Business Unit

This means it could include information about current employees and includes their address, bank details and date of birth. This can only be stored with the consent from the person or if it is necessary for the performance of the person’s job. This Act seeks to provide balance between the interests of an organisation that hold data and the personnel. This person has rights under the Act to access the information, stop information being held about them, prevent the information being passed on for marketing purposes and to have compensation made and to ask the data controller to rectify errors. This Act covers all people. Colleges have had to comply with this Act in several ways and here I have listed three of them. Obtaining permission to use data, Set up data protection policies before starting the business up and training all members of staff. Members have to process data confidentially and accurately to ensure it was seen by nobody outside the business. If someone on the outside of the business found some very personal information about a employee or student this could then deeply upset them and the business could get into a lot of trouble. What is the Freedom of Information Act 2000? The Freedom of Information Act 2000 is an act which defines the ways in which the public may acquire access to government-held information. The objective is to allow individuals and corporations reasonable access to information while minimising the danger of damage to anybody. The idea for this act was first put forward in 1997 and was passed in 2000 and came into full effect in 2005. In order for Colleges to comply with the Freedom of Information Act 2000 they have to regularly publish information whenever possible to a deep enough level. Another way in how Public and government run businesses comply with this information is by allowing the customers of the business to request information from the business which gives them access to their own individual personal information. When a business receives a request, they have a legal responsibility to identify a request which has been made and to handle it accordingly. Staffs who receive customer messages should be particularly aware to identifying potential requests. What is the Computer Misuse Act 1990? The Computer Misuse Act 1990 was designed to enclose legislation and controls over computer crime and Internet fraud. The legislation was created to: -Criminalise unauthorised access to computer systems. -Discourage serious criminals from using a computer in the commission of a criminal offence or seek to get in the way or impair access to data stored within a computer. The Computer Misuse Act 1990 has raised concerns among privacy supporters and those who believe in limiting government authority on daily life and behaviour. However, the Computer Misuse Act has served as a model for computer crime legislation in other Commonwealth countries. How businesses comply with this Act In order for College to comply with this Act they must not: -Display any information which enables others to gain unauthorised access to computer material including instructions for gaining access, computer codes or other devices which assist hacking. -Display any information that may lead to any unauthorised modification of computer materials. -Display any material which may provoke or encourage others to carry out unauthorised access to or modification of computer materials. Ethical issues What are the ethical issues? Codes of practice exist in organisations to maintain business ethics on: -Use of email -Internet -Whistle-blowing -Organisational policies -Information ownership What are Codes of practice? Code of practice is a set of rules which are written which are used to explain how people working in a particular profession should behave. Use of email Most organisations have a code of practice for the correct use of email. Although it is not illegal to perform these, they business tend not to allow this. Tesco tend to state in their code of practice to not use emailing for: -Material which violates copyright restrictions -Personal data about a third party in contravention of the Data Protection Act -Messages likely to cause offence -Material which could be used to breach computer security or facilitate unauthorised access The correct use of emailing in a business such as Tesco is: -To give standard information to a large group of employees -To distribute urgent information quickly -As a memo, but only when the text is short and to the point -To gather views quickly Internet A lot of businesses also have codes of practice on the use of internet and what their employees are able to use their internet for. Things employees aren’t allowed to use the internet for at Tesco are: -Do not access the Internet unless for authorised / supervised activities. -Do not use the Internet to obtain, download, send, print, display or otherwise transmit or gain access to materials which are unlawful, obscene or abusive. -Respect the work and ownership rights of people, as well as other employees or staff. This includes abiding by copyright laws. Do not engage in ‘chat’ activities over the Internet. This takes up valuable resources which could be used by others to benefit their studies. -No pornography Whistle-blowing A whistle-blower is an employee or member of staff who raises a concern about a business practice either to management or to the press. The concerns raised could be: -Fraud -Crime -Danger Whistle-blowers may receive legal protection through the Public Interest Disclosure Act, but the offence being reported must make up an intentional attempt to break the law. Organisational policies Organisations could have many policies to make sure that their business practices with regards to information can be done more ethically. Tesco have to manage their information and also make sure their marketing is fair in order to stay within these policies. Information ownership If a business creates information in the day to day work, then they should be responsible for it. If a business such as Tesco owns information, they then have to protect it to an appropriate degree and this includes the information’s confidentiality and no changed have been done to the information.