1.5.1 Computing related legislation
The computing industry and its associated technologies are rapidly changing and evolving, and this brings a number of new ways for offences to be committed. These advances have also greatly increased the capability of organisations to monitor behaviour, and gather and analyse personal information.
Therefore laws relating to the use of computers need to be implemented for both security purposes and to protect personal privacy.
The Data Protection Act (DPA) 1998 outlines the requirements about the collection, processing and storage of personal data (data which can be used to identify a living person).
There are a number of principles outlined covered by the act, including:
- data should be collected fairly and lawfully
- data should only be used for the specific purpose for which it was collected
- data should be relevant and not excessive
- data should be accurate and up to date
- data should only be kept for as long as necessary
- data should be kept securely
- data subjects (individuals whose data is being stored) can access the data stored about them and can update it if necessary
- data shouldn't be transferred outside the EU so that the data remains subject to the DPA
The Computer Misuse Act 1990 regulates unauthorised access to computer systems.
The act outlines 3 primary criminal offences:
- unauthorised access to computer materials
- unauthorised access with intent to commit further offences
- unauthorised access with intent to damage a computer system/ modify computer materials
The Copyright and Patents Act 1988 protects intellectual property (IP) (media created by an individual or organisation).
The act makes it illegal to copy, modify or distribute IP without permission.
The Regulation of Investigatory Powers Act 2000 regulates how public bodies can monitor electronic communications. This act is intended to allow suitable security authorities to access communications in order to prevent criminal or terrorist activities. It was designed to take account of the growing importance, and use, of the internet, and the strong encryption in electronic communications which can be used by criminals to hide their activities.
It gives certain authorities the right to:
- intercept electronic communications
- demand an ISP to provide access to a customer's communications, in secret
- demand an ISP to fit equipment to facilitate surveillance
- demand to be granted access to protected information
- perform surveillance on individuals (e.g key logging, monitoring internet activity)
- prevent the existence of these interception activities being revealed in court