Presentation is loading. Please wait.

Presentation is loading. Please wait.

The four laws of I.C.T Kyle Morgan. Personal data shall be processed fairly and lawfully at least one of the conditions listed in Appendix 1 is met, and.

Published byJeffery Oliver Modified over 8 years ago

Similar presentations

Presentation on theme: "The four laws of I.C.T Kyle Morgan. Personal data shall be processed fairly and lawfully at least one of the conditions listed in Appendix 1 is met, and."— Presentation transcript:

1 The four laws of I.C.T Kyle Morgan

2 Personal data shall be processed fairly and lawfully at least one of the conditions listed in Appendix 1 is met, and at least one of the conditions listed in Appendix 1 is met, and in the case of sensitive personal data, at least one of the conditions listed in Appendix 2 is also met in the case of sensitive personal data, at least one of the conditions listed in Appendix 2 is also met Sensitive Personal Data Sensitive Personal Data These are: These are: racial or ethnic origin of the data subject, racial or ethnic origin of the data subject, political opinions of the data subject, political opinions of the data subject, religious beliefs or other beliefs of a similar nature of the data subject, religious beliefs or other beliefs of a similar nature of the data subject, membership of a trade union, membership of a trade union, physical or mental health or condition of the data subject, physical or mental health or condition of the data subject, sexual life of the data subject, sexual life of the data subject, the commission or alleged commission of the data subject of any offence, or the commission or alleged commission of the data subject of any offence, or any proceedings for any offence committed or alleged to have been committed by the data subject, the disposal of such proceedings or the sentence of any court in such proceedings. any proceedings for any offence committed or alleged to have been committed by the data subject, the disposal of such proceedings or the sentence of any court in such proceedings. "Processing" covers obtaining, recording, holding, organizing, adapting, altering, retrieving, consulting, using, disclosing, aligning, combining, blocking, erasing etc the data. "Fairly" requires the University to ensure so far as is practicable that the data subject is made aware of "Processing" covers obtaining, recording, holding, organizing, adapting, altering, retrieving, consulting, using, disclosing, aligning, combining, blocking, erasing etc the data. "Fairly" requires the University to ensure so far as is practicable that the data subject is made aware of the identity of the data controller the identity of the data controller the identity of any nominated representative the identity of any nominated representative the purposes for which the data are intended to be processed the purposes for which the data are intended to be processed any further information which will ensure that the data subject fully understands the processing of her/his personal data including the likely consequences of such processing and where disclosure of the personal data is envisaged any further information which will ensure that the data subject fully understands the processing of her/his personal data including the likely consequences of such processing and where disclosure of the personal data is envisaged where applicable data subjects should be informed of the opportunity to opt out of additional uses or disclosures where applicable data subjects should be informed of the opportunity to opt out of additional uses or disclosures

3 Personal data shall be obtained only for one or more specified and lawful purposes All purposes should be included in the Data Protection Statement. Where personal data is disclosed to a third party then the University has a duty to ensure that the third party processes the data only for those purposes of which the data subject is aware. All purposes should be included in the Data Protection Statement. Where personal data is disclosed to a third party then the University has a duty to ensure that the third party processes the data only for those purposes of which the data subject is aware. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed Only the minimum amount of personal information, sufficient to fulfill the stated purpose, should be collected. The Information Commissioner has indicated that holding personal information because "it might be useful in the future" although "the how" is not envisaged is unacceptable. Nor is it acceptable to collect information from everyone when the purpose for which it is collected is only applicable to some of the data subjects. Only the minimum amount of personal information, sufficient to fulfill the stated purpose, should be collected. The Information Commissioner has indicated that holding personal information because "it might be useful in the future" although "the how" is not envisaged is unacceptable. Nor is it acceptable to collect information from everyone when the purpose for which it is collected is only applicable to some of the data subjects. Review all forms for collecting personal data regularly and if necessary redesign them. Review all forms for collecting personal data regularly and if necessary redesign them.

4 Personal data shall be accurate and, where necessary, kept up to date Data are inaccurate if they are incorrect or misleading as to any matter of fact. Data are inaccurate if they are incorrect or misleading as to any matter of fact. The Principle is not to be taken as being contravened because of any inaccuracy in personal data which accurately record information obtained by the data controller from the data subject or a third party in a case where: - The Principle is not to be taken as being contravened because of any inaccuracy in personal data which accurately record information obtained by the data controller from the data subject or a third party in a case where: - taking account of the purpose or purposes for which the data were obtained and further processed, the data controller has taken reasonable steps to ensure the accuracy of the data, and taking account of the purpose or purposes for which the data were obtained and further processed, the data controller has taken reasonable steps to ensure the accuracy of the data, and if the data subject has notified the data controller of the data subject’s view that the data are inaccurate, the data indicate that fact. if the data subject has notified the data controller of the data subject’s view that the data are inaccurate, the data indicate that fact. It is important to note that it is no longer necessarily enough for a data controller to say that, because the information was obtained from either the data subject or a third party, they had done all that they could reasonably do to ensure the accuracy of the data at the time. Now data controllers may have to go further and take reasonable steps to ensure the accuracy of the data themselves. Whether or not a data controller would be expected to take such steps will be a matter of fact in each individual case. It is important to note that it is no longer necessarily enough for a data controller to say that, because the information was obtained from either the data subject or a third party, they had done all that they could reasonably do to ensure the accuracy of the data at the time. Now data controllers may have to go further and take reasonable steps to ensure the accuracy of the data themselves. Whether or not a data controller would be expected to take such steps will be a matter of fact in each individual case. To avoid unnecessary risk where this Principle is concerned, procedures should be established for checking/verifying/amending personal data. To avoid unnecessary risk where this Principle is concerned, procedures should be established for checking/verifying/amending personal data.

5 Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes Where there are no statutory time limits to indicate the length of time personal data should be kept then it is advisable to set a retention policy for the data. At the end of the time limit the records should be reviewed and deleted unless there is a specific reason why they should be retained. Where there are no statutory time limits to indicate the length of time personal data should be kept then it is advisable to set a retention policy for the data. At the end of the time limit the records should be reviewed and deleted unless there is a specific reason why they should be retained.

6 Personal data shall be processed in accordance with the rights of data subjects under this Act The data subject has the The data subject has the right to request access to all personal data held on her/him on payment of a fee of not more than £10.00. - The information must be supplied within 40 days. right to request access to all personal data held on her/him on payment of a fee of not more than £10.00. - The information must be supplied within 40 days. right to prevent processing likely to cause damage and distress. right to prevent processing likely to cause damage and distress. right to prevent processing for the purposes of direct marketing. right to prevent processing for the purposes of direct marketing. rights in relation to automated decision taking. rights in relation to automated decision taking. Exam marks are only exempt from the forty-day compliance to a data subject request while they are unannounced. Even then the extra time granted for unannounced marks is extended only to five months and the data controller must then give all the changes to the exam marks from the date of the subject access request to the date of compliance. In effect this means that universities my no longer withhold exam marks because of outstanding debts. The University can still refuse however to confer a degree whilst outstanding debts remain. Exam marks are only exempt from the forty-day compliance to a data subject request while they are unannounced. Even then the extra time granted for unannounced marks is extended only to five months and the data controller must then give all the changes to the exam marks from the date of the subject access request to the date of compliance. In effect this means that universities my no longer withhold exam marks because of outstanding debts. The University can still refuse however to confer a degree whilst outstanding debts remain. Confidential references given by a data controller i.e. the University or its employees are exempt from the Act. This means that an employee or student cannot access through the University any reference written about them by the University or its employees. Confidential references given by a data controller i.e. the University or its employees are exempt from the Act. This means that an employee or student cannot access through the University any reference written about them by the University or its employees. The exemption does not apply to references provided to the data controller. Therefore any student or employee has the right to see any reference about them provided to the University, so long as third party confidentiality is maintained e.g. by blanking out appropriate sections. This also means that any student or employee has the right to apply to the recipient of any reference written about them by the University or its employees. The exemption does not apply to references provided to the data controller. Therefore any student or employee has the right to see any reference about them provided to the University, so long as third party confidentiality is maintained e.g. by blanking out appropriate sections. This also means that any student or employee has the right to apply to the recipient of any reference written about them by the University or its employees. Unlike the 1984 Data Protection Act, the 1998 Act includes statements of opinion. To comply with the ‘fair processing’ provisions of the Act, authors of reference must ensure that all statements of opinion can be supported adequately by accurate facts. The Act allows for compensation for data subjects to be awarded against data controllers where contravention of the Act has caused distress and damage to the data subject. Unlike the 1984 Data Protection Act, the 1998 Act includes statements of opinion. To comply with the ‘fair processing’ provisions of the Act, authors of reference must ensure that all statements of opinion can be supported adequately by accurate facts. The Act allows for compensation for data subjects to be awarded against data controllers where contravention of the Act has caused distress and damage to the data subject.

7 Appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data". The University will have to notify the Information Commissioner of security measures in place. The University will have to notify the Information Commissioner of security measures in place. All staff should take steps to ensure that personal data is secure. All staff that take work home or to meetings etc. should ensure that any material containing personal information is kept secure both at home and when traveling; lap top computers and briefcases are popular targets for thieves. All staff should take steps to ensure that personal data is secure. All staff that take work home or to meetings etc. should ensure that any material containing personal information is kept secure both at home and when traveling; lap top computers and briefcases are popular targets for thieves. All processing of personal information by third parties on behalf of the University must be governed by a written contract which must require the third party to comply with obligations equivalent to those imposed on the University by the Seventh Principle and under which the third party may only act on instructions from the University. All processing of personal information by third parties on behalf of the University must be governed by a written contract which must require the third party to comply with obligations equivalent to those imposed on the University by the Seventh Principle and under which the third party may only act on instructions from the University.

8 Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data The European Economic Area (‘the EEA’) consists of the fifteen Member States together with Iceland, Liechtenstein and Norway. The European Economic Area (‘the EEA’) consists of the fifteen Member States together with Iceland, Liechtenstein and Norway. Other countries will be added to this list as and when the European Commission determines that a country has adequate protection. The only countries outside the EEA currently deemed as having adequate data protection are Hungary and Switzerland. Other countries will be added to this list as and when the European Commission determines that a country has adequate protection. The only countries outside the EEA currently deemed as having adequate data protection are Hungary and Switzerland. N.B. The United States of America is not an approved country. N.B. The United States of America is not an approved country. There are circumstances where the Eighth Principle does not prohibit transfer of data. These are listed in Appendix 3. There are circumstances where the Eighth Principle does not prohibit transfer of data. These are listed in Appendix 3. N.B. Obtaining the consent of the data subject for personal data about them to be transferred to a non-approved country does not absolve the University of its responsibilities and liabilities under the First to Seventh Principles. The University, when transferring data abroad to a third party, will need to ensure that there is a written contract which requires the third party to comply with obligations equivalent to those imposed on the University by the 1998 Data Protection Act and under which the third party my only act on instructions from the University. N.B. Obtaining the consent of the data subject for personal data about them to be transferred to a non-approved country does not absolve the University of its responsibilities and liabilities under the First to Seventh Principles. The University, when transferring data abroad to a third party, will need to ensure that there is a written contract which requires the third party to comply with obligations equivalent to those imposed on the University by the 1998 Data Protection Act and under which the third party my only act on instructions from the University.

9 Computer misuse intro Computer misuse intro The Computer Misuse Act became law in August 1990. Under the Act hacking and the introduction of viruses are criminal offences. Universities and colleges need to co-operate to take action under the Act as the offences are likely to be committed by members of universities and colleges, students in particular, and are often perpetrated on machines or networks within the sector. For offences committed within the higher education sector institutions may wish to use the speedier process of internal disciplinary measures rather than resort to the law. The aim of this Guidance is to ensure that universities recognise the seriousness of these offences and to encourage a greater degree of common practice in dealing with the people who carry out these actions, whether action is taken under the criminal law or through the use of disciplinary procedures. The Computer Misuse Act became law in August 1990. Under the Act hacking and the introduction of viruses are criminal offences. Universities and colleges need to co-operate to take action under the Act as the offences are likely to be committed by members of universities and colleges, students in particular, and are often perpetrated on machines or networks within the sector. For offences committed within the higher education sector institutions may wish to use the speedier process of internal disciplinary measures rather than resort to the law. The aim of this Guidance is to ensure that universities recognise the seriousness of these offences and to encourage a greater degree of common practice in dealing with the people who carry out these actions, whether action is taken under the criminal law or through the use of disciplinary procedures.Computer Misuse Act Computer Misuse Act

10 Computer misuse definition The Act identifies three specific offences: The Act identifies three specific offences: Unauthorised access to computer material Unauthorised access to computer material Unauthorised access to a computer system with intent to commit or facilitate the commission of a serious crime. Unauthorised access to a computer system with intent to commit or facilitate the commission of a serious crime. Unauthorised modification of computer material. Unauthorised modification of computer material.

11 Unauthorised Access to Computer Material. Unauthorised Access to Computer Material. This would include: using another person's identifier (ID) and password without proper authority in order to use data or a program, or to alter, delete, copy or move a program or data, or simply to output a program or data (for example, to a screen or printer); laying a trap to obtain a password; reading examination papers or examination results. This would include: using another person's identifier (ID) and password without proper authority in order to use data or a program, or to alter, delete, copy or move a program or data, or simply to output a program or data (for example, to a screen or printer); laying a trap to obtain a password; reading examination papers or examination results. The response to some actions will depend on the specific conditions of use in force. Take, for example, unauthorised borrowing of an identifier from another student in order to obtain more time for a computer project the student was required to complete. In this case both the student who borrowed the ID and the student who lent it would be deemed to have committed an offence. The response to some actions will depend on the specific conditions of use in force. Take, for example, unauthorised borrowing of an identifier from another student in order to obtain more time for a computer project the student was required to complete. In this case both the student who borrowed the ID and the student who lent it would be deemed to have committed an offence.

12 Unauthorised Access to a Computer with intent This would include: gaining access to financial or administrative records, but intent would have to be proved. This would include: gaining access to financial or administrative records, but intent would have to be proved. Unauthorised Modification of Computer Material : Unauthorised Modification of Computer Material : This would include: destroying another user's files; modifying system files; creation of a virus; introduction of a local virus; introduction of a networked virus; changing examination results; and deliberately generating information to cause a complete system malfunction. This would include: destroying another user's files; modifying system files; creation of a virus; introduction of a local virus; introduction of a networked virus; changing examination results; and deliberately generating information to cause a complete system malfunction. Universities and Colleges should recognise that action under disciplinary procedures is more effective if a similar view is taken across the sector and if institutions are prepared to discipline their students for offences carried out across the network on the facilities of other universities and colleges. It is desirable that as far as possible similar offences in different institutions carry similar penalties. Universities and Colleges should recognise that action under disciplinary procedures is more effective if a similar view is taken across the sector and if institutions are prepared to discipline their students for offences carried out across the network on the facilities of other universities and colleges. It is desirable that as far as possible similar offences in different institutions carry similar penalties.

13 ACTION TO DEAL WITH MISUSE Preventive Measures Preventive Measures The simplest form of preventive action is publicity, and all opportunities should be used to make it clear that the universities and colleges do not tolerate this type of behaviour. The conditions of use for computing facilities should spell out the seriousness of these activities. The simplest form of preventive action is publicity, and all opportunities should be used to make it clear that the universities and colleges do not tolerate this type of behaviour. The conditions of use for computing facilities should spell out the seriousness of these activities. Preliminary Action Preliminary Action The status of the senior managers responsible for information systems can vary from one institution to another. It is assumed that in every university such senior managers have the authority to suspend access to the facilities for which they are responsible. The institution should support such action and ensure that managers with responsibility for local systems have the knowledge and the authority to take similar action. Such suspension of access would be a likely initial response to any misuse. The status of the senior managers responsible for information systems can vary from one institution to another. It is assumed that in every university such senior managers have the authority to suspend access to the facilities for which they are responsible. The institution should support such action and ensure that managers with responsibility for local systems have the knowledge and the authority to take similar action. Such suspension of access would be a likely initial response to any misuse. Computer Security Computer Security The then Computer Board circulated to universities in March 1989 advice on measures to combat hackers. With the Computer Misuse Act coming into force these measures assume even more importance. The then Computer Board circulated to universities in March 1989 advice on measures to combat hackers. With the Computer Misuse Act coming into force these measures assume even more importance. Identifying the Offender Identifying the Offender Finding and identifying someone who has hacked into or misused a system is a difficult and, above all, timeconsuming task. It is sometimes possible to identify the person uniquely. More often it relies on producing sufficient circumstantial evidence to persuade the offender to admit that he perpetrated the offence. Finding and identifying someone who has hacked into or misused a system is a difficult and, above all, timeconsuming task. It is sometimes possible to identify the person uniquely. More often it relies on producing sufficient circumstantial evidence to persuade the offender to admit that he perpetrated the offence.

14 Action to deal with misuse Penalties under the Disciplinary Procedures Penalties under the Disciplinary Procedures Care needs to be taken when assessing the level of punishment. University and college disciplinary procedures may not need the strict proof required by criminal law and thus may need to consider only the balance of probabilities. However, institutions should ensure that the standard disciplinary procedures do satisfy the requirements of natural justice. A narrow line needs to be taken between making the penalties so severe that they are never implemented and being so lax that hacking and other misuse is treated as just a game. The least serious offences could be punished solely by temporary withdrawal of the facilities together with a formal warning from an appropriate person, such as tutor or head of department for a student or line manager for a member of staff. However, such a warning must be recorded, as a second offence clearly becomes much more serious. Care needs to be taken when assessing the level of punishment. University and college disciplinary procedures may not need the strict proof required by criminal law and thus may need to consider only the balance of probabilities. However, institutions should ensure that the standard disciplinary procedures do satisfy the requirements of natural justice. A narrow line needs to be taken between making the penalties so severe that they are never implemented and being so lax that hacking and other misuse is treated as just a game. The least serious offences could be punished solely by temporary withdrawal of the facilities together with a formal warning from an appropriate person, such as tutor or head of department for a student or line manager for a member of staff. However, such a warning must be recorded, as a second offence clearly becomes much more serious. The next point on the scale could be a fine, for those universities which use such systems, or a fixed period, set at an appropriate level, of withdrawal of access to computing resources. For the more serious offences of category (2) and category (3) the minimum penalty should be withdrawal of all computing resources for a term but the normal penalty should clearly be more severe and commensurate with the degree of intent and seriousness of the offence. The consequential effects of withdrawal of facilities should be borne in mind, including the fact that consequential effects will vary in each case. For example, withdrawal could have the effect of forcing a student to repeat examinations or to repeat a year. If the person has already been warned, or if the disruption is intentional or severe, then more severe penalties should be invoked. For a student it is suggested that they should not be allowed to continue the course. The next point on the scale could be a fine, for those universities which use such systems, or a fixed period, set at an appropriate level, of withdrawal of access to computing resources. For the more serious offences of category (2) and category (3) the minimum penalty should be withdrawal of all computing resources for a term but the normal penalty should clearly be more severe and commensurate with the degree of intent and seriousness of the offence. The consequential effects of withdrawal of facilities should be borne in mind, including the fact that consequential effects will vary in each case. For example, withdrawal could have the effect of forcing a student to repeat examinations or to repeat a year. If the person has already been warned, or if the disruption is intentional or severe, then more severe penalties should be invoked. For a student it is suggested that they should not be allowed to continue the course. Initiating Legal Procedures Initiating Legal Procedures Universities and colleges should be prepared to use the full powers of the Act for serious offences whether they originate within or without the higher education sector. It is normally the responsibility of the Police to initiate any action, but for a prosecution to be successful, evidence needs to be collected and kept as soon as misuse is suspected. Universities could well need to seek technical and legal advice early in the proceedings. Universities and colleges should be prepared to use the full powers of the Act for serious offences whether they originate within or without the higher education sector. It is normally the responsibility of the Police to initiate any action, but for a prosecution to be successful, evidence needs to be collected and kept as soon as misuse is suspected. Universities could well need to seek technical and legal advice early in the proceedings.

15 Summary of computer misuse The definitions of computer misuse in the Act should be used. The definitions of computer misuse in the Act should be used. A range of penalties, matched to the offence, should be recognised, from suspension of use of computer facilities for varying lengths of time, through fines to the ultimate sanction of being sent down; legal sanctions should be invoked where appropriate. A range of penalties, matched to the offence, should be recognised, from suspension of use of computer facilities for varying lengths of time, through fines to the ultimate sanction of being sent down; legal sanctions should be invoked where appropriate. Second and subsequent offences should be treated increasingly more severely than first offences. Second and subsequent offences should be treated increasingly more severely than first offences. Offences committed on other the facilities of other institutions should be treated at least as severely as offences committed on local machines. Offences committed on other the facilities of other institutions should be treated at least as severely as offences committed on local machines.

16 Health and safety act 1974 intro Before 1974 approximately 8 million employees had no legal safety protection at work. Before 1974 approximately 8 million employees had no legal safety protection at work. HASAWA 74 provides the legal framework to promote, stimulate and encourage high standards of health and safety in places of work. It protects employees and the public form work activities. HASAWA 74 provides the legal framework to promote, stimulate and encourage high standards of health and safety in places of work. It protects employees and the public form work activities. Everyone has a duty to comply with the Act, including employers, employees, trainees, self- employed, manufacturers, suppliers, designers, importers of work equipment. Everyone has a duty to comply with the Act, including employers, employees, trainees, self- employed, manufacturers, suppliers, designers, importers of work equipment.

17 Health and safety act employers responsibilities The Act places a general duty to "ensure so far as is reasonably practicable the health, safety and welfare at work of all their employees". The Act places a general duty to "ensure so far as is reasonably practicable the health, safety and welfare at work of all their employees". Employers must comply with the Act. They must: Employers must comply with the Act. They must: Provide and maintain safety equipment and safe systems of work. Provide and maintain safety equipment and safe systems of work. Ensure materials used are properly stored, handled, used and transported. Ensure materials used are properly stored, handled, used and transported. Provide information, training, instruction and supervision. Ensure staff are aware of instructions provided by manufacturers and suppliers of equipment. Provide information, training, instruction and supervision. Ensure staff are aware of instructions provided by manufacturers and suppliers of equipment. Provide a safe place of employment. Provide a safe place of employment. Provide a safe working environment. Provide a safe working environment. Provide a written safety policy/risk assessment. Provide a written safety policy/risk assessment. Look after health and safety of others, example public. Look after health and safety of others, example public. Talk to safety representatives. Talk to safety representatives. An employer is forbidden to charge his/her employees for any measures which he/she is required to provide in the interests of health and safety, example,. Personal protective equipment. An employer is forbidden to charge his/her employees for any measures which he/she is required to provide in the interests of health and safety, example,. Personal protective equipment. Employees have specific responsibilities too. They must: Employees have specific responsibilities too. They must: Take care of their own health and safety and that of other persons. Employees may be liable. Take care of their own health and safety and that of other persons. Employees may be liable. Co-operate with their employers. Co-operate with their employers. Must not interfere with anything provided in the interest of health and safety. Must not interfere with anything provided in the interest of health and safety.

18 Enforcement of health and safety The powers of an inspector include: The powers of an inspector include: Rights of entry at reasonable times, etc. without appointments. Rights of entry at reasonable times, etc. without appointments. Right to investigate, examine. Right to investigate, examine. Right to dismantle equipment, take substances/equipment. Right to dismantle equipment, take substances/equipment. Right to see documents, take copies. Right to see documents, take copies. Right to assistance (from colleagues or Police). Right to assistance (from colleagues or Police). Right to ask questions under caution. Right to ask questions under caution. Right to seize articles/substances in cases of imminent danger. Right to seize articles/substances in cases of imminent danger. Enforcement action: Enforcement action: 1 Legal Notices - Written document requires person to do/stop doing something. 1 Legal Notices - Written document requires person to do/stop doing something. –Improvement: say what is wrong and how to put right within a set time. –Prohibition: prohibits use of equipment/unsafe practices immediately. 2. Prosecution - Both employers and employees face prosecution. 2. Prosecution - Both employers and employees face prosecution. –Maximum £5000 in Magistrates' Court –Unlimited fine and jail in Crown Court. However - enforcement officers will give advice and explain rules, etc in confidence. If in doubt, ask However - enforcement officers will give advice and explain rules, etc in confidence. If in doubt, ask

19 Copyright laws Copyright laws Computer software is now covered by the copyright designs and patents act of 1988 which covers a wide range of intellectual property such as music, literature and software. Provisions of the act make it illegal to: Computer software is now covered by the copyright designs and patents act of 1988 which covers a wide range of intellectual property such as music, literature and software. Provisions of the act make it illegal to: Copy software Copy software Run pirated software Run pirated software Transmit software; over a telecommunications line, thereby creating a copy Transmit software; over a telecommunications line, thereby creating a copy Software can easily be copied and sold illegally. In addition the programming ideas and methods can be stolen by a competitor. It is possible for an expert programmer to reverse engineer machine code to establish the specific algorithms used so they can be copied. Some software manufactures put fingerprints into the code little oddities which do not affect the way the programme runs so that if the same code is found in a competitors program they can prove that it was illegally copied

Download ppt "The four laws of I.C.T Kyle Morgan. Personal data shall be processed fairly and lawfully at least one of the conditions listed in Appendix 1 is met, and."

Similar presentations

Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Data Protection.

Data Protection.
Legislation & ICT By Savannah Inkster. By Savannah Computer Laws 1.Data Protection ActData Protection Act 2.Computer Misuse ActComputer Misuse Act 3.Copyright,

Legislation & ICT By Savannah Inkster. By Savannah Computer Laws 1.Data Protection ActData Protection Act 2.Computer Misuse ActComputer Misuse Act 3.Copyright,
The Health and safety Act, is an act to make further provision for securing the health and safety and welfare of persons at work.For protecting others.

The Health and safety Act, is an act to make further provision for securing the health and safety and welfare of persons at work.For protecting others.
PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.

PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Higher Administration and IT Administrative Practices.

Higher Administration and IT Administrative Practices.
Health and safety at work

Health and safety at work
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
The Data Protection Act

The Data Protection Act
The Legal Framework Can you work out which slide each bullet point should go on?!

The Legal Framework Can you work out which slide each bullet point should go on?!
Data Protection for Church of Scotland Congregations

Data Protection for Church of Scotland Congregations
CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.

CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.
Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.

Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.
Law Additional Exercise ANSWERS. Question #1 (a) Any one of: gain unauthorised access (1st) to computer material (1) gain (unauthorised) access to computer.

Law Additional Exercise ANSWERS. Question #1 (a) Any one of: gain unauthorised access (1st) to computer material (1) gain (unauthorised) access to computer.
Amy Palmer. Copyright, Design, Patent Copyright applies to any medium. This means that you must not reproduce copyright protected work in another medium.

Amy Palmer. Copyright, Design, Patent Copyright applies to any medium. This means that you must not reproduce copyright protected work in another medium.
NEBOSH LEVEL 6 NATIONAL DIPLOMA MODULE A: MANAGEMENT OF HS LESSON 9 : CRIMINAL LAW Part One: HASAWA 1974.

NEBOSH LEVEL 6 NATIONAL DIPLOMA MODULE A: MANAGEMENT OF HS LESSON 9 : CRIMINAL LAW Part One: HASAWA 1974.
Elma Graham. To understand what data protection is To reflect on how data protection affects you To consider how you would safeguard the data of others.

Elma Graham. To understand what data protection is To reflect on how data protection affects you To consider how you would safeguard the data of others.

Similar presentations

Ads by Google