Nguyen Bang Vu ID: GCH16036 Supervisor: Pham Thuy Duong November 2018 Legal, Social, Ethical and Professional issues Abstract This report will focus on assessing legal and ethical issues of TOG could meet and explain the purpose of the implementation of the Data Controller in Chapter as the management summary The next chapter will explain the purpose of BCS COde of Conduct along with examples to outline possible professional issues that TOG need to consider The purpose of this report is to show how the knowledge learned in this course could be applied in practical situation in the coursework Chapter 1: The role of Data Controller and LSEP possible issues and consideration 1.1 The role of Data Controller within the organization Data Controller is a tool used to collect customer information and it control the purpose and the procedure of using data A data controller can works on its own or sometimes it requires third party service to work More specific data controller help company to choose which kind of data to collect, allow change and modify data, allow to keep the data or share it to third party, decide how long the data to be kept According to the case study, data controller is likely to be used in the management system where staff need to keep track of all members information and possibly charities organizations However, to avoid abusive use of data collecting, TOG have to consider some LSEP issues before decide to use Data Controller Data Controller vs Data Processor: What's The Difference? (2018, May 30) 1.2 Possible LSEP issues TOG may face Legal issues: With the use of Data Controller, TOG will be associated with ​General Data Protection Regulation (GDPR) which include UK since TOG franchises are all available in UK towns TOG must confront to this law According to GDPR, data that are classified as personal data include: name, DOB, address, email, phone, bank info and apply to TOG since it use Data controller and it is an UK company There are a lot of rules in this regulations but this section only explain some of them, more information could be found in the reference Dcomisso (2018, May 29) Data protection principles under the GDPR GDPR enforce storage limitation to data which mean​ “personal data must be deleted when you no longer need and depends on the purpose of collecting this data.”​ For example, TOG cannot keep a member information after they leave the club because the data is no longer relevant to this company Dcomisso (2018, May 29) Data protection principles under the GDPR GDPR limit the purpose of using the data This rule include ​“you must only collect personal data for a specific, explicit and legitimate purpose You must clearly state what this purpose is, and only collect data for as long as necessary to complete that purpose.”​ For example: If TOG negotiate with members that their information is only used to keep track of their activity within the club, TOG cannot share this data with a third party that is not relevant to this purpose Dcomisso (2018, May 29) Data protection principles under the GDPR Social issues: Social issues refer to a problems that can affect to a large number of individuals in a society Since the course work did not mention in detail what kind of data control TOG will implement, there are alot of possible social issue regarding with data usage This section will outline some common issues that TOG may face, more information could be found in the reference section The common issue is insufficient authorization If TOG password or protection policy is weak, hackers can break into the system and steal, modify, delete existing data of members It is important to consider implementing good protection system before attempting to use data control tools Poor physical security is also a problem if TOG use hardware to store data because it enable physically accessibility which mean data could be stolen through SD or USB devices TOG also need to decide whether to use cloud computing or enforce the security of storage device Moura, J., & Serrão, C (n.d.) Security and Privacy Issues of Big Data Ethical issues: Ethical issues refer to problems that company must decide to choose between right or wrong However, it depends on the society, legal, belief so ethical issue only need to consider within UK for TOG Even though some ethical issues are not illegal but it is important to consider because it would affect reputation and how customers view the business In the case of using data controller, most of ethical issue regarding with data protection and data privacy is already covered in EU law applied for European Union countries Ethical issues in this case would be similar to legal issue since they are enforced by law A possible ethical issue is discrimination to data accessibility According to Article 21 of Fundamental rights of the EU: “​Any discrimination based on any ground such as sex, race, colour, ethnic or social origin, genetic features, language, religion or belief, political or any other opinion, membership of a national minority, property, birth, disability, age or sexual orientation shall be prohibited​” This means every member of TOG has the equal right and privilege to have access to their data For example, if TOG doesn’t allow Asian members to to see their stored information while everybody have the right to view their info is violating the law because of racism Cushman, R (2009) Ethical, Legal, and Social Issues for EHR Data Protection Another ethical issue about data protection is authority in processing data This regulation means only authorized person have the right to remove, modify and information should not be available to unauthorized participants For example, TOG must allow only authorized staffs to manage customer information, letting any other person to access and modify the management system is against the law and risking the company with lawsuit from customers Cushman, R (2009) Ethical, Legal, and Social Issues for EHR Data Protection Professional issues: Professional issues refer to problems involve with characteristics and qualities that can reflect the profession of a person A professional bodies is a professional association that represent the standard along with training to make sure that the members are qualified for their chosen profession This issue is usually present when TOG want to find experts to implement the data controller tool A common issue that TOG could face when hiring developers is that they can claim their profession as software engineer when they just complete short term learning course with little or no experience TOG should make sure that the intended employee is a member of BCS professional bodies since it is the only association in UK that can regulate the responsibility of the profession Guest (n.d.) Professional Issues in Information Technology Another issue is the misuse of Code of Professional Conduct Code of conduct is a set of standard and behaviors required by BCS that every member has to follow to regulate the way members perform in their profession life However, computer professionals is not strongly bounded to this and usually break the code Hiring professionals who does not meet the code of conduct can lead to further ethical, quality, professionality of the product In this case, TOG may cause data lost, poor security, which then create other issues as above if the data controller is created by a developer who doesn’t bound with the code of conduct Guest (n.d.) Professional Issues in Information Technology Chapter 2: The role of BCS Code of Conduct and possible professional issues need to be consider 2.1 The purpose of BCS Code of conduct As mentioned in the above chapter, BCS Code of Conduct is responsible to set rules and standards to enforce behaviour of members in a professional environment Members of BCS are expected to evaluate themselves to meet the requirements and every members have to follow these codes Any act of breaching the code will be handled depends on the situation under BCS authority 2.2 Possible issues that need to consider in each BCS Code section Public interest Professional Competence and Integrity Duty to Relevant Authority Duty to the Profession References: Data Controller vs Data Processor: What's The Difference? (2018, May 30) Retrieved from https://digitalguardian.com/blog/data-controller-vs-data-processor-whats-difference Dcomisso (2018, May 29) Data protection principles under the GDPR Retrieved from https://www.nibusinessinfo.co.uk/content/data-protection-principles-under-gdpr Moura, J., & Serrão, C (n.d.) Security and Privacy Issues of Big Data ​Web Services,​2197-2229 doi:10.4018/978-1-5225-7501-6.ch114 Cushman, R (2009) Ethical, Legal, and Social Issues for EHR Data Protection ​Information Discovery on Electronic Health Records Chapman & Hall/CRC Data Mining and Knowledge Discovery Series​ doi:10.1201/9781420090413-c5 Guest (n.d.) Professional Issues in Information Technology - PDF Free Download Retrieved from ​https://epdf.tips/professional-issues-in-information-technology.html ... 2: The role of BCS Code of Conduct and possible professional issues need to be consider 2.1 The purpose of BCS Code of conduct As mentioned in the above chapter, BCS Code of Conduct is responsible... discrimination to data accessibility According to Article 21 of Fundamental rights of the EU: “​Any discrimination based on any ground such as sex, race, colour, ethnic or social origin, genetic features,... party service to work More specific data controller help company to choose which kind of data to collect, allow change and modify data, allow to keep the data or share it to third party, decide how