OCR J277 - DPA Revision Tool

1 [3 Marks Total]

Data Protection Act Principles.
Select three principles.

Lawfulness, fairness, and transparency Data maximisation (collect as much as possible) Purpose limitation (only used for stated reason) Accuracy Stakeholder impact Right to effective virus scan

✅ Mark Scheme

Correct Principles:

Lawfulness, fairness, and transparency
Purpose limitation
Accuracy

Also valid: Data minimisation, Storage limitation, Integrity & confidentiality (Security).

Score yourself (Max 3):

2 [2 Marks Total]

Rights of the Individual. Select two rights.

Right to be forgotten (Erasure) Right to free software Right to access data held about you Right to faster internet

✅ Mark Scheme

Right to be forgotten/Erasure
Right to access data

Score yourself (Max 2):

3 [3 Marks Total]

Sensitive Data & Security.

(a) Example of sensitive personal data (besides medical records). [1] (b) Why hospital security must be stricter than a coffee shop. [2]

✅ Mark Scheme

(a) Religion, Ethnicity, Politics, Biometrics, Genetics, Sexual orientation. (Reject: Password/Bank details - common mistake).

(b) Data breach causes significant harm/distress (discrimination/health) (1). Legally requires stronger protection due to risk (1).

Score yourself (Max 3):

4 [3 Marks Total]

Storage Limitation Principle.

Explain this principle for the youth club and give one practical step. [3]

Think about time, not hard drive space!

✅ Mark Scheme

Explanation (2): Data kept no longer than necessary (1). Delete when member leaves (1).

Step (1): Regular review of data / Automatic deletion policy.

Score yourself (Max 3):

5 [5 Marks Total]

Data Breach Scenario (School Email).

(a) Which DPA principle was broken? [1] (b) Two consequences for the school. [4]

✅ Mark Scheme

(a) Integrity and Confidentiality (Security).

(b) Fines (ICO) (2). Reputation loss/Parents lose trust (2). Compensation claims (2).

Score yourself (Max 5):

6 [2 Marks Total]

Scenario: Selling weather app location data for ads.

Why does this breach Purpose Limitation? [2]

✅ Mark Scheme

Data was collected for weather purposes (1). Selling for ads is a different purpose without consent (1).

Score yourself (Max 2):

7 [8 Marks Total]

Extended Response: AI Facial Recognition & Privacy.
Discuss Legal (DPA) and Ethical/Privacy issues.

Legal: Transparency, Minimisation, Security. Ethical: Privacy, Consent, Trust.

✅ Mark Scheme

Legal: Transparency (told users?), Minimisation (excessive?), Security (biometric data is sensitive).
Ethical/Privacy: Invasion of privacy, consent (background people), feeling of surveillance.

Level 3 (6-8): Detailed discussion of both areas.
Level 2 (3-5): Discusses both reasonably well.
Level 1 (1-2): Basic points.

Score yourself (Max 8):