P5 & P6: Create a handbook for Thorpe Park employees covering legal, ethical and operational issues in relation to business information.
Section A of the handbook - Legal issues:
There are various items of legislation (laws) to protect the use of business information.
The General Data Protection Regulation (GDPR) is a new EU law that came into effect on 25th May 2018 to replace the previous Data Protection Act.
GDPR applies across the entirety of Europe but each individual country has the ability to make its own small changes.
In the UK, the government has created a new Data Protection Act (2018) which replaces the 1998 Data Protection Act.
It was the biggest overhaul of data protection legislation for over 25 years, and introduced new requirements for how organisations process personal data.
Is the GPS feature on your phone switched on or off?
What personal data could an organisation hold about you?
An identifier such as:
A name
An image
An identification number
Location data
An online identifier.
One or more factors specific to the:
Physical
Physiological
Genetic
Mental
Economic
Cultural
Social identity of that person.
The regulations also include special categories of personal data.
This means personal data about an individual’s:
RaceEthnic origin
Political opinions
Religious or philosophical beliefs
Trade union membership
Genetic data
Biometric data (where this is used for identification purposes)
Health data
Sex life
Sexual orientation.
Freedom of Information Act 2000
The Computer Misuse Act 1990
This law makes hacking into other peoples systems illegal.
Misusing software is also against the law.
Other legal provisions:
Employers can also monitor employees computer use.
Section B of the handbook - Ethical issues:
Business Ethics
Business ethics are moral principles that guide the way a business behaves.
The same principles that determine an individuals actions also apply to business.
What is the 'morally' correct way for an individual to live their life?
The wallet challenge:
Ethical issues in relation to business communication:
Use of email.
What can employees use
work email for and how often and how personal comments must not be made on work
email.
An example here.
Use of the internet.
Amount of time spent
whilst at work, blocking and controlling certain sites and internet and email
use being monitored by managers.
What would you consider to be unethical about the use of the internet in the workplace?
Sample acceptable use of the internet policy here.
Whistle-blowing.
Speaking to the media about serious concerns that you have about what the
business is or is not doing.
Having policies in place to allow employees to report actions within the business which could constitute illegal activity.
Having policies in place to allow employees to report actions within the business which could constitute illegal activity.
Section C of the handbook - Operational issues:
These are the main operational issues:
Security of information.
There are risks posed by by systems failure and malicious attacks.
Details here.
Businesses need up to date anti virus software together with secure login onto IT systems.
Paper documents also need protecting. Details here.
Backups.
This involves copying information stored on servers.
Backups are saved on separate hardware sometimes in separate locations.
Health & safety.
Issues to consider:
Bad posture.
Incorrect positioning of equipment.
The risk of repetitive strain injury (RSI).
Eye strain.
Consequences of breaching Health & Safety laws. Details here.
HSE prosecutions. Details here.
Organisational policies:
A business should have policies in place to ensure that all legal requirements are met.
In addition the use of communication should be consistent throughout the organisation.
Information ownership.
If you create information at work, then you should be responsible for it.
You need to protect your confidential information.
· There are also ongoing operational issues:
The development of new systems to manage information such as the use of 'The Cloud'.
The introduction of more complex software, including artificial intelligence (AI).
The need to train
staff with new IT systems and costs of security, firewalls, training and
updating systems.
Business continuance plans.
This means thinking about 'what if' scenarios and working out how a business can continue to operate.
You can find out Thorpe Park policies on some of these issues by clicking on the picture below.
