Unit 1.5.1 Computing Legislation
The Data Protection Act (1998)
The Act concerns the storage of data about individual people. It creates the role of Data Controller, whose job is to ensure the accuracy and security of the data stored about said individuals (the data subjects).
It consists of 8 main provisions which must be followed:
- Data should be processed fairly and lawfully - i.e. the data cannot be obtained in an illegal fashion and the data subject should be aware as to why the data is being collected.
- Data should only be used for purposes as specified to the Data Protection Agency (DPA) and should not be disclosed to other parties without consent.
- Data should be relevant and not excessive.
- Data should be kept accurate and up-to-date.
- Data should only be kept for as long as is necessary.
- Data subjects have the right to access data stored about them and should be permitted to check and update the data if necessary.
- Adequate security must be in place to prevent unauthorised access to the data.
- The data may not be transferred outside the EU unless the country has the adequate data-protection legislation.
There are some notable exemptions to the Act:
- National Security - any data concerned with National Security is automatically exempt from the Act.
- Crime and Taxes - any data used to prevent and detect crime, apprehend or prosecute offenders or assess or collect taxes is exempt from the Act.
- Domestic Purposes - Personal data processed by an individual only for the purposes of that individual’s personal, family or household affairs is exempt from the Act.
The Computer Misuse Act (1990)
This Act is targeted at hackers and those who attempt to access a system without authorisation. Under the act it is a criminal offence to:
- Make any unauthorised access to computer material
- Make any unauthorised access with intent to commit or facilitate commission of further offences.
- Make any unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer, etc.
To try and reduce the threat from hackers, various technologies are used to defend against malicious attack. For example, Firewalls and the SSL (Secure Socket Layer) protocol can be used to help improve network security and prevent unauthorised access.
The Copyright Designs and Patents Act (CDPA) (1988)
The purpose of the CDPA is to protect the intellectual property (IP) of a person or company. The act makes it illegal to copy, modify or distribute IP without permission. There are many sites online offering copyrighted material for free download, or using P2P transfers like Torrents to obtain material. This prevents the original creator obtaining money and credit for their work. The act covers many different forms of material, some of which are listed below:
The Regulation of Investigatory Powers Act (RIPA) (2000)
This more recent act was created in response to increased online criminal activity and allowed the government to intercept communications. It provides certain authorities such as the police the right to:
- Demand that an ISP provide access to a customer's communications in secret;
- Enable mass surveillance of communications in transit;
- Enable certain public bodies to demand ISPs fit equipment to facilitate surveillance;
- Enable certain public bodies to demand that someone hand over keys to protected information;
- Allows certain public bodies to monitor people's Internet activities;
- Prevents the existence of interception warrants and any data collected with them from being revealed in court. The Act is designed to allow authorities to access communications to prevent criminal or terrorist activities. Initially there was concern as to the range of "public bodies" who were allowed to access such information.
Communications Act (2003)
The act contains some components which impact the use of computers:
- Access an internet connection with no intent to pay for the service - It is a crime to piggyback on a wireless network without permission from its owner
- Sending offensive communication using any means of communication.
This act is designed to deal with threats of violence or material designed to cause harm.
Equality Act (2010)
This act makes it illegal to discriminate against anyone with certain protected characteristics. The main implications this has in computing is web services, where certain features must be employed to make websites more accessible for disabled users:
- Sites should be screen-reader compatible.
- Options should be made for larger text sizes or screen magnification.
- Font choice for those who struggle to read certain font styles.
- Audio description for images.
- Contrasting colours for text and background making it easier to read.
- Subtitles on videos or audio for deaf users.