3.6 legislation and regulations
DESCRIPTION
TRANSCRIPT
INFO 33.6 Legislation and Regulations
Specification
1. What is an ICT Policy?2. What is the impact of legislations on these policies?3. Name 5 legislations that relate to the use of ICT4. If you were responsible for an orgnaisations compliance with legislations what approach
would you take to ensure that the all legal requirements are met?5. What are the consequences of not complying with the legislations?6. What is the purpose of the Data Protection Act (DPA)?7. What affect would the DPA have on organisations and their policies?8. What is the purpose of the Freedom of Information Act?9. What affect would the Freedom of Information Act have on organisations and their
policies?10. What is the purpose of the Computer Misuse Act?11. What affect would the Computer Misuse Act have on organisations and their policies?12. What is the purpose of the Copyright, Designs and Patents Act?13. What affect would the Copyright, Designs and Patents Act have on organisations and
their policies?14. What is the purpose of the Health and Safety at Work Act?15. What affect would the Health and Safety at Work Act have on organisations and their
policies?
To consolidate you should be able to answer these questions…
ICT policies outline how the ICT Strategy will be put into operation
6.1 What is an ICT Policy?
Legislations will affect the content of ICT Policies
E.g.
◦ The writing of the Security Policy will be affected by the Computer Misuse Act.
◦ The Acceptable Use Policy will be affected by the Health and Safety at Work Act
6.2 What is the impact of legislations on these policies?
Data Protection Act Freedom of Information Act Computer Misuse Act Copyright, Designs and Patents Act Health and Safety at Work Act
6.3 Name 5 legislations that relate to the use of ICT
Make sure that you are fully aware of the implications of each legislation
Check how your company currently complies with each act
Identify areas of non compliance and correct them Update procedures to make sure that the company
continues to comply Train staff so that they are aware of what is required
from them under each act Build the procedures into induction training, contracts
of employment and disciplinary procedures Check that procedures are being followed
6.4 If you were responsible for an orgnaisations compliance with legislations what approach would you take to ensure that the all legal requirements are met?
Organisations can be prosecuted for not putting appropriate procedures in place
Employees can be prosecuted for failing to meet their responsibilities
6.5 What are the consequences of not complying with the legislations?
The purpose of the Data Protection Act is to control the way information is handled and to give legal rights to people who have information stored about them.
6.6 What is the purpose of the Data Protection Act (DPA)?
An organisation would probably hirer a data controller to take responsibility for the companies data
The organisation would have to register with the Information Commissioner’s office
The organisation would have to look at each of the 8 principles of the act and put procedures in place that highlight what needs to be done and who is responsible for doing it
E.g.
◦ The handling of customer requests to view their data – who handles it, how are they logged, who checks response times?
6.7 What affect would the DPA have on organisations and their policies?
The Freedom of Information Act gives you the right to ask any public body for all the information they have on any subject you choose.
Unless there’s a good reason, the organisation must provide the information within 20 working days.
You can also ask for all the personal information they hold on you.
http://goo.gl/1xgKh
6.8 What is the purpose of the Freedom of Information Act?
The organisation must identify what information they must release under the act and what information is exempt
Procedures are requires to handle requests and collect any necessary payments
6.9 What affect would the Freedom of Information Act have on organisations and their policies?
The act makes it illegal to:
◦ Gain unauthorised access to computer material
◦ Gain unauthorised access to computer material with intent to commit further offences
◦ Alter computer data without permission
6.10 What is the purpose of the Computer Misuse Act?
Largely a matter of staff training and network security
Staff must be made aware of their rights when accessing the network and should understand that any breach of those rights would result in disciplinary measures.
Staff should be trained and informed about what is illegal and what is bad practice
Access rights on the network must be considered
Security features must be utilised e.g. automatic logout if work station not being used
6.11 What affect would the Computer Misuse Act have on organisations and their policies?
To ensure people are rewarded for their endeavours and to give protection to the copyright holder if there is an infringement
6.12 What is the purpose of the Copyright, Designs and Patents Act?
For most organisations the biggest impact of this legislation is with regards to software licenses
Software tools can be used to analyse what software is installed on all workstations across a network
Any unauthorised software must be removed or licenses purchased
Steps should be put in place to ensure unauthorised software cannot be installed◦ E.g. disabling drives, banning internet downloads, restricting permissions to
install .exe files
Staff must understand the importance of only using authorised software and made aware of consequences
The network audit should be regularly repeated
6.13 What affect would the Copyright, Designs and Patents Act have on organisations and their policies?
To ensure that employers provide a safe working environment for their staff
To ensure that the employees use workstations and equipment correctly in accordance with the training provided by the employer
6.14 What is the purpose of the Health and Safety at Work Act?
Employers must:
Carry out risk assessments on all workstations
Supply suitable adjustable furniture
Train users
Provide sufficient desk space
Consider the tasks being carried out and build in adequate breaks
Provide software that has been designed to good health and safety principles
Provide a system through which employees can report health and safety issues
Review workstations regularly
6.15 What affect would the Health and Safety at Work Act have on organisations and their policies?
Exam Questions
Past Paper Questions
Past Paper Questions