Law and the Internet Flashcards
(34 cards)
Civil Evidence Act 1968
Computer records became admissible in civil trials
List the six principles of GDPR
Data must be:
1. Fairly and lawfully processed
2. Processed for limited purposes
3. Adequate, relevant and not excessive
4. Accurate and up to date
5. Not kept in a form that identifies people for longer than necessary
6. Processed securely and protected against loss or damage
What does GDPR stand for?
General Data Protection Regulation
GDPR includes a requirement to keep internal records of your databases. What does this include?
- Who you are, the type of data and who provided it
- Retention schedules
- Security arrangements
- Details of transfers
GDPR makes it essential to identify why processing is allowed. What does this include?
- Consent: for each purpose must be freely given, specific, informed and unambiguous
- Contract
- Legal compliance
List the rights that GDPR provides for individuals
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
What is meant by the right to be informed?
Need to have a privacy notice that explains your processing
What is meant by the right of access?
Systems need to be designed for this right to be exercisable
What is meant by the right to rectification?
Errors need to be corrected and passed on if the data was passed on
What is meant by the right to erasure?
Right to be forgotten - delete data when there is no compelling reason to keep it
What is meant by the right to restrict processing?
You can keep data, but not otherwise process it unless you have to
Who does GDPR state that firms processing data at scale must appoint? What is their job?
Data Protection Officer. They advise on GDPR obligations, monitor compliance with GDPR and report to the board
What characterises offences that fall into Section 1 of the Computer Misuse Act 1990?
- Unauthorised access to a program or data
- Requires knowledge that is unauthorised
What characterises offences that fall into Section 2 of the Computer Misuse Act 1990?
As Section 1, but with intent to commit another serious offence
What characterises offences that fall into Section 3 of the Computer Misuse Act 1990?
Unauthorised modification of data Eg. virus writing, denial of service, making/distributing hacking tools
What was Whitaker convicted under the Computer Misuse Act 1990 for?
Not disclosing a time-lock that froze bespoke software when client was late in making payments.
Explain the Wimbledon case
After an appeal it was found that “mail bombing” is a Section 3 offence - test of unauthorised becomes “if I were to ask, would they say yes”
What was Cuthbert convicted of under the Computer Misuse Act 1990?
Section 1 offence for trying out ../../../ URLs
Electronic Communications Act 2000
Electronic signatures shall be admissible as evidence
Investigatory Powers Act 2016
- Deals with interception and communications data
- Permits equipment interference under a warrant
- Permits bulk interception, bulk acquisition, bulk equipment interference and collection of bulk personal datasets
What is communications data?
Metadata about communications. Needs a retention regime
What is interception?
Revealing content to someone other than sender/receiver
How must interception be authorised under the Investigatory Powers Act 2016?
By a warrant signed by the Secretary of State ie. Home Secretary. Power can only be delegated very temporarily
Give 2 examples of interception
- Tapping a telephone
- Copying an email
