Transcript Document

Legal Implications of Info Systems
 The
Data Protection Act 1998
 Computer Misuse Act 1990
 Copyright Designs and Patents Act 1988
 The Regulation of Investigatory Powers Act 2000
 The Freedom of Information Act (Scotland) 2002
 Health and safety regulations
The 1998 Data Protection Act

The 8 data protection principles

In the UK, data must be registered with the Data
Commissioner.
 Personal
 Personal
 Personal
 Personal
 Personal
 Personal
data shall be processed fairly and lawfully.
data shall be obtained only for lawful purposes.
data shall be adequate, relevant and not excessive.
data shall be accurate and kept up to date.
data shall not be kept for longer than is necessary.
data shall be processed in accordance with the
rights of data subjects.
 Appropriate measures shall be taken against unauthorised
or unlawful processing of data.
 Personal data shall not be transferred to a country outside
Europe.
The 1998 Data Protection Act
 Unconditional
 Data
 Data
exemptions:
related to national security.
which by law has to be made public (e.g. the voters’
roll).
 Data held by the Police and National Health Service.

Conditional exemptions:
 Mailing lists (names and addresses).
 Data used for calculating and paying wages.
 Information used for club memberships.
 Data used by a data subject at home.

Rights of data subjects:

Responsibilities of data users:
 To
see any personal data stored either electronically or manually
about them.
 The data controller may ask that a small fee be paid to cover their
costs in providing the data.
 To have their data corrected if it is inaccurate.
 To prevent their data being used by companies to send them junk
mail.
 Have
to register with the Data Protection Registrar if they wish to
hold personal information about data subjects.
 They must be willing to let data subjects see data held about them,
and must amend any false data without charge.
 Data users must also be willing to remove subjects’ names and
addresses from mailing lists if asked to.
Changes from the 1984 Act:
 The
1984 DPA had certain shortcomings:
It only covered data in electronic form.
Companies could circumvent certain provisions.
It had no European or worldwide dimension.
There was no obligation on data users to tell the
they held any data about them.
 The
1998 Act:
Covers
data subjects that
the transmission of data in electronic form, which was not
really an issue in 1984.
Harmonised the European Union Data Protection legislation.
It also made it a requirement of the Act to ask for the prior
consent of data subjects to have data held about them, and it
included paper-based records.
Computer Misuse Act
The Act contains three sections covering:
Unauthorised
Basic
access to computer material
hacking – e.g. breaking into the school network, locking
a user out of the system, etc.
Unauthorised
access with intent to commit or
facilitate commission of further offences
Where
a computer system is used to help commit a crime.
Unauthorised
Expert
modification of computer material
hacking – modification of data without permission.
Also covers the transmission of viruses.
Copyright, Designs & Patents Act
 Software
licensing
 Computer
applications
 Software
can be legally installed on as many computers as the
licence allows.
 Shareware can be used legally for 30 days then either paid for
or deleted.
 Freeware can be downloaded and used free of charge.
 Databases can store vast amounts of copyright data.
 Act covers extracts from computer databases.
 Plagiarism to copy work directly from the Web.
 Music downloads must be paid for and copyright checked.
 Software piracy a crime - FAST.
The Regulation of Investigatory Powers Act 2000
Gives
powers to:
Police,
Special Branch, GCHQ and MI5.
Organisations are allowed to monitor employees, email and Web usage.
It also provides powers to help combat the threat
posed by rising criminal use of strong encryption to
try to break into electronic transactions.
The Regulation of Investigatory Powers Act 2000
 The
 It
 It
Act contains 5 parts
allows the authorities to monitor our personal e-mail and
Internet usage. So businesses, local authorities and
government departments can and do monitor internal e-mails.
They can also monitor Internet usage of staff, students and
pupils.
sounds very “Big Brother”.
 May enrage and disturb many people to realise this.
 But when terrorists can be anywhere in our society it
may be a
relief to know that the authorities are taking active steps to
catch them.
The Freedom of Information Act (Scotland) 2002

From 1 January 2005
 General right of public access to all types of 'recorded'
information held by public authorities.
 Sets out exemptions from that general right.
 Places a number of obligations on public authorities.
 The Act applies only to 'public authorities' and not to private
entities.
 Public authorities include Government departments, local
authorities and many other public bodies, and also schools,
colleges and universities.
 The Act is enforced by the Scottish Information Commissioner.
The Freedom of Information Act (Scotland) 2002
 Responsibilities
of public authorities
Required to adopt and maintain a Publication
Scheme.
This sets out the classes of information
available (e.g. prospectuses, almanacs and
websites); the manner in which they intend to
publish the information; and whether a charge
will be made for the information.
Health and Safety Regulations

Covers physical aspects of work

Employee injuries, etc.
 Seating:
Is the seating comfortable and not causing strain?
 Lighting: Is the lighting adequate for the work?
 Repetitive
Strain Injury (RSI): Caused by doing the same repetitive
task too long (e.g. typing numbers all day on the number pad).
 Radiation: Not so much of a problem now but the big old monitors
emitted a lot of radiation and were very dangerous.
 Eye Strain: Caused by spending too much time looking at the screen.
Health and Safety Regulations
Requirements on employers:
 To carry out a risk assessment.
 Employers with five or more employees
need to record
the significant findings of the risk assessment.
 Risk assessment should be straightforward in a simple
workplace such as a typical office.
 To provide a safe and secure working environment.