A view of KLB School from Wotton Hill - click to return to the website homepage

5.3.2 Computers and the Law

Revision Points: (Full course)

Candidates are expected to:

  • describe the main aspects of the Data Protection Act and any subsequent amendments;

  • describe the purpose of the Computer Misuse Act and any subsequent amendments;

There are 3 UK acts you need to know about for the exam:

The Data Protection Act:

With the growth of Information and Communication Technology, large databases are able to hold huge quantities of information and global networks are able to share and distribute this information around the world in seconds. In order to control this development and to protect people’s right to privacy, the Data Protection Act was introduced. The first Act became law in 1984 but was replaced by the 1998 Act that also incorporates the European Commission Directive.

The 8 basic principals of the Data Protection Act:

Data should...

...not be transferred to countries that do not have suitable data protection laws ...be processed fairly and lawfully ...be kept secure against loss, damage and unauthorised and unlawful processing
...be processed within the rights of data subjects  The Data Protection Act ...be obtained for specified and lawful purposes
...be adequate, relevant and not excessive for the purpose ...be accurate and up-to-date ...not be kept longer than necessary

The Act protects personal data about us from being misused.  Personal data is data that can identify you and allow an opinion to be expressed about you. Data such as your name and address is not considered personal data but your date of birth and salary would be. Some personal data can be especially sensitive such as:

  • political and religious beliefs
  • racial or ethnic origins
  • membership of trade unions
  • details of sexual life
  • physical or mental health

You have the right to see personal information about you and have any errors corrected.

Any person, organisation, company or business that wants to hold personal information about people must register with the Office of the Data Protection Commissioner.

There are certain exemptions to the Act and the rules governing the need to register data. A summary of the main exemptions to the Act include data that is:

  • related to national security or associated with crime
  • related to salaries and taxation, involved in health, immigration, education and social work
  • required by law and in connection with legal proceedings being disclosed
  • held for domestic purposes such as household, personal and family data

Rights of data subjects:

One of the principals states - 'Data should be processed within the rights of data subjects'

In summary, individuals have the right to:

  • be given a copy of the data held
  • prevent processing of the data if it is likely to cause damage or distress to them
  • prevent the data being used for direct marketing
  • prevent automated decisions being made on the basis of data held
  • receive compensation for any damage and distress caused by use of the data
  • have data corrected, blocked and erased if it is inaccurate
  • make a request to the Data Protection Commissioner if they feel the Act has been contravened.

The Computer Misuse Act - 1990

The established English laws were not designed to deal with Unauthorised Access To Data (hacking), computer fraud and computer viruses so a law was introduced in 1990 called 'The Computer Misuse Act'.  This law recognised the importance of the personal data and other confidential data such as military secrets, scientific and industrial research, medical information and details of financial accounts that are stored in computer systems.

Under this law, the following offences could be dealt with:

  • Unauthorised access to computer data - i.e. Hacking.
    This covers any unauthorised access to any program or data held in a computer, even if it is just to look at the information. The penalty is a maximum fine of £2000 and a six month prison sentence.
  • Unauthorised access to computer systems for the purpose of carrying out crimes - i.e. spying, blackmail, and fraud.
    This covers cases where someone access the system with the intention of using the information for a criminal purpose - the penalty is an unlimited fine and a maximum five-year prison sentence.
  • Unauthorised changing of computer data - i.e. deleting or altering files.
    This coves cases where the original information is altered in some way, either by deleting it or altering it in some way.
  • Spreading computer viruses - i.e. unauthorised modification of the contents of a computer, impairing the operation of any program or reliability of data.
    The penalty is an unlimited fine and a maximum five-year prison sentence.

The Copyright, Designs and Patents Act - 1989

Copying computer software is a criminal offence. The Act covers stealing software, using illegally copied software and manuals, and running purchased software on more machines than the license allows.

The legal penalties for breaking the copyright law include unlimited fines and up to two years in prison.

All the software that you use should be fully licensed. When you purchase software you usually are licensed to use it on just one computer. It is illegal to make copies of the software to use on other computers, even if they are your own.

Click here for details of how software companies try to prevent illegal copying of their disks.

A website with many of the issues concerned with copyright and the Internet (USA based) can be found at:

<Click to move to the top of the page>