Shaheed Zulfikar Ali Bhutto Institute of Science & Technology

COMPUTER SCIENCE DEPARTMENT

Total Marks: ___05__

Obtained Marks: _______

Professional Practices
Assignment # 03

Submitted To: Mam Farah Younas

_______________________________________________________________________

Student Name: Ammar Kafeel

_______________________________________________________________________

Reg Number: 1880165

______________________________________________________________________
_

Professional Practices BSSE 7 SZABIST-ISB

 Shaheed Zulfikar Ali Bhutto Institute of Science & Technology

COMPUTER SCIENCE DEPARTMENT

Question

a. Summaries Young’s principle as discussed in the lecture and list down

the comparison of privacy principle done in-class activity.
Ans: As discussed in the lecture, the principles of Young's state that information should be
viewed as being held for a specific purpose and should not be used for other purposes without
prior authorization from the person, that it should only be accessible to those who are
permitted to use it for the reason for which it was provided, and that the amount of data
collected and stored should be kept to a minimum. In the design and programming of
computerized systems that handle data for statistical purposes, enough provision is made for
separate identities from the rest of the data. Arrangements are established for the individual to
be notified of the information that has been kept about him. level of security that a system
accomplishes should be defined in advance by the user and should include safeguards against
deliberate information abuse or misuse. To help in the identification of any security system
infractions, a monitoring system should be established. In the architecture of information
systems, periods beyond which information should not be maintained should be established.
The data that is saved should be accurate. There should be a system in place to correct
mistakes and update data. Value judgments must be coded carefully.

Comparison of privacy principle

Personal data collection should be limited, and any such data should be gathered lawfully and
fairly, with the knowledge or agreement of the data subject, when relevant. Personal data
should be relevant to the purposes for which it is to be used, and it should be accurate,
complete, and up-to-date to the extent that it is required for those purposes. The purposes for
which personal data are collected shall be specified not later than at the time of data
collection, and subsequent use should be confined to those purposes or those that are not
incompatible with those purposes and are specified on each occasion of change of purpose.

Professional Practices BSSE 7 SZABIST-ISB

 Shaheed Zulfikar Ali Bhutto Institute of Science & Technology

COMPUTER SCIENCE DEPARTMENT

b. Thoroughly study Data Protection Act 1984 and 1998. Elaborate on the
amendments done in Data Protection Act 1994.
Ans:

Data Protection Act 1984

1. Data information that has been recorded in a format that can be processed by
equipment that operates automatically in response to instructions.
2. Personal data consists of information on a living person who can be recognized
from such information (including opinions but excludes intents).
3. Data User—a person who "holds" data, i.e., has control over its content and usage.
4. Computer bureau-is a company that provides data-related services to other people.
5. Data Subject—an individual who is the subject of personal data.
6. Processing entails altering, adding, deleting, rearranging, or extracting the
information that makes up the data, and in the case of personal data, it also entails
conducting any of these operations concerning the data subject.
7. Data Protection Registrar
8. Registration is required for all data users and computer bureau, and the storage of
data by unregistered individuals is forbidden. Registration is required before the
Act's other provisions can be implemented.

The amendments done in the data protection act 1994 are as followed:
 The Data Protection Act of 1998/1994 superseded the Data Protection Act of 1984, which
only protected digital material and computers to a limited extent. The new Act has the
same basic framework as the previous one, with a statement of data protection principles
being central. The text of a number of the principles in the Acts of 1984 and 1998 reveals
some substantial changes in wording and renumbering, although the text of a number of
the principles stays unchanged.

Professional Practices BSSE 7 SZABIST-ISB

 Shaheed Zulfikar Ali Bhutto Institute of Science & Technology

COMPUTER SCIENCE DEPARTMENT

 As we can see the amendments in the act by comparing the two tables, table 1 and table 2.
We can see the amendments done in the 1994/1998 Data Protection Act.
Data Protection Act 1998
1. Data information that has been recorded in a format that can be processed by
equipment that operates automatically in response to instructions. (Same as act 1984
but is amended as) It is a part of a relevant file system or an accessible record,
which comprises manual records.
2. Personal data consists of information on a living person who can be recognized from
such information (Same as act 1984 but is amended as) including opinions and
intents
3. Data Controller—one who determines the purposes for which and how any personal
data are or are to be, processed.
4. Data Processor—anyone who processes data on behalf of the data controller who is
not an employee of the data controller.
5. Data Subject—an individual who is the subject of personal data. (Same as act 1984)
6. Processing—obtaining, recording, or holding the information or data or carrying out
any operation or set of operations on the information or data, including (a)
organization, adaptation, or alteration of the information or data, (b) retrieval,
consultation, or use of the information or data, (c) disclosure of the information or
data by transmission, dissemination, or otherwise making available, or (d) alignment,
combination, blocking erasure, or destruction of the information or data.
7. Data Protection Commissioner
8. Notification—all provisions apply regardless of notice, but in the vast majority of
circumstances, notification of registrable particulars will be necessary.

Professional Practices BSSE 7 SZABIST-ISB