Learning Aim E
Legal & Regulatory Issues
Key Legislation
Data Protection Act 2018 (UK)
- Purpose: Protects personal data of individuals in the UK
- Applies to: Any organization storing/processing personal data
- Key Principles: Data must be lawful, fair, transparent, limited, accurate, secure
- Data Subject Rights:
- Right to access their data (Subject Access Request)
- Right to rectify (correct) inaccurate data
- Right to erase (be forgotten)
- Right to restrict processing
- Right to data portability (get a copy)
- Right to object to processing
- Organization Responsibilities:
- DPIA (Data Protection Impact Assessment)
- Appoint Data Protection Officer
- Staff training
- Incident reporting (within 72 hours if breach)
- Privacy notices required
- Penalties: Up to £20 million or 4% of global turnover (whichever is higher)
GDPR (General Data Protection Regulation)
- Scope: Applies to all EU citizens and organizations handling EU data
- Key Requirements: Consent for data processing; data minimization; storage limitation
- Data Breaches: Must notify authorities and data subjects within 72 hours
- Data Protection Rights: Similar to Data Protection Act 2018
- Enforcement: Data Protection Authorities in each country
Computer Misuse Act 1990
Offences & Penalties
Section 1: Unauthorized Access
- Accessing computer without permission
- Penalty: Up to 2 years imprisonment
- Fine up to £5,000
- Example: Hacking someone's email
Section 2: Unauthorized Modification
- Altering data or software without permission
- Penalty: Up to 5 years imprisonment
- Example: Deleting files, installing malware
More Offences
Section 3: Denial of Service
- Making systems unavailable (DDoS)
- Penalty: Up to 10 years imprisonment
- Most serious offense
What's Illegal:
- Creating/distributing malware
- Accessing others' accounts
- Modifying programs
- Password cracking
- Bypassing security
Copyright & Intellectual Property
- Copyright Protection: Automatic protection for original works (books, music, software, art); creators' exclusive rights
- Who owns it: Creator/author automatically owns copyright (© symbol optional but recommended)
- Duration: Copyright lasts for life of author + 70 years (or longer for works made for hire)
- Exclusive Rights:
- Reproduction (copying)
- Distribution (selling, lending)
- Public performance
- Public display
- Derivative works (remixes, adaptations)
- Infringement: Using copyrighted work without permission is illegal (copying, sharing, remixing)
- Fair Use/Fair Dealing: Limited use allowed in some cases:
- Education/teaching (quoting)
- Criticism and review
- Parody and satire
- News reporting
- BUT: Must not harm commercial value
- Licensing: Many works available under Creative Commons or other licenses (may allow some uses)
- Penalties: Up to 10 years imprisonment + large fines (£50,000+) for serious infringement
- Other IP: Trademarks, patents, design rights also protected
Health & Safety Legislation
Health and Safety at Work Act 1974
- Ergonomics: Workstations designed to reduce strain and injury
- Screen Time: Regular breaks required (every 20-30 minutes recommended)
- Lighting: Adequate lighting to prevent eye strain
- Posture: Correct seating and desk height
- Equipment: Ergonomic chairs, keyboards, monitors provided
- Display Screen Equipment Regulations: Specific rules for computer workstations
Eye Strain & Fatigue
Prevention Measures
- 20-20-20 rule (every 20 min, look 20 seconds at 20 feet)
- Anti-glare screens
- Adjust monitor brightness
- Proper lighting
- Regular breaks
Risk Factors
- Extended screen time
- Poor monitor placement
- Inadequate lighting
- Glare on screen
- Uncorrected vision
Other Relevant Legislation
Additional Laws
- Freedom of Information Act 2000: Public right to request public body information
- Accessibility Regulations: Websites must be accessible to disabled users
- Equality Act 2010: No discrimination based on protected characteristics
- Communications Regulations: Govern electronic communications and privacy
- Intellectual Property Rights Act: Protects intellectual property ownership
- E-Commerce Regulations: Rules for online businesses and transactions
Regulatory Bodies & Enforcement
- Information Commissioner's Office (ICO): UK data protection authority; enforces GDPR and Data Protection Act
- Ofcom: Communications regulator; oversees broadcasting and telecommunications
- Advertising Standards Authority (ASA): Regulates advertising; investigates complaints
- Intellectual Property Office (IPO): Manages patent, trademark, and copyright registrations
Implications for Individuals & Organizations
- Compliance: Must follow all applicable laws; regular audits and training
- Penalties: Fines, imprisonment, reputation damage for violations
- User Rights: Individuals have rights to privacy, data access, and protection
- Organizational Duty: Must implement safeguards and privacy by design
- Liability: Organization responsible for employee actions
- Insurance: Cyber liability insurance may be needed