Legislation protecting people & groups.

Applied ICT Coursework UNIT 3 Legislation Protecting People/Group

LEGISLATION PROTECTING PEOPLE & GROUPS

Mubarak Umerji

Introduction

With the advancement of computers and communications in the last thirty years the government has introduced various legislations to protect individuals as well as companies. This coursework details some of these legislations and gives examples of how each legislation protects the computer users and what effects it would have if the legislation was not introduced.

The following lists of legislations are discussed in this coursework: -

Data Protection Act (1998)
Computer Misuse Act (1990)
Copyright Designs and Patents Act (1988)
Health and Safety at Work Act (1974)
Health and Safety Regulations (1992)
Regulation of Investigatory Powers Act (2000)
Internet Code of Practice (ICOP)

Data Protection Act (1998)

As more and more information came to be stored on computers, much of it personal data about individuals, there became the need for some sort of control over the way that it was collected and the way it could be used. The Data Protection Act 1998 replaces the earlier Data Protection Act 1984. The purpose of this Act is to deal with some of the things that weren’t around when the older Act was introduced. These new things include the Internet, loyalty cards and use of huge customer databases for marketing purposes. The new Act also covers manually held data not covered by the earlier Act.

The Act places obligation on those people who record and process personal data; these people are called the data controllers in the Act. The Data Controllers must be open about their use of the data by telling the Data Protection Commissioner (person who enforces the Act) that they are collecting personal data and how they intend to use it.

The Data Protection Act covers personal data, which is stored on a computer. It protects the individual’s right to privacy and gives individuals the right to see what data is stored about them and to have it corrected if it is inaccurate. All data users who store personal information about other people on their computer systems must register with the Data Protection Commission.

They must also follow eight principals, called the Data Protection Principals.

The personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless at least one of the following conditions are met:
- The data subject has given their permission for the processing.
- The processing is necessary for the performance of a contract which involves the data subject.
- The data controller has the legal obligation to process the data.
- The processing is necessary to protect the vital interests of the data subject
- The processing is necessary for the administration of justice or for a government department.
Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or other purposes.
Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
Personal data shall be adequate and, where necessary, kept up to date.
Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
Personal data shall be processed in accordance with the rights of data subject under this Act.
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing personal data and against accidental loss or destruction of, or damage to, personal data.
Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection the rights of freedoms of data subjects in relation to the processing of personal data.

Protection Offered

The type of information that can be stored on the computer about an individual is name, address, telephone number, data-of-birth, gender, e-mail address, credit history (bad debts etc.), whether you would like promotional information sent to you or not, can this information be passed on to other organisations? etc.

When an individual personal buys some item on credit the shop normally asks for a credit history from organisations specialising in such information. Based on the information provided by these organisations the individual is given credit or refused.

Sometimes people are refused loans and they do not know ...

This is a preview of the whole essay

Protection Offered

Sometimes people are refused loans and they do not know why, this is because everybody’s credit history is stored on various databases around the world and one or more of these databases might have negative or inaccurate information stored in them. One advantage of this act is to make sure that people have access to all the information stored about them on any database and request that any information stored is corrected if they feel it is inaccurate.

If the Data Protection act were not introduced, personal information would be available to everyone, and therefore prone to misuse e.g. to send unsolicited e-mails. The act also makes sure that the information stored about the individual is accurate.

Computer Misuse Act (1990)

With the widespread use of computers and communication systems, problems started to arise about the misuse of systems. The problems centred on a variety of uses that were not covered by existing laws. Several cases went to court but the courts were unable to convict because older laws did not cover these misuses. One particular case involved a schoolboy using his computer at home with a modem to hack into the Duke of Edinburgh’s electronic mailbox and read his correspondence. Other hackers were able to get through to stockbrokers, hospitals, oil companies and even the Atomic Energy Authority’s computer systems. The courts were reluctant to use the theft laws, which weren’t intended to cover these situations, and advised Parliament that it would need to make specific new laws. This gave rise to the Computer Misuse Act 1990, which covers the following: -

Deliberately planting viruses into a computer system to cause damage to program files and data.
Using computer time to carry out unauthorised work, such as using a firm’s computer to run a friends payroll.
Copying computer programs illegally (i.e. software piracy).
Hacking into someone’s system with a view to seeing the information or altering it.
Using a computer for various frauds; people have been known to put fictitious employees a payroll program and use false banks accounts open in the name of these employees to steal money.

To date there have been relatively few prosecutions under this law-probably because most organisations are reluctant to admit that their system security procedures have been breached, which might lead to a loss of confidence on the part of their clients.

Protection Offered

The Computer Misuse Act protects individuals as well as companies like Barclays from unwanted guests logging onto their computers and misusing the information on them or destroying the information. All computers store personal data and applications which is important to the owner without which the owner would find it difficult to run his/her business or if the information got into the wrong hands it may cause problems for the owner.

An example of this is if an individual was to hack into a pharmaceutical research company and steal the information regarding a new drug that it is researching and then to sell that information to a rival company. The loss of this information might mean the closure of the pharmaceutical company and loss of hundreds of jobs, which in turn may deprive sick people of a vital drug that may help them to recover from the illness.

Another example is if an individual who was sacked by his company decides to take revenge by hacking into the company computers and delete vital information or leave viruses on them that may cause the company computers to fail.

Without this act there would be no protection for individuals or companies from unwanted guests hacking into their computers. International Fraud and spreading of computer viruses would be rampant. International companies spend a lot of money on data security even with this act in place, just think how much this cost would increase without this act. This would lead to companies spending less money on research which would lead to slowdown in world progress.

The Copyright Designs and Patents Act of 1989 makes it a criminal offence to copy or steal software. Under the act it is an offence to copy or distribute software or any manuals which come with it, without permission or a licence from the copyright owner, who is normally the software developer.

It is also an offence to run purchased software covered by copyright on two or more machines at the same time, unless the licence specifically allows it.

The Act makes it illegal for an organisation to encourage, allow, compel or pressure its employees to make or distribute copies of illegal software for use by the organisation.

It is illegal to copy software, to send copies of software over the Internet, or to use pirated software. It is also illegal to download a copyright sound track or DVD from the Internet.

You should not use someone else’s work without their permission, or without acknowledging the source of the information.

Protection Offered

This act is protecting the software developers from illegal copying and distributions of software that may have taken them vast amount of money and several years to develop. In the same way it protects other people of enterprise such as musicians, moviemakers and writers from having their work illegally copied and distributed without payment. If individuals do not see a reward for their hard work (software, music or movie) they will stop developing new and innovative ideas which will slow the advancement of the world.

Health and Safety at Work Act (1974)

This law imposes a responsibility on the employer to ensure safety at work for all their employees.

Employers have to take reasonable steps to ensure the health, safety and welfare of their employees at work.
Failure to do so could result in a criminal prosecution in the Magistrates Court or a Crown Court.
Failure to ensure safe working practices could also lead to an employee suing for personal injury or in some cases the employer being prosecuted for corporate manslaughter.

The employer also has an implied responsibility to:

Take reasonable steps as far as they are able to ensure the health and safety of their employees is not put at risk.
Provide safe plant and machinery and safe premises
Provide a safe system of work and competent, trained and supervised staff
Care for and supervise employees; particularly disabled workers, pregnant workers, illiterate workers etc.
Consult with employees on health and safety matters
Provide a safe environment for customers or visitors who use the work place
Have a written code of conduct, rules regarding training and supervision, and rules on safety procedures
Give information on basic health and safety requirements via leaflets and posters, giving warnings of hazards

Protection Offered

The employer must provide a safe working environment without which the employee might be injured leading to the employer being taken to court and fined. The employer would also loose the services of the employee until he/she recovers. The employee would have to be paid for the time he/she is off work, which will affect the profits of the employer since the employee is not contributing to the company’s productivity.

This act is a guideline as to what the employer should do to ensure health and safety of its employees. The employer must ensure that written documents out lining the safety procedures are available to the employee to refer to when working with equipment. The employer must also provide training for the employee on how to use the equipment. This act also makes sure that disadvantaged employees such as disabled workers, pregnant workers and illiterate workers and taken care of and supervised.

This act basically ensures that all precautions are taken by the employer to meet the health and safety of its employees.

Health and Safety Regulations (1992)

These regulations affect employed workers who habitually use VDUs for a significant part of their normal work. Measures were introduced to prevent repetitive strain injury, fatigue and eye problems in the use of technological equipment.

Employers have to:

Analyse workstations of employees covered by the Regulations and assess and reduce risks
Look at the hardware, the environment, and factors specific to the individuals using the equipment. Where risks are identified, the employer must take steps to reduce them
Ensure workstations meet minimum requirements
Ensure there are good features in employees’ workstations. For example, the screen should normally have adjustable brightness and contrast controls. This allows individuals to find a comfortable level for their eyes, helping to avoid the problems of tiered eyes and eyestrain
Plan work so there are breaks or change in activity, ideally short, frequent breaks are better then longer, less frequent ones, and ideally the individual should have some discretion over when they are taken
Arrange and pay for eye and eyesight tests, and provide employees with spectacles. Employers are responsible for providing further eye tests at regular intervals
Provide health and safety training so employees can use all aspects of their workstation equipment safely and know how to make best use of it to avoid health problems, for example adjusting the chair

Employees also have a responsibility to:

Use workstations and equipment correctly, in accordance with training provided by employers
Bring problems to the attention of their employer immediately and co-operate in the correction of these problems

Protection Offered

This act protects the employee’s bad working conditions. The employer will suffer because he will therefore be short of staff, and the NHS will also suffer because of its demands on its services.

Regulation of Investigatory Powers Act (2000)

This act is about defining the powers the government has with regard to access to information and the security of that information. It gives the government the right to carry out intelligence surveillance and to spy on electronic communications and data.

Protection Offered

This act gives the government the power to access any information held on any computers that it feels will help to protect the individual or the country from outside threat. They can also spy on electronic communications such as e-mail and telephone conversation where they think information is exchanged that might be threatening to the country.

In today’s age of terrorism this act is vital for the government if it is going to protect the country from terrorism. This act has possibly stopped lots of terrorist acts from being carried out and making the country a little bit safer than it otherwise would be.

Internet Code of Practice (ICOP)

This Code of Practice is not law, but is an agreement, which exists to protect Internet users. Website owners can apply to be registered for a small fee and, once registered; have the right to display the ICR seal to show that the site conforms to the code of practice.

A summary of the code is given below.

Audience: Information must be suitable for viewing by its target audience, i.e. not of indecent material. Offensive material should have a security mechanism to prevent accidental access. Links to external sites should be checked for offensive material and commercial information must be clearly identified as such.
Advertising: Unsolicited e-mail and SPAM should not be used as an advertising method. Advertisements should be legal, decent, honest, truthful and not misleading. Prices and delivery-date information should be clear. All advertisements should show the identity of the advertiser and the full contact postal address.
Contracts: Any standard terms and conditions used must be clearly drawn to the attention of the customer. Goods must be of ‘satisfactory quality’ at the time of delivery to the customer.
Copyright and information ownership: The international rights to all site contents must be secured or owned by the publisher prior to its release on the Internet. Copyright must be obtained in all countries concerned as the Internet transcends national boundaries. Links to other pages must have the permission of the target-link site. All trade and similar marks must be clearly displayed and identified.
Information: Images, audio and video clips should be compressed to keep download times bandwidth requirements to a minimum. Private data (such as e-mail, network and postal addresses, telephone numbers, payment card details etc.) should not be disclosed to third parties without permission of the data subject. Information should not incite or promote illegal acts.
Applets, browser scripts and CGI usage: No programme should consume system resources or network bandwidth unnecessarily. No programme should destroy or damage any data held on the viewer’s computer or network. No programme should attempt to access information about the viewers or the viewer’s computer system covertly.
Mail and news: When sending an e-mail to more than one person, e-mail is certainly cheaper than using conventional mail; however both parties pay for the communications systems used during upload and download. Sending advertising mail through the post merely costs the sender. Furthermore any kind of unsolicited communication is often considered by the recipient to be unwelcome. Therefore, ICR members agree not to send, encourage, or contribute to chain letters, hoaxers or SPAM.

Protection Offered

This Internet Code of Practice protects children from looking at indecent material. The ISP’s can use special software that can filter out indecent material. It also protects software developers because the ICOP states that copyright laws must be observed and trademarks must be clearly displayed and identified. The ICOP also provides a fair distribution of computer processing power to all users. Some users use up all the bandwidth of the Internet to download images, audio and video clip leaving the other users to suffer slow speeds. The ICOP states that data should be compressed to keep download times and bandwidth requirements to a minimum. Some ISP’s have started to limit the amount of data that any individual can download on a daily basis. The ICOP also protects the individual from receiving junk mail which uses up his computer resources such as disk space and it is also time consuming to open/read/delete unwanted e-mails.