Page Header

Computer Law and Procedure

This page gives an insight into a breadth of Computer Procedure and IT Law from Advertising through to the history of, and advice relating to Viruses. Some information included is tentative however, meant as a guideline only, so please doubly ensure with relevant authority where appropriate.

Advertising and Commercial Activity

Advertisements must be 'legal, decent, honest and truthful' and comply with the Code of Practice for Advertisers issued by the Advertising Standards Authority.

Computer Misuse Act

Technology is vulnerable to breaches in security which threaten the confidentiality, availability and integrity of the information it manages and can result in financial and economic loss. The Act was introduced to combat this and to include criminal offences such as hacking. Prior to this the only criminal offence being committed by someone who broke into a computer system was that of theft of electricity.

Three new offences were introduced during August 1990 as follows:

  1. Unauthorised access to computer programmes and data.
  2. Unauthorised access, intent to commit or facilitate the commission of further crime.
  3. Unauthorised modification of computer materials e.g. programs and data…

Computer crimes are policed by the Computer Crime Unit (CPU).

Copyright, Design and Patents Act 1988

Copyright is applicable to all types of creations, including text, graphics and sounds by an author or an artist – the exclusive right to, and control of, the reproduction, sales, copy or distribution of creative works of art, music, literature or coded programs for computing.

For those of you who might like a little more insight, I endeavour to expand a little and the following may be of some help. However, please remember that copyright is a complex subject and grey area should be clarified with proper authority where necessary.

Copyright remains with the author and need not be illustrated. For example, you may find that some documentation may not appear restricted by copyright; however permission to reproduce material may all the same be appropriate.

Copyright is clearly breached when financial gain is made from the work of others without given permission. One might contact the source of such material to clarify where licence might be needed for any given purpose.

Educational authorities will have a licence to reproduce perhaps 5% of literature. Those that have purchased published material will be permitted to copy pages providing it is specifically for their own use.

Graphics displayed on web sites can more often be copied (saved), however permission may be required and/or conditions will apply. Images classed as Royalty Free, for example, may only be used freely during a period of development and therefore conditions will perhaps include that the artwork must be purchased if used/published to the Internet or used for business purposes.

HMSO publications are available from HMSO Publication Centre, PO Box 276, London SW8 5DT. Internet: www.opsi.gov.uk.

To qualify for copyright protection, criteria specific to nationality or UK citizenship may apply.

See also: Software

Criminal Law

Incitement to commit a crime is a criminal offence in itself, regardless of whether a crime has actually been committed or not. This includes the provision of information via computerised services which facilitates any of the activities which this code has highlighted as criminal offences.

Data Protection Act 1998

The Data Protection Act 1998 is concerned with information about living individuals which is processed both manually and automatically. It basically gives new rights to those individuals about whom information is recorded, and demands good practice in handling information about people.

With a few exceptions, every person or organisation holding personal data (data controller) must be registered with the Office of the Information Commissioner, i.e. data covered by the Act must be registered with the Data Protection Registrar and comply with the Data Protection principles.

Data controllers must comply with eight Data Protection Principles established by the Act. The Data Protection Principles are intended to protect the rights of the individuals about whom personal data are recorded. Personal data must be:

  1. Obtained and processed fairly and lawfully.
  2. Held only for lawful purposes described in the register entry.
  3. Used only for those purposes and disclosed to those people described in the entry.
  4. Adequate, relevant and not excessive to the purpose for which they are held.
  5. Accurate and, where necessary, kept up-to-date.
  6. Held no longer than is necessary for the registered purpose.
  7. Accessible to those whose names are held, corrected or deleted.
  8. Surrounded by proper security.

It is a breach of the Data Protection Act if the user or company is negligent in its keeping of data covered by the Act. Exceptions might be, for example, where data refers to Management of personal, family, household affairs or recreational purposes. Also data held by security services. Some information relating to payroll is also exempt, however, data falling outside of specific categories is not, and the Act should be referred to more specifically for some clarification.

Home users may not be affected by this legislation nonetheless may need to be aware should it affect them outside of the home.

The 1998 Act extends the protection given to computerised information to manually stored data. It also prohibits the transfer of personal data outside of the European Economic Area ("the EEA") to countries which do not provide adequate protection of personal data, save in exceptional circumstances. Transfer within the EEA is permitted. Personal data placed on the Internet, however, will find its way outside of the EEA!

To establish whether you need to register, conceivably visit the Information Commissioner's Office (data protection register) online at www.dpr.gov.uk. All criteria regarding legislative matters should be carefully studied; information included here is intended as a guide only.

Data Security

Poor handling of magnetic media can result in data loss. Viruses can lead to data corruption and damage. For those still using Floppy disks – they are not very durable and are easily damaged. Data security might also include copyright issues, particularly where copyright protection is a factor.

Special care needs to be taken when handling disks.

Taking care of removable media
Write to the label before it is stuck to the disk.
Avoid touching the disk surface.
Protect disks from liquids.
Keep disks away from magnetic materials.
Guard disks from extreme hot / cold temperatures and direct sunlight.
Store floppies and CD's in their boxes and protective sleeves.

Alternative option to floppy disk backup
Zip drives, CD/DVD Rewriters and tapes are commonly used for data backup… a first level of backup however might be to a partition on your hard drive – one can fit a removable rack or use an external (removable) device, USB, hard-drive, where data needs to be safeguarded against fire or theft for example.

A removable rack or hard-drive caddy would perhaps accommodate a redundant hard disk if a new one were to be fitted, and this in turn can be stored in a separate building, a safe, or taken home if you need to catch up with your accounts. First generation 'Dual Layer' DVD Rewriters will accommodate media with an 8.4Gb capacity, more recently up to 50Gb and multiple layer Blu ray ten times greater!

Some organisations, such as Seagate for example, also offer external data services facilitating back-up and external data management for clients.

Defamation Act 1996

Defamation consists of the publication of opinions and untrue statements which adversely affect the reputation of a person or a group of persons. If such a statement is published in a permanent form, as is the case with statements published on the Internet, an action for libel may be brought against those responsible.

Care should be taken to avoid the dissemination of defamatory material and to act promptly to remove any such material so far as is possible. It is important to remember that even messages that have only one intended recipient may reach a vast audience through this medium. As a result, the transmission of statements which discredit an identifiable individual or organisation may lead to substantial financial penalties.

Disability Discrimination Act 1995 95-2010 Eqaulity Act 2010

For a simple explanation of the rights and duties which the DDA 1995 introduced, select the following link for an overview (Disability rights).

Discrimination
The Sex Discrimination Act 1975, the Race Relations Act 1976 and the Disability Discrimination Act 1995 are guided by the principle of prevention of unfair discrimination on the grounds of sex, including discrimination against persons who have undergone gender reassignment, race or disability. The Acts make unfair discrimination a civil offence, and in certain other circumstances the law is supported by criminal sanctions.

Equality Act 2010
The Equality Bill (October '10); The Equality Act 2010 almost entirely replaces the Disability Discrimination Act. The Act includes changes that place further obligations on website owners and hosts to ensure sites are accessible and compliant.

Fire

Reference to relevant authorities for up-to-date advice is appropriate, you might otherwise consider the criteria included here as a guide only.

Ensure that there are sufficient, appropriate exits, that they are appropriately signed and posted, that they remain clear and that staff are made aware where these are.

Test fire detector devices annually and record this.

Do not obstruct fire extinguishers. Ensure staff are made aware where they are located and that they know how to use them. Maintain a record or inspection of fire extinguishers.

Define an assembly point and ensure all staff are made aware where this is and what is expected of them.

Hold fire drills and display instructions on the walls.

In the event of a fire raise the alarm and/or notify a senior member of staff.

Do not attempt to tackle a fire unless it is absolutely safe to do so.

Evacuate the building.

Leave in an orderly manner.

Do not take fire extinguishers with you unless essential to do so – in case needed.
Do not attempt to collect or return for belongings.
Do not re-enter the building until an all clear is given.

Locate the nearest telephone and call the emergency services on 999 stating clearly the name and address of your building.

Forensic Computing Unit

The National Health Service (NHS) Counter Fraud & Security Management Service (CFSMS) Forensic Computing Unit (See: Glossary FCU).

Health & Safety

Consider the following:

  • Company Induction Procedure.
    • Health & Safety.
    • Personal Protective Equipment (PPE).
    • Emergency.
      • First Aid.
      • Facilities and Reporting of Accident Procedure.
    • Housekeeping.
    • Security.
  • Company Policy Statement/ Safety Rules.
    • Point of Contact/ Safety Officer.
  • Fire Precautions.
    • Alarm and Escape Procedure.
    • No Smoking Policy (Law as of 31 July 2007).
  • Security.
    • Visitors Book.
    • Guidelines for Contractors.

Health & Safety (Display Screen Equipment) Regulations 1992

Main criteria:

  • Individuals using display screen equipment identified and recorded.
  • Workstations and local environment reviewed annually and where there is significant change.
  • Appropriate training in place encompassing correctly setting up and maintaining workstations, emphasising users' obligation to participate in company training.
  • Obligation to report defects in environment, equipment or personal health, which may affect their ability to work safely and in comfort.
  • Users offered regular eye tests in compliance with the Health & Safety (Display Screen Equipment) Regulations 1992.
  • Short breaks from the computer screen to be taken if used continually for an hour. Breaks taken should comprise any alternative work (administration etc.).

International Law and the Internet

As there is no international convention on Internet regulation, caution is necessary in considering what law may be applicable. As a basic rule, all users of IT facilities should note that although certain materials may be considered legal in their places of origin that does not prevent the UK law being applied if materials are considered to be illegal under the law in this country. Similarly, material transmitted world-wide is subject to the law of the country in which it is viewed.

Management of Health & Safety at Work Regulations 1992

A statutory requirement exists under the Management of Health & Safety at Work Regulations 1992 for all work activities where employees may be potentially exposed to hazards to be assessed as to the degree of risk, and subsequently controlled.

Risk assessment will be carried out under the responsibility of the designated person together with any actions required to attain or maintain control. The assessments will be received on a regular basis and kept up to date.

All relevant employees will be trained regarding the hazards and precautions identified to minimise the risks presented.

Notes here are meant as a guide only and the above Act should be referred to more specifically.

Other Important Issues
Repetitive Strain Injury (RSI (Tenosynovitis)) may not be as common as thought, nonetheless extreme or excessive use of a keyboard over any given period should be avoided paying attention to the following:

Seating – Appropriate seating… perhaps a secretary chair with a straight back would be suitable, sitting comfortably with a relaxed posture.

Keyboard – Posture forearms level, or sloping slightly downward.

Monitor – As for keyboard posture, your screen should be level, or you will perhaps be looking slightly downward approximately an arm length from the display. Screen flicker should be brought to the attention of a line manager or appropriate body such as the IT department. Up to date and regular eye tests may also be appropriate and companies will perhaps have policy in place to finance this… see extracts from Health & Safety Legislation (Display Screen Equipment) included above.

Lighting – Adequate lighting and blinds to protect from screen glare.

Ventilation – Air circulation is both important for individual comfort and for maintaining system temperature.

Obscene Publications Act 1959

Material is deemed to be obscene if its overall effect is to tend to deprave and corrupt a significant proportion of those who are likely to see or hear the matter contained in the material. PCWorkspace is naturally committed to the prevention of publication of any material on any of its IT facilities which it may consider pornographic, excessively violent or that that comes within the provisions of the Obscene Publications Act 1959, the Protection of Children Act 1978 and the Criminal Justice Act 1988.

Official Secrets Act 1911-1989

The Official Secrets Acts establish severe criminal penalties for any person who discloses any material which relates to security, intelligence, defence or international relations and which has come into that person's possession through an unauthorised disclosure by a Crown Servant or Government contractor.

The Acts also cover material which has been legitimately disclosed by a Crown Servant or Government contractor on terms requiring it to be kept confidential or in circumstances in which it might reasonably be expected to be treated as confidential. This means that certain information handled by departments may be covered by the provisions of the Acts, particularly if such information concerns a project specifically commissioned by a Government office.

Software

Software is covered by the laws of copyright and using software outside the terms of its licence can constitute either a civil and/or a criminal breach of copyright law. The Digital Crime Unit was established in 1989 in response to increasing levels of software piracy in the United Kingdom. Its primary goal is to investigate breaches of criminal law in regard to copyright and trade mark infringement.

System Security

System security may need to be tailored to any given organisation, nonetheless new and/or small organisations might consider the following:

  1. Alarms.
  2. Password protection.
  3. Screen savers.
  4. Site security.
  5. Training.

Telecommunications Act

The act includes 'that an offence is committed by any person who dishonestly obtains a service provided by means of a telecommunications system with the intention of avoiding payment'.

Email
Email communications are publications and other legislation may apply, e.g. the Data Protection Act 1998 and the Defamation Act 1996.

Wi-Fi
While there may be some grey area in law regarding unsecured networks, there is also a clear distinction between free access in McDonalds and logging onto your neighbour's wireless network for some free surfing without express permission.

Dishonestly using an electronics communications service with the intent to avoid paying is breaking the law - and it is a matter that the police are taking increasingly more seriously. Moreover, it is likely your door that the authorities will knock on if someone is downloading material, on your service, that they perhaps shouldn't be!

The Environment

Environmental issues facing UK and European organisations: • Computers contain materials which when disposed of, are hazardous to human health and the environment: • Monitors contain over 1.5Kg of lead in cathode ray tubes • Mercury is used in switches • Cadmium is used in cathode ray tubes, plastics and circuit boards.

The EC acted by putting together the Waste Electronic and Electrical Equipment Directive (WEEED), initially intended to be law in the UK and across the EC 13 August 2004, finally introduced on 2 January 2007.

The directive aims to reduce the waste arising from electrical and electronic equipment, and to improve the environmental performance of those involved in the lifecycle of electrical and electronic equipment. IT and Telecoms Equipment is covered by Category 3 WEEE. The directive states that, for computers that are redundant and have no further use, 65% by weight must be recycled.

Environmental Protection Act 1990
Organisations also have a duty of care to ensure that waste materials are only consigned to registered carriers and properly stored and disposed of at appropriately licensed facilities. Directors, Managers and other employees who deal with environmental waste matters can all be held liable and face fines and imprisonment if laws are broken.

Landfill Regulations 2002
The Landfill (England and Wales) Regulations 2002 came into force on 15 June 2002. The aim of the regulation is to prevent, or reduce as far as is possible, the negative environmental effects of landfill. The Directive requires that hazardous wastes, including liquids and cathode ray tubes are pre-treated prior to landfill in special sites.

Viruses

A virus is a self-replicating 'malicious' program… A term often used, misused to describe all types of threats, but nonetheless requires interaction from (is triggered by) the user, transferring itself into a systems memory, onto the hard-drive or disk.

The first virus is understood to have come from Lahore in 1987, transferring to the University of Pennsylvania. It was by all accounts relatively harmless, all the same would write itself to floppy disk overwriting data if a disk were full, rapidly spreading through the network, subsequently destroying a number of thesis…

…A separate report suggests however that the first virus may have been a program named 'Rother J', a computer virus evidently first sighted outside the single computer or lab where it was created. Thought created in 1981 by Richard Skrenta, it attached itself to the Apple DOS 3.3 operating system and spread via floppy disk – There perhaps needs to be distinction drawn between the Apple, Commodore, and the PC.

As we now know this was only the beginning and virus writers continue to develop malicious programs that are a threat – the email of the species is more deadly than the mail. The World Wide Web has become as much of a risk and although advantages will clearly outweigh disadvantages, broadband connections are, by their very nature, more open to attack making the need for Internet Security a pre-requisite. More and more broadband service providers now also include security as part of their package deal.

Nonetheless electronic mail (email) can include attachments containing a virus which when opened might forward itself to all those in the contact list (address book). WORMs (Write Once Read Many) can potentially spread slowing the main servers that provide your service. Trojans (not needing any interaction from the user) are structured to exploit flaws within your PC software contributing to poor system stability, computer failure, the up-streaming/ conceivable theft of confidential data.

It may be helpful to learn some basics. One option might be to sign up with a local news service advising of any likely infection. Learn more about Virus Alerts at Virus Bulletin: www.virusbtn.com.

Take care not to transfer suspect files on disk other than to an environment protected with Internet Security software such as Nortons. One may all the same need to be aware that updates are required to safeguard against recent strains, conceivably also making certain that policy is in place to protect data in a multi-user environment.

An update to Anti-virus/Internet Security software to take account of the most recent software updates and variants may be referred to as a patch, are generally available free for a specified period to anyone who has registered a copy. Such updates can be downloaded from the Software Company's web site. Nortons provide both a free Security and Anti-virus check on-line in addition to a facility allowing you to pass viruses to them for analysis. Their address is: www.symantec.com.