Transcript Document
Legal Implications of Info Systems The Data Protection Act 1998 Computer Misuse Act 1990 Copyright Designs and Patents Act 1988 The Regulation of Investigatory Powers Act 2000 The Freedom of Information Act (Scotland) 2002 Health and safety regulations The 1998 Data Protection Act The 8 data protection principles In the UK, data must be registered with the Data Commissioner. Personal Personal Personal Personal Personal Personal data shall be processed fairly and lawfully. data shall be obtained only for lawful purposes. data shall be adequate, relevant and not excessive. data shall be accurate and kept up to date. data shall not be kept for longer than is necessary. data shall be processed in accordance with the rights of data subjects. Appropriate measures shall be taken against unauthorised or unlawful processing of data. Personal data shall not be transferred to a country outside Europe. The 1998 Data Protection Act Unconditional Data Data exemptions: related to national security. which by law has to be made public (e.g. the voters’ roll). Data held by the Police and National Health Service. Conditional exemptions: Mailing lists (names and addresses). Data used for calculating and paying wages. Information used for club memberships. Data used by a data subject at home. Rights of data subjects: Responsibilities of data users: To see any personal data stored either electronically or manually about them. The data controller may ask that a small fee be paid to cover their costs in providing the data. To have their data corrected if it is inaccurate. To prevent their data being used by companies to send them junk mail. Have to register with the Data Protection Registrar if they wish to hold personal information about data subjects. They must be willing to let data subjects see data held about them, and must amend any false data without charge. Data users must also be willing to remove subjects’ names and addresses from mailing lists if asked to. Changes from the 1984 Act: The 1984 DPA had certain shortcomings: It only covered data in electronic form. Companies could circumvent certain provisions. It had no European or worldwide dimension. There was no obligation on data users to tell the they held any data about them. The 1998 Act: Covers data subjects that the transmission of data in electronic form, which was not really an issue in 1984. Harmonised the European Union Data Protection legislation. It also made it a requirement of the Act to ask for the prior consent of data subjects to have data held about them, and it included paper-based records. Computer Misuse Act The Act contains three sections covering: Unauthorised Basic access to computer material hacking – e.g. breaking into the school network, locking a user out of the system, etc. Unauthorised access with intent to commit or facilitate commission of further offences Where a computer system is used to help commit a crime. Unauthorised Expert modification of computer material hacking – modification of data without permission. Also covers the transmission of viruses. Copyright, Designs & Patents Act Software licensing Computer applications Software can be legally installed on as many computers as the licence allows. Shareware can be used legally for 30 days then either paid for or deleted. Freeware can be downloaded and used free of charge. Databases can store vast amounts of copyright data. Act covers extracts from computer databases. Plagiarism to copy work directly from the Web. Music downloads must be paid for and copyright checked. Software piracy a crime - FAST. The Regulation of Investigatory Powers Act 2000 Gives powers to: Police, Special Branch, GCHQ and MI5. Organisations are allowed to monitor employees, email and Web usage. It also provides powers to help combat the threat posed by rising criminal use of strong encryption to try to break into electronic transactions. The Regulation of Investigatory Powers Act 2000 The It It Act contains 5 parts allows the authorities to monitor our personal e-mail and Internet usage. So businesses, local authorities and government departments can and do monitor internal e-mails. They can also monitor Internet usage of staff, students and pupils. sounds very “Big Brother”. May enrage and disturb many people to realise this. But when terrorists can be anywhere in our society it may be a relief to know that the authorities are taking active steps to catch them. The Freedom of Information Act (Scotland) 2002 From 1 January 2005 General right of public access to all types of 'recorded' information held by public authorities. Sets out exemptions from that general right. Places a number of obligations on public authorities. The Act applies only to 'public authorities' and not to private entities. Public authorities include Government departments, local authorities and many other public bodies, and also schools, colleges and universities. The Act is enforced by the Scottish Information Commissioner. The Freedom of Information Act (Scotland) 2002 Responsibilities of public authorities Required to adopt and maintain a Publication Scheme. This sets out the classes of information available (e.g. prospectuses, almanacs and websites); the manner in which they intend to publish the information; and whether a charge will be made for the information. Health and Safety Regulations Covers physical aspects of work Employee injuries, etc. Seating: Is the seating comfortable and not causing strain? Lighting: Is the lighting adequate for the work? Repetitive Strain Injury (RSI): Caused by doing the same repetitive task too long (e.g. typing numbers all day on the number pad). Radiation: Not so much of a problem now but the big old monitors emitted a lot of radiation and were very dangerous. Eye Strain: Caused by spending too much time looking at the screen. Health and Safety Regulations Requirements on employers: To carry out a risk assessment. Employers with five or more employees need to record the significant findings of the risk assessment. Risk assessment should be straightforward in a simple workplace such as a typical office. To provide a safe and secure working environment.