Upload
mrcox
View
2.381
Download
0
Embed Size (px)
DESCRIPTION
BTEC National in ICT: Unit 3 - Legal Constraints
Citation preview
Legal Constraints
Customer Data Policy
Formal document identifying the constraints or limitations in using customer information
statements of what should or should not be done
examples to make clear any statements you make
References to all the material, including any Acts of Parliament
Data Protection Act of 12th July 1984 / 1998Anyone processing personal data must comply with the
eight enforceable principles of good practice. 1. Fairly and lawfully processed; 2. Processed for limited purposes; 3. Adequate, relevant and not excessive; 4. Accurate; 5. Not kept longer than necessary; 6. Processed in accordance with the data subject's rights; 7. Secure (no unauthorised access, alteration or disclosure)8. Not transferred to other countries without adequate
protection.
The Information Commissioner
The Act established the office of Information Commissioner, whose duties include: administering a public register of Data Users with
broad details of the data held investigating complaints and initiating prosecutions for
breaches of the Act. publishing several documents that offer guidelines to
data users and computer bureaux.
Registration All Data Users have to register, giving:
their name and address (or that of their company)
a description of the data held and its purpose
a description of the sources from which the data is obtained
a description of the persons to whom it is intended to disclose data
Exemptions from the Act The Act does not apply to payroll, pensions and accounts data, nor to
names and addresses held for distribution purposes. Registration may not be necessary when the data are for personal,
family, household or recreational use. Subjects do not have a right to access data if the sole aim of
collecting it is for statistical or research purposes, or where it is simply for backup.
Data can be disclosed to the data subject’s agent (e.g. lawyer or accountant), to persons working for the data user, and in response to urgent need to prevent injury or damage to health.
Additionally, there are exemptions for special categories, including data held:
- in connection with national security;
- for prevention of crime;
- for the collection of tax or duty.
Software Copyright Laws
Computer software is now covered by the Copyright Designs and Patents Act of 1988, which covers a wide range of intellectual property such as music, literature and software.
Copyright, Designs & Patents Act 1988 Provisions of the Act make it illegal to:
copy softwarerun pirated software transmit software over a telecommunications
line, thereby creating a copy
The Computer Misuse Act of 1990 In the early 1980s in the UK, hacking
was not illegal. Some universities stipulated that hacking, especially where damage was done to data files, was a disciplinary offence, but there was no legislative framework within which a criminal prosecution could be brought.
Computer Misuse Act of 1990
The Computer Misuse Act of 1990 defined three specific criminal offences to deal with the problems of hacking, viruses and other nuisances. unauthorised access to computer programs or data unauthorised access with a further criminal intent unauthorised modification of computer material
(i.e. programs or data)
Computer Crime & The Law
Cracking (or Hacking) Viruses Trojans Logic Bombs
How A Virus Works 1. ORIGINATION - A programmer writes a program - the
virus - to cause mischief or destruction. The virus is capable of reproducing itself
2. TRANSMISSION - Often, the virus is attached to a normal program. It then copies itself to other software on the hard disk
3. REPRODUCTION - When another drive is inserted into the computer’s disk drive, the virus copies itself on to the drive
4. INFECTION - Depending on what the original programmer wrote in the virus program, a virus may display messages, use up all the computer’s memory, destroy data files or cause serious system errors
Health Hazards Stress
RSI
Eyestrain
ELF radiation
Backache
Display Screen Regulations 1992 Employers are required to
Perform an analysis of workstations in order to evaluate the safety and health conditions to which they give rise
Provide training to employees in the use of workstation components
Ensure employees take regular breaks or changes in activity
Provide regular eye tests for workstation users and pay for glasses
Computers, Health And The Law
Employees have a responsibility to
Use workstations and equipment correctly, in accordance with training provided by employers
Bring problems to the attention of their employer immediately and co-operate in the correction of these problems
Computers, Health and the law Manufacturers are required to ensure that
their products comply with the Directive. For example: Screens must tilt and swivel Keyboards must be separate and moveable Notebook PCs are not suitable for entering large
amounts of data
The Ergonomic EnvironmentErgonomics refers to the design and functionality of the environment, and encompasses the entire range of environmental factors. Employers must give consideration to:
Lighting: office well lit, with blinds Furniture: chairs of adjustable height, with tilting backrest,
swiveling on five-point base Work space: combination of chair, desk, computer,
accessories, lighting, heating and ventilation all contribute to overall well-being
Noise: e.g. noisy printers relocated Hardware: screen must tilt and swivel and be flicker-free, the
keyboard separately attached Software: should facilitate task, be easy to use and
adaptable to user’s experience
DRM
Music & Films Technology to restrict where, how often,
on what you can use it
Proprietary Software
Sold under licence – not ownership Unable to modify Restricted rights to sell-on
Open Source Movement
Have access to the source code – can therefore modify it
Redistribute the code or executable Usually free to obtain
The Rights of Data Subjects Apart from the right to complain to the Information Commissioner, data subjects also have a range of rights which they may exercise in the civil courts. These are:
Right to compensation for unauthorised disclosure of data (arising from principle no. 3);
Right to compensation for inaccurate data (arising out of principle no. 5);
Right of access to data and to apply for rectification or erasure where data are inaccurate (arising out of principle no. 7);
Right to compensation for unauthorised access, loss or destruction of data (arising out of principle no. 8).
Relevant Legislation
Data Protection Data Protection Act 1998 Freedom of Information Act 2000 (FOIA)
Usage of IT Systems Computer Misuse Act 1990 Terrorism Act 2000 Privacy and Electronic Communications Regulations
2003