What is the purpose of the ‘copyright, designs and patents’ act? Name two ways computer users could breach the ‘copyright, designs and patents’ act? What is the purpose of the ‘electronic communications’ act? What is ‘Wi-fi’ leeching? What is the role of ‘Ofcom’? What is the role of the employer in the ‘Health and Safety at Work’ Act? Describe four health and safety regulations relating to computers.

Data Protection Act Computer Misuse Act Copyright, Designs and Patents Act Communications Act Health and Safety Regulations

The 8 principles of the Data Protection Act: Personal data should be fairly and lawfully processed. Personal data should only be used or disclosed for the specified purposes. Personal data should be adequate, relevant and not excessive. Personal data should be accurate and kept up to date.

Information should not be kept any longer than necessary. Data must be processed in accordance with the rights of the data subjects. Security measures should prevent unauthorised access or alteration of the data. Personal data should not be transferred to countries outside the EU except to countries with adequate data protection legislation.

Look at the 8 principles on the last slide and describe how our school office will address the principles.

The rights of the Data Subjects (that means you!):- See data held on themselves, within 40 days, for payment of a fee. How would this apply to you? Have any errors in the data corrected. Compensation for distress caused if the Act has been broken. Prevent processing for direct marketing (junk mail) by writing to the data controller.

The responsibilities of Data Users :- Have to register with the Data Protection Registrar if they wished to hold personal information about data subjects. They must be willing to let data subjects see data held about them, but must amend any false data without charge. Data Users must also be willing to remove subjects’ names and addresses from mailing lists if asked to.

Unconditional exemptions: organisation who do not need to share any data with the data subject if: Data is related to National Security. Data which, by law, has to be made public (e.g. voters’ roll). Data is held by the Police and National Health Service.

Conditional exemptions:- organisations who do not need to register with DPA, if: The information is used for club memberships, eg Scouts or Girls’ Brigade The data is used by a data subject at home, eg Christmas card list

Who is involved in the Data Protection Act? Data Subject Who the information is about. Data Controller A person, or organisation, given the responsibility for data protection within the company. Data User Workers within the organisation who process the data. Information Commissioner’s Office The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. Promoting and enforcing the DPA.

Jail Fines of up to £500,000 http://www.bbc.co.uk/schools/gcsebitesize/ict/legal/0dataprotectionact/quiz/q94455150/ http://www.youtube.com/watch?v=NQUYit-aBfE My Data, Your Business + Worksheet Examples Look for

DPA Questions What is the purpose of the Data Protection Act?  State three principles of the Data Protection Act. Who is a ‘data controller’ in the Data Protection Act? Who is a ‘data subject’ in the Data Protection Act? Who is a ‘data user’ in the Data Protection Act?

DPA Questions Name two organisations that are completely exempt from the conditions of the DPA? Describe two rights that you have with regard to your own personal data? Name two organisations who can withdraw a person’s right to access their personal data, but who still have to register with the Information Commissioner. Explain why.

Silly clip! - http://www.youtube.com/watch?v=VqlP7Vcca2o The Computer Misuse Act makes it a criminal offence to: Gain unauthorised access to a computer system. Known as hacking. Unauthorised access with intent to commit or facilitate commission of further offences. E.g. E.g. blackmail, identity thief, steal funds from a bank account Unauthorised modification of computer material. E.g. Write and distribute viruses which can damage data on a computer, change materials These types of crimes are now widespread because so many computers may be accessed through networks such as the internet. Silly clip! - http://www.youtube.com/watch?v=VqlP7Vcca2o

Up to five years in prison Unlimited fines Examples Look for

Computer Misuse Act Questions What is ‘gaining unauthorised access to a computer’ more commonly known as? Which law would you be prosecuted under if you were to ‘knowingly spread a computer virus’? Specify a crime linked with each of the three sections of the computer misuse act.

This act helps to protect copyright owners from having their work copied by others without payment. It was created to ensure that copies must be bought and not simply passed on from one person to another. It is illegal to copy software, for example, without the author’s or the software company’s permission. http://www.youtube.com/watch?v=qc8YXIg82Q0

Make a list of the Computer Related items that could be copied without permission or payment.

Up to ten years in prison (was 2 years until 2002) Unlimited fines Examples Look for

Copyright, Design and Patents Act Questions What is the purpose of the ‘copyright, designs and patents’ act? Name two ways computer users could breach the ‘copyright, designs and patents’ act?

This is split into 2 separate laws we must understand: Electronic Communications Act Communications Act

There are 2 main parts to this act: Regulate the provision of cryptographic services in the UK. Confirms the legal status of electronic signatures. These are both important for electronic transactions.

Cryptography is the process used to scramble ordinary text that is readable into cipher text which is unreadable by anyone other than the person holding the key to decrypt or unscramble the message. Cryptography has been used by banks and government for many years. It is also an essential tool for any company wishing to trade electronically. The Government has established a list of approved providers of cryptography services. The register is voluntary so there are no legal requirements for anyone offering cryptography services to be on the register. However, as it is essential the businesses can trust those providing cryptography services, it is more likely that they will use one who is on the approved register.

An digital signature is a digital mark, code or other symbol that is associated with that person. It can be used to sign an electronic document in place of a hand-written signature. Link to see more info. It can confirm the communication is authentic and has not been tampered with. The owner of the electronic signature can be checked and verified in several ways, for example a certificate provided by a special provider. Since 25th July 2000 the Act has recognised digital signatures as a legal method to identify an individual in the United Kingdom.

This Act gave OfCom (Office of Communication) its full power across the television, radio, telecoms and postal sectors. Ofcom has a duty to represent the interests of citizens and consumers by promoting competition and protecting the public from what might be considered harmful or offensive material. Some of the main areas Ofcom presides over are licensing, research, codes and policies, complaints, competition and protecting the radio spectrum from abuse.

The Act was also introduced to stop ‘Wifi Leeching’. A person who is guilty of an offence:- (a) dishonestly obtains an electronic communications service, and (b) does so with intent to avoid payment of a charge applicable to the provision of that service It also contains a provision that could be interpreted as holding businesses such as coffee shops that provide free Wi-Fi to customers as responsible for unlawful downloads made over their networks! Can you see a problem with this? The Communications Act led to a trainee accountant being fined for posting a joke bomb threat on Twitter. http://www.zdnet.com/court-allows-appeal-in-twitter-joke-trial-4010021365/

6 months to 5 years in prison Fined Examples Look for

Electronic Communications Act Questions What is the purpose of the ‘electronic communications’ act? What is ‘Wi-fi’ leeching? What is the role of ‘Ofcom’?

Watch the silly Health and Safely Presentation First! Requirement on employers:- Carry out a risk assessment. Employers with five or more employees need to record the significant findings of the risk assessment. Risk assessment should be straightforward in a simple workplace such as a typical office. Provide a safe and secure working environment.

Can include: provide tilt-able screens provide anti-glare screen filters provide adjustable chairs provide foot supports make sure lighting is suitable make sure workstations are not cramped plan work at a computer so that there are frequent breaks pay for appropriate eye and eyesight tests by an optician fire escape routes gritting paths in winter secure fixtures and fittings Note: These regulations do not apply to students in schools or colleges. http://www.youtube.com/watch?v=T8qGO7XQ0Uw

Up to two years in prison. Unlimited fines. Up to 15 years disqualification as a company director. Also, if the breach results in severe injury or death then prosecution for more severe crimes is possible (e.g. manslaughter). Examples Look for

Health and Safety at Work Act Questions What is the role of the employer in the ‘Health and Safety at Work’ Act? Describe four health and safety regulations relating to computers.