Functional Areas


Medical-keeping patients records and other personal
information.

Commerce-buying or selling products.

Information Technology-developing and creating
software/hardware and communication networks.

Banking-money transaction process

Social Networks-facebook, myspace, twitter, etc.

Online-prolific websites, eBay, amazons, e-mail

Government-social security, passport, other
agencies
 Legal Information

Privacy-law concerning the protecting and
preserving of privacy rights of individuals

Intellectual Property

Copyright-gives creator exclusive rights for an original
work in certain time period in relation to that work

Trademark- commence legal proceedings for trademark
infringement to prevent unauthorized use of that
trademark.

Patent-right granted to anyone who invents or discovers
any new and useful process
 Legal Importance

Terms of use

License agreement

Use of software/hardware/website

Determining and controlling the behavior of the
technological system

Linkages- understanding technology and society

Culture, language, religion, etc.
 Safety Measurements

Personal data must be kept secure, should be
accurate, and must not be misused.

Employees with access need to understand the
implications of the Act.

A security manager or administrator put in control
of access to the data.

Operating procedures to ensure privacy.
Safety measurements cont’

Customer

Company policy available to interested parties.

Data subject told what data is kept and why.

Data to be accurate, and errors must corrected.

Data only used for the purpose it was collected.

Data only sold on if the subject has given permission.

Data only collected with approval in general.

Data subject allowed access and their concerns listened
to.
Safety Measurements cont’

Organisation

Company policy should available for all staff concerned.

personnel to be held responsible over privacy issues and
could be liable under the Act if data leakage occur.

Issues of privacy to be part of the information system,
including security, accuracy and updating.

The security policy to deal with accidental as well as
malicious damage and theft.

personnel to be aware of policy on passwords, physical
security, back-up of files, performance monitor regularly
on security by the administrator.
Safety Measurements cont’

Data protection controller in the organisation to
advise employees and enforce rules.

Employees to be trained properly in the use of
personal data in a database, and aware of the
obligations of the organisation under the law.

Levels of access should be differentiated for
different job users.
 Misuse of Software


Have a clear job description of what they are
allowed to do, and not allowed to do.

Not to introduce unauthorised software.

employees must not bring in personal software.

No unauthorised work done on the system.

Data disks have to be scanned for viruses if used
outside the system.
 Software copyright

It is illegal to copy software or run software that is not
licensed for the purpose.

Company’s information systems administrator is
responsible for the licence.

Admin must run an audit of what and how many of each
software is used and delete any that is used over the licence
agreement.

Ensure there is enough licences for the company work to be
done.

Educate the employees of the consequences to them and the
company.

Ensure that employees are aware of the legalities and sign a
written agreement.