There can be many operational, ethical and legal issues related to the use of information in an organisation. It’s important all organisations have policies and procedures in place to manage all of these issues both before, during and after these issues arise.
Having fresh data backups can be the difference between survival and death for a business. Business data should regularly be backed up on to a separate server in a different physical location from the original server in order to reduce the risk of data loss in the event of hard drive failure, theft, fires, floods etc… Backups help to recover and store data.
Health and Safety
Ergonomic assessments of workstations and office areas can improve comfort for employees and help to prevent physical strain and injuries in the workplace. Screen positioning and usage of monitors can be assessed to avoid neck and eye strain. The use of ergonomic keyboards and mice can help to avoid wrist strain. The positioning of tables and chairs can be assessed and be positioned appropriately which can reduce back and leg strain. In order to regulate users blood flow, frequent breaks from the work station are useful which can also help to loosen muscles that may have stiffened due to lack of movement.
These type of policies and procedures are put in place by the business in relation to the use of information systems. This can include things such as confidentiality agreements and non-disclosure agreements to unauthorised parties.
Business Continuance Plan
A backup plan can be put in place for the business to continue to operate as usual in case of a system failure. Almost all businesses rely on IT and information systems so ensuring that there is a backup / business continuance plan in place is important in order to ensure work can resume as quickly as possible in the event of technical problems or outages.
Security of Information
The information that a business possesses must be kept secure. Access should be limited to authorised personnel only. This can be done with access control policies and a system hierarchy structure which restricts access to features and functionality based on user roles.
The following is an overview of legislation and acts regarding information and security of information.
Freedom of Information Act 2000
This act gives the public access to any information that is stored by public services. This includes central and local government, the healthcare service, schools, colleges and universities, the police and other non-department bodies such as committees.
If the information is about you as an individual then it is covered under the Data Protection Act, not this act. The information should be free to obtain, except for the price of a physical copy (photocopying charges etc…). If certain elements of the data are refused then the public bodies must inform you why and have a valid reason.
If the entirety of the data is refused then you have the right to appeal that decision and also refer it to the Independent Information Commissioner. This can affect the company because if this act is not complied with then it will breach the act and the company could be punished.
Computer Misuse Act 1990
This act covers three main points, unauthorised access to computer material (program or data), unauthorised access with the intent to assist in or facilitate a serious crime, unauthorised modification of computer material.
Unauthorised access to computer material would involve accessing any data on a computer that you should not have access to or you are authorised to use.
Unauthorised access with the intent to assist in or facilitate a serious crime would include blackmailing, blocking authorised users access or transferring funds.
Unauthorised modification of computer material would cover anyone that alters code in a system or network, such as worms and viruses. This affects the company because if customer information is accessed by a hacker due to the company’s bad security then the company can be held liable for not stopping unauthorised access into their systems.
Copyright and Patents Act 1988
This law covers the creation of literary, artistic, musical and dramatic works. The law covers the broadcast, public performance, copying, adapting, issuing, renting and lending the material.
Names, titles and colours are not considered copyrightable material but creations that require skill, labour and/or judgement are.
The individual or collective who created the work/material will own the rights to it. However if the work/material was created as part of employment then the work/material will be owned the company/individual who created the work/material.
This act affects the company because if we have an advert running on television with a copyrighted song or sound then we are breaching this act.
Data Protection Act 1984 & 1998
This act covers information and data that is processed via computer sources. It also obligates people who collect, store and process this data or personal records about consumers or customers.
The main aim for the act is to ensure that data is processed fairly and lawfully, that data needs to have a lawful or specific purpose to be stored and that this data is not disclosed outside of the lawful or specific reason.
The data should be consistently accurate, relevant to the purpose and only stored for the amount of time it needs to be.
Individuals with information and data stored about them must have knowledge of this and must also have access to the information, and where applicable the information should be corrected or erased when asked.
The data should be secure to ensure that only authorised access it given and that it isn’t altered, destroyed or disclosed. This security must also cover accidental loss or destruction of said data.
This affects the company because if data for example is stored longer than it needs to be, long after a customer has finished using our business then we as a company are breaching this act, this is also the same case if for example we do not delete customer information when asked.
The eight principles
Information should be:
- Processed fairly and lawfully.
- Obtained for specified and lawful purposes.
- Adequate, relevant and not excessive.
- Accurate and up to date.
- Not kept any longer than necessary.
- Processed in accordance with the “data subject’s” (the individual’s) rights.
- Securely kept.
- Not transferred to any other country without adequate protection in site.
Use of Email
Most businesses have a code of conduct involving the use of email and the use of the internet. Employees must only use email services if it relates to work, but can check personal emails at breaks. This is to ensure that employees are doing their work and not sending personal emails that aren’t relevant to the company.
Most companies also have a code of conduct on what are acceptable sites to be visiting and what are appropriate things to be doing on a computer during work hours. Logging on to social media sites or looking for football tickets may be activities deemed not acceptable and that impact negatively on workplace productivity.
Whistle-blowing is the act of an employee who raises concerns (either internally, such as complaints department or externally, such as newspapers) about practices within the company. These practices can relate to crime, bad business practice, danger or any other risk that could cause damage to the customer, colleagues, and stakeholders in the company or the public.
Organisations may have certain practices in place for more ethical handling of data, such as the management of information or ensuring that marketing and other practices are handled fairly.
During work you may need to create information, you are held responsible for any information that you create, you are the information owner. You are liable to protect the confidentiality of this information and ensure its accuracy and integrity.