8.02 - Legal Issues

Legal issues are about what is deemed right and wrong by the law.

The Data Protection Act 2018 (the UK version of GDPR, the General Data Protection Regulation) governs data collection, processing, and storage:

Organisations must only collect data for a specific purpose and also make sure that the data is accurate.
Data must only be processed with the user's consent, if there is a legal obligation to do so, or other legitimate reasons.
Also, the data must not be kept longer than necessary or transferred to other countries unless they can keep it protected.
The data must be protected from unauthorised access, but in the event of a data breach, the customers must be told within 72 hours.

It also provides a number of rights for the customer, including:

The right to view data stored about you by an organisation for free.
The right to withdraw consent (e.g. from mailing lists).
The right to make changes to your data if it is inaccurate.
The right to delete all your personal data from an organisation's servers.

GDPR is being enforced. Meta was fined €1.2bn (£1bn) in Ireland for transferring data to the United States without enough data protection mechanisms in May 2023.

The Computer Misuse Act 1990 introduced four new offences:

Making, supplying, or obtaining malware which could be used to commit the following crimes (maximum 2 years in prison).
Unauthorised access to computer material, like logging in to a network with someone else's details (maximum 2 years in prison).
Unauthorised modification of computer material: deleting or changing files that are not your own (maximum 2 years in prison).
Unauthorised access in order to commit a crime, like stealing data or destroying a network (maximum 5 or 10 years in prison, depending on the crime).

The Copyright, Designs and Patents Act 1988 protects creations from being copied:

If you invent something and receive a patent, this Act prevents anyone else from using the invention without your permission for 20 years.
If you write a book, create a video, compose some music, or make a piece of software, this Act lets you decide how your work should be used for 70 years, or until your death.
Copyright infringement can result in fines or up to 10 years in prison.

An employee of a web design company has lost his job and is very upset. Before he leaves, he does the following actions:

Logs in to a computer with a colleague's username and password
Copies logos and other graphics from there onto his USB stick
Downloads a list of all the company's clients and their contact details

Which laws has he broken?

The Computer Misuse Act 1990 (for logging in without permission)
The Copyright, Designs and Patents Act 1988 (for copying the graphics)
The Data Protection Act 2018 (for accessing personal details)