我的資料庫 
我的資料庫
我的資料庫
電腦應用科筆記 -- 數據保護
7
Data Protection (數據保護)
Definition: Data Privacy means the right to keep personal information from being used for purposes other than
it is intended.
Example: (1) Medical records can only be disclosed to the physicians who are treating the patient.
(2) One’s personal bank may have detailed information about his financial situation but he will not
want anybody else to know.
Some
of the organizations holding information on individual:
(1)
Royal Hong Kong Police Force;
(2)
Banks;
(3)
Inland Revenue Station (IRS);
(4)
Hospital Management Authority;
(5)
Insurance Companies;
(6)
Transport Department;
(7)
Companies that one has been worked in;
(8)
Colleges that one has been studied in;
(9)
Other organization
Notes: The government, the employers, and other organizations have always held our personal information.
However, the problem of privacy has not caught widespread public concern until information is being
held in computers.
The difference between manual and computerized Database
The
features of computerized databases that make them different from the manual
systems are shown as follows:
(1)
Large Database
.
retrieving information
quickly
.
Offering us valuable
services
.
causing public concern on
the constant built-up of our personal information
(2)
Computer Networks
.
enable information stored
in a computer database to be
world
.
make the users enjoy
the convenience of using computer networks
(3)
Sophisticated Programs
.
the details of all transactions made by a person can lead
to a surprisingly comprehensive personal profile
.
with nowadays super high speed computers, sophisticated
programs which can build up personal profiles on people by examining
their transaction record have been developed
Issues on Using Computerized Databases
(1)
right to know
(2)
consent
(3) right to concern
Laws on Data Protection in Other Countries
Various
laws on data protection have been enacted on various countries since 1970s. Some
of the important ones are named below.
United
States
.
Fair Credit
Reporting Act of 1970
.
Freedom of
Information Act of 1970
.
Privacy Act of 1974
.
Right to Financial
Privacy Act of 1979
.
Computer Fraud and
Abuse Act of 1986
.
Computer Matching
and Privacy Protection Act of 1988
The
above laws do not cover private organizations. Nonetheless, most of private
organizations having large databases follow the general guidelines:
(1)
No secret databases;
(2)
Information about individuals must be used for the intended purpose only;
(3)
Everyone has the right to access records about himself;
(4)
Everyone has the right to correct records about himself;
(5)
The organization holding the data should take reasonable actions
to ensure the data to be correct and not to be misused.
United
Kingdom
.
Data Protection Act
1984
General
guidelines:
(1)
used by those registered under the Data Protection Register;
(2)
collected, processed, held, and used only for the lawful purposes
described in the register entry;
(3)
adequate and relevant with regards to the purpose described in the
register entry;
(4)
accurate and up-to-date;
(5)
held no longer than the necessary period;
(6)
protected by suitable measures.
Hong
Kong
.
Personal Data
(Privacy) Ordinance
General
rights:
(1)
the right to confirm with data users in using personal data;
(2)
the right to obtain a copy of such data;
(3)
the right to correct personal data
Duties
and powers:
(1)
promote the awareness and understanding of the Ordinance’s
requirements;
(2)
approve and issue codes of practice to data users, which give practical
guidance on compliance with the Ordinance;
(3)
approve requests from data users on the use of computer matching;
(4)
specify classes of data required to submit annual returns and to compile
a register of data users for public inspection;
(5)
inspect personal data systems and make recommendations for compliance
with provisions of the Ordinance;
(6)
investigate suspected breaches of the Ordinance’s requirements and
issue enforcement notices to data users as appropriate
Data Protection Principle
Principle
1: Purpose and method of collection
Principle
2: Accuracy and duration of retention
Principle
3: Use of personal data
Principle
4: Security of personal data
Principle
5: Information to be generally available
Principle
6: Access to personal data
Exemption:
(1)
personal data held for domestic or recreational purposes;
(2)
certain employment-related personal data;
(3)
applications complete with public or social interest, such as: security,
defense, and international relations; prevention or detention of crime;
assessment or collection on any tax or duty; news activities; and health
Employment-related Personal Data
The
Ordinance also covers employment-related personal data except:
(1)
data relating to staff planning;
(2)
data generated by certain evaluative purpose;
(3)
a personal reference for an appointment;
(4)
employment-related personal data which are provided prior to the
commencement of the Ordinance
Responsibilities of Data Users
(1)
Data users are advised to define a clear statement of the
organization’s personal data protection policy;
(2)
Data users should develop an appropriate internal operational procedures
to handle data access and correction requests;
(3)
Data users should ensure that the control mechanism for monitoring the
effectiveness of the organization personal data protection policy and practices
are adequate
(4)
The Controlling Officers have to be appointed to assess, authorize,
monitor and review personal data protection measures in the organization;
(5)
The officers have to educate all related personal to be aware of the data
protection principles;
(6)
The officers should be adequately trained in procedures to promote
personal data protection
Security
.
Password Protection
|
User ID: Andy Huang Password: ******** |
.
User-rights
Restriction
.
Physical Protection
(2)
Backup
A
backup is a duplicate copy of a file or all files stored in a directory or disk
.
Full backup
.
Differential backup
.
Incremental backup
(3)
Data encryption
Caring of Computer Systems
(1)
Power supply
.
Multi-plug Power
Extender
.
Surge Suppressor
(2)
Temperature and Humidity
(3)
Switching On/Off a Computer
(4)
Monitor Care
(5)
Dust and Pollutants
(6)
Floppy Disk Care
(c)2000-2001 我的網頁 保留版
