Knowledge

Data and information security related to personal or sensitive information

Definition

data security - the prevention of unauthorised access, use, disruption, modification or destruction of data in storage

information security - the prevention of unauthorised access, use, disruption, modification or destruction of information

personal information - any information or opinion about an individual or someone who can be reasonably identified

sensitive information - a subset of personal information and is defined as any information or opinion about an individual’s:

  • race or ethnic origin;
  • political opinions or membership of a political organisation;
  • religious beliefs and affiliations;
  • philosophical beliefs;
  • membership of a professional association or trade union;
  • sexual preferences and orientation;
  • criminal record;
  • health information;
  • genetic information; or
  • biometric information or templates.

This dot point in the syllabus looks at the prevention of unauthorised access, use, disruption, modification, or destruction of data in storage or information about an individual or someone who can be reasonably identified. It is expected that you know the difference between personal and sensitive information, how this relates to the Privacy Act and the methods used to keep personal and sensitive information secure.

Purpose of a code of conduct

A code of conduct exists to ensure employees of a company acknowledge and comply with the expectations of behaviour and conduct in that workplace. It also outlines any disciplinary actions that will be taken in the event of inappropriate behaviour and conduct. A code of conduct will also outline to employees their obligation to act in accordance with the ethics and values of the organisation.

Elements of a code of conduct

Work hours

A code of conduct will typically include the expectations of employees to meet their hours as outlined in their contract and may outline the consequences for tardiness (being late) and absenteeism (days off without reason).

Employee email use

A code of conduct typically outlines that email will only be used for authorised purposes only. The code of conduct may mention that emails will be monitored by authorised personnel and any unauthorised use email may result in penalties ranging from curtailment of the privilege of using  email to criminal charges depending on its use.

Employee privacy

Employers will have access to personal information about employees. This information may be sensitive and employees may wish to keep this information private. This means that employers will need to think about the way in which they collect, use and disclose information they obtain from employees.

In many cases, Commonwealth privacy laws will not apply when it comes to employee records. Commonwealth privacy laws only apply to employee personal information if the information is used for something that is not directly related to the employment relationship between the employer and the employee. The Code of Conduct will normally state how the employee's private information will be used within the company.

Moreover, oftentimes management are asked to deal with private information of employees. A Code of Conduct will outline how and when that private information should and should not be disclosed.

Employer’s monitoring of work emails

Companies will normally state in their code of conduct that they will monitor work emails. If companies were to do this on someone's personal accounts this would be a breach of privacy. However, companies are allowed to do this under the law. Employers will normally monitor emails to detect inappropriate activity or sharing of sensitive information.

Internet access

Companies provide internet access as a service to their employees. It is not a right and they are able to withdraw access to that service.

Computer use

Similarly to email use and internet usage, compuer usage will only be for authorised purposes only. Like email, it will typically be monitored and any unauthorised usage will be sanctioned appropriately.

Online censorship of information in a global context

Internet censorship is the control or suppression of what can be accessed, published, or viewed on the Internet enacted by regulators, or on their own initiative. Individuals and organisations may engage in self-censorship for moral, religious, or business reasons, to conform to societal norms, due to intimidation, or out of fear of legal or other consequences.

The extent of Internet censorship varies on a country-to-country basis. While most democratic countries have moderate Internet censorship, other countries go as far as to limit the access of information such as news and suppress discussion among citizens. Internet censorship also occurs in response to or in anticipation of events such as elections, protests, and riots.

Information retrieved from https://en.wikipedia.org/wiki/Internet_censorship

Why censor the internet?

The concept of censoring parts of the internet is controversial. Proponents of free speech and the free flow of information would argue that anyone should be allowed to access all information. However, some argue that there are topics that should be censured as they cause harm to those people accessing the information or those that are affected by that information.

Technical approaches to censorship

  • Internet Protocol (IP) address blocking
  • Domain name service (DNS) filtering and redirection
  • Uniform Resource Locator (URL) filtering
  • Packet filtering
  • Connection reset
  • Network disconnection
  • Portal censorship and search result removal
  • Computer network attacks

Technical censorship techniques are subject to both over- and under-blocking since it is often impossible to always block exactly the targeted content without blocking other permissible material or allowing some access to targeted material and so providing more or less protection than desired.

Information retrieved from https://en.wikipedia.org/wiki/Internet_censorship#Approaches

Non-technical approaches to censorship

Internet content is also subject to censorship methods similar to those used with more traditional media. For example:

  • Laws and regulations may prohibit various types of content and/or require that content be removed or blocked either proactively or in response to requests.
  • Publishers, authors, and ISPs may receive formal and informal requests to remove, alter, slant, or block access to specific sites or content.
  • And many more!

Information retrieved from https://en.wikipedia.org/wiki/Internet_censorship#Approaches

Online censorship in Australia

Internet censorship in Australia currently consists of a regulatory regime under which the Australian Communications and Media Authority (ACMA) has the power to enforce content restrictions on Internet content hosted within Australia, and maintain a "black-list" of overseas websites which is then provided for use in filtering software. The restrictions focus primarily on child pornography, sexual violence, and other illegal activities, compiled as a result of a consumer complaints process.

Information retrieved from https://en.wikipedia.org/wiki/Internet_censorship_in_Australia

Issues with the use of cloud computing

Confidentiality of data

Sensitivity of documents

Services that provide data in the cloud will encrypt the data so that it can not be accessed by outside sources. However, the service provider that encrypts also has the ability to decrypt that data. If sensitive documents are to be stored on the cloud, they should be encrypted prior to being stored in the cloud.

Level of accessibility

Due to the data in the cloud being networked globally, this makes it more accessible and therefore more prone to cyberattacks.

Availability of online applications

Data stored in the cloud requires internet connection from both the service provider and the company trying to access the service. If either of these links are down, then access to the data will not be available.

Impact of digital technologies and global markets

Productivity

Through the introduction of connected digital technologies and global markets, businesses have been able to make productivity gains by having access to a global supply chain. Digital technologies have helped facilitate the distribution of goods around the world and access more productive means.

Global businesses are able to work around the clock through digital communication, so production and development can be done 24/7.

Access to knowledge or resources

The connectedness of the internet to knowledge and resources is self-evident. Prior to the 1990s, knowledge was siloed and often only shared in person. Access to the internet has allowed people and businesses to share knowledge with the world, as well as access that same shared content. The global market allows people to access resources cheaply and timely from wherever best to access them from.

Outsourcing

The internet has made it easier for businesses to connect with others in the global market who can partake in the workforce. Outsourcing can be achieved at a global level through the ability to find and connect with experts from around the world. IT workers and businesses can sell their services online and connect with companies to acquire their services within to work within their own company. This allows companies to focus on their core business and leave non-core activities to others.

Impact of Web 2.0 / Web 3.0 on the use of digital technologies