Lesson video
In progress...Loading...
Hello, my name's Mrs. Jones and I'm really pleased that you've decided to learn with me today.
We are gonna look at different aspects of cybersecurity.
So let's get started.
Welcome to today's lesson from the unit Introduction to Security.
This lesson is called Protecting Personal Data, and by the end of this lesson you'll be able to explain why online services collect data about users and the potential risks associated with it.
There are four keywords linked to today's lesson.
Data, data is facts and figures in their raw form.
Information, information is data that has been given structure or meaning.
Personal data, personal data is a legal term that identifies information about a specific person.
Legislation, legislation is a law or a set of laws that has been passed by parliament.
This is the lesson outline.
Today we're going to look at, explain how online personal data can be used.
Describe the threats to stored electronic data and explain why the Data Protection Act is needed.
So let's get started.
The first section is explain how online personal data can be used.
Data is raw facts and figures.
So when you look at these numbers on the screen, on their own, each number may not make sense as we do not know what each number represents.
Information is created when that data has been given a structure or a meaning.
Each number here represents how many cupcakes have been sold each hour.
So you can see that we have three cupcakes, seven cupcakes, four cupcakes, and six cupcakes.
That data has now been given a meaning.
Data can be collected online from a user's activity.
This shopping basket shows the items one person is buying.
We can see a tent, we can see dog toys, and we can see a fitness tracker.
It creates a profile of a customer and converts the data to information.
What information can we now gather about this customer? Pause the video and think about what that information now tells us.
Okay, we get that this information, this person likes the outdoors, is interested in fitness, has a dog and likes camping holidays.
The user may now see more adverts promoting camping and the outdoors.
This is targeted advertising from the information that has been gathered from that shopping basket.
Let's have a quick check.
When data has been given a structure or meaning, what does it turn into? Is it A, information, B, process data, C, identifiable data, or D, profile data? Pause the video to think about your answer.
Or go back through the slides to help you work out the answer.
Let's have a look at the answer.
It is A, information.
When data is being given as structure or a meaning, it is now information.
Personal data is gathered through individual facts about a person.
On the screen, you can see some examples.
This could be your name, your email address, your date of birth, a profile picture, a phone number, or a location.
This is Izzy.
Social media companies can collect your data.
The data gathered creates information about the user.
Izzy is 15 years old, likes gaming and building PC posts and comments on PC building pages.
Companies pay to have adverts on a website or social media platform.
The data gathered ensures the adverts you see are relevant to the information they gathered about you.
Izzy liked computers.
The adverts that she will see might be about buying products to do with computers, with discounts.
Every social media platform has a privacy policy and you should read a privacy policy to find out how they collect and how they use your personal data.
Companies can benefit from using your personal data.
They can target their marketing adverts to the right people and at the right time.
The product can develop and the company can grow as they gain insights from customers.
You can benefit from your personal data being used.
You will now see adverts, offers and recommendations that are relevant to your interests.
Your experience on the site will be improved as it will be more engaging as the information that you see, the adverts, will all be of things that you are interested in.
Let's have a quick check.
You need to enter personal data while using an online platform.
Which of the following could be included? There is more than one answer here.
Pause the video and select which of those items would be a personal data.
Is it A, their name, B, email, or C, pages visited, or D, date of birth.
Let's have a look at the answer.
Personal data can be your name, your email, and your date of birth.
This is personal data about you.
Well done if you've got that correct.
So let's have a go at an activity.
You'll need the worksheet to work with this activity.
Complete the table.
Add examples of the types of data a social media company could gather about you under the headings.
Personal information about you.
An example would be your name.
Content you provide them.
An example would be images.
User behaviour, this is what you do whilst using the platform.
An example would be pages visited.
Data you have about other people.
An example would be friends' names.
Pause the video and use the worksheet to complete your table and go back through the slides or the video to have a look for some answers.
Let's have a look at some of the answers that could be in your table.
Personal information about you.
You could have had in there, name, email, date of birth, phone number, profile picture, location.
All these things is personal about you.
You might have got more.
Content you provide them.
You might have got images, videos, status updates, locations, friends and family links, work or school visit history.
May have got a few more as well.
User behaviour, remember that's what you do whilst using the platform.
You might have got pages visited, groups you're a member of, likes and comments made, interactions, lenses or filters used, and you may have a few more.
Data you have about other people.
You might have the names of friends and family, interests and links, events and locations attended, links to other friends and family.
Well done if you completed your table.
Let's have a look at the next section.
How can companies use the personal data they collect about you online to benefit both themselves and you as a user? Pause the video, use your worksheet and complete that table.
You can go back through the video or the slides to help complete this table.
Let's have a look at the answers you may have gotten the benefit to the company, improved targeting of customers, marketing effectiveness, business growth or customer insights.
Benefit to you as the user, you might have had personalised ads and offers, better products and services seen, relevant and engaging experiences, improved user experience or relevant recommendations.
Well done for completing that.
We are now gonna have a look at the next section of this lesson, describe the threats to stored electronic data.
Data theft is when someone takes your data without your permission.
Companies are responsible for keeping the data they have stored about you safe.
For example, your personal data should not be left visible or given to others to see.
Personal data could be stored on a computer or on paper.
Online platforms are companies and store your personal data.
When you enter your personal data, you expect it to be safe.
A cyber criminal is someone who uses computers or the internet to do something illegal.
Let's have a quick check.
True or false? The person who enters the data is responsible for its safety, not the company storing it.
Is that true or false? Pause the video, have a look back through the slides.
Let's have a look at the answer.
The answer is false.
The company is responsible for keeping all stored data safe from unauthorised access and use.
Once a cyber criminal gets your personal data, they can use it, sell it, or harm the company with it.
Cyber criminals can use your stolen personal data to cause trouble for the company.
They can disrupt the running of the business, steal important files or more data and damage the company's reputation.
Here's a cyber attack example.
Back in January, 2023, Twitter was attacked by a cyber criminal.
They gained unauthorised access and stole more than 220 million email addresses.
Twitter refused to pay the cyber criminal to return the emails.
The cyber criminal then put the data up for sale to others.
If you lose control of your personal data, it could be used illegally.
Izzy has a good point here, "I could be a victim of identity theft, financial loss, and emotional distress." Your personal data could also be used to commit other cyber crimes.
If you are a victim of any cyber crime, you may find it hard to trust other companies.
If a company loses control of the personal data they store, it can impact them too.
Aisha has got a good point here.
A company could receive financial penalties, damage to their reputation and possibly lawsuits.
You need to be able to trust a company when they are storing your personal data.
Let's have a check.
Which of the following is a threat to stored data? Is it A, data authorised use, B, data theft, C, data analysis, or D data profiling? Pause the video to consider your answer.
Let's have a look at the answer.
It is data theft.
Let's do an activity.
You'll need your worksheet again.
If cyber criminals stole your personal data from a company, how would each of the following be impacted? You have a table to complete with the headings; you and the company.
Pause the video, go back through the video and the slides if you need to.
Let's have a look at the answers.
Under the column heading, you, identity theft, financial loss, emotional distress, and struggle to trust other online businesses.
Under company, it could be financial penalties, damage to reputation and loss of business and lawsuits.
Well done if you've got those.
Let's go on to the last section.
Explain why the Data Protection Act is needed.
In today's digital world, our personal data is collected and used by many organisations, from businesses to government agencies.
Companies must follow rules on how our data is stored and used.
If they fail to follow the law, there are consequences.
Here is an example where personal data was not protected.
In September, 2023, TikTok faced fine of 345 million euros for failing to protect children's personal data collected through online accounts.
The Data Protection Act 2018 is a piece of legislation passed by Parliament.
All organisations and people using and storing personal data must comply with the principles of the Data Protection Act.
There are seven principles of the Data Protection Act that companies must follow.
Let's have a quick check.
What is the term given to a law that is passed by parliament? Is it A, policy, B, legislation, or C, law? Pause the video to consider your answer.
Let's check your answer.
The answer is B, legislation.
Well done if you've got that correct.
Let's have a look at those seven principles of the Data Protection Act.
Data must be, number one, used fairly, openly and in accordance with the law.
And number two, used for a specific and stated reason.
Sam says, "I am starting to play a new game.
It would not be fair if I did not know the rules at the start or if the rules changed in the middle of the game." A company must share how they will use your personal data and these are the rules they must follow and not use it in any other way.
Let's have a look at the next principles.
Data must be: number three, used only in a way that is necessary and sufficient for the purpose for which it was collected.
And four, accurate and up to date.
Jun has an example here, "For the school trip, the teacher requires my name and emergency contact number.
This is essential personal data.
However, they don't need access to my social media passwords." A company can only ask for personal data if they need it for the set task.
They must keep it accurate and up to date.
Let's have a look at the next principles.
Data must be: number five, only kept for as long as it is needed.
And six, protected against loss, damage and unauthorised access.
And then we also have a company accountability, which is number seven.
Company controlling the data is responsible for and must show they meet all the principles.
Sophia has an example, "I closed my account for an online game that I played when I was much younger.
I closed the account four years ago, so they should not still be holding my data." Company can only keep and use personal data for as long as you give permission and they must protect it when they store it.
Anyone who has data collected and stored about them is a data subject.
As a data subject, you have the right to find out what personal data a company stores about you and ask for specific actions to be completed.
You have the right to ask them what data is being used.
Ask what data is being stored.
Ask them to update your data.
Ask for the data to be deleted.
Stop a company processing your data and transfer your data to another organisation.
Let's have a check.
The Data Protection Act has seven principles.
Select the principles that are included.
Data must be.
There is more than one answer.
Pause the video and select your answers.
Is it A, used for a specific and stated reason, B, accurate and up to date, C, used for any business purpose or D, protected against loss, damage and unauthorised access? Let's have a look at the answers.
The answers was A, used for a specific and stated reason, B, accurate and up to date, and D, protected against loss, damage, and unauthorised access.
Well done if you've got those correct.
Let's look at an activity.
You are looking to sign up to a new social media platform.
You need to enter personal data like your name, email address, and date of birth to create your online profile.
Number one, explain why the Data Protection Act is important in this situation.
Consider how it protects you and what rights it gives you as a user.
Pause the video and use your worksheet and the video to complete your answer.
Let's have a look at the answer.
It will stop the social media platform collecting more information than it needs.
It ensures the company keeps the data it has safe and secure.
I have the rights to see what is being stored, how it is being used, as well as ask for mistakes to be corrected and the account deleted.
The social media platform cannot use my information unless I agree to it.
Well done if you got that correct.
Let's look at this table, number two, look at the scenarios below and complete the table.
In the first row, a social media app collects users location data without their explicit consent.
You have the headings, personal data collected, what is being collected, how is it collected, and how is the Data Protection Act violated? In the second scenario, local Cafe collects customer email addresses for a loyalty programme, but also uses them to send targeted political advertisements.
Use the table to complete each of the headings about what personal data is being collected, how is it collected, and how is the Data Protection Act violated? Use your worksheet, pause the video and use the video to go back and look at some of the answers too.
Let's have a look at this table completed.
In the first scenario, a social media app collects user's location data without their explicit consent.
The personal data collected is user location data.
How is it collected? Through posts, images, check-ins.
And how is the Data Protection Act violated? They were collecting data without explicit consent.
There was a lack of transparency.
In the second scenario, a local cafe collects customer email addresses for a loyalty programme, but also uses them to targeted political advertisements.
The personal data collected is customer email addresses.
How is it collected? Through the loyalty programme.
How is the Data Protection Act violated? Well, it's using data for a purpose not stated when collected, there is a lack of transparency.
Well done if you've got those correct.
In summary, personal data is gathered when you use and enter data into different types of websites.
A profile is created about you, converting your data into information.
The adverts you see will be relevant to the information they have gathered about you.
Any company that uses and stores your personal data must follow the Data Protection Act of 2018.
This is a law passed by Parliament.
