Analysis of Data Protection Laws and Security Implementation

Verified

Added on 2022/09/11

AI Summary

This document delves into the realm of data protection and security, beginning with an explanation of the Data Protection Act and its significance, particularly in the digital age. It explores the core elements of the Act, including general data processing, law enforcement processing, and intelligent services processing, along with regulations and enforcement. The document contrasts the Data Protection Act with GDPR, highlighting the differences in automated decision-making rights. It also covers the Freedom of Information Act and its implications for data disclosure. Furthermore, the document discusses practical aspects of data management, such as data recording, storage, and disposal methods. Security measures, including strong passwords, data encryption, and firewalls, are emphasized. The document then provides a detailed comparison between private and public key encryption, outlining their advantages and disadvantages. The importance of secure information transmission, virus checks, and media selection is highlighted. Finally, it addresses scenarios where a customer may be denied system access and the actions an organization can take, including providing guidance, suspending transactions, and reporting fraud.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Name 1
SECTION 1
Q10
The data protection act protects the privacy of an individual from invaders who like
accessing someone’s information without their consent. The data protection act provides
direction on the action to be taken if someone breaks the law set. Information is power and once
someone accesses it he or she can do anything possible to ruin other people. So, the data
protection act is very important more so this 21st century that technology is picking at a very high
rate. It will help to scare hackers and privacy invaders who steal information more so from social
media platforms by hacking the accounts (Carey, 2018).
Q11
The general data processing element in the data protection act entails the principles and
the rights when data processing is done. This element is mostly applicable in UK where data
protection is well observed. Also, it comes up with a method of setting different and new laws
for data protection authorities to make sure that the data is well protected (Regulation, 2018).
Law enforcement processing. This element highlights the regimes of data protection that
are used by different firms when protecting data for their clients. Banks are the most targeted as
they must show how they ensure data protection for their customers who disclose their private
data and information to them (Shah, 2015).
Intelligent services processing. This element specifies and ensures data is safe from
access by terrorism when it is being processed by the intelligent firms that mostly deal with
investigation like FBI and the likes.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Regulation and enforcement. The regulation and enforcement element in data protection
act ensures through the directive that the data of the citizens is safe when and after being used by
the criminal investigation and enforcement authorities because citizens are required by the law to
provide information so that they can be investigated well before prosecuted. The data given must
be protected and not exposed.
Q12
Data protection act differs with the GDPR in that, the data protection Act for data to be
subjected to decision making and can be done on grounds that are clear and the person is aware
of what is going on despite the GDPR which data subjects have a right not to be subjected to
automated decision (Lovell, M., & Foy, M. A., 2018).
Q13
The freedom of information act explains that data should be at least disclosed fully or
partial disclosure of previously provided information that are controlled by the government when
they have been requested by the authorities in concern (Pozen, 2016).
Q14
Recording of data.
For any organization to record data successfully, they have first to decide the methods of
collecting that data then choose the way they are going to record it so that it easily be referred to.
They can use methods like paper recording, or they decide to use a computer to make the
recording using a certain software.

Name 3
Storage of data.
Data collected and recorded, for it to be safe much easily accessible, an organization can
store it on the cloud but also the option of computer storage is advisable. Also, file storage of
data that is recorded on piece of paper is also applicable (Ren, Y. J., Shen, J., Wang, J., Han, J., &
Lee, S. Y., 2015).
Disposal of data.
When an organization decides to dispose data that was stored using a computer, it is
supposed to delete it by doing right clicking as this will make the data available on the Recycle
bin. If the organization wants to dispose the data completely, there is option for deleting
permanently without being able to access it.
Q15
Having strong passwords on computers.
If the data is stored in a computer, the user of that computer must ensure that they have
passwords and strong one which cannot be guessed, and this makes it hard for anyone to guess
the password and access the data.
Encrypting the data.
It may happen that in an office, staffs share a common computer, so the password of the
computer is known by many. In a case like this, one staff after recording his or her data can
encrypt the file a password so that cannot be opened by any other staff who will try to open it.

For computer and cloud storage, firewall is important as it protects hackers who try to
penetrate to the data using the back door but with a firewall they cannot penetrate through. This
is the most current way to protect data as a lot of data is stored online.
Q16
Private key data encryption.
With this type of encryption, they key to access the data is known and used by one person
without being shared among different users. The private key in communication only the sender
of a message and the receiver has the key.
Public key data encryption.
This kind of encryption, several users have access to the data like when communication is
going on in a WhatsApp group but anyone outside cannot access the data. The data is accessible
only to those have the key encrypted to provide protection for the data.
SECTION 2
Q17
Advantages of private key encryption
Easy to use. To do a private encryption is much easier than public one as it involves only
two individuals, the sender and the receiver.
Uses basics. The private key encryption is simple to learn as it uses basics for example
replacing letters with numbers and the data becomes secure.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Name 5
Disadvantages of private key encryption
Easily exposed to hacking.
Due to the fact that does not entail a lot of complicated encryption, hackers usually find it
easy to invade than the public key encryption.
Requires a lot of efforts to maintain.
For systems, it is hard to ensure security because it uses one key all way through the
system and this makes the system venerable because once the key hacked all the system is lost.
Advantages of public key encryption
Increased security.
When compared to the private key encryption methods, public key has more security. For
example, a system has different sections which are encrypted with different keys making it hard
for the hackers to penetrate.
There is non-interactive login possible.
Public key encryption when done on data, the parties can communicate directly without
procedures of login with passwords authentications making it easy to use.
Disadvantages of public key encryption.
Not scalable. It is very cumbersome when one wants to distribute public keys in large
environments as mostly done manually.
Q18

The organization must ensure that the information is secure from attackers because it can
be hijacked before it reaches the receiver.
The organization should check if the information contains some virus which might lead
to data loss to the receiver of the information. The media the information will be released to is
also important as some media are not secure.
Q19
a.)
The customer can be denied the access to the system because he or she can harm
the organization as the real intentions are not well known as to why the customer cannot
satisfy the set security conditions (Jorna, 2015).
The organization alternatively can advise the customer on how to satisfy the set
security conditions the try to go and implement the security requirements then come back
again and be served.
b.)
The organization can suspend the transaction and try to follow up with the
customer to see the real intentions and the law takes its course.
The organization they can identify the specific fraud and then report the involved
individual to the security authorities for further actions.