Business And The Law

1

Business and the LawBusiness and the LawThe Data Protection Act (1998)The Data Protection Act (1998)

The Computer Misuse Act (1990)The Computer Misuse Act (1990)The Copyright, Designs and Patents Act (1998)The Copyright, Designs and Patents Act (1998)

2

The Data Protection Act (1998)

Fears about the increase in the amount of data being held led to the Government introducing an Act in 1984 to guarantee the rights of the individual and this was replaced by the 1998 Act.

Reasons for the worry

• Rapid growth in recent years of Information and Communications Technology

• Organisations now hold large databases holding huge quantities of information

• Global networks are able to share and distribute this information around the world in seconds

3


• Privacy is a right we all expect.

• Personal details such as our age, medical records, personal family details, political and religious beliefs should not be freely available to everybody.

4


People now have the right to see what is stored on computer about them. For example, you can ask your bank for a copy of what their computer contains about you.

Some groups do not have to say what is on their computers ………

Can you suggest an example of one of these groups?

5


Were you correct?

• Groups which hold information concerning crimes or national security do not have to say what is on their computers.

• You do not have access rights to police computers or to state security authorities.

6


TERMINIOLOGY

A data user is a person who holds and uses personal data about others or controls the use of it.

A data subject is a person about whom personal data is stored by one or more data users.

7


Data subjects can normally see all of the data held about them , with some exceptions for example if it would affect:

• The way crime is detected or prevented

• Catching or prosecuting offenders

• Assessing or collecting taxes or duty

• The right to see certain health and social work details may also be limited

8


The Act states that :

• Any company wishing to hold data on computer about more than a few people must register with a central agency.

• This agency is known as the Office of the Data Protection Commissioner

9


• As with any legislation certain terms within the Data Protection Act have quite specific meanings.

• Personal Data means data* relating to a living individual who can be identified either from the data, or from that data along with other information in the possession of the data user/controller.

*Data means information in a form in which it can be processed.

10

POINTS OF LAW • Personal Data must relate to living people who can be

identified.

• Data which is held must be up to date and accurate.

• If this is not, and this is pointed out , it must be either deleted or amended according to the wishes of the individual.

• Data must not be held for longer than is necessary.

11


• Problems can arise if information is out of date or contains mistakes.

• For example, if a person living near to you had a similar name, he or she might be mistaken for you if the wrong address was entered.

• To minimise the chances of this, great care must be taken when entering data.

• For example double entry checks may be used.

12


To summarise the 8 Principles of ‘good information handling’ data must be:

1. Processed fairly and lawfully2. Processed for limited purposes3. Adequate, relevant and not excessive4. Accurate5. Processed in accordance with the data subject’s rights6. Not kept longer than necessary7. Kept secure8. Not transferred to countries without adequate protection

13


Rights given to individuals by the Act:• The right to be informed

Informed of the:• actual personal data• The purposes for which the data is being processed• The recipients to whom the data is disclosed

14

Now a few questions……

A few customers are concerned that information about themselves is held on computer.Data subjects and data users are covered by legislation.

a.Which legislation covers storage of personal information on a computer?

b.State one right that data subjects have under this legislation?

a.State one responsibility that data users have under this legislation?

15

Computer Misuse Act (1990)

Since companies now depend greatly on computer data, precautions have to be taken against the data being lost, stolen or altered by unauthorised individuals.

16

Computer Misuse Act (1990)When introduce this Act was essentially aimed specifically at hackers.

Hacking, computer fraud and computer viruses are all relatively new crimes that established UK laws were not designed to deal with.

This Act makes ‘hacking’ and malicious acts, such as virus release, illegal.

17


Prior to the passing of the Act a hacker could only be prosecuted for the theft of electricity under the then existing laws.

It was essential that a new law be introduced in order to deal with these new crimes and this led to the


18

Computer Misuse Act (1990)What is a hacker?

• People who use their knowledge of computers to break into computer systems

• Some just leave harmless messages to show they have been there

• Some deliberately try to delete files or steal data

• The Act makes hacking illegal

19

Computer Misuse Act (1990)What is a virus?

• A program that can make copies of itself on order to ‘infect’ other computers

• Viruses can spread from one computer to another via infected disks, downloaded files and e-mail.

• Virus scanning software can be used to protect systems

20

Computer Misuse Act (1990)The Computer Misuse Act (1990) applies to employees of a company who commit these offences from within as well as hackers who access computer systems remotely.

The Act provides the means to prosecute those that deliberately interfere with a system, whether or not they do actual damage or not.

The difficult part will be in catching the criminals and then demonstrating that they did not have the authority to access or modify the system.

21

Computer Misuse Act (1990)3 new offences were created under the new Act:

1. Unauthorised access to computer material

2. Unauthorised access with an intent to commit further offences

3. Unauthorised modification of computer material

22

Computer Misuse Act (1990)Simply making something illegal will not stop people from doing it. Therefore sensible companies will not rely on this legislation to stop people from misusing their computer systems.

Companies should incorporate appropriate security measures into their computer systems and keep backups.

Having in place an IT Security policy known to all staff that states the limits on authority of system usage.

23


Most companies will also include a clause relating to the unauthorised use of computer systems in an employee’s contract of employment.

Any unauthorised use of a computer by an employee would probably lead to dismissal .

24


Common methods of protection are:

• Keeping computer rooms locked

• Having password access to important files

• Keeping backup copies of vital information in fire- and bomb-proof safes

• Sending data down ‘phone lines as code (encryption) so that computer ‘hackers’ cannot access it.

25

Computer Misuse Act (1990)Those breaking in from the outside should be told before they can do any damage that they must not proceed any further. The more barriers that can be placed in the way of a hacker the better. Anyone who is forced to bypass a number of security checks will be unable to claim afterwards that they did not intend to do so.

26

A few questions for you to answer….

Best Ever Games is a company which supplies computer games to shops throughout Britain. The police notify the company that they have caught a group of people writing viruses.

• What legislation covers the deliberate spreading of a computer virus?

• Name one other illegal activity covered by that piece of legislation.

27

Copyright, Designs and Patent Act ( 1988)

Copying computer software, or software piracy, is now a criminal offence under this 1988 Act. The Act covers stealing software, using illegally copied software and manuals and running purchased software on two or more machines without a suitable licence.

28


This Act gives the creators of literary, dramatic, musical and artistic works the right to control the ways in which their material may be used. This Act provides the same rights to authors of computer programs as to those of literary, dramatic and musical works.

29


The Act permits the author to charge a fee for the publication or performance of the work in question. Copying, publishing or adaptation of software is a civil offence without the authority of the copyright holder and is a criminal offence if done in the course of trade.

30


For example:The copyright owner’s permission is needed, to translate a program written in one computer language into an equivalent program in another language.

31


Duration of CopyrightFor literary, dramatic, musical or artistic works: 70 years from the end of the calendar year in which the last remaining author of the work dies, or the work is made available to the public.

32


Quite often, organisations will purchase software licences to cover the number of workstations on their network. They then neglect to buy additional software licences as they buy more workstations. A particular concern is criminals who “pirate” software, copy the software and documentation and sell it cheaply.

33


The legal penalties for breaking the copyright law include unlimited fines and up to two years in prison.

It has been estimated that half the software used is copied illegally and in some countries pirated software accounts for 90% of the total.

34

Freedom of Information Act (2002 Scotland)

The Freedom of Information Act gives members of the public a wide-ranging right to see all kinds of information held by the government and public authorities.You can use the Act to find out about a problem affecting your community and to check whether an authority is doing enough to deal with it.

You could find out about the authority’s spending

• You could check whether an authority is doing what it says it is and to learn more about the real reasons for decisions it makes

35

Which bodies are covered by the legislation?

• Scottish Government and its agencies, • The Scottish Parliament,• local authorities, • NHS bodies, • police forces, • schools, colleges and universities

36

What information is covered by the FOI Act?

The FOI Act apply to any recorded information held by or on behalf of an authority.

• paper records, emails, information stored on computer, audio or video cassettes,microfiche, maps, photographs, handwritten notes or any other form of recorded information.

• Unrecorded information which is known to officials but not recorded is not covered.

37

How do I apply for information under the

Act?

A request for information under the FOI Act should be in writing:

• letter• email • Fax

Tape or voice mail is also valid

The request should be made directly to the authority and most will have a FOI officer.

38

Other points• The individual does not need to say why they want the

information

• The authority has to supply the information within 20 working days or reply giving reasons why they are going to be later.

• May be asked to make a contribution to costs of photocopying etc, work stops until payment is received but the 20 day countdown is still in place.

• A Scottish authority does not have to provide information if it would cost more than £600 to do so.

39

PROBLEMS FOR ORGANISATIONS

• Time consuming

• Complying with the 20 day limit

• Cost implications – may not get the full cost from the applicant

• All organisations have had to appoint a Freedom of Information officer

• Have to ensure that all records can bear scrutiny at a later date