Legal Issues. Manfred Kerber.

Transcription

1 Legal Issues Manfred Kerber School of Computer Science University of Birmingham Birmingham B15 2TT, England 1

2 Overview The Data Protection Act 1998 ICO Advice on Security Breaches Freedom of Information Act 2000 Disability Discrimination Act 1995 Computer Misuse Act 1990 References Summary 2

3 Data Protection Act The eight principles: Personal information must be 1. Fairly and lawfully processed 2. Processed for limited purposes 3. Adequate, relevant and not excessive 4. Accurate and up to date 5. Not kept for longer than is necessary 6. Processed in line with your rights 7. Secure 8. Not transferred to other countries without adequate protection Exceptions: E.g., consent 3

4 Data Protection Act (Cont d) personal data means data which relate to a living individual who can be identified from those data sensitive personal data means personal data consisting of information as to the racial or ethnic origin of the data subject, his political opinions, his religious beliefs, member of a trade union... health or condition, sexual life, the commission or alleged commission by him of any offence,... 4

5 Data Protection Act (Cont d) Rights wrt. own data: Prevent processing to cause damage/distress. Prevent processing for direct marketing About automated decision-taking (e.g., work performance, creditworthiness) Compensation for failure to comply Rectification, blocking, erasure and destruction 5

6 Data Protection Act (Cont d) Exceptions: safeguarding national security protecting members of the public against financial loss due to dishonesty, malpractice or other seriously improper conduct press, literature, art, science 6

7 Data Protection Act (Cont d) Rights Duties: Right to to be informed by any data controller whether personal data... of that individual... are being processed... purpose and details Duty: A person must not knowingly or recklessly,... obtain or disclose personal data or the information contained in personal data,... 7

8 Overview The Data Protection Act 1998 ICO Advice on Security Breaches Freedom of Information Act 2000 Disability Discrimination Act 1995 Computer Misuse Act 1990 References Summary 8

9 ICO Advice Security Breaches Possible Reasons for Security Breaches: Loss or theft of data or equipment Inappropriate access controls Equipment failure Human error Unforeseen circumstances such as a fire or flood Hacking attack Blagging offences (deceiving) 9

10 Security Breaches What if? Possible Reasons for Security Breaches: Containment and recovery Assessment of ongoing risk Notification of breach Evaluation and response 10

11 Risk Minimisation For personal data know what, where, how Establish biggest risks Share only if transmission is secure Share only minimum amount of data Identify weak points Monitor staff awareness Who is responsible for reacting to reported breaches 11

12 Overview The Data Protection Act 1998 ICO Advice on Security Breaches Freedom of Information Act 2000 Disability Discrimination Act 1995 Computer Misuse Act 1990 References Summary 12

13 Freedom of Information Act Grants general right of access to information held by public authorities Everybody is entitled to: to be informed in writing by the public authority whether it holds information of the description specified in the request, and if that is the case, to have that information communicated to him. 13

14 Freedom of Information (Cont d) Limitations, e.g. privacy as specified in Data Protection Act In case of written request, answer within 20 working days. appropriate fee possible Disputes possible (e.g., MP expenses) 14

15 Overview The Data Protection Act 1998 ICO Advice on Security Breaches Freedom of Information Act 2000 Disability Discrimination Act 1995 Computer Misuse Act 1990 References Summary 15

16 Disability Discrimination Act It gives disabled people access to all services. Consequences, e.g. Web Accessibility Initiative (WAI) and Access Technology (which allows to transform PDF files into HTML which can be read by blind people). 16

17 10 Tips of WAI 1. Images & animations: Use the alt attribute 2. Image maps: Use the client-side map and text for hotspots 3. Multimedia: Provide captioning, transcripts 4. Hypertext links: Use text that makes sense, avoid click here 5. Page organization: Use headings, lists, and consistent structure. Use CSS 17

18 10 Tips of WAI (Cont d) 6. Graphs & charts: Summarize 7. Scripts, applets, & plug-ins: Provide alternative content 8. Frames: Use the noframes element and meaningful titles. 9. Tables: Make line-by-line reading sensible. Summarize. 10. Check your work: Validate. 18

19 RNIB Clear Print Guide Type size (between 12 and 14pt) Contrast (high) Typeface (no stylised typefaces) Type styles (use sparsely) Leading (spacing between lines) Type weight (prefer bold) Numbers (readable) Word spacing and alignment 19

20 RNIB Clear Print Guide (Cont d) Columns (enough margin) Reversing type (contrast) Setting text (no fitting text around images) Forms (allow extra space on forms) Navigational aids (e.g., recurring features) Printing (avoid glossy paper). 20

21 Overview The Data Protection Act 1998 ICO Advice on Security Breaches Freedom of Information Act 2000 Disability Discrimination Act 1995 Computer Misuse Act 1990 References Summary 21

22 Computer Misuse Act 3 different types of criminal offences: Unauthorised access to computer material Unauthorised access with intent to commit or facilitate commission of further offences Unauthorised modification of computer material (e.g., to obtain fraudulent credit) Also conspiracy & incitement are offences. 22

23 Computer Misuse Act Comments: Gaining unauthorised access is an offence, even if the purpose may be not unethical (e.g. finding something about UFOs) You may be not in the country in which you commit the crime. 23

24 Computer Misuse Act Some areas of computer crime: Unauthorised access (hacking) Computer fraud Identity theft Theft: goods, information or money Theft of computer time Computer espionage Harassment and sexually-related material Forgery and piracy New ones are emerging 24

25 Overview The Data Protection Act 1998 ICO Advice on Security Breaches Freedom of Information Act 2000 Disability Discrimination Act 1995 Computer Misuse Act 1990 References Summary 25

26 References Data Protection Act: ukpga_ _en. Freedom of Information Act: ukpga_ _en Disability Act: RightsAndObligations/DisabilityRights/ Web Accessiblity Initiative (WAI) RNIB (Royal National Institute of Blind People) Computer Misuse Act UKpga_ _en_1.htm P. Duquenoy, S. Jones, B.G. Blundell: Ethical, Legal & Professional Issues in Computing,

27 Overview The Data Protection Act 1998 ICO Advice on Security Breaches Freedom of Information Act 2000 Disability Discrimination Act 1995 Computer Misuse Act 1990 References Summary 27

28 Summary Legal Issues are a complicated matter: Familiarise yourself with the main relevant laws: Data Protection Freedom of Information Act Disability Discrimination Act Computer Misuse Act 1990 Ask for professional advice if the need occurs 28