software engineering code of ethics. Computer, 32(10), 84-88.

11PROFESSIONAL ISSUES
Granger, C. (2018). Data protection and the rules on retention. Practice Management, 28(6), 40-
41.
Macewan, N. F. (2008). The Computer Misuse Act 1990: lessons from its past and predictions
for its future. Criminal Law Review, 12, 955-967.
Masur, J. S. (2015). The Use and Misuse of Patent Licenses. Nw. UL Rev., 110, 115.
Venegas, J. C. (2019). Michael J. Betts.(2017). Investigation of Fraud and Economic. Policing:
A Journal of Policy and Practice.
Wilhelmsson, T., & Willett, C. (2018). Unfair terms and standard form contracts. In Handbook
of Research on International Consumer Law, Second Edition. Edward Elgar Publishing.