Legislation Laws In Brief MK Notes December 2000

typoweheeElectronics - Devices

Nov 8, 2013 (3 years and 9 months ago)

52 views

Legislation


Laws In Brief


MK Notes December 2000


The Computer Misuse Act 1990


Three specific criminal offences documented:




Hacking



Viruses



Nuisances




Unauthorised Access to computer programs or data.




Unauthorised Access with a further criminal inte
nt.




Unauthorised Access modification of computer material.


Software Copyright Law


-

Copy laws

-

Run pirate software

-

Transmit software over a telecommunications line


creating
copy.


Data Protection




Personal data must be:

-

Obtained lawfully and fairly

-

Held

for specific reasons

-

Used for a specific purpose ONLY

-

Relevant and Adequate

-

Accurate and Update

-

Kept no longer than necessary

-

Made available to the individual concerned for corrections.

-

Secure.


Unauthorised access or accidental loss / destruction of data

is also prohibited.


DPA Registrar:




Administering a public register of data users with broad details of data
held.



Investigating complaints and initiating prosecuting of people for
breaches of the act.



Publishing several documents that offer guidelines
and assistance for
the data users.


All Data Users Have To Register Giving:


1.

Their name, the address etc

2.

Description of the data held and its purpose

3.

A description of the sources from which the data is obtained.

4.

A description of the person(s) to whom it is

intended to disclose the
data to.


Exemptions from the act:




In connection with

-

National security

-

Crime

-

Domestic purposes

-

Tax and duty


Your Rights:


Right To:

-

Compensation for unauthorised disclosure of data

-

Compensation for inaccurate data

-

Access the da
ta for verification or erasure where inaccuracy
occurs.

-

Compensation for unauthorised access, loss or destruction of
data.


Health & Safety Law


Health Hazards that can occur:




Stress



RSI



Eyestrain



Radiation



Backache




Employers are required to:


-

Perform a
nalysis of workstation in order to evaluate the safety
and health conditions.

-

Provide training for the use of IT facilities

-

Ensure that employees take regular breaks

-

Give regular eye checks for computer users.




Employees are required to:


-

Use equipment cor
rectly in accordance to training

-

Bring problems to the attention of employers




Manufacturers are required to:


-

Provide monitors with tilted and swivelled features

-

Keyboards must be separate and moveable

-

Notebook PC’s are not suitable for entering large vol
umes of
data.


The Ergonomic Environment:


Ergonomics refers to the design and functionality of the environment and
encompass the entire range of environmental factors.


-

Lighting must be well lit with blinds

-

Furniture


chairs of adjustable height, will f
ull back rest,
swivelling on five point base.

-

Workspace


combination of chair, desk, computer, accessories,
lighting, heating, ventilation all contribute to overall well being.

-

Noise


Noisy printers should be relocated.

-

Hardware


screen must tilt, swive
l and be flicker free.

-

Software


Should be facilitated, easy to use and adaptable to
users experience.




Heathcote AS Notes


Chapter 10


13


Chapter 10: Computer Crime and the Law


Hacking is defined as unauthorised access to data held on a computer
s
ystem.


Theft Of Data


Data can be stolen by illegally accessing it, or by stealing the computer on
which the data is stored.


Fraud on the Internet:


The most common form of fraud on the internet takes place between traders
that appear to be legitimate an
d innocent purchasers of goods that are offered
for sale.


Viruses:


Viruses are generally developed with a definite intention to cause damage to
computer files or, at the very least, cause inconvenience and annoyance to
computer users.


Logic Bomb:


A l
ogic bomb is similar to a virus and is sometimes delivered by means of a
virus. The bomb can be written to destroy or worse, subtly change the
contents of an organisations computer systems. However this does not begin
until signalled to do so by the hacke
r.


Digital Crime and the law:


The rapid progress of computer technology has led to the need for the new
laws to be introduced so that all perpetrators of computer crim can be
prosecuted.


The Computer Misuse Act of 1990 :


In early 1980’s in the UK, ha
cking was not illegal. This law was later changed
when the Computer Misuse Act of 1990 was introduced which identified three
specific criminal offences to deal with the problems of hacking, viruses and
other nuisances. These are:




Unauthorised Access to c
omputer programs or data



Unauthorised Access with a further criminal intent



Unauthorised Modification of computer material.


Software Copyright Laws:


Computer software is now covered by the Copyright Designs and Patents Act
of 1988 which covers a wide ra
nge of intellectual property such as music
literature and software. Provisions of the act make it illegal to:




copy software



run pirated software



transmit software over a telecommunications line, therby creating a
copy.


Shareware software can be distribu
ted but not changed in anyway and is
usually limited in terms of a trial period or missing functions.


Freeware software can be freely distributed but not changed in anyway. All
functions are included and is likely to be a full version which does not requi
re
registration or any fees.


Chapter 11


Protecting ICT Systems:


Internal Threats

External Threats

Hardware Failure

Hackers

Faulty procedures (poor training)

Viruses

Natural Disasters


Dishonest employees



Measures to protect ICT systems from ill
egal access:




Physical restrictions to the building



Access System


Users ID, Passwords, Access Levels



Restricted Access


File Permissions



Audit Trial Software (E.g. RM Auditor)



Encrypted Data



Virus Protection (e.g. Dr. Solomon’s or Norton AVP)



Staff Scre
ening



Staff Training



Careful locating of the mainframe computer server.


Chapter 12


Data Protection Legislation


Personal Privacy


The right to privacy is a fundamental human right and one
that is taken for granted. To ensure this, the Data Protection a
ct was
developed and introduced.


Definitions of DPA:


Item

Definition

Personal Data

Information about living identifiable
individuals. Personal data do not
have to sensitive information and can
be as little as a name and address.

Automatically Processed

Processed by computer or other
technology such as document image
processing system. The act NOW
covers manually stored information
such as paper based.

Data Users

Those who control the contents and
use of a collection of personal data.

Data Subjects

Th
e individual to whom the personal
data relates to.


Chapter 13


Health and Safety


See MK Notes on page 2 onwards for information (same as in book).


Chapter 47 Review

Implementation of Legislation


Laws Relating To ICT:


Legislation governs many aspec
ts of the use of computer within an
organisation:




The Data protection Act



Copyright Designs and Patents Act (Software Copyright


Federation
Against Copyright Theft


FACT).



The Health and Safety Regulations.


The Data Protection Act


Acts to protect the
privacy of individuals. Its main areas of concern are that:




Data and information should be secure



Private, personal or other data should be accurate.



Data stored should not be misused.


Organisations should develop their own privacy policies to ensure the

law on
data protection is upheld. This may concern two areas of customers and the
organisation.

A Data Protection Policy:


Section 1: Customer Service


1.

The policy on data privacy should be publicised and available on
request.

2.

Customers should be told the

purpose of their data being used.

3.

Data should be obtained directly from the customer for accuracy.

4.

No data should be used for other purposes that have been stated.

5.

Consent should be obtained by providing a clear opt
-
out box on forms.

6.

Customers should be g
iven easy access to files containing their own
personal information.

7.

Any errors in personal data should be corrected immediately.

8.

Customers concerns should be listened to.

Section 2: Organisational Culture:


1.

The company policy should be clearly communicate
d to all staff.

2.

An awareness of the issue of privacy should be adopted by all
employees.

3.

Staff should be held accountable for the company’s privacy policy.
Individuals are personally liable for breeches of the act.

4.

The effect on privacy of any new proposed

system or service should be
assessed before it is developed.

5.

Reasonable steps should be take to ensure all data is accurate and
update.

6.

A schedule should be kept for how long the data will be kept

7.

A security policy should be developed and enforced to ensu
re that all
data is kept secure from accidental or malicious damage.

8.

A senior manager should be designated to be responsible to enforce
the security policy.

9.

All staff should be made aware of security via passwords and
maintaining physical security.

10.

Periodi
c checks should be made.

Software Copyright


Under the terms of the Copyright Designs and Patents Act of 1988 it is illegal
to copy software or run pirated software. The Business Software Alliance
(BSA) exists to make organisations and their employees awar
e of the Law
and steps they should take to ensure that is it implemented.


The BSA has prepared a step
-
by
-
step guide to software management which
includes the following advice:




Conduct An Audit


Prepare an inventory of current software. Any
illegal softw
are discovered during the audits should be deleted
immediately.



Purchasing


Purchase licences for enough copies of each program to
meet your needs. Network metering packages should be used to
restrict number of allowed copies of software running.



Procedur
es


Demonstrate your businesses commitment to using legal
software by adopting various procedures:

-

Appoint a software manager.

-

Arrange an audit of all machines on a regular basis

-

Send a memo to all staff reiterating your organisations concerns
about softw
are duplication and advise them of coming audits.



Channel software requirements / purchases through a single point.



Make regular checks on software suppliers and software entering your
company



Send a memo to staff advising them of the illegal implications

of
software copying and disciplinary procedures.



Request your staff to sign an employee agreement verifying their
understanding of the organisations policy of illegal software.

Health And Safety


Read MK notes from earlier pages.


Taking Regular Breaks


Providing regular breaks and coffee making facilities
as well as varying tasks can help prevent health problems. They are likely to
be more productive and happier.


Providing the right equipment


There are regulations concerning the type of
computer equ
ipment and furniture that must be provided for IT users. See MK
Notes.


The employers responsibility


employers are responsible for the health and
safety of their employees and they are obliged to demonstrate this
responsibility by carrying out a formal e
valuation of the working environment
and acting on any feedback from the evaluation.



The bottom line is that ignorance of the law is no defence and sooner or later
all organisations will have to invest some money in ergonomics. Companies
who disregard t
heir obligations may be successfully sued by injured
employees.