151-computer-related-legislation Flashcards
data protection act 1998
DPA – controls personal info usage by third parties
data protection act 1998 principles
Data must be collected and used fairly and inside the law
Data must only be held and used for the reasons given to the Information Commissioner
Data can only be used for those registered purposes and only be disclosed to those people mentioned in the register entry
Data held must be adequate, relevant and not excessive when compared with the purpose stated in the register
Data must be accurate and be kept up to date
Data must not be kept longer than is necessary for the registered purpose
Data must be kept safe and secure
The files may not be transferred outside of the European Economic Area unless the country that the data is being sent to has a suitable data protection law
The law applies to information stored both on computers and in organised paper filing systems
key differences between data protection act 2018 and 1998
The Data Protection Act 2018 is an updated version of the Data Protection Act 1998 that brought it in line with GDPR.
The Data Protection Act 2018 requires data controllers to prove that their data protection measures are sufficient, whereas the Data Protection Act 1998 does not have such a requirement.
The Data Protection Act 2018 gives data subjects the right not to be subject to a decision based on solely automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, while the Data Protection Act 1998 does not explicitly include such a right.
the computer misuse 1990
Computer Misuse Act 1990 aims to prevent hacking and unauthorized access to computer systems
Covers three primary offences: unauthorised access to computer material, unauthorised access with intent to commit or facilitate a crime, and unauthorised modification of computer material
Prohibits making, supplying, or obtaining tools or anything that can be used in computer misuse offences e.g Hardware tools such as key loggers, wireless receivers and transmitters, smartcard readers, and contactless readers can be used to gather data in storage or transit, Software tools like Trojans, port scanners, password crackers, and SQL injection can be used to gain unauthorized access to computer systems, indirect attacks like using skeleton keys or fake ID cards can be used to physically access servers
Breaking the computer misuse act-
Unauthorised access: fine up to £5000, prison up to 6 months
Unauthorised access with the intent to commit further crime: fine unlimited, prison up to 5 years
Unauthorised modification of data: fine unlimited, prison up to 5 years
Making, supplying or obtaining tools used to commit computer misuse offences: fine unlimited, prison up to 10 years
Intellectual property
Creations of the mind, such as inventions, literary and artistic works, designs; and symbols, names and images used in commerce. Protected by the law in the way of copyright, patents, licensing, trademarks.
Copyright: Rights a creator has over their own work
Patents: Exclusive right granted for an invention, provide the owner with the right to decide if or how their invention can be used by others
Licensing: Granting permission to use or access intellectual property
Trademark: Distinctive symbol, design, word, phrase, or combination of these, used to identify and distinguish the products or services of one person or company from those of others.
The Copyright Design and Patents Act 1988
Copyright Design and Patents Act 1988 protects intellectual property rights
Illegal to copy someone else’s work without permission
Breaches of this law have negative effects on the music and film industries
Breaking this law can result in up to 10 years in prison and a £50,000 fine
Covers everything from logos to music recordings and computer programs
Copyright gives creators exclusive rights and ownership over their work
License allows copyright holder to grant permission for creation to be used
Covers copying/use of brand names, inventions, product designs, and original works
Illegal to copy any work without owner or copyright holder’s permission
Software piracy, downloading music/films without paying, and using software without a license are illegal
Copyright holder can take legal action against infringement.
The Regulation of Investigatory Powers Act 2000
The Regulation of Investigatory Powers Act 2000 gives certain public bodies the power to monitor communications and internet activities.
This Act is controversial as it allows for mass surveillance and interception of communication without the customer’s knowledge.
The Act covers investigation, surveillance and interception of communication by public bodies.
Public bodies with these powers include the police, security services, and local councils.
All ISPs and online businesses are subject to RIPA.
The Act allows for the monitoring of an individual’s internet activities and demands access to protected information.
Balancing national security against individual privacy in the context of digital communication is a complex issue.
Intercepting phone and email traffic can be a powerful tool against organised crime and terrorism.
However, citizens value privacy and may not trust the government to keep their data confidential.
The use of RIPA by some local authorities for minor offences led to new rules.
ISPs (internet service provider)
provide people with internet access and services at home and work via a range of different devices like PC’s, tablets or smartphone
Under the terms of RIPA, ISPs must:
-provide access to digital communications, digital communication archives and internet activities when asked
-implement hardware and software systems that facilitate the surveillance of digital communications
Under the terms of RIPA, businesses must:
-provide access to digital communications or data when asked
-implement a hardware and software solution that facilitates the storage of digital communications
RIPA concerns
-invasion of privacy
-freedom of speech
-unnecessary censorship
-improper use/misuse of RIPA
Freedom of Information Act 2000
The Act applies to public authorities in the UK, including government departments, local authorities, the NHS, schools and universities, and the police.
The Act gives the public the right to access information held by public authorities, subject to some exemptions.
Public authorities must respond to requests for information within 20 working days.
The Act allows public authorities to charge for providing information, but the fees must be reasonable and not prohibitively expensive.
The Act includes exemptions for information that would be harmful to national security, personal data, confidential commercial information, and information that is already publicly available.
If a request for information is refused, the requester can appeal to the Information Commissioner’s Office.
The Act also requires public authorities to proactively publish certain types of information, such as their policies and procedures, and information about their finances.
how to make a subject access request to verify data about yourself - process for making a request for information
Contact the relevant authority directly
Make the request in writing, giving your real name and an address to which the authority can reply
Keep a copy and date any letters or emails you send
Be specific about the information you want
Stay focused on the line of enquiry you are pursuing
Include details such as dates and names whenever you can
Be polite and avoid basing your request or question on assumptions or opinions
Specify your preferences for how you would like to receive the information
Don’t use offensive or threatening language, make unfounded accusations, or bury your request among other correspondence
Don’t submit frivolous or trivial requests, disrupt a public authority with excessive requests, or make repeat requests without justifiable grounds
Why do you have to pay for a subject access request to verify data about yourself?
The charge is intended to cover the costs of retrieving and presenting the information
It also deters vexatious requests
A public authority can charge for disbursements, such as photocopying and postage
Subject access requests dos:
Find out who to send your request to
Include your name, address, and contact details
Clearly state that you are making your request under the relevant legislation
Be as specific as possible about the information you want
Re-read your request to check for clarity and avoid ambiguity
Use polite language and avoid making assumptions or personal attacks
Specify your preferences for how you would like to receive the information
Stay focused on the line of enquiry you are pursuing
Aim to be flexible if the authority advises you to narrow down your request
Subject access requests don’ts:
Use offensive or threatening language or make unfounded accusations
Bury your request among other correspondence or use it to reopen grievances
Make assumptions about how the authority organizes its information
Submit frivolous or trivial requests or fish for information
Disrupt a public authority with excessive requests or make repeat requests without justifiable grounds
Environmental Information Regulations 2004
The Environmental Information Regulations 2004 give the public the right to access environmental information held by public authorities.
Environmental information includes information on the state of the environment, factors affecting the environment, and measures and activities affecting or likely to affect the environment.
Public authorities must provide environmental information upon request, subject to certain exceptions such as national security or commercial confidentiality.
Requests for environmental information must be made in writing, and public authorities must respond within 20 working days.
Public authorities may charge a reasonable fee for providing environmental information, but must provide a fee estimate before proceeding with the request.
The Environmental Information Regulations 2004 are enforced by the Information Commissioner’s Office (ICO), which has the power to investigate complaints and take enforcement action against public authorities that fail to comply.
The regulations also include provisions for public authorities to proactively publish environmental information, such as on their websites or through public registers.
Public authorities must ensure that personal data is protected when disclosing environmental information, in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
