Computer Misuse Act 1990

The "Computer Misuse Act 1990" covers three offences

1. Simple hacking, that is the unauthorised entry to computer facilities via a computer.

2. Unauthorised access with criminal intent, that is hacking with the intention of perpetrating a more serious crime.

3. Unauthorised amendment or damage to data and covers among other things the introduction of viruses and time bombs.
   

Anyone convicted of an offence under this act can expect a fine of unlimited amount plus a prison sentence ranging up to a maximum of 5 years.

Anyone suspecting that an offence has been committed should refer the matter to the Head Teacher.

From IT Security & Privacy Guidelines for Users, Oxfordshire County Council © 1997

Copyright, Designs & Patents Act 1988

The "Copyright, Designs & Patents Act 1988" provides the same rights to authors of computer programs as literary, dramatic and musical authors have to their works. Those rights extend for the life of the author and for fifty years after the author's death.

Software is generally not sold outright to the purchaser. Instead the purchaser is granted the right to use it as laid down in the user licence. It is normally expected that only one person at a time will have access to and use the software concerned. A network licence may be purchased, normally at a reduced rate, for a defined number of users. A site licence may be available to cover all (unlimited) users within the premises.

It is thus illegal to make copies of software without the copyright owner's consent, or to duplicate software loaded on a hard disk for use on any other personal computer unless allowed for under the licence.

Anyone convicted of an offence under this act can expect a fine of unlimited amount plus a prison sentence ranging up to a maximum of 2 years.

Adapted from IT Security & Privacy Guidelines for Users, Oxfordshire County Council © 1997

Data Protection Act 1998

The "Data Protection Act 1998" is intended to protect the individual from unauthorised use and disclosure of personal information held on a computer system. It consists of the following eight principles:

1. Personal data shall be processed fairly and lawfully ;

2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes;

3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed;

4. Personal data shall be accurate and, where necessary, kept up to date;

5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes;

6. Personal data shall be processed in accordance with the rights of data subjects under this Act;

7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data;

8. Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data

All organisations that collect data must register with the Data Protection Registrar. The DPA gives the data subject the right to complain to the Data Protection Registrar and can demand that incorrect data is corrected or erased. The Data subject has a right to seek compensation for damage caused by the use of inaccurate data.

Exemptions

• Data held for personal or recreational/club membership
• Data from which the data subject cannot be identified
• Pay-roll and pensions data provided it is not used for anything else
• Data for mailing lists provided that the data does not include antything other than names and addresses.

The organisation can be forced to reveal details that they hold on a data subject, reasons may include:-

• Data needed to help prevent crime
• Data is needed for tax purposes
• Law requires data to be made public
• In the interests of National Security

The organisation can refuse to tell the data subject what data is held on them for these reasons:-

• Prevention of crime and catching of criminals
• Appointment of judges and others in judicial system
• Health and social services data if it is not considered to be in the best interest for them to see what is held
• In the Interests of national Security

The rights of individuals

The right of subject access

The Data Protection Act allows individuals to find out what information is held about themselves on computer and some paper records. This is known as the right of subject access.

The right of rectification, blocking, erasure and destruction

The Data Protection Act allows individuals to apply to the Court to order a data controller to rectify, block, erase or destroy personal details if they are inaccurate or contain expressions of opinion which are based on inaccurate data.

The right to prevent processing

A data subject can ask a data controller to stop or request that they do not begin processing relating to him or her where it is causing, or is likely to cause, substantial unwarranted damage or substantial distress to themselves or anyone else. However, this right is not available in all cases and data controllers do not always have to comply with the request.

The right to prevent processing for direct marketing

A data subject can ask a data controller to stop or not to begin processing data relating to him or her for direct marketing purposes. This is an absolute right.

The right to compensation

A data subject can claim compensation from a data controller for damage or damage and distress caused by any breach of the Data Protection Act. Compensation for distress alone can only be claimed in limited circumstances.

Rights in relation to automated decision-taking

An individual can ask a data controller to ensure that no decision which significantly affects them is based solely on processing his or her personal data by automatic means. There are, however, some exemptions to this.

Try this page for a much more detailed look at the DPA 1998

Obscene Publications Act 1959 and 1964

The "Obscene Publications Act 1959 and 1964" states that an article shall be deemed to be obscene if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it.

It is an offence to publish an obscene article or to have an obscene article in ownership, possession or control with a view to publishing it or, where the data is stored electronically, to transmit that data.

The "Telecommunications Act 1984" makes it an offence to send 'by means of a public telecommunications system, a message or other matter that is grossly offensive or of an indecent, obscene or menacing character' and is an imprisonable offence with a maximum term of six months.