+1-817-968-5551
+61-488-839-671
+44-7480-542904About Expert
Key Topics
Requirement
1- Write a repot on "Legal Aspects of Information Technology" with reference to Havard in about 3000 words.
Solution
Section 1:
Answer to Q1: Analysis of the issues raised in the Concerns Section:
The given Concern Section to the case study, states the various concerns that have been raised by the client of the Clearing Skies UK The issues that have been raised are analyzed below:
-
The first issue is that the company Clearing Skies UK has not complied with the terms of the contract. The deliverables that are delivered to its client is not according to the terms of the agreement. It has been found that due to the unmatched expectation with the terms of the agreement, the team members have a strained relationship. The relationship between the team members will turn out to be worse if this continues for long. It has also been found hat the team members are using unprofessional language within the work floor to blame one another in this failed project.
-
The second issue that was raised states that the company has not complied with what the client has wanted, which makes it difficult for the client to handle its customers. The client has the responsibility in managing data strategy concerning data cleansing and governance with regards to different data and information related to sales, HR, finance and procurement.
-
Moreover, one of the senior members of the project has received a mail requesting for action required over the work done on the client’s site.
-
In another case, one of the team members received hundred of junk mails which was later on confirmed by the bank that fraud ha occurred. This shows that the team members of the company do not have good knowledge on securing the data and so the information relating to the clients' site as well as team members leaked which give rise to non-compliance of data security by the company.
-
It is very significant to analyze the probable risk factors before making the risk register. A risk register could not be successful in its purpose unless the likely risk factors are adequately analyzed. All the concerns regarding the risk factors might, therefore, properly evaluate. The organizations have huge impacts and concerns about the risk factors. Therefore the risks are about to be adequately monitored, and then a risk register could be made. There are thus huge concerns about the “non-compliance of terms and conditions” regarding the contract within client and consumers. These definitely could provide a substantial negative impact on the overall brand image of the company.
Allassignmenthelp.com has expertise and experience in coursework writing help. Our team has professionals with relevant industry experience who can provide you with the best law assignment help. So without wasting any of your time place your order and get the best quality criminal law assignment help.
Section 2: Report
Introduction:
The report shall discuss the applicable legislation as per the given scenario. The law that shall be addressed in this report shall be with regards to privacy and data management. The report shall discuss the issues that have been raised with the given case study by aligning the legislations.
Legislation or Regulations with regards to privacy and data management:
The EU. General Data Protection Regulation 2018 has been implemented on the 25th of May, 2018. All European Nations are widely using this regulation and empowered all the member state to frame specific laws on Data Protection complying the provision of EU GDPR. The United Kingdom, who is one of the member states of the European Union, has framed the UK Data Protection Act 2018 (Chugh et al. 2018). This legislation is based on the regulation of the European Union and governs the data protection regime within the country.
Three key points from the legislation aligned to the concerns raised:
According to the UK Data Protection Act 2018, it has been found that the Act requires the organization to comply with specific standards of data security and protection in the country of the UK (GOV.UK. 2019). The three key points that have been identified from the Act which can be aligned to the given case study are as follows:
-
The organization should have an adequate system and security to protect its information system from malicious attacks or data threats. The organizations in the UK should have sufficient measures to mitigate the risks that can arise from various malicious attacks and data threats (Lynskey 2015). The organization should implement adequate cybersecurity controls so that no data is misplaced from the organization's database (Zarsky 2016). The Act requires every organization to put in place an appropriate mechanism to track cyber threats and mitigate the risk that may arise through cybercriminals.
-
According to standards laid down under the EU GDPR, the UK Data Protection Act, also requires the business organization to comply with the rules with regards to the handling of personal data of customers, employees or any other data which must be kept confidential (Borgesius 2016). The organization should also evaluate the risks that are associated with the handling of such personal data and take appropriate measures to mitigate those risks. Therefore, as per the Act, all the organizations should take necessary steps in handling personal data and information so that it is not disclosed in any way.
-
The limitation of purpose is another major point of the UK "Data Protection Act". It had been the legislative requirement that the data might be used for specific reasons only. The data might not apply for any incompatible purpose. Any historical, scientific or public interest scenarios are although the exception for such data limitation purpose. This particular point also states that the data might not use for any other purpose. Thus there are layers of restriction in the purpose limitation of data in the UK. It is also very significant to inform the ICO or "Information' Commissioner's Office” about the planning of acquiring data.
Subject Access Request (SAR)
The Subject Access Request is the right to access, which allows each and every individual to obtain certain types of information. This shall help in maintaining the transparency and lawfulness and the accuracy of the information that has been recorded by an organization with respect to a particular individual. The individual can make a subject access request on his or her personal information that has been recorded in the organization's database. According to the GDPR, an organization should fulfil the application of an individual without any delay or to a maximum of one month. However, if the request of the individual includes numerous other offers, then the organization can be allowed to process the request for three months. In such circumstances, the delay in processing the request should be informed within one month. For example, an ex-employee of the organization can make a request to provide it is personal information that has been recorded with its ex-employer. The ex-employee shall process such request within one month or shall provide information for delay for more than one month.
Therefore, as per the given case study, the personal information such as the request made by one of the ex-customer of the client company shall be provided by the client company to the customer company within one month of making such request. However, if the client company fails to honour such request of its ex-customer, the client company shall face legal action and may have to pay fines and lose its reputation in the market. However, in the case of non-personal information, the company shall not be liable for any such act.
Section 3: Report:
Introduction:
This report shall discuss the concerns raised regarding the malicious activities that have been found during the ongoing project of Clearing Skies UK with its client company. The concerns that were raised are as follows:
-
In the first instance, it has been found that an email has been received by the accountant's department of the client company which shows an invoice being sent by Clearing Skies However, the invoice that has been sent was inconsistent with the work being undertaken by the company from the client. This shows that there has been a malicious activity within the' company's data security system.
-
In the second instance, one of the senior members of the team has received an email stating action required from a link which is generally used by the company in the client's site. Therefore, it is proved that the link that is used about a systems account in the client site has malicious activity threat.
-
In the third instance, a team member of the company has been receiving hundreds of junk mails in his email account and received a call from the bank regarding a suspicious transaction. Hence, the email account and various other personal identification have been leaked from the' company's end.
Guidance to the client on each of the issues raised:
-
Instance 1: The question raised, states that an invoice has been sent to the client. The invoice appears to be sent from the company's email address. Therefore, it proves that the company's email address has been maliciously used. Therefore, in the first instance, the company should send a mail to the client so that any correspondence received by the clients shall not be treated as mail sent by the company. Moreover, the company should inform or report such incident with the cybersecurity authority so that prompt action is taken by them. According to the UK Data Protection Act, 2018, it is the duty of the organization or the company to take adequate measures and evaluate the risk associated with the handling of data of the company (GOV.UK. 2019). Therefore, the company should take proper measures to handle data and should mitigate the risks that arise.
-
Instance 2: According to the issue raised by the senior member of the company from the system account of the client site which proves that specific suspicious activity has been found and data regarding' client's information has been leaked from the system of the company. According to the UK Data Protection Act, 2018, the company should maintain the standards as set under the Act. The company should maintain a secure data system which will ensure the security of personal data of customers and employees of the organization (GOV.UK. 2019). The company, in such a case, should inform the client and also inform the cyber protection authorities regarding such malicious activity. The company should appoint an efficient employee to track malicious activity.
-
Instance 3: According to the third issue, one of the team members of the company gets a call from the bank that suspicious activity has been reported from the' member's bank account. According to the UK Data Protection Act, 2018, it has been stated that the company should have a proper and effective cybersecurity control to manage and handle the data and information pertaining to the company, customer of the company and the employees of the company securely and safely so that no personal data is disclosed (GOV.UK. 2019). Therefore, in such case, the company, as well as the member who has received a call from the bank regarding suspicious activity, should inform the concerned authority to take prompt action into the matter.
Place Order For A Top Grade Assignment Now
We have some amazing discount offers running for the students
Place Your OrderSection 4:
According to the issue raised in the concern section of the given document, the company Clearing Skies UK has not complied with the requirements of the client as per the terms and conditions within the contract. Therefore, this Act of the company amounts to a breach of contract and breach of duty.The company can bring action against the team members using unprofessional language within the workplace.
The term breach of contract means when any of the parties to the agreement does not act according to the terms and condition as laid down in the agreement, then the party who does not comply with the terms and conditions of the contract shall be said to have breached the contract. According to the law of contract both the parties are required to comply to the terms and conditions of the agreement which also includes performing the duty as per the agreement and the performance of the obligation under the terms and conditions of the contract must be in good faith and due care (Bizfluent. 2019). According to the given case study or scenario, the company Clearing Skies UK did not follow or meet the requirements as laid down in the contract with its client. This shows that the company has breached the terms and conditions of the agreement, and the client is entitled to take legal action against the company.
According to the law of contract, the loss suffered by the party shall be entitled to receive damages from the party who has breached the conditions of the contract. Liability under law od contact is generally civil in nature and in this given scenario the burden is upon the company Clearing Skies UK, and therefore, the client company can claim compensation for the loss that he has suffered due to non-performance of the duty as per the standards mentioned under the contract (Bizfluent. 2019).
The team members using unprofessional language shall face legal actions. Using improper language within the workplace may offend or dishearten other employees within the workplace. Using offensive and unprofessional language within the workplace is an offence and the employer or other employees to whom such improper language used must bring legal against such person under discrimination and harassment at the workplace. The Equality Act, 2010 and Protection of Harassment Act, 1997 states in case of harassment in the workplace, the person who has conducted such Act must be sentenced to jail up to six months or fine.
There are many examples where civil law had been violated regarding data protection. Many business organizations have found to misuse the permission of data acquiring. It is also prevalent that many business firms or individual have used the data on another purpose than the actual ones. Such examples are sure falls under the violation of "data protection act" of the UK The name of the companies could not be taken here because of privacy issues. But such examples of breach of data usage are ample. It is thus very significant to strengthen the “data protection” more prominently. There are also acts where criminal liabilities occur, such as in the case of using unprofessional language by some of the team members which amounts of harassment and can be sentenced to jail or fine.
Reference:
-
Bizfluent. 2019. Liability In Contract Law. [online] Available at: [Accessed 17 July 2019].
-
Usmani, H., 2019. Overview Of SAR (Suspicious Activity Reporting) -. [online] Hexanika.com. Available at: [Accessed the of the 17th of July 2019].
-
GOV.UK. 2019. Data Protection Act of 2018. [online] Available at: [Accessed 17 July 2019].
-
Chugh, B., Raghavan, M., Kumar, N. and Pani, S., 2018. Effective Enforcement of a Data Protection Regime.
-
Lynskey, O., 2015. The foundations of EU data protection law. Oxford University Press.
-
Borgesius, F.J.Z., 2016. Singling out people without knowing their names–Behavioural targeting, pseudonymous data, and the new Data Protection Regulation. Computer Law & Security Review, 32(2), pp.256-271.
-
Zarsky, T.Z., 2016. Incompatible: The GDPR in the age of big data. Seton Hall L. Rev., 47, p.995.
-
Larsson, S., 2017. A First Line of Defence? Vigilant surveillance, participatory policing and the reporting of 'suspicious" activity. Surveillance & Society, 15(1), pp.94-107.
-
Regan, P.M., Monahan, T. and Craven, K., 2015. Constructing the suspicious: Data production, circulation, and interpretation by DHS fusion centres. Administration & Society, 47(6), pp.740-762.
-
Sato, Y., Suzuki, H., Hiroshi, AKAO. And Ogishima, K., Casio Computer Co Ltd, 2019. Emergency reporting apparatus, emergency reporting method, and a computer-readable recording medium. US Patent Application 10/210,718.
Give your grades a boost
Just share your requirements and get customized solutions on time.
-
1,168,768 Orders
-
4.9/5 Overall Rating
-
5,052 Experts
