Please enable JavaScript.
Coggle requires JavaScript to display documents.
Legislation in ICT - Coggle Diagram
Legislation in ICT
Sensitive personal data
Religious or philosophical beliefs
Biometric data
Political opinions
Racial or ethnic origin
Genetic data
Penalties
ability to carry out audits
monetary penalties
corrective orders
ordering rectification, restriction or erasure of data
warnings and reprimands
The Computer Misuse Act 1990
It allows unauthorised access to be prosecuted
Aims to discourage the misuse or modification of data or programs.
Updated in 2008 to cover Denial of Service Attacks
The Act has 3 sections
Unauthorised access to computer material Section 1
They try to access any program or data held in any computer without permission and know at the time that this is the case
Maximum penalty – 6 months in prison and/or a fine
Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer Section 3
They try to access any program or data held in any computer without permission and alter/modify the data or programs.
Maximum penalty –5 years in prison and /or a fine
Unauthorised access with intent to commit or facilitate commission of further offences Section 2
They try to access any program or data held in any computer without permission with a more serious criminal intent.
Maximum penalty – 5 years in prison and/or a fine
Making, supplying or obtaining material that could be used in Computer misuse offences after 2008 update Section 3 2008 Update
Creation of viruses, Supplying viruses to others or Acquiring viruses from others for use
Maximum penalty –5 years in prison and /or a fine
Offences Under the Act
Unauthorised access to computer systems
Purposefully spreading malicious and damaging software
Hacking
Data Protection Act
The DPA's main concerns are
Is the data accurate
Will the data be sold on to another company
Who will be able to access this data
How long will the data be kept
The DPA refers to three types of people
Data Processors – hold or process data on behalf of a data controller
Data Subjects – people whose personal data is being processed
Data Controllers – decide why and how they process personal data
The DPA is enforced by the Information Commissioner
Data Controllers & Data Processors must follow the GDPR principles.
General Data Protection Regulations 2018
GDPR Principles
Personal data must be:
Adequate, relevant and not excessive
Accurate
Processed for registered purposes
Not kept longer than necessary
Fairly & lawfully processed
Kept secure and confidential
GDPR fines
The GDPR monetary penalties fall into two classifications
For more severe breaches, the maximum fine is €20 million or 4% of a company's annual revenue, whichever is greater
For less severe breaches, the maximum fine is €10 million or 2% of a company's annual revenue, whichever is greater
Personal data
Any information that identifies a person