Legislation in relation to ICT

Page 1

4.1 Explain the requirements of Health and Safety legislation in relation to ICT There are various health problems associated with the regular use of computers, such as stress, eyestrain and injuries to the wrists, neck and back. Employers must take steps to protect employees whose work involves the regular use of computers and laws have been passed to ensure that employers provide a safe working environment for anyone who works with computers. Legislation has been introduced to protect workers who use computers in the course of their duties. This is called Health and Safety (Display Screen Equipment) Regulations 1992 (some minor amendments were made and the legislation updated in 2002). This states that employers must analyse workstations, assess and reduce risks. The law states that an employer must: •

provide tiltable screens

provide anti-glare screen filters

provide adjustable chairs

provide foot supports

make sure lighting is suitable

make sure there is sufficient space for people to work

train employees how to use work stations correctly

ensure employees have sufficient breaks

pay for regular eye sight tests for anyone who needs prescription glasses in order to use the computer.

NOTE: These regulations only apply to offices and not to students in schools. Employees also have a responsibility to use the equipment correctly In order to provide the satisfactory equipment for their employees, employers use ergonomics to assist the equipment design process. It is the science concerned with designing safe and comfortable working environments for humans. This includes furniture design and the design of parts of the computer like the keyboard and mouse.

4.2 Explain the principles of the Data Protection Act, showing how it determines right of access to information Concerns about the security of personal data grew as the use of computers increased, making it easier to store and retrieve vast amounts of information about individuals. Initially, The Data Protection Act (1984) set out regulations for storing personal data that was automatically processed. However, this initial act did not cover data that was stored on paper or the internet. The Data Protection Act (1998) updated the law to cover all data, including paper based data and brought the UK in line with other countries in the European Union. Data Controllers are individuals responsible for collecting and controlling data. They inform the Information Commisioner what information they are collecting and why. The Data Commisioner is appointed to enforce the Data Protection Act. The Data Subject is the person the data is held about. There are 8 principles of the Data Protection Act:

1. Personal data should be obtained and processed fairly and lawfully. A data subject must be informed that data is being collected and what it is to be used for. A data subject will usually have to have given written permission before sensitive personal data can be gathered or processed (see next page).

2. Personal data can be held only for specified and lawful purposes. For example, data on new-born babies that is held by a maternity unit should not be used to generate mail shots advertising baby products.

3. Personal data should be adequate, relevant and not excessive for the required purpose. An organisation's employee records are unlikely to require the marital status and details of an employee's children. A car insurance company does not need to know what financial commitments you have.

4. The personal data should be accurate and kept up-to-date. Companies should do their best to make sure that they do not record the wrong facts about a data subject. If a person asks for the information to be changed, the company should comply if it can be proved that the information is indeed incorrect

5. The personal data should not be kept for longer than is necessary for the purpose for which it is collected. Hospitals might need to keep patient records for 25 years or more, that is acceptable since they may need that information to treat an illness later on. However, there is no need for a personnel department to keep the application forms of unsuccessful job applicants.

6. Data must be processed in accordance with the rights of the data subjects. This gives individuals the right to inspect the information held on them. A Data Subject (e.g you) has the right to have inaccurate data corrected. For example, it is not unusual for an individual to be refused a credit card because of some inaccuracy in their data record - you can ask to see the data that caused the decision and if it is incorrect, you can instruct the data source to change their records.

7. Appropriate security measures must be taken against unauthorised access. This means information has to be kept safe from hackers and employees who don't have rights to see it. Data must also be safeguarded against accidental loss.

8. Personal data cannot be transferred to countries outside the European Union unless the country provides an adequate level of protection. Under the sixth Data Protection principle, data subjects have the right to:

• • • • • •

See data held on themselves within 40 days for payments of a small fee (often around £10) Have any errors in the data corrected Compensation for any distress caused if the Act has been broken Prevent processing likely to cause damage or distress Prevent processing for direct marketing by writing to the data controller to inform them that advertising material is not to be sent Prevent processing for automated decision taking by writing to the data controller to inform them that no decisions should be taken based on automatic processing. Some banks determine whether or not a customer should be given a mortgage on the basis of a computer program. The data subject has the right to prevent that happening.

There are some exemptions to the above:

• • • • • • • •

Data held in the interests of National Security Data held to prevent or detect a crime Taxation No automatic reight to view medical records Data relating to school or examinations Health, Education and Social Work Data processed by government departs or local authorities for an investigation or monitoring Data that forms part of a confidential reference

4.3 Explain the principles of copyright in relation to intellectual property (and software licensing) The Copyright, Designs and Patents Act was passed in 1988 to ensure people are rewarded for their work and to give protection to the copyright holder if someone tries to copy or steal their work. It is an automatic right and does not have to be applied for. Copyright applies to original works and includes: • Information published on the internet

• • • • • • •

Written work including software and databases Theatre Music Spoken work and performers TV and film Photographs Art work

You should only copy or use a work protected by copyright with the copyright owner's permission. Copyright applies to any medium, which means you must not reproduce copyright protected work in another medium without permission. For example, publishing photographs on the internet, making a sound recording of a book, a painting of a photograph and so on. Copyright does not protect ideas for a work. It is only when the work itself is fixed, for example in writing, that copyright automatically protects it. When a piece of software is purchased, the buyer does not own the software, they own the right to use the software. The control of how you may use the software is called a software licence and is written by the person who owns the copyright to the original programme. There are different types of licence: Single User Licence

Software may be loaded on to one machine

Multi User Licence

Can be loaded and used by the number specified in the licence

Site Licence Freeware Shareware

Can be loaded on every machine across a site or office. Depending on the conditions on the licence, it may be loaded on to portable computers or by staff for use at home Software that can be obtained free of charge. Sometimes authors will ask for a donation at the discretion of the user Software has a trial period after which the user is expected to pay for the software if it continues to be used.

The Computer Misuse Act 1990 Until this act came into effect, there were no laws to deal with unauthorised access of computer files (commonly known as hacking) or the introduction of viruses to computer systems. There are three offences under the act:

1. Unauthorised access to computer material For example, logging on to a system with another’s password 2. Unauthorised access with intent to commit or facilitate a crime For example, getting into a system to find personal details, transfer money from bank accounts 3. Unauthorised modification of computer material (including the introduction of viruses) For example, deleting information, adding a virus to a system. The offence listed under 1 carries a maximum 6 months imprisonment and/or £5000 fine. The other two carry jail terms of up to 5 years and unlimited fines.

Examples of prosecutions under the Computer Misuse Act:

A WPC used police national computer to access electoral rolls and car registration records in attempts to track down woman who had an affair with her boyfriend. 3 months imprisonment

A disgruntled IT supplier hacked estate agency website and replaced pictures of houses with pornography. £1250 fine.

Ex-employee stole 1,700 customer records on backup tape before setting up competitive PC networking company. Conditional discharge and £15 fine

Ex-employee made unauthorised use of his former employer's Mercury telephone account to make "free" calls. £900 fine

Defendant aka The Black Baron authored Pathogen and Queeg viruses. 18 months imprisonment

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.