The Copyright, Designs and Patents Act 1988
Prevents plagiarising of intellectual property, this includes:
- Internet material
Organisations have the obligation to check staff's actions. This includes checking there is no unauthorised software copies or illegal music on their computers. They must also only use the number of software packages that they have a licence for. An ICT policy would need to prevent staff from:
- Copying image/text without permission
- Owning illegal copies of software/data
Computer Misuse Act 1990
- Deliberately planting a virus on a computer system
- Using a computer for non-institutional work
- Commiting fraud with the aid of a computer
- Hacking into a system to view or alter the information
Policies will need to cover the external threat as well as the above issues, the following measures could be implemented.
- A ban on downloading software without permission from network manager
- Ban on using other people's accounts, lock computer whilst away
- Audit trails to check the flow of data
The data protection act 1998
Used to protect personal data in systems by adhereing to the 8 rules. These are that data should be:
- Fairly and lawfully processed
- Processed for limited purposes - only used for the reason it was collected
- Adequate, relevant and not excessive
- Not kept longer than necessary
- Processed in accordance with their rights
- Not transferred to unprotected countries
A senior manager will become the data controller and take responsibility for processing data lawfully. The ICO is also notified of any personal data being held. A data subject has the right to see any information being held about them for a small fee
Freedom of Information Act 2000
This covers public organisations such as schools and hospitals. It means a member of the public can request reports, minutes of meetings. A public organisation must therefore plan their policies around this level of public openness.
The Telecommunications Regulations 2000
Full title: The telecommunications (Lawful Business Practice) (Interception of communications) regulations 2000
This allows the monitoring of certain circumstances without consent of the sender or recipient. Only allowed when:
- Transaction logs for quality control - service desks etc.
- Monitoring to ensure a system is working effectively.
- Inspection of a file to detect possible misuse.
An organisation needs to make staff aware of when this can happen and possibly make them aware of when this will take place.
Health and Safety at Work Act 1974
This entitles all staff to safe and good quality working conditions, policies must be in place to cover things such as:
- Inspection of working area on a regular basis to ensure they check regulations
- Working practices to enable staff to change tasks to remove risk of RSI
- Ensuring staff are properly trained to use all machinery, including adjusting the chair
- Paying for eye tests and glasses that are needed as a result of screen-use
- Ensuring that software is not overly frustrating or stressful