Computing Legislation

The Copyright, Designs and Patents Act 1988 and Digital Economy Act 2010 – which in part extends and contextualises copyright in the digital context – and the Data Protection Act 1998 also have an impact on the workplace as well as the individual in the way that they influence working practices, and in doing so encourage an arguably more ethical approach to work.

Consider the situation in which an employee has authorised access to information such as employee home addresses and private phone numbers. A colleague may approach them, that does not have this same access, and ask them for the contact details for one of the employees. Their dilemma here is one in which they must consider two aspects: legality and ethics. That is, would it be legally permissible for them to access the employee records and pass this information on to another member of staff? Additionally, though, would it be ethical to do regardless of the legality?

These are the type of questions that they, and we, would have to consider. The point though is that, beyond ethics, the existence of these legal Acts means that we also have to approach our work with legal considerations always in mind which, in regard to this example, may result in a change to working practices that requires that any request for employee contact details must be requested formally, in writing, via one particular individual within the organisation.

Further, this simple example has potential, beyond ethical considerations and if not managed correctly, to tread on the toes of the Data Protection Act 1998 and the Computer Misuse Act 1990.

Another example to consider, that would be handled by the Computer Misuse Act 1990, would be the scenario in which a programmer is employed by an individual or company to design, implement and supply a bespoke computer program to handle, say, medical records. Assuming that the programmer wrote the code ethically and in line with the applicable laws then they would be well positioned to not come asunder.

However, if they additionally introduced a “back door” into the program that enabled them to access the program and its data remotely via the Internet at some later date then this is how they could fall foul of the Computer Misuse Act 1990 in respect of at least two of the clearly defined offences, those being: “Unauthorised access to computer material” and “Unauthorised access with intent to commit or facilitate commission of further offences”. Thus, the existence of this Act and others is a clear deterrent, and from a positive perspective, a means of encouraging individuals and organisations to act ethically.

Next: Other Relevant Legislation