Organisation must create awareness of laws to employees:
- Data Protection Acts 1984 and 1998
- Computer Misuse Act 1990
- Copyright and Patents Act 1998
- Health and Safety at Work Act 1974
- Freedom of Information Act 2000: gives individual right to request from any public body all the information they want.
- EU Health and Safety Directive 87/391
- The Regulation of Investigatory Powers Act 2000 (Interception of private communications): concerns use of range of investigative powers by government security services and law enforcement authorities.
- Electronic Commerce (EC Directive) Regulations 2002: requires that all commercial websites must provide certain minimum information about the supplier, it's products and services.
Methods of enforcing and controlling data protection within an organisation include:
- appointing a data protection officer to monitor systems
- establishing procedures to follow up…