Steps to Get a Perfectly Written Assignment
Click “order this assignment now”
Choose your deadline & pay for it
Get custom-written work ready for submission

Custom-Written, AI & Plagiarism-Free with Passing "Guaranteed"

money back guarantee
Assignment Briefs 11-29-2022

Discuss the legality of HappyLife’s conduct in relation to the data breach, pointing out their legal obligations under data protection law, and the possible penalty that they face.

CST4080, Legal, Ethical and Security Aspects of Data Science

Legal Coursework 2022- 23 (Coursework One) – September 2022 Starts

The following table provides an overview of the assessment requirements

Assessment Brief – Case study on legal aspects of Data Science

Submission date, time

Key Date

Where to submit

The report must be submitted online in PDF format by 11:59pm (London time) Wednesday 30th November 2022.

Late submissions may result in a FAIL grade.

Submission takes place online via the Turnitin system. The Turnitin system and other tools will be used to identify plagiarised work.

Feedback type & date

Formative feedback will be provided in seminar classes. This feedback may consist of: discussions of related seminar tasks; advice on resources to be used, support in identifying items of knowledge to focus on, and advice on any aspect of the coursework not understood by students. Students should ask questions about the coursework in class and in the presence of all students. Summative feedback for the report will be available in 15 working days after the date of submission.

Word count

The submission should be no more than 2500 words. This word count does not include references.

Assignment structure, format and details


This assignment will be marked anonymously therefore you must NOT include your name nor you student ID on your coursework document, nor in the file name of the uploaded document(s), nor in the title you give to your document. Also, do not include other kinds of personal identifiers such as pictures of yourself. Simply submit your coursework WITHOUT any identification information on it to Turnitin. The Turnitin system will issue a random number to your document and it will be used to identify you after marking.




HappyLife Ltd, is a healthcare company in London (UK), that provides clinical treatment to thousands of patients for a variety of health conditions. They employ many medical professionals and administrative staff including one data controller. Three months ago, the data controller discovered a cyberattack that resulted in an extensive data beach involving the data of hundreds of patients. The company had no incident response protocol for dealing with breaches and fearing bad publicity the manager decided to keep it quiet. The management of HappyLife Ltd recently expanded the centre to include the establishment of a new data science department to pursue research and data analyses. This new department employs data scientists and uses machine learning/deep learning among other artificial intelligence techniques for many activities including: profiling of patients; monitoring of patients, analysis and prediction of patient healthcare needs; and assessing the effectiveness of various treatments. The department also installed a new IT system, and developed new services and processes that all involve the collection and use of medical and non-medical data. The data are obtained from patients and other places including numerousonline and offline documents. HappyLife Ltd also has an online databank consisting of anonymised data produced by their data science department. They provide access to this databank to researchers and other medical professionals. Everyone needing access must sign a special licence agreement (attached).



Answer all questions below. The total number of marks this coursework is 100.

There are FOUR questions. Each question carries 24 marks and students are awarded an additional 4 marks for presentation (see marking rubric below).

In the questions, marks are given for citing relevant legal authorities or references where necessary. Limited short quotes of sections of laws or cases can be made if necessary but students are not expected to quote whole sections of laws.

Students may find the following links useful:

QUESTION 1: Data Protection [24 marks]

(a) Discuss the legality of HappyLife’s conduct in relation to the data breach, pointing out their legal obligations under data protection law, and the possible penalty that they face.

[6 marks]

(b) Happylife was recently advised to conduct a data protection impact assessment, to identify and assess risks to the rights and freedoms of data subjects. Explain at least three different types of risks that may occur due to the processing activities of Happylife.

[6 marks]

(c) HappyLife Ltd was sent an Information Notice by the Information Commissioner’s Office asking for the following: (a) to provide their security audit logs for the past two years; (b) to state whether they had experienced any data breaches in the past 4 months; and (c) to provide the content of any communications with their lawyers regarding their liabilities under the Data Protection Act 2018.

Discuss the legality of the following conduct by HappyLife Ltd, citing relevant sections of the UK Data Protection Act 2018.

(i) HappyLife Ltd edited their security logs to remove any evidence of the data breach that they experienced, before submitting the logs to the Information Commissioner.



(ii) HappyLife Ltd responded to the Information Commissioner that they did not experience any data breach in the past 4 months.

(iii) HappyLife Ltd, told the Information Commissioner that they were not entitled to any communications which they had with their lawyers regarding their liabilities under the Data Protection Act 2018.

[6 marks]

(d) A patient named Debbie recently wrote to advise HappyLife Ltd, informing them that she had registered with a new health care provider called MountHope Ltd. She therefore demanded: (i) to know what data HappyLife had about her; (ii) that all her data should be sent to MountHope Ltd and (iii) that HappyLife Ltd erase all copies of data about her (after sending her data to MountHope Ltd) since she would no longer be a patient.

Advise HappyLife Ltd on whether Debbie has any legal rights in relation to her three demands stating what they are. Please quote any relevant legal authorities.

[6 marks]

QUESTION 2: Intellectual Property [24 marks]

In the context of Intellectual property law, advise HappyLife Ltd on the legality of undertaking any of the following actions. In your answers please cite any relevant legislation.

(i) Copying texts contained in an existing published work by a foreign scientist to include in a paper published by HappyLife Ltd.

[4 marks]

(ii) Extracting a substantial amount of data from a UK database without obtaining permission.

[4 marks]

(iii) HappyLife wants to include in their portfolio of company excellence, a paper written by an employee, but without the name of the employee as the author. The employee insists that his name should also appear on the paper as the author. His employment contact does not address such an issue.

(iv) Using highly confidential business data belonging to a UK business competitor, obtained from encrypted documents by cracking the encryption key.

[4 marks]

(v) Using a trade mark belonging to another UK company, in order to trick customers into buying similar products produced by the other company.

[4 marks]

(vi) Importing a drug from China, that is manufactured without a from licence from the UK pharmaceutical company who developed the drug.

[4 marks]



QUESTION 3: AI Governance [24 marks]

Machine Learning (ML) systems differ from other complex software systems in ways that pose new governance issues: Several features of ML models make governance more challenging than other complex software systems. Such features include:(i) the inherent difficulty in understanding many ML systems before they are deployed; (ii) the corresponding (though separate) problem of explaining how such models have made any given decision after they have been deployed; (iii) the potential for new forms of liability; (iv) the possibility that such systems challenge traditional models of agency by performing complete tasks traditionally reserved for humans. Discuss the legality of HappyLife’s conduct in relation to the data breach, pointing out their legal obligations under data protection law, and the possible penalty that they face.

(a)  AI governance collectively incorporates the rules, practices and processes by which artificial intelligence is directed and controlled. Briefly discuss at least two reasons why AI governance is important. Please cite any references used.

[4 marks]

(b)   Briefly discuss why an understanding of what an ML system does before it is deployed is important.

[4 marks]

(c)  Briefly discuss why is it important to be able to explain how an ML model arrived at a decision after it has been deployed.

[4 marks]

(d)  Happylife has two kinds of clinical systems used by doctors.

System A is a clinical decision-support system (not using ML) used to detect interactions between potential medications/drugs. A doctor uses system A which fails to detect a drug interaction between two medications due to a system malfunction. Although the doctor is aware of the possibility of an interaction between the two medications (due to his past experience), he nonetheless issues a prescription to a patient based on the results of the system. This results in an injury to the patient.

System B is an ML system used to predict patient risks and it is not clear how the system determines why one patient is at a higher risk compared to others. Another doctor uses system B which also malfunctions. The doctor interprets the ML outputs with care and attention but due to the malfunction gives an improper diagnosis leading to a patient being injured.

(i) Briefly discuss whether you think that the doctor should be held liable (i.e., legally responsible) for medical negligence using system A.

[2 marks]

(ii) Briefly discuss whether you think that the doctor should be held liable (i.e., legally responsible) for medical negligence using system B.

[2 marks]

(iii) Give at least two issues that should be investigated in deciding whether HappyLife should be held liable for the injuries sustained by the patients.

[4 marks]

(e) Agency is the relationship that subsists between a principal and the agent, who has been authorized to act for the principal or represent him in dealing with others. Happylife (the principle) wants to deploy an ML system as an agent to engage in automated financial trading on a stock exchange. The system can continually modify its functions and learn after being deployed and its functions will become dependent on novel input data. Discuss (i) at least one potential issue (that may have legal consequences) related to deploying this agent and (ii) whether it is possible to hold Happylife criminally responsible for the actions of the agent.

[4 marks]



QUESTION 4: Contracting [24 marks]


Advise HappyLife on the legality of the actions taken my various RECIPIENTS (A1, A2, A3, A4, A5, A6) party to the HappyLife Databank licence agreement (attached). In your answer you must reference specific sections in the licence agreement.

(a) RECIPIENT A1 is a University research lab. The lab does consultancy work for several clients. One of the clients recently asked for access to the some of the data collected from HappyLife. The lab agreed to allow access to the data collected from the HappyLife Databank in their possession for a small fee.

[4 marks]

(b)  On the 1st June 2020, RECIPIENT A2 sent an email to HappyLife, informing them of their decision to terminate their licence agreement at the end of June 2020. They also demanded a refund on the remaining amount of their Licence fee payment since they paid for 12 months at the start of 2020. Advise HappyLife.

[4 marks]

(c)  RECIPIENT A3 used the data in the BestHealth databank to publish some scientific papers on the effects of Covid-19. The Keywords of the paper consisted of: “Covid-19, pandemic, mortality, contact-tracing“ Discuss the legality of HappyLife’s conduct in relation to the data breach, pointing out their legal obligations under data protection law, and the possible penalty that they face.

[4 marks]

(d) RECIPIENT A4 used the data in the HappyLife databank to do research on the effects of a drug on patients with heart disease. Some of the data collected from the databank was incorrect and this resulted in the drug company suing RECIPIENT A4. The case was settled out of court after RECIPIENT A4 agreed to pay the drug company £2 Million pounds in damages. RECIPIENT A4 recently launched a lawsuit against HappyLife for providing incorrect information resulting in a loss of £2 Million.

[4 marks]

(e) Before signing the licence agreement RECIPIENT A5 was told by a sales representative for HappyLife Ltd, that the databank is always available for access 24 hours a day and 7 days a week without any interruptions. Due to daily interruptions in access over the past two months RECIPIENT A5 decided to sue HappyLife Ltd for not having the access promised by the sales representative.

[4 marks]

(f)RECIPIENT A6 consists of 100 scientists working on various projects. All have access to the HappyLife databank and are free to download data at any time without restrictions. The username and password details to access the databank are published in a monthly hardcopy newsletter distributed to all staff.

[4 marks]





THIS AGREEMENT is made effective                                                                     20                                                              (“EFFECTIVE DATE”) by and between,                                                                                  (“RECIPIENT”) having an address at                           and

  • HappyLife Ltd, a healthcare company with its principal place of business at 54 Islington Park St, London, N1 1PX, UNITED KINGDOM

Hereinafter referred to as HappyLife”, and relates to the right of the RECIPIENT to use data belonging to HappyLife according to the license terms below.

In consideration of the foregoing and other good and valuable consideration, RECIPIENT and HappyLife agree as follows:

  1. Definitions In this agreement:

1.1 Commercial use means any copying, downloading or linking to the HappyLife Data Bank for further redistribution, sale or licensing for a fee. This includes, but is not limited to posting the data on a site or service that incorporates advertising, the inclusion of the HappyLife Data (other than permitted use with appropriate acknowledgments) in other works or services that is then made available for sale or licensing for a fee and the use of the HappyLife Data by for-profit organizations for promotional purposes, whether for a fee or otherwise.

1.2 HappyLife Data Bank means data collections owned by HappyLife Ltd

1.3 HappyLife Data Manager means the individual responsible for the HappyLife Data Bank.

2. RECIPIENT will use the data from HappyLife only in accordance with this License agreement and to promptly notify the HappyLife Data Manager of any breach of the terms or of any infringements or misuse of the HappyLife Data Bank that RECIPIENT becomes aware of by writing to DM@HappyLife.org

3. RECIPIENT will use and make copies of any part of the HappyLife Data Bank only for the purposes of research, public health or healthcare operations. Any commercial use of the HappyLife Data Bank or its data, in parts or whole, is strictly prohibited.

4. That this License does not transfer any interest in intellectual property from the HappyLife data, the HappyLife Data Manager, the original data creators, producers or other rights holders to RECIPIENT.

5. That this License and the HappyLife Data Bank are provided on an ‘as is’ basis and without warranty or liability of any kind. Any representations or warranties given by any member of HappyLife relating to this license are excluded to the maximum extent permitted by law.



6. To abide by any further conditions notified to RECIPIENT by the HappyLife Data Manager that may apply to the access to, or use of, specific materials within the data collections or particular data. Notice of further conditions under this paragraph may be given to RECIPIENT by electronic means, for example on the HappyLife website or by e-mail.

7. 7,1 RECIPIENT will ensure that the means of access to the data are kept secure and not disclosed to a third party except by special written permission or license obtained from the HappyLife Data Bank Manager.

7.2  RECIPIENT will use appropriate safeguards to prevent use or disclosure of data from the HappyLife other than as provided for by this Agreement.

7.3  RECIPIENT will develop, implement, maintain and use appropriate administrative, technical and physical safeguards to preserve the integrity and confidentiality of and to prevent non-permitted or violating use or disclosure of data from the HappyLife Data Bank. Recipient will document and keep these safeguards current.

8. For publication purposes RECIPIENT will include in all publications, references to HappyLife in the keywords and acknowledgments. RECIPIENT will supply HappyLife with bibliographical details of published work based wholly or in parts on the HappyLife data collections to the email addresspublications@HappyLife.org.

9. RECIPIENT will notify HappyLife of any errors discovered in the data collections to the email address dmc@HappyLife.org.

10.1 Any breach of any of the provisions of this License Agreement will lead to immediate termination of RECIPIENT’s access to the HappyLife Data Bank either temporarily or permanently, at the discretion of HappyLife, and may result in legal action being taken against RECIPIENT. 

10.2  Where there is no breach of this License Agreement, it may be terminated, or its terms altered by HappyLife at any time with 30 days notice in writing given by HappyLife. The failure of exercise or delay in exercising a right or remedy provided in this License Agreement does not constitute a waiver of rights and shall not be interpreted as an acceptation of any rights.

10.3   RECIPIENT may terminate this Agreement at any time upon sixty

(60) days written notice to HappyLife. If RECIPIENT decides to terminate, there is to be no refund of any part of the Licence fee payment.

10.4    Upon termination of this Agreement, data copied from the HappyLife Data Bank shall promptly be deleted from any files of RECIPIENT and the copies taken for back-up purposes will promptly be destroyed, RECIPIENT shall make no further use of the HappyLife Data Bank. RECIPIENT agrees to provide to HappyLife written confirmation of the deletion and destruction of all copies within.



11. HappyLife bears no responsibility for the accuracy or comprehensiveness of the data supplied. Also, HappyLife bears no liability for the data provided and RECIPIENT will not make any claim against HappyLife for any direct, indirect, consequential or incidental damages or losses arising from use of the HappyLife Data Bank or from the unavailability of, break in access or other reason.

If the whole or any provision of this License Agreement is or becomes void, invalid or illegal for any reason, that provision shall not affect the legality and validity or the other provisions.

This License Agreement is governed by the laws of England and Wales. All disputes arising out of or in connection with this License Agreement which cannot be solved amicably, shall be submitted to the exclusive jurisdiction of the courts of England and Wales.


RECIPIENT:                                                           HappyLife Ltd                                              

Assessed learning outcome (s)

This coursework will enable the student to:

1 Demonstrate a critical understanding of legal/regulatory issues and frameworks relevant to the practice of data science.

2. The ability to analyse and advise on legal/regulatory issues relevant to the practice of data science. Discuss the legality of HappyLife’s conduct in relation to the data breach, pointing out their legal obligations under data protection law, and the possible penalty that they face.

Assessment weighting %

This Legal coursework component is worth 33.3% of the total module mark.

Key reading and learning resources

Key reading and learning resources are given in Lecture slides and Seminars handout available online via Moodle. Students are also expected to do further individual research.


Assessment marking criteria


QUESTION 1: Data Protection [24 marks]


(a) Legality of HappyLife’s conduct in relation to the data breach & possible penalty.

[Explanations + legal authorities = 6 marks]


(b) Explanation of at least three different types of risks that may occur due to the processing activities of Happylife Ltd.

[Explanations = 6 marks]


(c) Legality of the conduct by HappyLife Ltd.

[Explanations + legal authorities = 6 marks]


(d)      Advice HappyLife Ltd on Debbie’s rights

[Explanations + legal authorities = 6 marks]


QUESTION 2: Intellectual Property [24 marks]

Correct advice on legality of each of the six scenarios + citation of correct legal authorities.


[6 x 4 marks = 24 marks]

QUESTION 3: AI Governance [24 marks]


(a)   Discussion of two reasons why AI governance is important.

[4 marks]

(b)   Discussion of why an understanding of what an ML systems does before it is deployed is important.

[4 marks]

(c)   Discussion of why is it important to be able to explain how an ML model arrived at a decision after it has been deployed.

[4 marks]

(d)   Discussion of liability for medical negligence.

[8 marks]

(e)   Discussion of agency issues.

[4 marks]


QUESTION 4: Contracting [24 marks]


For 5 RECIPENTS A1, A2, A3, A4, A5, A6.

Advice for RECIPENT + identification of relevant sections of licence agreement.

[2 marks -correct advice + 2 marks -citing the licencing agreement] x 6 = [24 marks]


PRESENTATION – [4 marks]




4 marks

3 marks

2 marks

1 mark

0 marks













Simple expression of information; little understanding of content; several spelling and grammatical errors


Clearly presented

Very well expressed

Very well expressed;

Well expressed;

expression of

with limited

and understanding of

good understanding of

understanding of

information: lacks

spelling and

content with limited

content with some

content with several

understanding of


spelling or

spelling and/ or

spelling and/ or

content; many


grammatical errors.

grammatical errors.

grammatical errors.

spelling and





grammatical errors.


The following table details the support you will be receiving for this assessment and the feedback opportunities you will have.

Support and draft feedback sessions for Investigation assessment

Coursework briefing

The coursework will be explained to students and seminar sessions will support learning.

Feedback opportunities

Queries about the coursework or any further explanations needed from the tutor should be done during seminar classes and in the presence/hearing of all other students. This is to make sure that all students receive the same amount of feedback.

Additional support

Should extra support be required please contact the module leader tutor via details provided in the module handbook.

100% Plagiarism Free & Custom Written, Tailored to your instructions
paypal checkout

Our Giveaways

Plagiarism Report

for £20 Free


for £12 Free

Title page

for £10 Free


for £18 Free


for £9 Free

Limitless Amendments

for £14 Free

Get all these features for
£83.00 FREE


Have a look at our samples which are written by our professional writers to give you an insight into how your work is going to look like. We have added some essays, coursework, assignments as well as dissertations.

View Our Samples

Feb Wed 2024

1.1 Examine the impact of legal status o

UNIT CMI 501 Principles of Management and Leadership in an Organisational Cont...

Feb Wed 2024

Define the terms ‘normal’ and ‘abn

    Tutor/Assessor:    Learner ...

Feb Wed 2024

AC 1.1 How can organisations strategical

5HR02 Talent management and workforce planning Learner Assess...