The legislation
The legislation related to computer use includes:
- Data protection act
- Computer misuse act
- Copyrights designs and patents act
- Privacy and Electronic
Communications Regulations
- Waste Electric and Electronic Equipment (WEEE) Regulations
Data protection act
The aim of the data protection act is to protect the personal data that we provide to organisations. Every organisation that holds data must register with the Information Commissioner's Office(ICO) and comply with the rules
of the data protection act. There are rules about what data firms are allowed to hold and about the rights you have if an organisation holds your data.
Data collected must be:
- Used fairly and lawfully
- For a specific and stated reason
- Used for the reason it was gathered
- Accurate and up to date
- Only kept for as long as needed
- Protected against loss, damage and unauthorised access
A data subject is a person about whom data is stored. As a data subject you have the right to:
- Find out how your data is used
- See the data an organisation holds about
you
- Have data updated if it is not up to date
- Have data deleted if the organisation no longer has a need to have it
- Stop an organisation from processing your data
- Transfer your data to another
organisation
Visit the information commissioner's office and find out more about what they do and the action they have taken against firms breaching the data protection act.
Computer misuse act
The computer misuse act defines 3 offences:
Section 1: Unauthorised access to computer material
This is the least serious charge and relates to offences ranging from simply attempting to gain unauthorised access to computer material to gaining access to unauthorised computer material without any further action taken.
The maximum punishment is 12 months in prison and/or and unlimited fine.
Section 2: Unauthorised access with the intent to commit or facilitate the commission of further offences
This is where someone makes unauthorised access to computer material with the intent to commit further crime such as selling that data or threatening to publish it online unless a ransom is paid. The maximum punishment is
12 months in prison or a maximum fine on summary conviction and/or 5 years in prison or an unlimited fine on indictment.
Section 3: Unauthorised acts with an intent to impair, or recklessness as to impairing, the operation of a computer
This is where someone makes attempts to impair the functioning of a computer or computer network. This includes things like ransomware attacks that can corrupt or delete data and ddos attacks designed to take resources
offline. The maximum punishment is 12 months in prison or a maximum fine on summary conviction and/or 10 years in prison or an unlimited fine on indictment.
Copyrights designs and patents act
The copyrights, designs and patents act protects intellectual property rights e.g. movies, books, games, other software etc. It is illegal to download these from file sharing websites where the creator has not given
permission for them to be used. AI is posing new challenges such as how copyright will deal with issues such as large language models being trained on copyright intellectual properties and AI clones.
Privacy and Electronic Communications Regulations
UK cookie rules are part of the Privacy and Electronic Communications Regulations (PECR). Cookies are small files that websites store on your computer or device. Organisations must disclose their use of cookies to consumers.
Under the UK Data Protection Act 2018, cookies can be considered personal data if they can be used to identify an individual, either on their own or in combination with other data.