Personal Data (Edexcel GCSE Computer Science)
Revision Note
What is a legal issue?
A legal issue is a problem or dispute concerning the interpretation, application, or violation of laws
Examples of legal issues in computing are:
Copyright - The use of other peoples content without permission
Cybersecurity - Protecting against hackings, data breaches and all other cybercrimes
Data protection - Responsible collection, storing and use of personal information
What is an ethical issue?
An ethical issue is a situation that raises questions about what is right and wrong
As technology advances and laws are slow to keep up, ethical issues are more prevalent
Ethical issues call in a persons own morals and values as there is often a lack of an easy answer and decisions can have consequences for yourself and others
What is personal data?
Personal data is information that relates to an identified or an identifiable individual
Personal data can be extremely valuable to organisations and can be obtained in many ways
Examples of how personal data can be collected include:
GPS
Number plate/face recognition
Smart listening devices
Signing up to services, organisations and products
Customer surveys
Electronic tagging
Official purposes - council/government/medical services
The collection of personal data raises many ethical and legal issues such as:
Privacy
Data protection
Misuse
Cookies
Privacy
What is a privacy issue?
A privacy issue is an issue that comes from collecting, accessing or using personal information without consent or control
Who controls the data and how it is used raises crucial questions as technology becomes a bigger part of every day life
The argument
Citizens | Government/Security services |
|---|---|
"Governments and security services have too much access to private data" | "We cannot keep our citizens safe from terrorism and other attacks unless we have access to private data" |
Examples of privacy issues in computing
Face recognition
The increase in cameras and advances in technology means face recognition is possible, whilst this can mean an advantage in crime prevention/detection, people are concerned about privacy.
Privacy concerns include, what else is being watched? and who is watching?
GPS
GPS is built in to most smart phones and brings with it a number of features that many see as a benefit, 'find my phone' for when it gets lost/stolen, location tagging in photos and for navigation software.
Some users are concerned with where this data is kept? ,who might have access to it? and is it being used for any other purposes?
Internet monitoring
Most schools and businesses use monitoring software to track their students' and employees' internet activity
Social media companies also employ similar tools to detect and remove illegal or harmful content like hate speech, misinformation, or violent threats
Arguments for, these measures promote responsible online behaviour and prevent cyberbullying
Arguments against, concerns about limitations to free speech, potential abuse by authorities who control the monitoring systems, and biased algorithms leading to censorship
Data Protection
What is the Data Protection Act (2018)?
The Data Protection Act (2018) (DPA) is a law that protects personal data from being misused
Examples of personal data would include
Name
Address
Date of Birth
Race
Religion
The Data Protection Act gives individuals ownership of their own personal data
The Data Protection Act requires organisations to get consent before collecting data
Organisations/people that store personal data have to follow the data protection principles, although there are a few exemptions:
Domestic purposes – if you only use personal data for such things as writing to friends and family or taking pictures for your own enjoyment, you are not subject to the DPA
Law enforcement – the Police investigating a crime is not subject to the DPA. E.g. if someone has been suspected of a crime they can't request to see the evidence about them
Intelligence services processing – personal data processed by the intelligence services (e.g. MI5) is not covered by the DPA
The data protection principles
Principle | How does it affect a company? | Example |
|---|---|---|
1. Personal data must be fairly and lawfully processed | A company has to be clear about what personal data they wish to collect and what they want to use it for. | A school can request personal data to be able to call guardians in an emergency. |
2. Personal data must be collected for specified and lawful purposes | A company cannot use personal data for any purpose other than what they stated originally. They also cannot pass this data on without permission. | A company asks for a phone number to call regarding delivery but then uses it to market new products. |
3. Personal data must be adequate, relevant and not excessive | A company cannot request personal data that they do not need right away. | A bank cannot ask for their customer's previous trips when opening an account. |
4. Personal data must be kept accurate and up to date | If a company holds personal data that is wrong or out of date then you have a right to have it corrected or deleted. | If a bank has a customer's old address then they will not be able to send up to date statements. |
5. Personal data will not be kept for longer than is necessary | A company must delete personal data once they no longer have a need for it. | If a customer closes their account the company must delete their data. |
6. Personal data must be processed in line with people's rights | If requested a company must provide a customer with all the personal data they hold on them. | A hospital has to give a patient’s full records if requested by the patient. |
Misuse
What is the Computer Misuse Act (1990)?
The Computer Misuse Act (1990) (CMA) is a law to protect the malicious use of computers
The act was originally created to make sure that computer hacking was covered within the law
The law helps protect individuals' personal data by discouraging hackers from accessing it
Primary offences under the CMA
The Computer Misuse Act has 3 primary offences:
Unauthorised access to computer materials
E.g. If a student finds out a teacher's password and then accesses their computer and opens their filesUnauthorised access with intent to commit further offences
E.g. If the student finds out a teacher's password and then accesses their computer with the intent to increase their marks on their last test resultUnauthorised modification of computer files
E.g. If the student finds out a teacher's password and then accesses their computer and increases their mark on their last test result
The consequences of each offence are worse depending on whether it's offence 1, 2 or 3 with each offence being punishable with time in prison
Cookies
What is a cookie?
A cookie is a tiny data file stored on a computer by browser software that holds information relating to your browsing activity
Typically a cookie will contain:
Browsing history - what websites you have visited
Login information - usernames & passwords
Preferences - language/font size/themes
What is the Privacy and Electronic Communications Regulations (2003)?
The Privacy and Electronic Communications Regulations (2003) is a law that governs the use of cookies
Any website that wants to store a cookie must:
Tell users the cookies are there
Explain what the cookies are doing
Obtain users consent to store the cookie
Worked Example
Discuss the ethical impacts of university students being asked to bring their own personal devices to work from [4]
Answer
Some students may not have (1) / can afford devices (1)...
...so the university may have to provide them (1)
Some students may have more advanced devices (1)…
...so learning opportunities will be different(1)
Students with disabilities (1) have access to screen readers / other software to aid learning (1)
It may not be appropriate for some students from different religions / cultures (1)
Gives access to other experts (1) catering to their individual needs (1)
Last updated:
You've read 0 of your 10 free revision notes
Unlock more, it's free!
Did this page help you?
