Legal Issues

Question 1

What is the Computer Misuse Act?

Answer 1

The Computer Misuse Act was brought into force in 1990 to protect users against the theft and damage of the information they store using IT systems. Broadly speaking, this legislation covers hacking and spreading viruses. You can even be punished for attempted hacking, even if not successful. You also don’t need to have malicious intent, if you gain unauthorised access to a system but do nothing, you can still be punished.

Question 2

What are the three original crimes covered by the Computer Misuse Act?

Answer 2

The three original crimes that were covered by this act are: Offence 1 – Unauthorised access to computer material. This is covering the hacking of a computer system. This can be punished by up to 2 years in prison and/or a large fine. Offence 2 – Unauthorised access with intent to commit or facilitate the commission of further offences. This could be using the data obtained by hacking to blackmail someone. This can be punished by up to 5 years in prison and/or a large fine. Offence 3 – Unauthorised acts with intent to impair, or with recklessness as to impairing, the operation of a computer. This could be altering the data found when hacking a system, or spreading a virus which damages data. This can be punished by up to 10 years in prison and/or a large fine.

Question 3

How did the Police and Justice Act (Computer Misuse) extend the Computer Misuse Act?

Answer 3

In 2006 the Police and Justice Act (Computer Misuse) extended the Computer Misuse Act. It made modifications to Offence 1 so that the punishment increased to 2 years imprisonment (it was originally just six months). It also allowed offence 3 to cover Denial of Service attacks. Finally, it added an additional offence to the Computer Misuse Act: Offence 3a – Making, supplying or obtaining anything which can be used in computer misuse offences. This could be creating a malware program, such as a virus or worm, that can be used to gain access to a system and/or harm data. This can be punished by up to 2 years in prison and/or a large fine.

Question 4

What is the Data Protection Act?

Answer 4

The Data Protection Act was introduced in 1998 to protect the privacy of individuals by ensuring that their personal information is processed in an ethical manner. This doesn’t just cover digital data stored on a computer. It covers data stored on paper and even audio data. However, it has become much more relevant due to the ease with which information is shared thanks to IT systems.

Question 5

What are the 8 principles of the Data Protection Act?

Answer 5

The data protection consists of 8 principles. These are: Personal data shall be processed fairly and lawfully. Personal data shall be obtained for limited, specifically stated purposes. Personal data shall be adequate, relevant and not excessive. Personal data shall be accurate and, where necessary, kept up to date. Personal data shall be kept for no longer than is absolutely necessary. Personal data shall be processed according to peoples data protection rights. Personal data shall be kept safe and secure. Personal data shall not be transferred outside the European Economic Area without adequate protection.

Question 6

What is the Information Commissioners Office (ICO)?

Answer 6

The Information Commissioners Office (ICO) is an independent body who is responsible for investigating possible data protection violations. If it is found a business has been in breach of the data protection act then they can be given a fine of up to £500,000.

Question 7

What is the Copyright, Designs & Patents Act?

Answer 7

The Copyright, Designs & Patents Act was brought into force in 1988 to protect the creators of original works by giving them the right to control how these original works are used. This is what makes it illegal to download movies/tv/music/games from the Internet or to copy and redistribute them yourself. This covers all kinds of different work, such as literary works, published editions, databases, artistic work, musical work, dramatic work, sound recordings, films and broadcasts.

Question 8

How long does copyright last?

Answer 8

Copyright isn’t permanent though and different types of work last for different lengths. For example, literary, dramatic, artistic and musical works last from 70 years after the author’s death. However, published editions last just 25 years after it was first published.

Question 9

What is the punishment for copyright infringement?

Answer 9

The punishment for copyright infringement is usually limited to paying damages to the copyright holder as well as handing over any profits. Where this involves two big businesses this can go into the millions of pounds. For extreme cases of copyright infringement, it can result in imprisonment, up to a maximum of 10 years.

Question 10

What are the Copyright (Computer Programs) Regulations?

Answer 10

The Copyright (Computer Programs) Regulations were implemented in 1992 to extend the Copyright, Designs & Patents Act. This ensures that computer programs are covered under copyright. This comes under literary works and also includes the programs design documentation. The legislation makes it illegal for both individuals and organisations to distribute, download & copy software without the copyright holders permission. If a business were to use illegally copied software then the organisation’s board of directors would be liable for damages.

Question 11

What are The Health and Safety (Display Screen Equipment) Regulations?

Answer 11

These regulations, implemented in 1992, extended the Health & Safety at Work Act. They ensure that display equipment must comply with health and safety regulations to ensure users are not harmed in some way (such as RSI or eye strain).

Question 12

What are some key elements of The Health and Safety (Display Screen Equipment) Regulations?

Answer 12

Some key elements of this include: Businesses must perform a risk assessment for workstations used by employees. Employees must receive (and take) adequate breaks from looking at display screens. Employees have a right to a yearly eye test, the cost of which must be met by the employer. Employees using computers must receive adequate health and safety training from their employer for any workstation they use. Employees must receive adequate information on the health and safety risks related to their workstation and the regulations identified above.

Question 13

What is the punishment for failure to comply with The Health and Safety (Display Screen Equipment) Regulations?

Answer 13

Failure to comply with these regulations is normally punished through a fine. These fines can be quite severe, even into the hundreds of thousands of pounds (potentially even millions). This can also lead to imprisonment.

Question 14

What is the Consumer Rights Act?

Answer 14

The Consumer Rights Act was implemented in 2015 to consolidate all existing consumer rights legislation into a single act. It defines the rights and remedies of consumers, whether that be consumers of goods, services or digital content. Before the consumer rights act, there was no protection for consumers of digital content. This includes online films, e-books, downloaded music and software/video games.

Question 15

What rights do consumers have under the Consumer Rights Act?

Answer 15

This legislation provides consumers of digital goods with the right to repair/replacement or a refund should a digital product be faulty. If a business refuses to comply with the legislation then a consumer has the ability to take them to court to claim compensation.

Question 16

What is the punishment for failure to comply with the Consumer Rights Act?

Answer 16

If a court-ordered compensation is not given, then up to 2 years in imprisonment may be received along with a fine.

Question 17

What is Accessibility Legislation?

Answer 17

Accessibility Legislation refers to legislation designed to prevent discrimination against people with disabilities and has helped to ensure that IT systems are accessible. This legislation has changed significantly over time and been replaced a number of times. The key pieces of legislation include the Disability Discrimination Act and the Equality Act.

Question 18

What is the Equality Act?

Answer 18

The Equality Act (2010) replaced the Disability Discrimination Act, along with 115 other pieces of legislation, including the Sex Discrimination Act, Equal Pay Act and Race Relations Act. It mostly carried through the provisions of the DDA but did make a number of changes. Some of these include associated discrimination, indirect discrimination, and perceived discrimination. There was also a ban put on pre-employment disability and health questions, except in certain circumstances.

Question 19

How does Accessibility Legislation impact businesses’ use of information technology?

Answer 19

The Equality Act (and the Disability Discrimination Act) have an impact on businesses’ use of information technology, as IT systems can create a barrier to people with disabilities. Without proper provision, people with disabilities may not be able to perform their job, access your facilities or use your services. Due to these legislations, organisations will have to ensure they put these proper provisions in place to make sure their IT systems are accessible. This might involve installing screen reader software for example.

Question 20

What is the punishment for failure to comply with Accessibility Legislation?

Answer 20

If a business is found to not put provisions in place to make their IT systems accessible they can be punished by paying damages as well as having to make alterations to make the systems accessible.

Question 21

What are Accessibility Guidelines?

Answer 21

Accessibility Guidelines are guidelines developed and published by various organizations to help businesses make sure their systems are accessible. These guidelines provide detailed information on how to ensure that IT systems are accessible to users, whether they are employees, customers or any other individual.

Question 22

What is the British Standards Institute (BSI) Codes of Practice?

Answer 22

The British Standards Institute (BSI) is an organization that defines national standards for best practice in a number of areas. As part of this, they have defined a wide range of standards relating to ICT accessibility. One of these is the web accessibility codes of practice. This defines guidelines for meeting the requirements set in the Equality Act that states web products must be accessible to all. This includes websites, web applications and email clients.

Question 23

What is the Open Accessibility Framework (OAF)?

Answer 23

The Open Accessibility Framework (OAF) is a guideline released by a research group called AEGIS for ensuring any IT system is accessible, whether it is desktop, mobile or web-based. The framework defines six steps to ensuring the accessibility of an IT system. Three in the creation stage and three in the use stage.

Question 24

What are the Web Content Accessibility Guidelines (WCAG)?

Answer 24

The Web Content Accessibility Guidelines (WCAG) are guidelines released by the World Wide Web Consortium, a consortium of businesses who define new open standards for the web. These guidelines provide detailed information on how to make web pages accessible to people with disabilities.

Question 25

What is malware?

Answer 25

Malware is malicious software designed to harm or gain unauthorized access to a computer system.

Question 26

What are the different types of malware?

Answer 26

The different types of malware include viruses, worms, Trojans, and spyware.

Question 27

What is a virus?

Answer 27

A virus is a type of malware that copies and inserts itself into programs running on your computer system. It spreads when the programs or data files it is attached to are passed to another system.

Question 28

: What is a worm?

Answer 28

A worm is a type of malware that is similar to a virus but does not need to attach itself to other programs. It spreads through tunnelling through a network and exploiting security holes in systems to gain access.

Question 29

What is a Trojan?

Answer 29

A Trojan is a harmful program that masquerades as a legitimate software application. It spreads by users downloading it thinking it is a program they want, but it hides a harmful payload. It doesn’t self-replicate like worms and viruses.

Question 30

What is spyware?

Answer 30

Spyware is a malicious program that monitors user activity for the purpose of stealing personal information. An example would be a keylogger that records every keystroke a user makes and sends it back to a malicious user. This is commonly spread as part of a Trojan.

Question 31

How can malware impact individuals and organizations?

Answer 31

Malware can corrupt or delete data being stored on IT systems, causing inconvenience and potential loss of important information. Spyware can also be used to gather personal data for the purpose of stealing money or committing identity fraud.