Home

Computer Laws

Data Protection Act 2000

First formed in 1984 when computers were being used more widely used by companies who wanted to keep their files electronically rather than in a filing cabinet. It was felt that the companies had some legal responsibilities to keep there records up to date, hold only the relevant information, and protect the data against people who may want to view the data for other purposes.

Each company is required to register with the Data Protection Commissioner (previously know as the Registrar) and declare the details of the data will hold under the Data Protection Act, the purposes for holding the data and to whom they wish to disclose the data to.

This could be anything from customer details, health records, pupil examination entries, UCAS applications etc, account records, tax payments.

The Data Protection Act was reformed in 1998, but first implemented in March 2000 and has eight principles

1. Personal Data must be obtained and processed fairly and lawfully
   Tick boxes on magazine subscription forms to stop your name being given to other
   companies for mail merging purposes.
2. Personal Data must be held for specified purposes.
   The data must only be held if it relates to the business of the company or firm e.g. patient records in a pharmacy.
3. Personal Data must not be used for any reason incompatible with its original purpose
   Data gathered for a political survey, can not then be used by a political party for purposes of canvassing.
4. Personal Data must be relevant and adequate
   Data must only hold the bare minimum information about a person. An extreme case would be to ask about which political party someone voted for in the previous election if they sell fridge/freezers.
5. Personal Data must be accurate and up-to-date
   Update records for change of addresses/details. Duplicated records must be deleted.
6. Personal Data must not be kept longer than necessary.
   If a person has left the company to be employed somewhere else then their records need to be deleted.
7. Personal data must be made available to the individual concerned and provision made for corrections.
   Each individual has the right to view their own data and correct the data if it found to contain any errors.
8. Personal Data must be kept secure.
   Each company has to have a policy to backup and recover customer records.

Exemptions from the Data Protection Act include:

• PAYROLL, PENSIONS and ACCOUNTS
• Access to data if it to be used for statistical or research purposes
• Data can be disclosed to a person's Lawyer or Accountant who that person has given permission too.
• National Security reason.
• Prevention of crime e.g. fraud, copyright.
• Collection of tax or duty e.g. Income Tax, Export Duty.

Copyright, Designs and Patent Act 1988

This act provides protection against the

• Copy of software
• Running of pirated software
• Transmission of software across telecommunication lines

Any reproduction of material that is copyrighted must have the permission of the owner of the copyright. The owner of the copyright is also entitled to ask for a payment for using the material.

Computer Misuse Act 1990

This act was introduced because under the laws at the time, people who hacked into other computers were not committing an offence and were free to attempt to break into a computer system. In April 1986, two men Gold and Shifreen were convicted under the Forgery and Counterfeiting Act of 1981 for leaving a message on the Duke of Edinburgh's private mailbox.

The Act is split into three categories

1. A person attempting to gain access to a program or data held in a compute without permission
2. A person attempts to gain access to a program or data held in a computer with intent to commit an offence.
3. A person attempts to gain access to a program or data held in a computer and during the act modifies or deletes the contents on that computer.
   or
   impairs the operation of the computer,
   or
   impairs the operation of a program
   or
   modifies the operation of the computer

All of these offences under the Computer Misuse Act carry a penalty of between six months and 5 years imprisonment or a fine or both.

Regulation Of Investigatory Power (RIP) Bill

This is a new bill being introduced in March 2000 for the security services such as the police and government agencies to intercept and decrypt electronic mail.

Source: Computing Magazine

United States Uniform Computer Information Transactions Act (UCITA)

This act that has been introduced in the United States permits a software company to disable the use of a program that they believe has been pirated. Vendors will give the users a 15 day notice of any remote shutdown and can do so without a court order.

The UK is concerned that this breaches the Data Protection Act and Computer Misuse Act.

Source: Computing 26/4/2000

Hosted by www.Geocities.ws