Professional Bodies
Which UK professional body is officially titled “The Chartered Institute for IT”?
BCS (British Computer Society)
Both BCS and IEEE say members must protect the _______ interest when making professional decisions.
Public interest
Which UK law makes it an offence to access a computer system without authorisation?
Computer Misuse Act 1990
When an employer’s interest conflicts with potential harm to users or the public, which should take priority under BCS/IEEE principles?
The public interest/safety takes priority.
In UK data protection, what does DPIA stand for?
Data Protection Impact Assessment.
What professional title for experienced IT practitioners is awarded by BCS?
CITP (Chartered IT Professional)
You discover a serious safety or security bug in a live system. According to BCS and IEEE, what should you do?
Report it promptly to the appropriate authority/manager, act to avoid/mitigate harm, and do not conceal errors.
Name the UK statute that sits alongside UK GDPR, providing national rules and offences for data protection.
Data Protection Act 2018
You’re asked to approve a feature you helped build, but you also hold shares in a vendor that would benefit. What is this situation called, and what should you do?
A conflict of interest; disclose it promptly and avoid/recuse from the decision.
Within an organisation, who is the designated role that advises on data protection compliance and acts as the contact point for the ICO?
The Data Protection Officer (DPO).
In the UK, what does IAP stand for?
Institute of Analysts and Programmers
Both BCS and IEEE require members to keep their skills up to date. What is this ongoing activity commonly called?
Continuing Professional Development (CPD).
Which UK law protects software (source code) as a form of literary work?
Copyright, Designs and Patents Act 1988
A client wants you to use a dataset scraped from social media that includes identifiable personal data without consent. What are your ethical next steps?
Advise against unlawful processing, seek lawful basis/consent, minimise/anonymise where possible, and escalate to the appropriate authority if needed; don’t proceed in a way that risks harm.
Under the Computer Misuse Act 1990, what offence is covered by section 3A?
Making, supplying or obtaining articles for use in Computer Misuse Act offences.
Which professional body is best known for technology standards like 802.11 (Wi-Fi) and 802.3 (Ethernet),
IEEE (Institute of Electrical and Electronics Engineers)
What does the IEEE Code of Ethics require regarding fairness and respect in the workplace?
Treat all persons fairly and with respect; do not engage in discrimination or harassment; foster inclusive, equitable practice.
Under UK law, what must organisations do to avoid disadvantaging disabled users of their websites or apps? State the law and action
Equality Act 2010: Make reasonable adjustments e.g., accessibility features/compliance.
A new hire brings “reference” code that appears lifted from a competitor’s proprietary system and your manager hints you should reuse it to hit deadlines. What should you do, ethically?
Refuse to use the code, explain IP/copyright and integrity concerns, report/escalate through proper channels e.g. line manager, and pursue a clean room or original solution.
Under the Copyright, Designs and Patents Act 1988, what is the UK doctrine that allows limited use of copyrighted works without permission for purposes like criticism, review, news reporting, or non-commercial research/private study (with proper acknowledgement where required)?
Fair dealing.
The widely used Software Engineering Code of Ethics and Professional Practice was jointly developed by which two organisations?
ACM and the IEEE Computer Society
Name the four sections (headings) of the BCS Code of Conduct.
Public Interest; Professional Competence and Integrity; Duty to Relevant Authority; Duty to the Profession.
Under the Consumer Rights Act 2015, if paid-for digital content is faulty, what remedies are consumers entitled to?
A repair or replacement; if that’s impossible or fails, a price reduction or refund.
On the eve of release, you discover the fraud-flagging model for a UK banking app wrongly labels 8% of transactions from screen-reader users as “high risk” because of an accessibility-related proxy in the data. Management says “ship now, fix later.” Under BCS/IEEE expectations, do you sign off? What are the two immediate actions you must take before any release?
Escalate and seek a pause with the appropriate authority to prevent foreseeable harm to the public, document the risk and your objection.
Initiate a remediation path: remove the proxy feature, run fairness testing, and complete a DPIA with accessibility considerations, only proceeding after independent review and sign-off.
Name three UK GDPR data protection principles.
Lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality (security); accountability.