Tuesday, November 25, 2008

Computer Misuse Act

Computer Misuse Act

The Computer Misuse Act became law in August 1990. The Act identifies three specific offences:
1. unauthorised access to computer material; for e.g. a program or data
2. unauthorised access with intent to commit or facilitate commission of further offences for e.g. obtaining personal data such as Internet banking passwords.
3. unauthorised modification of computer material.
What can happen to individuals under the law?
The basic offence as a summary offence carries a maximum prison sentence of six months or a maximum fine of £2000 or both.
Offences 2 and 3 are punishable with imprisonment for a term not exceeding five years, or a fine or both.

Example 1: Unauthorized access to computer material
This would include using another using another person’s user name and password without proper authority in order to use a data or a program, reading examination papers or examination results and essentially having a look around.

Example 2: Unauthorized access to a computer with intent to commit a further crime
This would include for e.g. gaining unauthorised access to a user’s credit card details and then using them to order goods fraudulently from a website.

Example3: Unauthorized modification of computer material
This would include deleting another user’s files; modifying system files, creating and sending of a virus or in the case of some adware, running code that takes up so much of the system resources that the computer fails to function properly.

Action to deal with misuse

  • Preventative measures
    The simplest form of preventing action is training so that all employees are perfectly clear about what their responsibilities are and what standards are expected of them.
  • Computer security
    These include security mechanisms, access levels, firewalls and anti-virus software.

You can find more information on this website: http://en.wikipedia.org/wiki/Computer_Misuse_Act

Questions

  1. What are the three specific offences of the Computer Misuse Act?


  2. In which month and year did it become law?


  3. Define user names and passwords.


Exam Tips

Do not use one-word answers e.g. 'passwords' for questions about security precautions. You must explain what you mean' for example , 'Each authorised user should be given a password to use to access the system and forced to change it regularly.'





Monday, November 24, 2008

Data Protection Act

Data Protection Act 1998

The Data Protection Act regulates how personal data is used and protects data subjects from the misuse of their personal data.
If a data user wishes to store personal data, they must first register with the Information Commission. This should state the following things:


  • what data they want to hold
  • how long they intend to keep it for
  • what they intend to do with it
  • who they might pass it on to.
The data user must appoint a named data controller who ensures that the organisation complies with these principles. The data controller is an individual who is over the age of 18 and has the main responsibility for all the data held.
Data subjects have the following rights:


  • to see what data is being held about them
  • to have any errors corrected
  • to refuse to allow data to be processed for direct mail (sometimes called junk mail)
  • to refuse to allow sensitive data (e.g. political opinions, religious views) to be processed
  • to complain to the data protection commissioner about any abuse of the act
  • to claim compensation if they have been caused damage by the misuse of the act.

Getting access to your data
The act with some exceptions gives you the right to find out what data is held about you by organisations. This is known as the ‘right of subject access’. On written request, you can be provided with a copy of all the data the organization holds about you. This can also be done in person and you must be able to prove your identity by means of some form of identification.

Exemptions to the act
You cannot demand to see data that might affect national security or hinder police investigations.
Some data (for instance Electoral Roll) has to be publicly available, and you cannot refuse to allow its publication.


Role of Data Protection Commissioner
The commissioner is responsible for:

  • enforcing and overseeing the Act
  • raising awareness of the act and its implications
  • investigating complaints

You can know more about Data Protection Act on: http://en.wikipedia.org/wiki/Data_Protection_Act

Questions

  1. Who is a data controller?
  2. Give 5 rights that the data subjects have.
  3. What is the Data Protection Commissioner responsible for?