P3

Legal issues

Data Protection Act:

The data protection act is the law that controls someone's personal data. It ensures that that personal data collected is done so in a fair and lawful manner, this means it has to be obtained with consent and without breaking the law. It also ensures that the data can only be used for the purpose that was specified when collecting the data and that it is only kept for as long as it is needed. The data must also be accurate and kept in a secure environment.


Principle One:
Personal data should be obtained and processed fairly and lawfully
This principle enforces the fact that the data subject must be aware the of the data being recorded and must give their permission. this principle also states that the data subject must be aware of what the data is being used for.

Principle Two:
Personal data can be held only for specified and lawful purposes
this principle expands on the later part of the previous principle. This principle ensures that the data subject is fully aware of what the data will be used for. It also states that the data subject must be notified for consent if the data will be used for any other reason on a later date.

Principle Three:
Personal data should be adequate, relevant and not excessive for the required purpose 
This principle ensures that all data collected is adequate and relevant to the subject. It also states that the data must not be excessive.

Principle Four:
Personal data should be accurate and kept-up-to-date
This principle ensures that any data that could be considered as personal data stored must be accurate and up to date. This principle also states that a data controllers must change the data if requested by that data subject.

Principle Five:
Personal data should not be kept for longer than necessary
This principal ensures that data must not be kept for longer than needed. It also ensures that data is discarded securely and the data subject is notified

Principle Six:
Data must be processed in accordance with the rights of the data subject.
This principle ensures that the data subject still has rights over the data associated with them. An example of this would be the data subject has the right to request their data.

Principle Seven:
Appropriate security measures must be taken against unauthorised access
This Principle states that the data controller must protect the any data from unauthorised access, the data controller must also ensure that the data is coved accidental destruction, accidental loss and unlawful use.

Principle Eight:
Personal information must not be transferred to other country's without adequate protection
This printable states that any data being transferred to different country's must be adequately protected due to potentially differing data laws.

Computer Misuse Act:

The computer misuse act is a law that prevents unauthorised access to a computer system, the law can be separated into 3 sections to make the following act illegal:     

• Unauthorised access to computer material
• Unauthorised access to computer systems with intent to commit another offense
• Unauthorised modification of computer material

The first section prevents anyone to use someone else's identification to access a computer, run a program, or obtain any data.

The second prevents someone from accessing a computer system with out authority to commit a another offense. an example of this would be to access another persons computer to send a virus to their contacts 

The last section prevents anyone from using a computer without authority to delete, change, or corrupt data.

Freedom of Information Act:

The Freedom of Information Act allows any member of the public to ask for any information any public sector company has on any subject. this means that a member of the public can ask for any notes made about them during a situation such as an interview, this could lead to court cases if the information is found to be offensive and unprofessional. 

You can also request to revive information from organisations such as the police or the council, although you must make a request, this can be done verbally, via email or even on social media.

Ethical Issues

E-mails:

Using E-mails in an aggressive or inappropriate manor is not allowed within an company's code of practice and will often result in a disciplinary or even being fired.

In my small business I would have a policy of each case would be dealt separately and would at least result in a disciplinary. I would also set a cap of the amount of personal emails that can be sent, this is prevent any employees from being unproductive.

Internet: 

Internet usage in businesses in generally tracked to ensure employees are not accessing inappropriate websites within the workplace. Businesses will also use software to filter out and prevent access of pornographic or gambling websites in the workplace. If a member of staff is caught consistently wasting time accessing inappropriate sites it could result in a disciplinary or even being fired.

In my small business I would allow the staff some access to the internet but I would ensure it was not over used or abused by using software to create a report of their history, I would then review this report and take any necessary action.

Whistle Blowing:

Whistle blowing is when a member of staff reports the misuse of a computer system. the policies a company has on whistle lowing will generally protect the whistle blower. Whistle blowing can often cause a tension in the work place and could lead to a reduction of productivity from staff. In my small business i would only encourage whistle blowing in server cases of computer misuse, because I believe whistle blowing in minor cases will cause more problems than good and will lead to tension in the work place and a reduction productivity of the staff.

Operational 

Security of Information

Keeping an employees personal information safe is an important policy in a business. this is an area often controlled by the IT department.this because it is a computer system is a sensible platform to keep sensitive information due to its high level of security. It also allows the information to be updated easily and for a record of who has changed the information and when. In my small business game i would use a piece of software such as Microsoft excel to keep the information and since i may not have an IT department i would handle the maintenance and security of the information myself.

Back ups

Back ups are a vital process for any business that aims to succeed in the futer. If a business doesn't backup their computer systems information to somewhere such as an off campus server, they run the risk of potentially losing all of their information and data due to a fault in the computer or even a building fire. A business could do a backup of vital information every week and a complete system update once a month to ensure they never lose any vital data. In my small business game i would back up all of data on to a portable hard drive due to its cost efficiency, I would also only backup vital information such as stock counts and important reports such as income and expenditure reports.

Health and Safety 

Heath and safety is a top priority in a business and although not many risks are associated with working computers precautions should be made to ensure no member of staff sustains an injury. Simple precautions such having the computer monitor correctly positioned and an office chair with an adjustable back. Staff dealing with a computer for 3 hours continuously must have a minimum of a 30 minute break to ensure no damage is done to the eyes. Health and safety is important in my small business game due to the amount of member of the public enter the shop daily, and if something was to injury them while the shop they would be due compensation from earthier the owner or the company itself.

Business contingency plan

A BCP is an important factor for any business and a lot of thought should be put into it. A BCP is a plan that is put in place to ensure that in the worst case scenario there is plan. An example of this scenario could be is all of the computer systems data is lost, and a a good BCP would to have a offsite back of the data, so that it is not lost. In my small business game BCP would be my portable drive with all of the staffs personal information and the businesses reports.

Costs

the costs of installing a brand new IT system can be huge, especially for a smaller business. for this reason it is vital that the business make an assessment on whether or not it would be cost effective. they must take into consideration factors such maintenance and the cost of training an employee to use the system. Is this assessment is not done correctly it could cause the business the go bankrupt or leave the computer system useless and a complete drain on cash flow. In relation to my business game if i decide to hire a company to build and host a website  for me i must ensure that i have a customer demand high enough to ensure i will still be making profit.

Impact of Increasing Sophistication of Systems

As technology advances in capability and complexity, so does the cost of maintaining the systems. This means if a company buys a new sophisticate piece of technology they will also have to pay a high price to keep it working due the training needed to use such equipment, this as a result can cause unexpected expenditure from a company's books. In terms of the small business game you can buy more sophisticated computer systems that will collect more data for you to analyse, but this equipment does come at a large cost.