A3 – Legal Responsibilities Flashcards
A - Cyber Security Threats, System Vulnerabilities and Security Protection Methods
Data Protection Act (1998)
👉 The Data Protection Act was introduced in 1998 to protect the privacy of individuals by ensuring that their personal information is processed in an ethical manner
👉The Information Commissioners Office (ICO) is an independent body who is responsible for investigating possible data protection violations. If it is found that a business has been in breach of the Data Protection Act (1998) then they could be given a fine of up to £500,000.
General Data Protection Regulations
👉 The General Data Protection Regulations replaced the Data Protection Act (1998) along with another EU law called the Data Protection Directive.
👉 On the May 25th, 2018 an EU law called the General Data Protection Regulations (GDPR) became enforced in all EU member states.
Computer Misuse Act (1990)
👉 The Computer Misuse Act was brought into force in 1990 to protect users against the theft and damage of the information they store using IT systems. Before this point many cybersecurity offences, including hacking, were not actually illegal.
👉 This legislation covers hacking and spreading viruses. You can even be punished for attempted hacking, even if not successful. You also don’t need to have malicious intent, if you gain unauthorised access to a system but do nothing, you can still be punished.
GDPR penalties for failing to meet the law
👉 the fine for failing to meet data protection requirements was increased significantly. The maximum fine is now €20 million or 4% of a business’s annual turnover, whichever is largest.
Computer Misuse Act (1990) 3 crimes coverd by this act
The three original crimes that were covered by this act:
👉 Offence 1– Unauthorised access to computer material. This is covering the hacking of a computer system. This can be punished by up to 2 years in prison and/or a large fine.
👉 Offence 2– Unauthorised access with intent to commit or facilitate commission of further offences. This could be using the data obtained by hacking to blackmail someone. This can be punished by up to 5 years in prison and/or a large fine.
👉 Offence 3– Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of a computer. This could be altering the data found when hacking a system, or spreading a virus which damages data. This can be punished by up to 10 years in prison and/or a large fine.
👉 Offence 3a– Making, supplying or obtaining anything which can be used in computer misuse offences. This could be creating a malware program, such as a virus or worm, that can be used to gain access to a system and/or harm data. This can be punished by up to 2 years in prison and/or a large fine.
Telecommunications Regulations
this law is in place organisations can monitor communications on their private network as long it is for one of a set number of purposes. These are:
👉 To establish the existence of facts and ascertain compliance with regulations & that a person is performing their duties.
👉In the interests of national security
👉 To prevent or detect crime
👉 To investigate or detect unauthorised use of the network
👉 To secure and ensure the effective operation of the network
This monitoring does need to be done with respect to the Human Rights Act and Data Protection Act, so businesses must be cautious and appropriate with their monitoring.
Fraud Act (2006)
The offences can be split into three classes. These are:
👉 Fraud by false representation
👉 Fraud by failing to disclose information
👉 Fraud by abuse of power.
The punishment if found guilty of this crime is up to 10 years imprisonment.
This legislation is not just about cybercrime but covers all kinds of fraud. However much of cybercrime does relate to fraud, such as using spyware or hacking to access bank details to then steal money from their account (bank fraud).
Health and Safety at Work Act (1974)
Employers must perform a risk assessment to identify all risks that may cause harm to an employee in the workplace. There are also a number of specific duties they must perform, including:
👉 Provide a safe system of work
👉Provide arrangements for ensuring safe handling, storage and transport of articles and substances
👉Provide information, instruction, training and supervision to employees of risks
👉Maintain the workplace in a condition that is safe & without risks
👉Provide and maintain a work environment that is without risk to health and provide facilities and arrangements to ensure employee welfare
👉Provide a health & safety policy
👉Consult with employees, or elected representative, over risks.
Health and Safety at Work Act (1974) sentences/punishment
👉 The Health & Safety at Work Act is enforced by the Health & Safety Executive. If found guilty of an HSWA offence, then you can receive an unlimited fine. There is also a possibility of a prison term in some cases. This can be as much as 2 years imprisonment. Finally, you could also be liable to compensation to be paid to the victims of the offence.