E-Safety: Data (Cambridge (CIE) IGCSE ICT)
Revision Note
Written by: Robert Hampton
Reviewed by: James Woodhouse
Data Protection
What is the Data Protection Act?
The Data Protection Act (DPA) is a law that protects personal data from being misused
Examples of personal data would include
Name
Address
Date of Birth
Race
Religion
Most people that store personal data has to follow the Data Protection Principles although there are a few exemptions:
Domestic purposes – if you only use personal data for such things as writing to friends and family or taking pictures for your own enjoyment, you are not subject to the DPA
Law enforcement – the Police investigating a crime is not subject to the DPA. E.g. if someone has been suspected of a crime they can't request to see the evidence about them
Intelligence services processing – personal data processed by the intelligence services (e.g. MI5) is not covered by the DPA
The data protection principles
Principle | How does it affect a company? | Example |
|---|---|---|
1. Personal data must be fairly and lawfully processed | A company has to be clear about what personal data they wish to collect and what they want to use it for | A school can request personal data to be able to call guardians in an emergency |
2. Personal data must be collected for specified and lawful purposes | A company cannot use personal data for any purpose other than what they stated originally. They also cannot pass this data on without permission | A company asks for a phone number to call regarding delivery but then uses it to market new products |
3. Personal data must be adequate, relevant and not excessive | A company cannot request personal data that they do not need right away | A bank cannot ask for their customer's previous trips when opening an account |
4. Personal data must be kept accurate and up to date | If a company holds personal data that is wrong or out of date then you have a right to have it corrected or deleted | If a bank has a customer's old address then they will not be able to send up to date statements |
5. Personal data will not be kept for longer than is necessary | A company must delete personal data once they no longer have a need for it | If a customer closes their account the company must delete their data |
6. Personal data must be processed in line with people's rights | If requested a company must provide a customer with all the personal data they hold on them | A hospital has to give a patient’s full records if requested by the patient |
Personal & Sensitive Data
What is personal data?
Personal data is any data that can be used to identify an individual
Example of personal data include:
Name
Address
Date of birth etc.
Personal data | Description |
|---|---|
Personal name | Refers to the full name of an individual, including their first name and last name |
Address | The physical location where an individual lives, including their house number, street name, city, and postal code |
Date of birth | The specific day, month, and year when an individual was born |
Gender | The individual's identity relating to male, female, don’t know, prefer not to say |
Personal images (e.g. a photograph in school uniform) | An image of an individual wearing their school uniform, which can be used to identify and locate them. |
Payment details | Bank card details used for purchasing items or bank details to access online banking |
Passwords | The combination of letters, numbers and symbols used to access accounts that are held by the individual |
Why should personal data be protected?
Inappropriate disclosure of personal data can lead to privacy breaches, identity theft, or misuse of the information
Personal data could be sold to third party companies
Individuals could be held to ransom over personal data gathered
Information gathered could be used to commit a physical crime
How to avoid data being inappropriately disclosed
Personal data must be kept confidential and protected through privacy settings on websites such as social media or strong passwords on websites where personal data is held or used
Access to personal data should be limited to authorised individuals
Think before you post - consider what information could be gathered from your image or content
Check website details about the collection, storage, and use of personal data
Only access websites where personal data is used or viewed when on a secure, encrypted connection
What is sensitive data?
Sensitive data is subset of personal data that if disclosed could lead to personal harm
Sensitive data requires stricter protection
Examples of sensitive data include:
Ethnic or racial origin
Sexual orientation
Medical history etc.
Sensitive data | Description |
|---|---|
Medical record/history | Information related to an individual's health, including any past illnesses, medical conditions, or treatments they have received. This can include any genetic or DNA information about genetic characteristics |
Political views | The individual's opinions on political matters/issues and how they are being handled by the current government. This can include memberships in political parties |
Ethnic/racial origin | The ethnic or cultural origins of the individual's ancestors |
Criminal activities | Any past or current criminal offences |
Membership of trade union | Made up of workers to protect and advance the interests of all workers in the workplace |
Sexual orientation | Defining who you are attracted to, the opposite gender, the same gender, or to both or more than one gender |
Biometric data | Body measurements used to identify us uniquely like fingerprints or facial features |
Last updated:
You've read 0 of your 5 free revision notes this week
Sign up now. It’s free!
Did this page help you?
