Unauthorised access to computer material
This is the lowest level of offence. It includes, for example, finding or guessing someone’s password, then using that to get into a computer system and have a look at the data it contains. This is an offence even if no damage is done, and no files deleted or changed. The very act of accessing materials without authorisation is illegal. This offence carries a penalty of imprisonment up to six months and/or a fine.
Unauthorised access with intent to commit or facilitate commission of further offences
This builds on the previous offence. The key here is the addition of ‘intent to commit...further offences’. It therefore includes guessing or stealing a password, and using that to access, say another person’s on-line bank account and transferring their money to another account. For this offence the penalty is up to five years’ imprisonment and/or a fine.
Unauthorised modification of computer material
This could include deleting files, changing the desktop set-up or introducinges with the intent to impair the operation of a computer, or access to programs and data. The word ‘intent’ means it has to be done deliberately, rather than someone deleting files by mistake. This also includes using a centre’s computer to damage other computers outside the centre, even though the computer used to do this is itself not modified in any way. This offence carries a penalty of up to five years and/or a fine.
The Act clearly takes a very serious view of hacking – even where there is no intent to defraud or do damage. It is therefore important that centre users are made aware of the potential penalties, and equally importantly, why these offences are so serious. Most people would understand that using a computer to commit fraud is clearly wrong. However, some people would not see ‘victimless’ hacking, or playing around with computer settings, as serious. But the reality is that such activities can seriously affect the operation and work of the centre, resulting in unhappy and dissatisfied users, and probably creating a lot of additional work for the centre staff in repairing damage done to programs and data.
The Data Protection Act (1998): What is it?
Purpose
The purpose of the Act is to protect the rights of the individual about whom data is obtained, stored, processed or supplied rather than those of the people or organisations who control and use personal data. The Act applies to both computerised and paper records.
The Act requires that appropriate security measures will be taken against unauthorised access to, or alteration, disclosure or destruction of personal data and against accidental loss or destruction of personal data.
Scope
The 1998 Act applies to:
- Computerised personal data
- Personal data held in structured manual files
It applies to anything at all done to personal data ("processing"), including collection, use, disclosure, destruction and merely holding data.
Principles of Data Protection
The Act is based on eight principles stating that data must be:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate
- Not kept longer than necessary
- Processed in accordance with the data subjects rights
- Secure
- Not transferred to other countries without adequate protection