Safe Harbor is the name of an agreement between the United States Department of Commerce and the European Union that regulated the way that U.S. companies could export and handle the personal data of European citizens.

Goal? -  The goal of Safe Harbor was to provide a single set of data protection requirements for transferring data across the borders of countries who joined the Safe Harbor.

Reformed? -  In 2016, the European Commission and the U.S. Department of Commerce established the EU-US Privacy Shield, a new legal framework for  data flows, put in place to replace Safe Harbor.

Concerns? - There has been further concerns regarding data held overseas and the locations of data centers.

Security Flaws - A programme was put in place called PRISM by the NSA which aimed to investigate and perform surveillance. this in turn "gave unrestricted access to mass data stored on servers in the US". It has been argued that this programme is used for good and only pin points individuals that have been targeted for security reasons.

ISO International Standards ensure that products and services are safe, reliable and of good quality. For business, they are strategic tools that reduce costs by minimizing waste and errors and increasing productivity. They help companies to access new markets, level the playing field for developing countries and facilitate free and fair global trade. 

 creates documents that provide requirements, specifications, guidelines or characteristics that can be used consistently to ensure that materials, products, processes and services are fit for their purpose. 

We've published 21907 International Standards, which businesses can buy from the members or the ISO Store. 

Bringing real and measurable benefits to almost every sector imaginable, standards underpin the technology that we rely on and ensure the quality that we expect. 

data protection

https://www.parliament.uk/site-information/data-protection/ 

this is an act which was passed in 1998 it is a set of rules for processing personal data there are 8 principles which should be followed 

1. Fairly and lawfully processed 
2. Processed for limited purposes 
3. Adequate, relevant and not excessive 
4. Accurate 
5. Not kept for longer than is necessary 
6. Processed in line with an individual's rights 
7. Secure 
8. Not transferred to other countries without adequate protection

health and safety act 1974

http://www.hse.gov.uk/legislation/hswa.htm 

this is an act which is a set of primary legislations coving health and safety in Britain 


       

' For example, if the law makes property owners report their land dimensions, landowners can't receive fines if they use surveyors or a faulty measuring tool. The landowners act in good faith without knowing about inaccuracies with the measurements.'

Computer misuse act 1990

https://www.sqa.org.uk/e-learning/ITLaw01CD/page_03.htm

https://www.legislation.gov.uk/ukpga/1990/18/introduction

This legislation ensures that your documents on a computer are secured from unauthorised modification and unauthorised access.

Even if someone who tried to access someone else's data and was unsuccessful during their attempt. They can still be prosecuted for trying to get into someones data.

Data protection act 1998

https://www.gov.uk/data-protection

The Data Protection Act is a law that ensures that people are using data that they collect lawfully and for the intended purpose. This legislation has 8 principles that organisations who are gathering information must follow.
 

The information an organisation gathers about a person has to be accurate and up to date at all times and in order to do this a company may contact you once a month just to ensure that the information that they have about you such as a phone number or email is still up to date.

Safe Harbor is the name of an agreement between the United States Department of Commerce and the European Union. The goal of Safe Harbor was to provide a single set of data protection requirements for transferring data across the borders of countries who joined the Safe Harbor collective. The agreement required that companies that collected personal data must inform people their data was being gathered, tell them what would be done with it, obtain permission to pass on the information to a third party, allow people access to the data gathered, ensure data integrity and security and provide a way to enforce compliance.

The USA Patriot Act is an antiterrorism law enacted by the U.S. Congress in October 2001, at the request of then-President George W. Bush in response to the terrorist attacks that took place on Sept. 11, 2001. The law gave new powers to the U.S. Department of Justice, NSA and other federal agencies on domestic and international surveillance of electronic communications; it also removed legal barriers that had blocked law enforcement, intelligence and defence agencies from sharing information about potential terrorist threats and coordinating efforts to respond to them.

#Everyone responsible for using data has to follow strict rules called ‘data protection principles’. 

Safe Harbour
What is it?
Safe Harbour is a set of principles developed around the year 2000 in order to prevent private organizations within the EU or US which store customer data from accidentally disclosing or losing it
What does it mean?
This means that private companies have to be careful with data that members of the public provide to them, especially overseas.

What is it?
The computer misuse act was established in 1990 to prevent the use of a computer for illicit purposes such as hacking or other illegal activities.
What does it mean?
This stops people from using a computer to advantage them in taking money or worse from others through phishing or other means.

ISO 27000

What is it?
What does it mean? 

What is it?
What does it mean? 

(a)to impair the operation of any computer;

(b)to prevent or hinder access to any program or data held in any computer

(c)to impair the operation of any such program or the reliability of any such data.(3)

(1)Source: http://www.legislation.gov.uk/ukpga/1990/18/introduction
(2)Source:
https://en.wikipedia.org/wiki/Computer_Misuse_Act_1990

(3)Source:
http://www.legislation.gov.uk/ukpga/1990/18/crossheading/computer-misuse-offences?view=plain

This applies to any organisation that might handle sensitive information. 

This is classed as a form of fraud as you’re acting as someone else and misusing their account without their permission. To further add to my point unauthorised access of a person's account with the intent to commit a crime is also against this act. Similarly unauthorised alteration of a computer's content goes against the acts rules, this is because the person's account that is being misused is completely oblivious of the movement on their account.  

The computer misuse act was designed to protect user's computer materials from unauthorised access . Many companies generally have computer misuse act in place to prevent any tampering with their materials.

For example g-mail will notify you if your email has been logged into on another server.

 Source: https://goo.gl/Ho8L2h 

DATA PROTECTION

Data protection act 1984, 1998, 2000, this act controls how your personal information is used and accessed by businesses, organisations or the government. The data protection act isn’t capped at computerized information about an individual's, most paper records are also covered (if they’re accessible/surfaced). Each person's responsible for for using data has to follow strict data protection rules, below includes some of the following: 

Source:  https://goo.gl/ikXQcp 

HEALTH AND SAFETY  

Within the workplace , legal obligations have to be taken by the employer concerning health and safety to protect their workers. Concerning the Health and Safety at Work Act 1974, businesses are in charge of the well-being and security of their employees. 

It is a business' obligation to ensure the wellbeing, security and welfare of their representatives and other individuals who may be influenced by their business. Bosses must do whatever is sensibly practicable to accomplish this. This implies ensuring that labourers and others are shielded from anything that may cause hurt, successfully controlling any dangers to damage or wellbeing that could emerge in the working environment. 

Bosses have obligations under wellbeing and security law to evaluate chances in the working environment. Hazard evaluations ought to be done that address all dangers that may cause hurt in your work environment. Managers must give you information about the dangers in your work environment and how you are ensured, likewise teach and prepare you on the best way to manage the dangers. 

Businesses must counsel workers on wellbeing and security issues. Counsel must be either immediate or through a security agent that is either chosen by the workforce or designated by the trade unions. 

All employees are eligible to work in working conditions where dangers to their well-being and security are appropriately controlled. Under well-being and security law, the essential obligation regarding this is down to bosses.

In the event of an emergency it is instructed that each individual stays protected within the health and safety regime and avoids getting into any harm. If someone does however, they must taken whatever action required to receive help such as alerting an alarm etc.

Being an employee, on the off chance that you have particular inquiries or concerns identifying with well-being and security in your working environment, communicate with your boss, manager or a well-being counselor.

Source: https://goo.gl/XhiZwp 

Safe Harbor is the agreement between the United States Department of Commerce and the European Union that regulated the way that U.S. companies could export and handle the personal data of European citizens. 

(a) the racial or ethnic origin of the data subject,

(b) his political opinions,

(c ) his religious beliefs or other beliefs of a similar nature,

(d) whether he is a member of a trade union (within the meaning of the Trade Union and Labour Relations (Consolidation) Act 1992),

(e) his physical or mental health or condition,

(f) his sexual life,

(g) the commission or alleged commission by him of any offence, or

(h) any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings. 
--------------------------------------

The Data Protection Act 1998 (DPA) is based around eight principles
of ‘good information handling’. 

1. Automatically processed information
2. Filing systems
3. Relevant filing systems
4. File Names – using individuals’ names as file names to
structure the information set
5. File Names – using criteria relating to individuals to
structure the information set
6. Indexing and sub-division within files
7. Accessible records
8. Category (e) data 


Computer Misuse Act
https://www.bbc.co.uk/education/guides/zt8qtfr/revision/2

Hacking
Data misuse & unauthorised transfer of copying
Illegal copying and distributing of licensed media (software, music, film)
Email abuse
Pornography
Identity & financial abuse
Viruses

The International Safe Harbour Privacy Principles or Safe Harbour Privacy Principles were principles developed between 1998 and 2000 in order to prevent private organizations within the European Union or United States which store customer data from accidentally disclosing or losing personal information. They were overturned on October 6, 2015 by the European Court of Justice (ECJ), which enabled some US companies to comply with privacy laws protecting European Union and Swiss citizens. 

The seven principles from 2000 are: 

1.       Notice - Individuals must be informed that their data is being collected and how it will be used. The organization must provide information about how individuals can contact the organization with any inquiries or complaints. 

2.       Choice - Individuals must have the option to opt out of the collection and forward transfer of the data to third parties. 

3.       Onward Transfer - Transfers of data to third parties may only occur to other organizations that follow adequate data protection principles. 

4.       Security - Reasonable efforts must be made to prevent loss of collected information. 

5.       Data Integrity - Data must be relevant and reliable for the purpose it was collected. 

6.       Access - Individuals must be able to access information held about them, and correct or delete it, if it is inaccurate. 

7.       Enforcement - There must be effective means of enforcing these rules. 

 

Source: https://en.wikipedia.org/wiki/International_Safe_Harbor_Privacy_Principles 

 

ISO 27001 

ISO 27001, (formally known as ISO/IEC 27001:2005) is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation's information risk management processes. 

According to its documentation, ISO 27001 was developed to "provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system." 

 

ISO 27001 uses a top-down, risk-based approach and is technology-neutral. The specification defines a six-part planning process: 

 

1.       Define a security policy. 

2.       Define the scope of the ISMS. 

3.       Conduct a risk assessment. 

4.       Manage identified risks. 

5.       Select control objectives and controls to be implemented. 

6.       Prepare a statement of applicability. 

 

Source: http://whatis.techtarget.com/definition/ISO-27001 

The Data Protection Act (DPA) sets out rules for processing personal information. It gives certain rights to individuals and it also says that those who record and use personal information must adhere to eight data protection principles. 

The data protection principles are as follows 

Personal data shall be: 

1. Fairly and lawfully processed 
 2. Processed for limited purposes 
 3. Adequate, relevant and not excessive 
 4. Accurate 
 5. Not kept for longer than is necessary 
 6. Processed in line with an individual's rights 
 7. Secure 
 8. Not transferred to other countries without adequate protection 

Source: https://www.parliament.uk/site-information/data-protection/ 

The Computer Misuse Act is designed to protect computer users against wilful attacks and theft of information. 

Offences under the act include hacking, unauthorised access to computer systems and purposefully spreading malicious and damaging software (malware), such as viruses. 

Unauthorised access to modify computers include altering software and data, changing passwords and settings to prevent others accessing the system, interfering with the normal operation of the system to its detriment. 

The act makes it an offence to access or even attempt to access a computer system without the appropriate authorisation. Therefore, even if a hacker tries to get into a system but is unsuccessful they can be prosecuted using this law. The act also outlaws "hacking" software, such as packet sniffers, that can be used to break into or discover ways to get into systems. 

Source: https://www.sqa.org.uk/e-learning/ITLaw01CD/page_03.htm 

What is the purpose? 

Data protection - The 1998 Data Protection Act was passed by Parliament to control the way information is handled and to give legal rights to people who have information stored about them. (GCSE Bitesize) 

Computer Misuse Act 1990 - The Computer Misuse Act of 1990 is a law that makes activities such as hacking into another person's file or going on illicit content, like pornography and streaming etc, illegal. (http://www.wisegeek.org/what-is-the-computer-misuse-act-of-1990.htm). 

ISO 27000 - is an information security standards that provides a framework for information security management.
(https://www.itgovernance.co.uk/iso27000-family)

How does it apply? Any requirement 

Data Protection Act applies to personal information related to a person, for example, names, addresses, bank details, and opinions expressed about an individual. (https://www.nibusinessinfo.co.uk/content/what-does-data-protection-act-1998-apply)

Computer Misuse Act - Unauthorised access to change computers such as changing software and data.
(http://www.sqa.org.uk/e-learning/ITLaw01CD/page_03.htm)