4.1 UK Legislation

Created by

shush

Cards (30)

what is the computer misuse act 1990? 
An act that was introduced as computers became cheaper and more common with home and work.
What does the computer misuse act cover? 
Covers inappropriate use of computers such as hacking and password theft etc.
What are the 3 principles of computer misuse act? 
No unauthorised access to data. No unauthorised access to data that could be used for further illegal activities. No unauthorised modifications of data such as spreading a virus to change data.
What would happen if you break the computer misuse act principles? 
Could result in fines and a jail sentence.
What is copyright, designs and patents act 1988? 
An act that makes it an offence to copy work that is not your own without permission of the creator which can include muic, text, videos and images etc.
Explain copyright, designs and patents act 1988? 
Creators of copyrighted work can control how it can be used as the owner can bring legal proceedings in court to those who have stolen their work.
How can you comply with the copyright, design and patents act 1988? 
Permission must first be obtained before using copyrighted mateirals or the user could be fined if they decide to use it. Prohibit individuals to make copies of copyrighted material for selling. Cannot download illegally copied material and cannot distribute material in high volumes as to disadvantage to the copyright holder.
What is the freedom of information act 2000? 
Provides the public the right access to information based on the activities carried out by public authorities such as government which is holders funded by the state.
How does the freedom of information act work? 
A freedom of information (FOI) requests must be formally submitted in a letter or email which must be replied within 20 working days. Certain requests cannot be accepted if information is too sensitive to share.
What is the information commissioner's office (ICO)code of practice? 
The information commissioner is the senior government official in charge of UK's freedom of information (FOI) requests and the protection of personal data.
What is the ICO codes of practice based on? 
Various data protection and privacy topics related to the data protection act (DPA). The ICO offers help and support to both individuals and organisations.
What is regulation of investigatory powers act (RIPA) 2000? 
Was introduced in response to the increase in both criminal and terror activities on the internet.
explain the RIPA act?
Is used to monitor and access online communication of suspected criminals. Has been controversial because it used to be subjected in surveillance of very minor offences which has changed now to only allow surveillance of crime suspects.
What would happen if criminal activity is suspected by an individual?
Public bodies would grant the power of demanding that ISP (internet service providers) to provide access to the suspect communication without any notice to the suspect. ISPS could install surveillance equipment or software to track the suspect's online activity. Can carry out physical surveillance such as undercover officer and using vans. Access must be granted to personal software
What is protection of freedoms act 2012? 
Was introduced because there was little legislation about biometric data and to update other laws.
explain how protection of freedom act 2012 works in order? 
storing, handling and deleting biometric data
Creates new regulation for use of CCTV and automatic number plate recognition (ANPR).
Disclosure barring service (DBS) was created to run background checks on anyone working with vulnerable subjects or children.
Strengthening of freedom of information act 2000 to allow wider requests to be made.
What is the data protection act 2018 (DPA)/GDPR?
Introduced by the EU based on the protection of individuals data which is stored on computers and processed by organisations.
What is data subject? 
People who stored their data to the organisation.
How does the data protection act? 
An employee within an organisation must be appointed as a data controller who is responsible for registering with the information commissioner (ICO). When registering with the ICO, the organisation's data controller must be clear on what information they are collecting and why it is being collected and what the data will be used for.
What is the first principle of the DPA? 
Data must be collected lawfully and processed fairly
What is the second principle of the DPA?
Collected data must only be used for the reasons stated
What is the third principle of the DPA? 
Data must be relevant and not excessive.
What is the fourth principle of the DPA? 
Data must be accurate and up to date.
What is the 5th principle of the DPA? 
Data must not be stored for longer than necessary.
What is the 6th principle of the DPA?
Data must be stored and processed securely.
Explain how staff can be trained as an action that organisations can do to comply with the DPA? 
So they are clearly aware of their responsibility of protecting data.
Explain how strong security measures is an action that organisations can do to comply with the DPA? 
Must be strong security measures in place to protect data from being accessed which could be in the form of logical and physical protection methods.
Explain what rights does the data subjects have?
If an individual wishes to access their data, must submit a subject access requests (SAR) which results on the businesses data controller providing the requested information within 40 working days. The individual must verify their identify using an appropriate ID because only the data subject can request their access.
What is privacy and electronic communication regulation 2003?
Where it shows ways in which organisations can use electronic communication to contact customers and other individuals. Law was updated in 2011.
What must organisations do to comply with the privacy and electronic communication regulation 2003? 
Organisations must explain how cookies are used on their websites. Companies must clearly state who they are when contacting customers such as displaying phone number when calling. Companies must make sure whether or not they can contact the customer as long as the customer has enabled opt-in to receive communication. Companies must contact customers through communications channels that customer has inputted which can be done through tick boxes when signing up.