ICT Legislation


Data Protection Act

  • Personal data should be processed fairly and lawfully with the consent of the data subject
  • Personal data should be used for the specified purpose only
  • Personal data should be accurate and up to date
  • Personal data should be held securely, with no unauthorised access
  • Personal data should not be transferred outside the EU
1 of 9

Data Subject

  • The Individual who is the subject of the personal data
2 of 9

The Commissioner

  • Responsible for enforcing the Act
  • Promoting good practice from those people responsible for processing personal data
  • Making the general public aware of their rights under the Act
3 of 9

The Data Controller

The Person in a company who is responsible for controlling the way in which personal data is processed

4 of 9

Impact of the Data Protection Act

  • The organisation is held responsible for the security, accuracy and conditions of the use of the data it holds
  • Organisations who do not comply with the terms of the DPA can be prosecuted
  • Organisations should ensure that procedures should be in place to ensure that data stored is accurate and up-to-date, for example through validation and verification procedures.
  • Organisations may need regular contact with data subjects, asking them to verify currently held details on a regular basis.
  • Organisations also need to ensure that data stored is consistent with the requirement that data must only be used for the originally designated purpose
  • Organisations must also ensure measures are in place to protect the integrity and physical security of the data held. This will involve implementing various security measures e.g. physical access, system access, firewalls. back-ups etc.
  • The organisation must also provide training to ensure all staff are aware of data protection issues and their personal responsibility for ensuring the terms of the act are complied with
5 of 9

The Copyright Designs and Patents Act

  • Designed to protect the "intellectual property" rights of those individuals and organisations that create and produce material based on original ideas, e.g. books, articles, music, films etc
  • Software piracy is a concern as this involves the illegal copying, modifying or downloading of software. 
  • This means they are avoiding the price of buying the software
  • It can also be the "theft" by one company of the ideas and methods of other companies
6 of 9

Impact of Copyright Designs and Patents Act

  • Software piracy can take many forms such as individual users using the internet to copy a piece of software to their own companies without permission to professional criminals making copies in bulk and selling them through illegal outlets.
  • Negative iompacts are firstly, it results in higher prices for those customers who are buying software legally and secondly, it discourages software houses from being innovative in creating new software.
  • When organisations who use computer networks to purchase a piece of software, they also purchase a software licence for one or more users
  • If the organisation wants more users to access the software, then they have to pay for more licenses
  • For an organisation to enforce this law they have a responsibility to ensure that all employees are aware of the terms of the Act and the consequences of being in breach of it.
  • The organisation must also carry out audts on the software that it uses and monitors who has access to that software
  • Organisations must fully comply with licensing agreements and must control access to the software. Employees should only be allowed to have authorised software on their PCs. 
  • Organisations should also ensure that unauthorised software, perhaps brought from home or downloaded from the internet, is not permitted in the workplace.
7 of 9

Computer Misuse Act

  • Designed to prevent computer crimes involving unlawful access to information systems or data files.
  • Act states that unauthorised access to computer material is an offence, unauthorised access with intent to commit or facilitate commission of further offences is also an offence and unauthorised modification of computer material is a further offence.
  • It identifies specific crimes such as deliberately planting viruses in a computer system or hacking into someone's computer system
8 of 9

Impacts of Computer Misuse Legislation

  • Unlikely a legitimate organisation would deliberately breach the terms of this act, individual employees may use company resources to hack into other systems.
  • If it were shown that the organisation was negligent in taking steps to prevent this, it could be held partly liable for the actions of its employees.
  • The organisation should put policies in place to ensure that employees are aware of the terms of the act and the consequence of being in breach of it to include an "Acceptable Use" policy including organisational disciplinary procedures 
  • Computer use by the employees should be audited regularly and suspect access activity be fully investigated, through examining parts of the system that have been accessed by different employees at specified times
  • By implementing a username and password system, access to different areas of the system is tightly controlled meaning employees should have only access rights that are necessary for the completion of their work
9 of 9


No comments have yet been made

Similar Computing resources:

See all Computing resources »See all Data Protection Act resources »