Social issues - legislation

The Data Protection Act 1998

Law was set up to protect the individual against the misuse of data. 

The act gives rights to the individual to find the information stored about the, and to check whether it is correct. IF the information is wrong, they can have it altered and may be able to claim damages.

What data is classed as personal data?

The Data Protection Act 1998 classes personal data as:

• data about an identifiable person
• who is alive
• and specific to that person (e.g. name/address)

Data specific to the person includes:

• medical history
• credit history
• qualifications
• religious beliefs
• criminal records

The 8 Data Protection principles:

1. fairly and lawfully processed

2. processed for limited purposes

3. adequate, relevant and not exessive

4. accurate

5. not kept longer than necessary

6. processed in accordance with the data subjects' rights

7. secure

8. not transferred to countries outside the EU without protection

Processing personal data

Processing personal data refers to:

• obtaining data (e.g. collecting, recording data)
• recording data
• carrying out any operation on the data

How to protect personal data

• Notification

Notification is the process of letting the Information Comissioner's Office know that an organisation is storing and processing the data. The Information Commissioner will be informed of:

• company registration number
• name and address of data controller
• classes of the data that it is held (e.g. medical details, financial)
• general description or the reasons for storing the personal data
• description of who the data is about (e.g. patients, pupils)
• lists of other organisations that the data may be passed to (e.g. police, universities)

Exemptions from notification

Data is exempt from notification under the Data Protection Act 1998 when:

• when data is being held in connection with personal, family or household affiars or for recreational use 
• where the data is used for preparing documents (e.g. references for jobs, universities)
• when data is used to calculate wages or pensions (accounts)
• when data is held in the interest of national security
• where the data is being used for mailing lists, only name and address

The Freedom of Information Act 2000

The Information Commissioner is also responsible for this act.

This act gives the right to access infomation held by public authorities.

Using this act, an individual can access information such as emails, research reports etc... held by local authorities. 

This information would be about:

• how public authorities carry out their duties
• how they make their decisions
• how they spend public money

The Freedom of Information Act 2000

Unlike the Data Protection Act 1998, this act is not restricted to personal information, it concentrates on information about public authorities.

The Computer Misuse Act 1990

Set up to deal with a number of misuses as the use of computers became widespread. 

The act makes it an offence to:

• deliberately plant of transfer viruses to a computer system to cause damage to programs and data
• use an organisation's computer to carry out unauthorised work
• hack into someone else's computer to view information or alter it
• use computers to commit various frauds

Problems with gaining prosecutions under the Computer Misuse Act 1990

To prosecute someone under the act the police would have to prove that they did the misuse deliberately, they knew what they were doing and knew it was wrong doing it. 

Proving this is very difficult.

Many cases go unreported because organisations don't want the media to know that their security has been comprimised. 

Offences under the Computer Misuse Act 1990

Section 1

A person is guilt of an offence if:

• they intend to secure access to any programme or data held in a computer
• unauthorised access 
• they know that they have unauthorised access

Offence - 6 months inprisonment

Offences under the Computer Misuse Act 1990

Section 2

A person is guilt of an offence if:

• they have commited an offence in section 1 and have the intent to commit another offence such as blackmail, theft etc...

Offence - 5 years inprisonment

Offences under the Computer Misuse Act 1990

Section 3

A person is guilt of an offence if:

• they carry out any act which causes an unauthorised modification of the contents of any computer, and they knw that the modificiation is unauthorised 

Offence - 5 years inprisonment

The Copyright, Designs and Patents Act 1988

This act makes it an offence to copy or steal software. If you copy software illegally then you are depriving the owner of the software of any income/profits and they can sue. 

The act allows the user to copy the software providing that they have the owners permission. 

It is not just software that's protected by this act, databases, computer files and manuals are also covered. 

Criminal offences under the act

It is a criminal offence to:

• copy or distribute software or manuals without the permission or licence from the copyright owner
• run purchased software covered by copyright on 2 or more machines at the same time unless there is a software licence which allows it
• compel (i.e. force) employees to make or distribute illegal software for use by the company

Offence - unlimited fines and up to 10 years inprisonment, sued for damages by software owner