The implications of legislation for ICT policies
- In large organisations someone is appointed to the post of compliance officer
- ICT policies have to be drawn up to ensure that all proposed developments and all activities involved in day-to-day ICT use are within the law
What is the Copyright Designs and Patents Act 1988
Protects intellectual property such as the following from being copied:
- software/ hardware
- books and mnuals
Policies would need to be set out to prevent staff from:
- copying images or text or sections of websites without permission
- sharing digital music illegally
- running more copies of software than the license allows
- forcing employees to copy software illegally.
Usually such policies would be laid out in either the ICT code of practice for ICT users or an acceptable use policy.
What does the Computer Misuse Act 1990 cover?
- Unauthorised access to computer material
- Unauthorised access with intent to commit or facilitate a crime
- Unauthorised modification of computer material.
1) This offence carries the risk of being sentenced to six months in prison and/or a hefty fine
2) Anyone caught doing this risks up to a five year prison sentence and/or a hefty fine.
3) This offence carries a penalty of up to five years in prison and/or a fine.
Unfortunately, very few cases are actually prosecuted under the Computer Misuse Act and even if they are, sentences tend to be lenient.
What preventative measures could be put in place t
- A ban on the downloading by staff of any program without the permission in writing of the network manager
- A ban on the use of another persons username and password, so that it is always possinle to identify the person who has logged on
- Regular audits to check that money isn't going missing into bogus accounts.
What is the data protection act what policies does
The data protection Act is used to protect personal data from misuse and in order to comply with the Act, organisations have to adopt a number of policies such as:
- Appointing a senior member of staff to the data controller role
- Notyfind the Information Commissioners Office that the organisation is processing personal data
- Putting mechnaisms in place to enable data subjects to be able to see the information held about them
- Ensuring data security is not compromised on portable devices; usually there will be a policy involving encryption
- Ensuring all staff undertand the DPA principles as laid out in the DPA
Name the three main policies affected by the Data
1) The training policy will ensure that all employees who deal with personal data are aware of how they have to deal with the personal data
2) The security policy will deal with making sure that personal data is kept secure and not comprimised by storing on insecure media such as flash memory
3) The ICT code of practice for ICT users or an acceptable use policy can deal with confidentiality of data and things staff must do when working with personal data.
What is the Freedom of Information Act? (2000)
- Covers public authorities
- A member of the public can apply for information
- Public organisations therefore need policies and procedures to provide such information when requested.
What is the Telecommunications Regulations 2000?
Allows the interception and monitoring of communications in certain circumstances by an organisation without the consent of the sender and the revipient. Only allowed in certain circumstances;
- Keeping transaction logs for the purposes of performance monitoring & quality control
- Access and activity logs maintained to allow investigation or detection of computer misues or unauthorised use of systems
- Monitoring to ensure the effective operation of the systems
- Inspection of file contents to detect misuse
It is therefore possible for organisations to check the emails sent by a particular person or the phone calls made by that person.
An organisation needs to have policies stating under what circumstances this will happen and they need to make staff aware that such monitoring make take place.
What health and safety policies must be in place t
Health and safety policies must be in place to protect employees and these would include:
- Inspections of chairs, workstations, desks, keyboards etc
- Putting in working practices and procedures to prevent against injury and RSI
- Ensuring staff are properly trained to minimise risk to their health
- Paying for eye tests and any glasses needed for those staff that use computer screens
- Ensuring that any software created is not stressful or frustrating to use.