Welcome to Computing Legislation!

In this chapter, we are stepping away from the "how" of computers and looking at the "should." Computer Science isn't just about writing efficient code; it's about being a responsible professional and citizen. Since computers can store massive amounts of personal data and perform actions across the globe in milliseconds, governments had to create specific laws to keep things in order.

We will look at four major pieces of UK legislation that you need to know for your exam. Don't worry if legal talk sounds dry—we’ll break it down into simple rules with real-world examples to help you remember them easily!

1. The Data Protection Act 1998 (DPA)

Think of the Data Protection Act as a set of rules for anyone who collects your personal information. If a company knows your name, address, or medical history, they are "Data Controllers," and they must follow eight strict principles.

The 8 Principles of the DPA:

To make these easy to remember, think of them as the "Rules of Fair Play" for data:

  1. Fairly and lawfully processed: Companies can't trick you into giving data.
  2. Processed for limited purposes: If you give your email for a receipt, they shouldn't sell it to a marketing firm.
  3. Adequate, relevant, and not excessive: They should only ask for what they actually need. (A pizza app doesn't need to know your blood type!)
  4. Accurate and up to date: If you move house, they should update your record so your data isn't wrong.
  5. Not kept for longer than is necessary: Once they don't need your data anymore, they should delete it.
  6. Processed in line with your rights: You have the right to see what data they have on you.
  7. Secure: They must use passwords and encryption to keep hackers out.
  8. Not transferred outside the European Economic Area: Unless the other country has similar protection laws.

Did you know? Under this act, you can send a "Subject Access Request" to a company, and they are legally required to show you all the personal data they have stored about you!

Quick Review: The DPA is about protecting people's personal information from being misused by companies.

2. The Computer Misuse Act 1990 (CMA)

If the DPA is for the "good guys" collecting data, the Computer Misuse Act is for the "bad guys" trying to break in. This law was created specifically to make hacking and spreading viruses illegal.

The Three Levels of Offence:

The law gets more serious depending on what the person was trying to do:

  1. Unauthorised access to computer material: This is basic "hacking." Even if you just guess a friend's password to look at their messages without changing anything, you've broken the law.
  2. Unauthorised access with intent to commit further offences: This is when you break into a system to do something worse, like stealing bank details or blacklisting a rival.
  3. Unauthorised modification of computer material: This covers spreading viruses, deleting files, or changing data. If you "mess with the code," you're in trouble.

Analogy: Imagine someone's house.
Level 1: Picking the lock and walking inside to look around.
Level 2: Picking the lock so you can steal the TV later.
Level 3: Picking the lock and spray-painting the walls (changing/damaging things).

Key Takeaway: The CMA makes hacking, digital theft, and spreading malware illegal.

3. The Copyright Design and Patents Act 1988 (CDPA)

The Copyright Design and Patents Act is all about protecting the people who create things. In Computer Science, this mostly applies to software, music, videos, and images.

How it works:

As soon as someone creates a piece of work (like a program or a digital painting), they automatically own the "Copyright" to it. It is illegal for others to:

  • Make copies of the software to sell to others (Piracy).
  • Use the software without a proper license.
  • Copy someone else’s code and claim it as their own.

Memory Aid: The "PLAG" Test

If you are doing any of these without permission, you might be breaking the CDPA:
P - Pirating (downloading for free).
L - Loaning (giving your paid software to a friend).
A - Adapting (changing it and selling it as yours).
G - Giving away copies.

Common Mistake: Students often think you have to apply for copyright. You don't! It is automatic the moment the work is created.

Key Takeaway: The CDPA protects intellectual property and prevents software piracy.

4. The Regulation of Investigatory Powers Act 2000 (RIPA)

This is the most controversial of the four. The Regulation of Investigatory Powers Act gives the government and public bodies (like the police) the power to monitor digital communication to stop crime and terrorism.

What the government can do under RIPA:

  • Demand access: They can force Internet Service Providers (ISPs) to hand over your internet history or emails.
  • Mass Surveillance: They can monitor "traffic data" (who you are talking to and when, even if they don't read the actual message contents).
  • Decryption: If your data is encrypted, they can legally demand that you give them the key or the password to unlock it. If you refuse, you can go to prison!
  • Secret Investigation: They can prevent companies from telling the public that they are being monitored.

The Big Debate: RIPA is always a balance between Security (stopping criminals) and Privacy (the right to have a private life without the government watching you).

Key Takeaway: RIPA allows the authorities to intercept and monitor digital communications for national security.

Summary Table: Which Law is Which?

Don't worry if these get jumbled at first! Use this quick reference guide:

Act Name Main Purpose
Data Protection Act Protecting your personal data held by others.
Computer Misuse Act Stopping hackers and virus creators.
Copyright Design & Patents Act Protecting the creators of software/media.
Regulation of Investigatory Powers Act Giving police powers to monitor the web.

Final Tip: In your exam, if a question asks about a company losing customer data, talk about the DPA. If it's about someone breaking into a server, it's the CMA!