Legislation

There are many pieces of legislation governing the use of computer systems. These include:

• Computer Misuse Act 1990

• Investigatory Powers Act 2016

• The Data Protection Act / General Data Protection Regulation (GDPR) 2018

The Data Protection Act

The Data Protection Act impacts on organisations that store data on a computer system.  The DPA impacts on data as organisations are required to ensure:

•  Data must be adequate, relevant and not excessive

•  Data must be accurate and up to date

•  Personal data stored for no longer than necessary

•  Processed in line with your rights – individual can check and amend data

•  Held securely

•  Data can only be transferred outside EEA to countries with adequate DPA

•  Data is fairly and lawfully processed

•  Data is processed for limited purposes.

General Data Protection Regulation (GDPR) 2018

In 2018, the Data Protection Act 1998 was replaced by the GDPR. This new law sets out the principles of data protection and the main responsibilities of organisations that store data.

GDPR principles require personal data to be:

• processed lawfully, fairly and in a transparent manner in relation to individuals

• collected for specified, clear and lawful purposes and not further processed in a way that is not compatible with these purposes

• sufficient, relevant and limited to what is necessary in relation to the purposes for which the data is processed

• accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that inaccurate personal data, in relation to the purposes for which the data was processed, are deleted or rectified without delay

• kept in a form which allows identification of data subjects for no longer than is necessary for which the personal data are processed

• processed in a way that ensures that the personal data is properly protected, including protection against illegal or unauthorised processing and against accidental loss, damage or destruction, using appropriate technical or organisational approaches.

The Computer Misuse Act

The Computer Misuse Act protects personal data held by businesses and other organisations from unauthorised access. Although the Act was approved in 1990, which seems like a long time ago in terms of technological development, it was updated by the Serious Crimes Act in 2015  by creating a new offence of unauthorised acts causing serious damage; .

By 1990, hacking was a growing problem and it became clear that new legislation was needed to tackle this issue. The Act makes it illegal to:

• access data without permission, for example, viewing another organisation's data

• access computer systems without permission, for example, hacking

• alter data stored on a computer system without permission, for example, making changes to stored data or introducing a virus to the system that deliberately deletes or corrupts data.

• The Computer Misuse Act deters:

  • accessing computer material without permission

  • altering computer data without permission,

• e.g. writing a virus to destroy someone else's data, or actually changing the money in an account.

The Freedom of Information Act

Case Study

• A hospital stores data about patients and how it is performing against set targets. The Data Protection Act and the Freedom of Information Act apply to this data.  The hospital must comply with the Freedom of Information Act when a request is received from a member of the public about how it is performing against set targets. 

On receipt of a freedom of information request from a person the hospital must:

• Inform the person whether or not it holds the information requested

• Communicate the information requested to the person making that request or refusal of request with valid reason

Investigatory Powers Act 2016

The Investigatory Powers Act follows on from the Regulation of Investigatory Powers Act 2000 and brings together the ways in which law enforcement agencies collect data.

This Act expanded the electronic surveillance powers of UK intelligence agencies and the police. The Act, sometimes known as ‘The Snooper's Charter’, includes new powers for bulk data collection and the interception of communications data. Internet service providers (ISPs) must keep Internet connection records (ICRs) with the following information:

• IP address

• the device used to connect to the Internet

• a list of websites visited

• a list of services used

• time and date of connections to services and websites.

• • Display Screens Equipment Act - The Health and Safety (Display Screen Equipment) Regulations 1992

These Regulations require employers to minimise the risks in VDU / keyboard work by ensuring that workplaces and jobs are well designed. 

In law, employers must: do a DSE workstation assessment. reduce risks, including making sure workers take breaks from DSE work or do something different. provide an eye test if a worker asks for one. 

Frequently Asked Questions

What is the primary purpose of data protection and privacy laws in the context of computing?

Data protection and privacy laws, such as GDPR and CCPA, aim to safeguard individuals' personal information by establishing rules for its collection, processing, and storage. These laws provide individuals with greater control over their data and ensure responsible handling by organizations.

How do cybersecurity laws contribute to addressing challenges in the digital realm?

Cybersecurity laws define offences related to unauthorized access, data breaches, and other malicious activities. They establish legal frameworks for investigating and prosecuting cybercrimes, helping to deter malicious actors and protect the integrity of computer systems.

What role do intellectual property laws play in the computing field?

Intellectual property laws, including patents, copyrights, and trademarks, protect the rights of creators and innovators in computing. These laws safeguard software, inventions, and other intellectual assets, encouraging innovation by providing legal mechanisms for protection and monetization.

How do electronic communications and internet laws address issues in the digital space?

Legislation in this category covers areas such as online content, digital communications, and e-commerce. It may include regulations on online defamation, electronic contracts, and the liability of internet service providers, ensuring legal frameworks for various aspects of online activities.

Why are accessibility laws important in the context of computing technologies?

Accessibility laws ensure that computing technologies are designed to accommodate individuals with disabilities. These laws apply to websites, software, and electronic devices, promoting inclusivity and equal access for users with diverse needs in the digital environment.