Computer Related Legislation

Legislation for the protection of privacy can be divided into laws intended to protect your personal privacy or property, and laws intended to protect national security. Some of these laws relate specifically to computer science such as the Data Protection Act (1998), the Computer Misuse Act (1990), and the Regulation of Investigatory Powers Act (2000). Furthermore, laws such as the Copyright, Designs, and Patents Act (1988) have a more general application, but also apply to computer-related intellectual property, for example, computer programs or digital art.

Data Protection Act (1998) –

Designed to ensure that personal data is kept accurate, up-to-date, safe, and is not used in a way that would harm the individual.

Follows 8 principles –

  1. Data must be collected and used fairly and inside the law.
  2. It must only be held and used for the reasons given to the Information Commissioner (someone who would oversee the collection of data).
  3. Data can only be used for the registered purposes, and only be discloses to the people mentioned in the register entry. This means you cannot give it away or sell it unless disclosed from the beginning.
  4. Information held must be adequate, relevant, and not excessive.
  5. Must be accurate and kept up to date.
  6. Must not be kept longer than is necessary for the registered purpose.
  7. Information must be kept safe and secure.
  8. Files may not be transferred outside of the European Economic Area.

Furthermore, all data subjects (people who have their data stored) have the rights to the following –

  • To access the data about themselves.
  • Correct any mistakes in the data.
  • Prevent the use of their data if it would cause them distress.
  • Stop their data being used in attempts to promote or sell them products.
  • To prevent automatic decisions.
  • Complain to the information commissioner about the use or storage of their data.
  • Compensation for damages caused.

There are also some exemptions to the Data Protection Act –

  • Personal data that is held for a national security reason is not covered by the data protection act, so the data subject has no rights to remove, edit, or contest the data stored.
  • Personal data held by an individual for personal purposes are exempt.

Some partial exemptions from the Data Protection Act –

  • Taxmen and police do not have to disclose information held or processed.
  • The data subject has no right to see information regarding their own health.
  • School pupils have no rights to access personal files or exam results pre-publication.
  • The data controller can keep the data indefinitely if it is for statistic/historical/research purposes.
  • Research is exempt if it is in the public interest or does not identify individuals.
  • Employment written by previous employers is exempts.
  • Planning information about staff in a company is exempt, as this could damage a business if made public.

Computer Misuse Act (1990) –

Makes it an offense to access or modify computer material without permission. To protect personal data held by organizations from unauthorized access and modification, the following actions are illegal –

  • Unauthorised access to computer material, i.e. entering a computer system without permission.
  • Unauthorised access with the intent to commit a further crime.
  • Unauthorised modification of data.
  • Making, supplying, or obtaining anything which can be used in computer misuse offences (malware, spyware, etc.)

The Regulation of Investigatory Powers Act (2000) –

This act provides grounds and regulations for public bodies to carry out surveillance and investigation, including –

  • Enabling certain public bodies to demand that an ISP (Internet Service Provider) provides access to a customer’s communications in secret.
  • Enabling mass surveillance of communications in transit.
  • Enabling certain public bodies to demand an ISPs fit equipment to allow for surveillance.
  • Enabling certain public bodies to demand that someone hand over keys or access to protected information.
  • Allowing certain public bodies to monitor people’s internet activities.
  • Preventing the existence of interception warrants and any data collected with them from being revealed in court.

The Copyright, Design and Patents Act (1988) –

This act is designed to protect people’s intellectual property, which can be anything they have made themselves, for example a book, music, video, or software. The act makes it illegal to use, copy, or distribute someone else’s intellectual property without the appropriate permission or license. For example, if you bought music, either on a CD or digitally, it would be illegal to pass a copy to a friend, make copies to sell, or use the music on a network, unless the license allowed it. The industries themselves can take precautions to prevent the illegal copying of works too, such as providing unique keys to validate software installs, or requiring the physical CD to be in the optical drive to run the software. However, algorithms are not eligible for protection under the Copyright, Design and Patents Act.