P3 explain the issues related to the use of information [IE1, IE2]

Backups

Backing up data is important and can mean that data is not completely lost in the event of technical failure. This can be done by frequently putting business data on a separate server in a separate location, the separate location is to avoid both the original and backup server from being affected by failures such as fires and floods that would affect both of them if they were in a close proximity. Backing up data can help can help to recover and store data.

Health and Safety

Assessing the work stations environments can help to prevent physical strain and improve comfort. We can assess the screen positioning and usage of monitors to avoid neck and eye strain. Using ergonomic keyboards and mice can also help to avoid wrist strain. Tables and chairs can be assessed and appropriately positioned to allow comfort and reduce back and leg strain. Frequent breaks from the work station will give the employee a chance to regain regular blood flow that may have been shortened due to un-ergonomic equipment; it can also help to loosen muscles that may have stiffened due to constant positioning.

Organisational Policies

These are the policies and procedures put in place by the business on the use of information systems. This can be things such as ensuring data is kept confidential and not disclosed to unauthorised parties and altering any information that is incorrect and wrong.

Business Continuance Plan

This is a backup plan put in place to continue the organisation operates as usual, or as best as possible in the event that the system fails. IT and information systems are essential in most businesses so ensuring that there is a business continuance plan in place is important to ensure work can resume as quickly as possible during technical faults.

Security of Information

Information must be kept secure and only authorised access should be given to authorised people, this can be done in a business with access control and a hierarchy system dependant on the sensitivity of data.

Legal Issues

When handling data and information you should be aware of different laws and

legislations that may or may not be relevant to the work you are doing here at SAS Insurance Group.

This Leaflet Is About

This leaflet has been made and distributed to you to inform and keep you aware of the different laws and legislations around the data and information that you will be

handling as part of your job.

Freedom of Information Act 2000

This act gives the public access to any information that is stored by public services, this includes central and local government, the healthcare service, schools, colleges and universities, the police and other non-department bodies such as committees.

If the information is about you as an individual then it is covered under the Data

Protection Act, not this act.

The information should be free to obtain, except for the price of a physical copy (photocopying charges etc...).

If certain elements of the data is refused then the public bodies must inform you why and have a valid reason.

If the entirety of the data is refused then you have the right to appeal that decision and also refer it to the Independent Information Commissioner.

This can affect the company because if this act is not complied with then it will breach the act and the company could be punished.

Computer Misuse Act 1990

This act covers three main points, unauthorised access to computer material (program or data), unauthorised access with the intent to assist in or facilitate a serious crime, unauthorised modification of computer material.

Unauthorised access to computer material would involve accessing any data on a computer that you should not have access to or you are authorised to use.

Unauthorised access with the intent to assist in or facilitate a serious crime,

blackmailing, blocking authorised users access or transferring funds would all be

covered by this.

Unauthorised modification of computer material would cover anyone that alters code in a system or network, such as worms and viruses.

This affects the company because if customer information is accessed by a hacker due to the companies bad security then the company can be held liable for not stopping unauthorised access into their systems.

 

Copyright and Patents Act 1988

This law covers the creation of literary, artistic, musical and dramatic works. The law covers the broadcast, public performance, copying, adapting, issuing, renting and lending the material.

Names, titles and colours are not considered copyrightable material but creations that require skill, labour and/or judgement are.

The individual or collective who created the work/material will own the rights to it. However if the work/material was created as part of employment then the work/material will be owned the company/individual who created the work/material.

This act affects the company because if we have an advert running on television with a copyrighted song or sound then we are breaching this act.

Data Protection Act 1984 & 1998

This act covers information and data that is processed via computer sources.

It also obligates people who collect, store and process this data or personal records about consumers or customers.

The main aim for the act is to ensure that data is processed fairly and lawfully, that data needs to have a lawful or specific purpose to be stored and that this data is not disclosed outside of the lawful or specific reason.

The data should be consistently accurate, relevant to the purpose and only stored for the amount of time it needs to be.

Individuals with information and data stored about them must have knowledge of this and must also have access to the information, and where applicable the information should be corrected or erased when asked.

The data should be secure to ensure that only authorised access it given and that it isn’t altered, destroyed or disclosed. This security must also cover accidental loss or destruction of said data.

This affects the company because if data for example is stored longer than it needs to be, long after a customer has finished using our business then we as a company are breaching this act, this is also the same case if for example we do not delete customer information when asked.

The eight principles

1. Processed fairly and lawfully.

2. Obtained for specified and lawful purposes.

3. Adequate, relevant and not excessive.

4. Accurate and up to date.

5. Not kept any longer than necessary.

6. Processed in accordance with the “data subject’s” (the individual’s) rights.

7. Securely kept.

8. Not transferred to any other country without adequate protection in site.

 

Ethical Issues

Use of Email

The business has a very reasonable code of conduct involving the use of email and the use of the internet. Employees must only use email services if it relates to work, but can check personal emails at breaks.

This is to ensure that employees are doing their work and not sending personal emails that aren’t relevant to the company.

Internet

Most companies also have a code of conduct on what are acceptable sites to be visiting and what are appropriate things to be doing on a computer during work hours, such as going on social media sites or looking for gig tickets for a band, these sort of activities are not acceptable and decrease work productivity.

Whistleblowing

Whistleblowing is the act of an employee who raises concerns (Either internally, such as complaints department or externally, such as newspapers) about practices within the company. These practices can relate to crime, bad business practice, danger or any other risk that could cause damage to the customer, colleagues, stakeholders in the company or the public.

Organisational Policies

Organisations may have certain practices in place for more ethical handling of data, such as the management of information or ensuring that marketing and other practices are handled fairly.

Information Ownership

During work you may need to create information, you are held responsible for any information that you create, you are the information owner. You are liable to protect the confidentiality of this information and ensure it’s accuracy and integrity.