P3 - explain the issues related to the use of information
Issues of using information
If you implement a new information system then you should make sure that it is secure and will comply with the data protection act. When collecting information you should make sure that you only take what you need for a specific purpose, it is relevant , accurate, kept for no longer than necessary, kept securely, handled within peoples data protection rights, not transferred outside UK (unless permission is given) and finally it should be obtained fairly and lawfully. Information about sensitive information has stronger legal protection. If these conditions weren’t met then you could be fined up to £500000.
Your information system must be used within the computer misuse act. This means that you should not use the system to hack, damage or change anything on anyone’s computer without their permission. There are 3 levels of offense, 1,2,3 and 3a. level 1 is up to six months in prison and/or a fine, level 2 is up to 5 years in prison and a fine and level 3 is up to 5 years fine and / or an unlimited fine.
There are also ethical issues when using information systems, this is the different between right and wrong, your business should be run fairly and follow procedures.
Whistle blowing is when an employee reports something which is wrong in the business such as discrimination, breaking the law, putting people’s health at risk, damaging the environment or trying to cover up their wrongdoing. People will usually contact their employer or if they think their employer will cover it up or treat them unfairly because of it then they can contact a prescribed person.
The emails sent within the business must also be used appropriately; they should not be used to advertise, for personal gain, offensive material, spread viruses or give away private information. Emails may be filtered or monitored to check they are being used appropriately; rules and policies can be pages long for emails to comply with ethical issues.
To make sure your business continues to operate your information systems will need to be looked after. This means that they will need security, both hardware and software. Depending on how important the information is should determine the security; usually a locked bricked building in an area not prone to natural disasters will be fine. Some server rooms will have air locks in case of a fire so that information won’t be damaged and the fire will be extinguished. It is also important that you have a backup in case your original gets destroyed. Your backup should be in a different location to your original in case it was physically damaged. As your business is a supermarket you will want your backup to be running all the time so that if the original goes down then the backup get be used straight away. As well as having physical security you should have security to protect others from accessing the information, this can be done through firewalls which filter the connections going in and out of the server. Without all of these measures you could lose all your information and some customers. This could include banking details names and addresses, delivery addresses, supplier contact details and all the information you need for your business to operate. Without the information your business would certainly fail.
There are a lot of things to consider when implementing new systems including the price, time and the effectiveness. Implementing a new system can be very expensive as you will have to buy a lot of new equipment (hardware) such as 2 servers (main and backup) or you will have to rent them / use a cloud service. You will also have to buy new tills and pay someone to install the new system. After that you may then have to buy software for the system to operate properly which could be a monthly fee or a one off fee. You will then have to train all of your staff so they know how to use the software properly and you will have to learn yourself.
Impact of information issues.
The computer misuse act should keep information safe from hackers and unauthorized access however people may still try as the information you have could be worth a lot. You must also include policies within the business to make sure the systems are being used properly to help within the business and not for an employee to watch and share porn on. Employees or anyone else should not copy or transfer any information from the machines unless they have permission. The machines shouldn’t be used to store music or films which have been illegally downloaded and break the copyright laws. Firewalls could be used to make sure sites are filtered to be relevant and helpful to your business.
A fair usage policy should be created and used within the business to make sure emails are being used properly and aren’t being used for spam or harmful emails which could upset people. They should also be informed that the computers should only be used to help the business and not to access social media or be used for personal gain. Acceptable use policies can be created yourself so they are free, you could fine guidelines and advice online. To insure people are sticking to the policy you could have all emails filtered for offensive words and if an email contains offensive words it can be reviewed or removed before arriving to its destination.
Whistleblowing will help to keep you on your toes knowing that if you make a mistake you should come clean about it as if you don’t one of your employees may notice and report it. Staff should be told about their rights when joining the company so they know they won’t lose their job or be treated differently for speaking up when they think something is wrong. Zloty will have checks every now and then from the government to make sure they are running properly and to sort out any ethical issues to make sure what you are doing is fair.
Daily automatic backups should be implemented into the system to help prevent any data loss. Every month the backup system could be tested to make sure that it works properly. This would be disabling the original and seeing if the EPOS system continues to work on the backup server and all the other functions work correctly. It is no good having a backup which you then can’t recover so it is important to make sure it works properly and you are prepared in case the worst happens.
Zloty should assess whether or not having a new system would be cost effective and sustainable before they invest is one as they can be expensive and could ruin the business if not successful. To ensure that implementing the new system is successful they should get as much advice and information before they begin and have a clear plan.
Data Protection Act
The Information Commissioner is the person (and his/her office) who has powers to enforce the Act.
A data controller is a person or company that collects and keeps data about people.
A data subject is someone who has data about them stored somewhere, outside of their direct control. For example, a bank stores its customers' names, addresses and phone numbers. This makes us all data subjects as there can be few people in the UK who do not feature in computer records somewhere.
For the personal data that controllers store and process:
1. It must be collected and used fairly and inside the law.
2. It must only be held and used for the reasons given to the Information Commissioner.
3. It can only be used for those registered purposes and only be disclosed to those people mentioned in the register entry. You cannot give it away or sell it unless you said you would to begin with.
4. The information held must be adequate, relevant and not excessive when compared with the purpose stated in the register. So you must have enough detail but not too much for the job that you are doing with the data.
5. It must be accurate and be kept up to date. There is a duty to keep it up to date, for example to change an address when people move.
6. It must not be kept longer than is necessary for the registered purpose. It is alright to keep information for certain lengths of time but not indefinitely. This rule means that it would be wrong to keep information about past customers longer than a few years at most.
7. The information must be kept safe and secure. This includes keeping the information backed up and away from any unauthorised access. It would be wrong to leave personal data open to be viewed by just anyone.
8. The files may not be transferred outside of the European Economic Area (that's the EU plus some small European countries) unless the country that the data is being sent to has a suitable data protection law. This part of theDPA has led to some countries passing similar laws to allow computer data centres to be located in their area
Having a secure password would help to keep your data safe, as would taking regular backups. Accessing computer material without permission is not the same as "altering data without permission" as it refers to looking at someone else's files rather than changing any of the data, though it is still an offence under the Computer Misuse Act (1990).
Computer Misuse Act
Gaining unauthorised access to a computer system is also known as hacking. The law that makes hacking illegal is the Computer Misuse Act. The computer misuse act was passed in 1990. Copying software and trying to sell it to someone for a profit is not an offence under the Computer Misuse Act. However, it is still illegal under copyright law. Allowing people complete access to the system and trusting them to only access their own data would NOT protect against data being misused or damaged on a system. Some chat rooms have moderators who can permit acceptable content and remove content that is inappropriate or unacceptable. Two ways to reduce spam are to never reply to emails from people you don't know or trust, and by setting filters on email accounts. Some chat rooms have been closed down because the system was being abused and vulnerable people targeted.