Legal Constraints

Customer Data Policy

Formal document identifying the constraints or limitations in using customer information

statements of what should or should not be done

examples to make clear any statements you make

References to all the material, including any Acts of Parliament

Data Protection Act of 12th July 1984 / 1998Anyone processing personal data must comply with the

eight enforceable principles of good practice. 1. Fairly and lawfully processed; 2. Processed for limited purposes; 3. Adequate, relevant and not excessive; 4. Accurate; 5. Not kept longer than necessary; 6. Processed in accordance with the data subject's rights; 7. Secure (no unauthorised access, alteration or disclosure)8. Not transferred to other countries without adequate

protection.

The Information Commissioner

The Act established the office of Information Commissioner, whose duties include: administering a public register of Data Users with

broad details of the data held investigating complaints and initiating prosecutions for

breaches of the Act. publishing several documents that offer guidelines to

data users and computer bureaux.

 

Registration All Data Users have to register, giving:

their name and address (or that of their company)

a description of the data held and its purpose

a description of the sources from which the data is obtained

a description of the persons to whom it is intended to disclose data

Exemptions from the Act The Act does not apply to payroll, pensions and accounts data, nor to

names and addresses held for distribution purposes. Registration may not be necessary when the data are for personal,

family, household or recreational use. Subjects do not have a right to access data if the sole aim of

collecting it is for statistical or research purposes, or where it is simply for backup.

Data can be disclosed to the data subject’s agent (e.g. lawyer or accountant), to persons working for the data user, and in response to urgent need to prevent injury or damage to health.

 Additionally, there are exemptions for special categories, including data held:

- in connection with national security;

- for prevention of crime;

- for the collection of tax or duty.

Software Copyright Laws

Computer software is now covered by the Copyright Designs and Patents Act of 1988, which covers a wide range of intellectual property such as music, literature and software.

Copyright, Designs & Patents Act 1988 Provisions of the Act make it illegal to:

copy softwarerun pirated software transmit software over a telecommunications

line, thereby creating a copy

The Computer Misuse Act of 1990 In the early 1980s in the UK, hacking

was not illegal. Some universities stipulated that hacking, especially where damage was done to data files, was a disciplinary offence, but there was no legislative framework within which a criminal prosecution could be brought.

Computer Misuse Act of 1990

The Computer Misuse Act of 1990 defined three specific criminal offences to deal with the problems of hacking, viruses and other nuisances. unauthorised access to computer programs or data unauthorised access with a further criminal intent unauthorised modification of computer material

(i.e. programs or data)

Computer Crime & The Law

Cracking (or Hacking) Viruses Trojans Logic Bombs

How A Virus Works 1. ORIGINATION - A programmer writes a program - the

virus - to cause mischief or destruction. The virus is capable of reproducing itself

2. TRANSMISSION - Often, the virus is attached to a normal program. It then copies itself to other software on the hard disk

3. REPRODUCTION - When another drive is inserted into the computer’s disk drive, the virus copies itself on to the drive

4. INFECTION - Depending on what the original programmer wrote in the virus program, a virus may display messages, use up all the computer’s memory, destroy data files or cause serious system errors

Health Hazards Stress

RSI

Eyestrain

ELF radiation

Backache

Display Screen Regulations 1992 Employers are required to

Perform an analysis of workstations in order to evaluate the safety and health conditions to which they give rise

Provide training to employees in the use of workstation components

Ensure employees take regular breaks or changes in activity

Provide regular eye tests for workstation users and pay for glasses

Computers, Health And The Law

Employees have a responsibility to

Use workstations and equipment correctly, in accordance with training provided by employers

Bring problems to the attention of their employer immediately and co-operate in the correction of these problems

Computers, Health and the law Manufacturers are required to ensure that

their products comply with the Directive. For example: Screens must tilt and swivel Keyboards must be separate and moveable Notebook PCs are not suitable for entering large

amounts of data

The Ergonomic EnvironmentErgonomics refers to the design and functionality of the environment, and encompasses the entire range of environmental factors. Employers must give consideration to:

Lighting: office well lit, with blinds Furniture: chairs of adjustable height, with tilting backrest,

swiveling on five-point base Work space: combination of chair, desk, computer,

accessories, lighting, heating and ventilation all contribute to overall well-being

Noise: e.g. noisy printers relocated Hardware: screen must tilt and swivel and be flicker-free, the

keyboard separately attached Software: should facilitate task, be easy to use and

adaptable to user’s experience

DRM

Music & Films Technology to restrict where, how often,

on what you can use it

Proprietary Software

Sold under licence – not ownership Unable to modify Restricted rights to sell-on

Open Source Movement

Have access to the source code – can therefore modify it

Redistribute the code or executable Usually free to obtain

The Rights of Data Subjects Apart from the right to complain to the Information Commissioner, data subjects also have a range of rights which they may exercise in the civil courts. These are:

Right to compensation for unauthorised disclosure of data (arising from principle no. 3);

Right to compensation for inaccurate data (arising out of principle no. 5);

Right of access to data and to apply for rectification or erasure where data are inaccurate (arising out of principle no. 7);

Right to compensation for unauthorised access, loss or destruction of data (arising out of principle no. 8).

Relevant Legislation

Data Protection Data Protection Act 1998 Freedom of Information Act 2000 (FOIA)

Usage of IT Systems Computer Misuse Act 1990 Terrorism Act 2000 Privacy and Electronic Communications Regulations

2003