This document summarizes key UK legislation constraining the use of customer data and information technology, including the Data Protection Act of 1984/1998, Computer Misuse Act of 1990, and regulations around health and safety. It outlines principles of fair and lawful processing of personal data, requirements for data controllers to register and comply with subject access rights, and exemptions for certain data types and uses. Offenses related to hacking, viruses, copyright infringement and unauthorized access or modification of data and systems are also defined.
2. Customer Data Policy
Formal document identifying the constraints
or limitations in using customer information
statements of what should or should not be done
examples to make clear any statements you
make
References to all the material, including any Acts
of Parliament
3. Data Protection Act
of 12th July 1984 / 1998
Anyone processing personal data must comply with the
eight enforceable principles of good practice.
1. Fairly and lawfully processed;
2. Processed for limited purposes;
3. Adequate, relevant and not excessive;
4. Accurate;
5. Not kept longer than necessary;
6. Processed in accordance with the data subject's rights;
7. Secure (no unauthorised access, alteration or disclosure)
8. Not transferred to other countries without adequate
protection.
4. The Information Commissioner
The Act established the office of Information
Commissioner, whose duties include:
administering a public register of Data Users with
broad details of the data held
investigating complaints and initiating prosecutions for
breaches of the Act.
publishing several documents that offer guidelines to
data users and computer bureaux.
5. Registration
All Data Users have to register, giving:
their name and address (or that of their company)
a description of the data held and its purpose
a description of the sources from which the data is
obtained
a description of the persons to whom it is intended to
disclose data
6. Exemptions from the Act
The Act does not apply to payroll, pensions and accounts data, nor to
names and addresses held for distribution purposes.
Registration may not be necessary when the data are for
personal, family, household or recreational use.
Subjects do not have a right to access data if the sole aim of
collecting it is for statistical or research purposes, or where it is simply
for backup.
Data can be disclosed to the data subject’s agent (e.g. lawyer or
accountant), to persons working for the data user, and in response to
urgent need to prevent injury or damage to health.
Additionally, there are exemptions for special categories, including
data held:
- in connection with national security;
- for prevention of crime;
- for the collection of tax or duty.
7. Software Copyright Laws
Computer software is now covered by the
Copyright Designs and Patents Act of
1988, which covers a wide range of
intellectual property such as music, literature
and software.
8. Copyright, Designs & Patents Act
1988
Provisions of the Act make it illegal to:
copy software
run pirated software
transmit software over a telecommunications
line, thereby creating a copy
9. The Computer Misuse Act of
1990
In the early 1980s in the UK, hacking
was not illegal. Some universities
stipulated that hacking, especially
where damage was done to data
files, was a disciplinary offence, but
there was no legislative framework
within which a criminal prosecution
could be brought.
10. Computer Misuse Act of 1990
The Computer Misuse Act of 1990 defined three
specific criminal offences to deal with the
problems of hacking, viruses and other
nuisances.
unauthorised access to computer programs or data
unauthorised access with a further criminal intent
unauthorised modification of computer material
(i.e. programs or data)
11. Computer Crime & The Law
Cracking (or Hacking)
Viruses
Trojans
Logic Bombs
12. How A Virus Works
1. ORIGINATION - A programmer writes a program - the
virus - to cause mischief or destruction. The virus is
capable of reproducing itself
2. TRANSMISSION - Often, the virus is attached to a
normal program. It then copies itself to other software
on the hard disk
3. REPRODUCTION - When another drive is inserted into
the computer’s disk drive, the virus copies itself on to
the drive
4. INFECTION - Depending on what the original
programmer wrote in the virus program, a virus may
display messages, use up all the computer’s
memory, destroy data files or cause serious system
errors
14. Display Screen Regulations 1992
Employers are required to
Perform an analysis of workstations in order to
evaluate the safety and health conditions to which
they give rise
Provide training to employees in the use of
workstation components
Ensure employees take regular breaks or changes in
activity
Provide regular eye tests for workstation users and
pay for glasses
15. Computers, Health And The Law
Employees have a responsibility to
Use workstations and equipment correctly, in
accordance with training provided by employers
Bring problems to the attention of their employer
immediately and co-operate in the correction of these
problems
16. Computers, Health and the law
Manufacturers are required to ensure that
their products comply with the Directive.
For example:
Screens must tilt and swivel
Keyboards must be separate and moveable
Notebook PCs are not suitable for entering large
amounts of data
17. The Ergonomic Environment
Ergonomics refers to the design and functionality of the
environment, and encompasses the entire range of
environmental factors. Employers must give
consideration to:
Lighting: office well lit, with blinds
Furniture: chairs of adjustable height, with tilting
backrest, swiveling on five-point base
Work space: combination of
chair, desk, computer, accessories, lighting, heating and
ventilation all contribute to overall well-being
Noise: e.g. noisy printers relocated
Hardware: screen must tilt and swivel and be flicker-free, the
keyboard separately attached
Software: should facilitate task, be easy to use and
adaptable to user’s experience
18. DRM
Music & Films
Technology to restrict where, how
often, on what you can use it
20. Open Source Movement
Have access to the source code – can
therefore modify it
Redistribute the code or executable
Usually free to obtain
21. The Rights of Data Subjects
Apart from the right to complain to the Information
Commissioner, data subjects also have a range of
rights which they may exercise in the civil courts.
These are:
Right to compensation for unauthorised disclosure of
data (arising from principle no. 3);
Right to compensation for inaccurate data (arising out
of principle no. 5);
Right of access to data and to apply for rectification or
erasure where data are inaccurate (arising out of
principle no. 7);
Right to compensation for unauthorised access, loss or
destruction of data (arising out of principle no. 8).
22. Relevant Legislation
Data Protection
Data Protection Act 1998
Freedom of Information Act 2000 (FOIA)
Usage of IT Systems
Computer Misuse Act 1990
Terrorism Act 2000
Privacy and Electronic Communications Regulations
2003