Week 3 - Key Cases and Legislation Flashcards
Computer Misuse Act 1990
- Unauthorised access to computer material.
Max of 2 years imprisonment and/or fine. - Unauthorised access with intent to commit or facilitate commission of further offences.
Max of 5 years imprisonment and/or fine. - Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer, etc.
Max of 10 years imprisonment and/or fine.
3ZA.Unauthorised acts causing, or creating risk of, serious damage
Max of 14 years imprisonment (if threat to national security or human welfare, max penalty is life)
3A.Making, supplying or obtaining articles for use in offence under section 1, 3 or 3ZA
Max of 2 years imprisonment.
Investigatory Powers Act 2016
Brought together and updated existing powers that are available to law enforcement and the security and intelligence agencies. It created one new power allowing access to internet connection records, vital in confronting serious criminals, terrorists and hostile state activity in a digital age.
It was intended to introduce transparency to and regulate state surveillance following Edward Snowden’s revelations of unlawful mass monitoring of the public’s communications.
Data Protection Act 2018
Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is: used fairly, lawfully and transparently.
- Used fairly, lawfully and transparently
- Used for specified, explicit purposes – purpose limitation
- Used in a way that is adequate, relevant and limited to only what is necessary – data minimisation
- Accurate and, where necessary, kept up to date
- Kept for no longer than is necessary – limitation principle
- Handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage – integrity and confidentiality.
Data Protection Act Core Concepts
Personal Data : Information about a living individual.
Processing : Collecting, recording, storing, using, analyzing, combining, disclosing or deleting data.
Data Controller : The person/organisation that decides how and why to collect and use the data.
Processor : A separate person or organisation (not an employee) who processes data on behalf of the controller and in accordance with their instructions – a contractor.
Data Subject : Is the technical term for the individual whom particular personal data is about.
ICO – Information Commissioner’s Office
The authority in charge of data protection in the UK – It provides advice, guidance, promotes good practice, monitors breach reports, conducts audits and advisory visits, considers complaints, monitors compliance and takes enforcement action where appropriate.
Sensitive data
Race,
Ethnic background,
Political opinions,
Religious beliefs,
Trade union membership,
Genetics,
Biometrics (where used for identification),
Health,
Sex life or orientation;
Data Rights
Be informed about how your data is being used,
Access personal data,
Have incorrect data updated,
Have data erased,
Stop or restrict the processing of your data,
Data portability (allowing you to get and reuse your data for different services),
Object to how your data is processed in certain circumstances;
You also have rights when an organisation is using your personal data for:
Automated decision-making processes (a right to human involvement – reviewing, explaining),
Profiling, for example to predict your behavior or interests;
Security of processing
- Each controller and each processor must implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks arising from the processing of personal data.
- In the case of automated processing, each controller and each processor must, following an evaluation of the risks, implement measures designed to—
a. prevent unauthorised processing or unauthorised interference with the systems used in connection with it,
b. ensure that it is possible to establish the precise details of any processing that takes place,
c. ensure that any systems used in connection with the processing function properly and may, in the case of interruption, be restored, and
d. ensure that stored personal data cannot be corrupted if a system used in connection with the processing malfunctions.
Data Breach
The accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes. It also means that a breach is more than just about losing personal data.
Data Breach possible consequences
Fraud, identity theft and distress,
Damage to relationships and research access,
Reputational damage,
A civil lawsuit for compensation,
Investigation by the ICO,
A fine of up to 20 million euros or 4% of the company turnover, whichever is higher;
Digital Economy Act 2017
A bill to make provision about electronic communications infrastructure and services;
- Provide a universal broadband service for the UK,
- Create an age-verification regulator,
- Copyright Infringement modifications,
- Data sharing – Digital Government,
Ofcom
They make sure:
People are able to use communications services, including broadband;
A range of companies provide quality television and radio programmes that appeal to diverse audiences;
Viewers and listeners are protected from harmful or offensive material on TV, radio and on-demand;
People are protected from unfair treatment in programmes, and don’t have their privacy invaded;
The universal postal service covers all UK addresses six days a week, with standard pricing; and
The radio spectrum is used in the most effective way
Police, Crime, Sentencing and Courts Act 2022 (Extraction of information from electronic devices)
Govern the extraction of information from electronic devices. These powers contain necessary safeguards that prioritise the individual’s privacy and ensure that any request to obtain information from a victim is necessary and proportionate.
Online Safety Bill
A new set of laws to protect children and adults online. It will make social media companies more responsible for their users’ safety on their platforms.
