Legislation Laws In Brief MK Notes December 2000

typoweheeElectronics - Devices

Nov 8, 2013 (4 years and 8 months ago)



Laws In Brief

MK Notes December 2000

The Computer Misuse Act 1990

Three specific criminal offences documented:




Unauthorised Access to computer programs or data.

Unauthorised Access with a further criminal inte

Unauthorised Access modification of computer material.

Software Copyright Law


Copy laws


Run pirate software


Transmit software over a telecommunications line


Data Protection

Personal data must be:


Obtained lawfully and fairly



for specific reasons


Used for a specific purpose ONLY


Relevant and Adequate


Accurate and Update


Kept no longer than necessary


Made available to the individual concerned for corrections.



Unauthorised access or accidental loss / destruction of data

is also prohibited.

DPA Registrar:

Administering a public register of data users with broad details of data

Investigating complaints and initiating prosecuting of people for
breaches of the act.

Publishing several documents that offer guidelines
and assistance for
the data users.

All Data Users Have To Register Giving:


Their name, the address etc


Description of the data held and its purpose


A description of the sources from which the data is obtained.


A description of the person(s) to whom it is

intended to disclose the
data to.

Exemptions from the act:

In connection with


National security




Domestic purposes


Tax and duty

Your Rights:

Right To:


Compensation for unauthorised disclosure of data


Compensation for inaccurate data


Access the da
ta for verification or erasure where inaccuracy


Compensation for unauthorised access, loss or destruction of

Health & Safety Law

Health Hazards that can occur:






Employers are required to:


Perform a
nalysis of workstation in order to evaluate the safety
and health conditions.


Provide training for the use of IT facilities


Ensure that employees take regular breaks


Give regular eye checks for computer users.

Employees are required to:


Use equipment cor
rectly in accordance to training


Bring problems to the attention of employers

Manufacturers are required to:


Provide monitors with tilted and swivelled features


Keyboards must be separate and moveable


Notebook PC’s are not suitable for entering large vol
umes of

The Ergonomic Environment:

Ergonomics refers to the design and functionality of the environment and
encompass the entire range of environmental factors.


Lighting must be well lit with blinds



chairs of adjustable height, will f
ull back rest,
swivelling on five point base.



combination of chair, desk, computer, accessories,
lighting, heating, ventilation all contribute to overall well being.



Noisy printers should be relocated.



screen must tilt, swive
l and be flicker free.



Should be facilitated, easy to use and adaptable to
users experience.

Heathcote AS Notes

Chapter 10


Chapter 10: Computer Crime and the Law

Hacking is defined as unauthorised access to data held on a computer

Theft Of Data

Data can be stolen by illegally accessing it, or by stealing the computer on
which the data is stored.

Fraud on the Internet:

The most common form of fraud on the internet takes place between traders
that appear to be legitimate an
d innocent purchasers of goods that are offered
for sale.


Viruses are generally developed with a definite intention to cause damage to
computer files or, at the very least, cause inconvenience and annoyance to
computer users.

Logic Bomb:

A l
ogic bomb is similar to a virus and is sometimes delivered by means of a
virus. The bomb can be written to destroy or worse, subtly change the
contents of an organisations computer systems. However this does not begin
until signalled to do so by the hacke

Digital Crime and the law:

The rapid progress of computer technology has led to the need for the new
laws to be introduced so that all perpetrators of computer crim can be

The Computer Misuse Act of 1990 :

In early 1980’s in the UK, ha
cking was not illegal. This law was later changed
when the Computer Misuse Act of 1990 was introduced which identified three
specific criminal offences to deal with the problems of hacking, viruses and
other nuisances. These are:

Unauthorised Access to c
omputer programs or data

Unauthorised Access with a further criminal intent

Unauthorised Modification of computer material.

Software Copyright Laws:

Computer software is now covered by the Copyright Designs and Patents Act
of 1988 which covers a wide ra
nge of intellectual property such as music
literature and software. Provisions of the act make it illegal to:

copy software

run pirated software

transmit software over a telecommunications line, therby creating a

Shareware software can be distribu
ted but not changed in anyway and is
usually limited in terms of a trial period or missing functions.

Freeware software can be freely distributed but not changed in anyway. All
functions are included and is likely to be a full version which does not requi
registration or any fees.

Chapter 11

Protecting ICT Systems:

Internal Threats

External Threats

Hardware Failure


Faulty procedures (poor training)


Natural Disasters

Dishonest employees

Measures to protect ICT systems from ill
egal access:

Physical restrictions to the building

Access System

Users ID, Passwords, Access Levels

Restricted Access

File Permissions

Audit Trial Software (E.g. RM Auditor)

Encrypted Data

Virus Protection (e.g. Dr. Solomon’s or Norton AVP)

Staff Scre

Staff Training

Careful locating of the mainframe computer server.

Chapter 12

Data Protection Legislation

Personal Privacy

The right to privacy is a fundamental human right and one
that is taken for granted. To ensure this, the Data Protection a
ct was
developed and introduced.

Definitions of DPA:



Personal Data

Information about living identifiable
individuals. Personal data do not
have to sensitive information and can
be as little as a name and address.

Automatically Processed

Processed by computer or other
technology such as document image
processing system. The act NOW
covers manually stored information
such as paper based.

Data Users

Those who control the contents and
use of a collection of personal data.

Data Subjects

e individual to whom the personal
data relates to.

Chapter 13

Health and Safety

See MK Notes on page 2 onwards for information (same as in book).

Chapter 47 Review

Implementation of Legislation

Laws Relating To ICT:

Legislation governs many aspec
ts of the use of computer within an

The Data protection Act

Copyright Designs and Patents Act (Software Copyright

Against Copyright Theft


The Health and Safety Regulations.

The Data Protection Act

Acts to protect the
privacy of individuals. Its main areas of concern are that:

Data and information should be secure

Private, personal or other data should be accurate.

Data stored should not be misused.

Organisations should develop their own privacy policies to ensure the

law on
data protection is upheld. This may concern two areas of customers and the

A Data Protection Policy:

Section 1: Customer Service


The policy on data privacy should be publicised and available on


Customers should be told the

purpose of their data being used.


Data should be obtained directly from the customer for accuracy.


No data should be used for other purposes that have been stated.


Consent should be obtained by providing a clear opt
out box on forms.


Customers should be g
iven easy access to files containing their own
personal information.


Any errors in personal data should be corrected immediately.


Customers concerns should be listened to.

Section 2: Organisational Culture:


The company policy should be clearly communicate
d to all staff.


An awareness of the issue of privacy should be adopted by all


Staff should be held accountable for the company’s privacy policy.
Individuals are personally liable for breeches of the act.


The effect on privacy of any new proposed

system or service should be
assessed before it is developed.


Reasonable steps should be take to ensure all data is accurate and


A schedule should be kept for how long the data will be kept


A security policy should be developed and enforced to ensu
re that all
data is kept secure from accidental or malicious damage.


A senior manager should be designated to be responsible to enforce
the security policy.


All staff should be made aware of security via passwords and
maintaining physical security.


c checks should be made.

Software Copyright

Under the terms of the Copyright Designs and Patents Act of 1988 it is illegal
to copy software or run pirated software. The Business Software Alliance
(BSA) exists to make organisations and their employees awar
e of the Law
and steps they should take to ensure that is it implemented.

The BSA has prepared a step
step guide to software management which
includes the following advice:

Conduct An Audit

Prepare an inventory of current software. Any
illegal softw
are discovered during the audits should be deleted


Purchase licences for enough copies of each program to
meet your needs. Network metering packages should be used to
restrict number of allowed copies of software running.


Demonstrate your businesses commitment to using legal
software by adopting various procedures:


Appoint a software manager.


Arrange an audit of all machines on a regular basis


Send a memo to all staff reiterating your organisations concerns
about softw
are duplication and advise them of coming audits.

Channel software requirements / purchases through a single point.

Make regular checks on software suppliers and software entering your

Send a memo to staff advising them of the illegal implications

software copying and disciplinary procedures.

Request your staff to sign an employee agreement verifying their
understanding of the organisations policy of illegal software.

Health And Safety

Read MK notes from earlier pages.

Taking Regular Breaks

Providing regular breaks and coffee making facilities
as well as varying tasks can help prevent health problems. They are likely to
be more productive and happier.

Providing the right equipment

There are regulations concerning the type of
computer equ
ipment and furniture that must be provided for IT users. See MK

The employers responsibility

employers are responsible for the health and
safety of their employees and they are obliged to demonstrate this
responsibility by carrying out a formal e
valuation of the working environment
and acting on any feedback from the evaluation.

The bottom line is that ignorance of the law is no defence and sooner or later
all organisations will have to invest some money in ergonomics. Companies
who disregard t
heir obligations may be successfully sued by injured