Laws In Brief
MK Notes December 2000
The Computer Misuse Act 1990
Three specific criminal offences documented:
Unauthorised Access to computer programs or data.
Unauthorised Access with a further criminal inte
Unauthorised Access modification of computer material.
Software Copyright Law
Run pirate software
Transmit software over a telecommunications line
Personal data must be:
Obtained lawfully and fairly
for specific reasons
Used for a specific purpose ONLY
Relevant and Adequate
Accurate and Update
Kept no longer than necessary
Made available to the individual concerned for corrections.
Unauthorised access or accidental loss / destruction of data
is also prohibited.
Administering a public register of data users with broad details of data
Investigating complaints and initiating prosecuting of people for
breaches of the act.
Publishing several documents that offer guidelines
and assistance for
the data users.
All Data Users Have To Register Giving:
Their name, the address etc
Description of the data held and its purpose
A description of the sources from which the data is obtained.
A description of the person(s) to whom it is
intended to disclose the
Exemptions from the act:
In connection with
Tax and duty
Compensation for unauthorised disclosure of data
Compensation for inaccurate data
Access the da
ta for verification or erasure where inaccuracy
Compensation for unauthorised access, loss or destruction of
Health & Safety Law
Health Hazards that can occur:
Employers are required to:
nalysis of workstation in order to evaluate the safety
and health conditions.
Provide training for the use of IT facilities
Ensure that employees take regular breaks
Give regular eye checks for computer users.
Employees are required to:
Use equipment cor
rectly in accordance to training
Bring problems to the attention of employers
Manufacturers are required to:
Provide monitors with tilted and swivelled features
Keyboards must be separate and moveable
Notebook PC’s are not suitable for entering large vol
The Ergonomic Environment:
Ergonomics refers to the design and functionality of the environment and
encompass the entire range of environmental factors.
Lighting must be well lit with blinds
chairs of adjustable height, will f
ull back rest,
swivelling on five point base.
combination of chair, desk, computer, accessories,
lighting, heating, ventilation all contribute to overall well being.
Noisy printers should be relocated.
screen must tilt, swive
l and be flicker free.
Should be facilitated, easy to use and adaptable to
Heathcote AS Notes
Chapter 10: Computer Crime and the Law
Hacking is defined as unauthorised access to data held on a computer
Theft Of Data
Data can be stolen by illegally accessing it, or by stealing the computer on
which the data is stored.
Fraud on the Internet:
The most common form of fraud on the internet takes place between traders
that appear to be legitimate an
d innocent purchasers of goods that are offered
Viruses are generally developed with a definite intention to cause damage to
computer files or, at the very least, cause inconvenience and annoyance to
ogic bomb is similar to a virus and is sometimes delivered by means of a
virus. The bomb can be written to destroy or worse, subtly change the
contents of an organisations computer systems. However this does not begin
until signalled to do so by the hacke
Digital Crime and the law:
The rapid progress of computer technology has led to the need for the new
laws to be introduced so that all perpetrators of computer crim can be
The Computer Misuse Act of 1990 :
In early 1980’s in the UK, ha
cking was not illegal. This law was later changed
when the Computer Misuse Act of 1990 was introduced which identified three
specific criminal offences to deal with the problems of hacking, viruses and
other nuisances. These are:
Unauthorised Access to c
omputer programs or data
Unauthorised Access with a further criminal intent
Unauthorised Modification of computer material.
Software Copyright Laws:
Computer software is now covered by the Copyright Designs and Patents Act
of 1988 which covers a wide ra
nge of intellectual property such as music
literature and software. Provisions of the act make it illegal to:
run pirated software
transmit software over a telecommunications line, therby creating a
Shareware software can be distribu
ted but not changed in anyway and is
usually limited in terms of a trial period or missing functions.
Freeware software can be freely distributed but not changed in anyway. All
functions are included and is likely to be a full version which does not requi
registration or any fees.
Protecting ICT Systems:
Faulty procedures (poor training)
Measures to protect ICT systems from ill
Physical restrictions to the building
Users ID, Passwords, Access Levels
Audit Trial Software (E.g. RM Auditor)
Virus Protection (e.g. Dr. Solomon’s or Norton AVP)
Careful locating of the mainframe computer server.
Data Protection Legislation
The right to privacy is a fundamental human right and one
that is taken for granted. To ensure this, the Data Protection a
developed and introduced.
Definitions of DPA:
Information about living identifiable
individuals. Personal data do not
have to sensitive information and can
be as little as a name and address.
Processed by computer or other
technology such as document image
processing system. The act NOW
covers manually stored information
such as paper based.
Those who control the contents and
use of a collection of personal data.
e individual to whom the personal
data relates to.
Health and Safety
See MK Notes on page 2 onwards for information (same as in book).
Chapter 47 Review
Implementation of Legislation
Laws Relating To ICT:
Legislation governs many aspec
ts of the use of computer within an
The Data protection Act
Copyright Designs and Patents Act (Software Copyright
Against Copyright Theft
The Health and Safety Regulations.
The Data Protection Act
Acts to protect the
privacy of individuals. Its main areas of concern are that:
Data and information should be secure
Private, personal or other data should be accurate.
Data stored should not be misused.
Organisations should develop their own privacy policies to ensure the
data protection is upheld. This may concern two areas of customers and the
A Data Protection Policy:
Section 1: Customer Service
The policy on data privacy should be publicised and available on
Customers should be told the
purpose of their data being used.
Data should be obtained directly from the customer for accuracy.
No data should be used for other purposes that have been stated.
Consent should be obtained by providing a clear opt
out box on forms.
Customers should be g
iven easy access to files containing their own
Any errors in personal data should be corrected immediately.
Customers concerns should be listened to.
Section 2: Organisational Culture:
The company policy should be clearly communicate
d to all staff.
An awareness of the issue of privacy should be adopted by all
Individuals are personally liable for breeches of the act.
The effect on privacy of any new proposed
system or service should be
assessed before it is developed.
Reasonable steps should be take to ensure all data is accurate and
A schedule should be kept for how long the data will be kept
A security policy should be developed and enforced to ensu
re that all
data is kept secure from accidental or malicious damage.
A senior manager should be designated to be responsible to enforce
the security policy.
All staff should be made aware of security via passwords and
maintaining physical security.
c checks should be made.
Under the terms of the Copyright Designs and Patents Act of 1988 it is illegal
to copy software or run pirated software. The Business Software Alliance
(BSA) exists to make organisations and their employees awar
e of the Law
and steps they should take to ensure that is it implemented.
The BSA has prepared a step
step guide to software management which
includes the following advice:
Conduct An Audit
Prepare an inventory of current software. Any
are discovered during the audits should be deleted
Purchase licences for enough copies of each program to
meet your needs. Network metering packages should be used to
restrict number of allowed copies of software running.
Demonstrate your businesses commitment to using legal
software by adopting various procedures:
Appoint a software manager.
Arrange an audit of all machines on a regular basis
Send a memo to all staff reiterating your organisations concerns
are duplication and advise them of coming audits.
Channel software requirements / purchases through a single point.
Make regular checks on software suppliers and software entering your
Send a memo to staff advising them of the illegal implications
software copying and disciplinary procedures.
Request your staff to sign an employee agreement verifying their
understanding of the organisations policy of illegal software.
Health And Safety
Read MK notes from earlier pages.
Taking Regular Breaks
Providing regular breaks and coffee making facilities
as well as varying tasks can help prevent health problems. They are likely to
be more productive and happier.
Providing the right equipment
There are regulations concerning the type of
ipment and furniture that must be provided for IT users. See MK
The employers responsibility
employers are responsible for the health and
safety of their employees and they are obliged to demonstrate this
responsibility by carrying out a formal e
valuation of the working environment
and acting on any feedback from the evaluation.
The bottom line is that ignorance of the law is no defence and sooner or later
all organisations will have to invest some money in ergonomics. Companies
who disregard t
heir obligations may be successfully sued by injured