m6 - e commerce - integrity and security
DESCRIPTION
E-Commerce - Data Integrity and SecurityTRANSCRIPT
EP 6/12
What personal data have you sent over the web?
What personal data do you enclose when you purchase an item over the internet?
Are you happy to share all of this data or would you rather some was kept private?
The assurance that Data is consistent and correct.
Making sure data is complete when it is sent, stored or operated upon in any way.
Within the field of E-Commerce any Data that is sent between the customer and the business or between businesses must be subject to data integrity checks.
Making sure that personal data kept by companies is only used in the correct way.
Companies have a legal responsibility to ensure that personal data is not disclosed to the wrong people.
Data Security controls are in place to make sure access to data is controlled.
How can data get “damaged”?
Try and think of a few examples…
Data integrity can be compromised in a number of ways: Human errors when data is entered Errors that occur when data is transmitted
from one computer to another Software bugs or viruses Hardware malfunctions, such as disk crashes Natural disasters, such as fires and floods
There are many ways to minimize these threats to data integrity. These include: Backing up data regularly Controlling access to data via security
mechanisms Designing user interfaces that prevent the
input of invalid data Using error detection and correction
software when transmitting data
TaskWhere does your data travel, when
you buy something on the web? Imagine you buy something on eBay,
try and plot the path of data from your PC.
At what points in this path must data be protected?
Many types of personal data are required be kept private by companies: Lifestyle▪ Religion, Sexual orientation, Political affiliation
Financial▪ Bank details, Credit card details, Financial records
Email Medical▪ Health records
What are the potential risks for people whose personal data is not kept private? Discrimination Embarrassment Damage to personal reputation Email Spam Identity theft Fraud
European Laws state that the data must: Fairly and lawfully processed. Processed for limited purposes. Adequate, relevant and not excessive. Accurate. Not kept longer than necessary. Processed in accordance with the data
subject's rights. Secure. Not transferred to countries without adequate
protection.
United Kingdom introduced a Data Protection Act in 1984 in order to protect consumers. Data may only be used for the specific purposes for
which it was collected Data must not be disclosed to other parties without
the consent of the individual whom it is about Individuals have a right of access to the information
held about them Personal information may be kept for no longer than
is necessary. Companies holding personal information are required
to secure this information.
Group work – 3 or 4 students Internet Research Data Privacy and Security in Thailand
What are the laws for Thai E-Commerce companies? Are there any laws? If not, why not? Are there plans to implement data protection laws?
Give me some actual example of personal data being stolen or abused in Thailand? ▪ What happened?▪ Identity theft? Credit card theft? Fraud? Damaged
reputation? Embarrassment?
How are these laws kept in place? Police? Government agencies?
What happens if companies break the law? Prison? Fines? Any examples?
Please include any information you find interesting.
Please use Microsoft Word for this task. Complete the report and email to me before the start of the next [email protected]
Include in your document any links to websites or web pages that helped you to collect information.
This is called a Reference You link text quoted, from the net or books, to a
reference at the bottom of your document, like this:
Although the Act does not mention privacy, in practice it provides a way in which individuals can enforce the control of information about themselves. Most of the Act does not apply to domestic use,[1]
References [1] Data Protection Act 1998, Part IV (Exemptions), Section 36, Office of Public Sector Information
This is something you will have to do at University every time you complete an assignment.
http://www.oic.thaigov.go.th/
http://www.ipthailand.org/ipthailand/
http://www.wikipedia.org/