This document summarizes key UK legislation constraining the use of customer data and information technology, including the Data Protection Act of 1984/1998, Computer Misuse Act of 1990, and regulations around health and safety. It outlines principles of fair and lawful processing of personal data, requirements for data controllers to register and comply with subject access rights, and exemptions for certain data types and uses. Offenses related to hacking, viruses, copyright infringement and unauthorized access or modification of data and systems are also defined.

1. Legal Constraints

2. Customer Data Policy
 Formal document identifying the constraints
or limitations in using customer information
 statements of what should or should not be done
 examples to make clear any statements you
make
 References to all the material, including any Acts
of Parliament

3. Data Protection Act
of 12th July 1984 / 1998
Anyone processing personal data must comply with the
eight enforceable principles of good practice.
1. Fairly and lawfully processed;
2. Processed for limited purposes;
3. Adequate, relevant and not excessive;
4. Accurate;
5. Not kept longer than necessary;
6. Processed in accordance with the data subject's rights;
7. Secure (no unauthorised access, alteration or disclosure)
8. Not transferred to other countries without adequate
protection.

4. The Information Commissioner
 The Act established the office of Information
Commissioner, whose duties include:
 administering a public register of Data Users with
broad details of the data held
 investigating complaints and initiating prosecutions for
breaches of the Act.
 publishing several documents that offer guidelines to
data users and computer bureaux.

5. Registration
 All Data Users have to register, giving:
 their name and address (or that of their company)
a description of the data held and its purpose
a description of the sources from which the data is
obtained
a description of the persons to whom it is intended to
disclose data

6. Exemptions from the Act
 The Act does not apply to payroll, pensions and accounts data, nor to
names and addresses held for distribution purposes.
 Registration may not be necessary when the data are for
personal, family, household or recreational use.
 Subjects do not have a right to access data if the sole aim of
collecting it is for statistical or research purposes, or where it is simply
for backup.
 Data can be disclosed to the data subject’s agent (e.g. lawyer or
accountant), to persons working for the data user, and in response to
urgent need to prevent injury or damage to health.
 Additionally, there are exemptions for special categories, including
data held:
- in connection with national security;
- for prevention of crime;
- for the collection of tax or duty.

7. Software Copyright Laws
 Computer software is now covered by the
Copyright Designs and Patents Act of
1988, which covers a wide range of
intellectual property such as music, literature
and software.

8. Copyright, Designs & Patents Act
1988
 Provisions of the Act make it illegal to:
 copy software
 run pirated software
 transmit software over a telecommunications
line, thereby creating a copy

9. The Computer Misuse Act of
1990
 In the early 1980s in the UK, hacking
was not illegal. Some universities
stipulated that hacking, especially
where damage was done to data
files, was a disciplinary offence, but
there was no legislative framework
within which a criminal prosecution
could be brought.

10. Computer Misuse Act of 1990
 The Computer Misuse Act of 1990 defined three
specific criminal offences to deal with the
problems of hacking, viruses and other
nuisances.
 unauthorised access to computer programs or data
 unauthorised access with a further criminal intent
 unauthorised modification of computer material
(i.e. programs or data)

11. Computer Crime & The Law
 Cracking (or Hacking)
 Viruses
 Trojans
 Logic Bombs

12. How A Virus Works
1. ORIGINATION - A programmer writes a program - the
virus - to cause mischief or destruction. The virus is
capable of reproducing itself
2. TRANSMISSION - Often, the virus is attached to a
normal program. It then copies itself to other software
on the hard disk
3. REPRODUCTION - When another drive is inserted into
the computer’s disk drive, the virus copies itself on to
the drive
4. INFECTION - Depending on what the original
programmer wrote in the virus program, a virus may
display messages, use up all the computer’s
memory, destroy data files or cause serious system
errors

13. Health Hazards
 Stress
 RSI
 Eyestrain
 ELF radiation
 Backache

14. Display Screen Regulations 1992
 Employers are required to
 Perform an analysis of workstations in order to
evaluate the safety and health conditions to which
they give rise
 Provide training to employees in the use of
workstation components
 Ensure employees take regular breaks or changes in
activity
 Provide regular eye tests for workstation users and
pay for glasses

15. Computers, Health And The Law
 Employees have a responsibility to
 Use workstations and equipment correctly, in
accordance with training provided by employers
 Bring problems to the attention of their employer
immediately and co-operate in the correction of these
problems

16. Computers, Health and the law
 Manufacturers are required to ensure that
their products comply with the Directive.
For example:
 Screens must tilt and swivel
 Keyboards must be separate and moveable
 Notebook PCs are not suitable for entering large
amounts of data

17. The Ergonomic Environment
Ergonomics refers to the design and functionality of the
environment, and encompasses the entire range of
environmental factors. Employers must give
consideration to:
 Lighting: office well lit, with blinds
 Furniture: chairs of adjustable height, with tilting
backrest, swiveling on five-point base
 Work space: combination of
chair, desk, computer, accessories, lighting, heating and
ventilation all contribute to overall well-being
 Noise: e.g. noisy printers relocated
 Hardware: screen must tilt and swivel and be flicker-free, the
keyboard separately attached
 Software: should facilitate task, be easy to use and
adaptable to user’s experience

18. DRM
 Music & Films
 Technology to restrict where, how
often, on what you can use it

19. Proprietary Software
 Sold under licence – not ownership
 Unable to modify
 Restricted rights to sell-on

20. Open Source Movement
 Have access to the source code – can
therefore modify it
 Redistribute the code or executable
 Usually free to obtain

21. The Rights of Data Subjects
Apart from the right to complain to the Information
Commissioner, data subjects also have a range of
rights which they may exercise in the civil courts.
These are:
 Right to compensation for unauthorised disclosure of
data (arising from principle no. 3);
 Right to compensation for inaccurate data (arising out
of principle no. 5);
 Right of access to data and to apply for rectification or
erasure where data are inaccurate (arising out of
principle no. 7);
 Right to compensation for unauthorised access, loss or
destruction of data (arising out of principle no. 8).

22. Relevant Legislation
Data Protection
 Data Protection Act 1998
 Freedom of Information Act 2000 (FOIA)
Usage of IT Systems
 Computer Misuse Act 1990
 Terrorism Act 2000
 Privacy and Electronic Communications Regulations
2003