Legal Aspects of Using Information Technology

The widespread use of information technology has brought us a number of benefits and problems, too. As information technology has spread, so have computer crime and abuse. For example, the internet is not only used by the innocent members of the public, but also by fraudulent traders, paedophiles, software pirates, hackers and terrorists. Their activities would include: placing computer viruses, software bootlegging, credit card fraud and money laundering schemes.

Hackers

A hacker is an individual who break codes and passwords to gain unauthorised access to data held on computer systems. When hackers gain unauthorised access to computer systems, they can do a huge amount of damage. Stand-alone computers are safe because, there is no connection for the hackers to break into. However, computers which are connected to networks or modems are at more risk from hacking. The only way of protecting the computer systems from being broken into, is by changing the passwords at regular intervals.

Computer Fraud

Computer fraud is when computer operators use the computer to their own advantage. It is difficult to track down these offenders for the following possible reasons:

* They are often clever

* They might be young with no previous criminal records

* When fraud is discovered in a business, it is often not publicised, because the news of fraud may damage the image and reputation of the business

An example of computer fraud involves a computer operator who found a blank payroll form. The computer operator will complete the form by making up the details of an imaginary person working in the Company. Each month, when the pay cheques are produced from the Company computer, the computer operator will slip the cheque into his pocket, without anyone noticing.

Computer Viruses

A computer virus is a small computer program, which usually sabotage files or programs. Viruses may be passed onto the computer in various ways. It may be passed onto the user’s computer through the Internet, e.g. downloading an e-mail attachment and saving it to the user’s hard disk. It may be passed onto the user’s computer through the sharing of floppy disks from one computer to another.

There are number of different viruses which are activated in various ways. Some may be activated by the internal clock and may start on a particular day, e.g. Friday 13th. Others may be activated when a series of conditions becomes true, e.g. when a certain combinations of keys are pressed on the keyboard.

The most damaging viruses were recently found in innocent e-mail attachments, and are designed in such a way that makes sure recipients will open them. This well-known practice is known as, Social Engineering. Some of the examples include:

* “Click here to receive a picture of Brad Pitt”

* “I love you”- this is often referred as The Love Bug

* Christmas cards, jokes, screensavers

Laws relating to IT

There are number of laws which are designed to govern any aspects of using the information technology within organisations, such as IKEA. The most common laws that IKEA needs to consider are as follows:

* Data Protection Act 1984

* Computer Misuse Act 1990

* Copyright, Design and Patent Act 1989

* Health and Safety at Work Act 1974

* Health and Safety (Visual Display Screen Equipment) Regulations 1992

Data Protection Act 1984

The Data Protection Act 1984 aims to help protect the privacy of individuals, by regulating and controlling the processing of the personal data. The first Act became law in 1984, but this was replaced by the 1998 Act, that also incorporates the European Commission Directive.

To fully understand the Act, businesses such as IKEA need to understand the meaning of the following definitions:

* Data controller- this is a party that determines the purposes for and the way in which personal data are processed

* Data processor- this is a person, other than an employee of the data controller, who process the data on behalf of the data controller

* Data subject- this is the living person who is the subject of the personal data

* Personal data- this is information held on any living person, which on its own or in conjunction with other information held by the data controller, identifies that individual

* Processing- this includes obtaining, recording or holding personal data or carrying out any operation on personal data, including organising, altering, disclosing or destroying it

* Sensitive personal data- this is a sub-category of personal data consisting of information on the data subject, relating to racial origin, ethnic origin, political opinion, religious beliefs, membership of a trade union, physical/mental health or condition, sexual life or criminal record/history

The Data Protection Act contains eight basic principles. These eight basis principles form the backbone of the Act:

Personal data must:

1) …be processed fairly and lawfully

2) …be obtained for specified and lawful purposes

3) …be adequate, relevant and not excessive for the purpose

4) …be accurate and up-to-date

5) …not be kept longer than necessary

6) …be processed within the rights of data subjects

7) …be kept secure against loss, damage and unauthorised and unlawful processing

8) …not be transferred to countries outside the European Economic Area

Looking at the eight principles mentioned above, the first five of them establishes the general standards of data quality.

The sixth principle states that the personal data must be processed in accordance with the rights of data subjects. Some of theses rights include the data subject’s right to:

* find out what data is being processed about them, in what manner and why

* find out if data is being passed to third parties and who those third parties likely to be

* find out where the data about them came from

* prevent processing about them which is likely to, “cause damage or stress”

* prevent the processing of data for the purpose of direct marketing

* ensure the removal or correction of any inaccurate data about them

The seventh principle requires data controllers to make sure that they have in place, ‘adequate security and technical measure’ to protect personal data from abuse, loss, destruction or damage. The purpose of the principle is to make sure that the protection of personal data given in the Act is not invalidated by the actions of a computer hacker or from other activities.

The eighth principle requires data controllers to make sure that no data is transferred to any country outside the European Economic Area (EEA), unless the country can provide a similar level of legal protection to that provided for in the EEA.

Computer Misuse Act 1990

The Computer Misuse Act 1990 deals with the following offences:

* Hackers- unauthorised access to any program or data held in a computer. Penalty is a maximum fine of �2000 and a six month prison sentence

* Computer fraud and blackmail- unauthorised access with a further criminal intent. The penalty is an unlimited fine and a maximum of five year prison sentence

* Viruses- unauthorised modification of computer material (e.g. programs or data). The penalty is an unlimited fine a maximum of five year prison sentence

Copyright, Design and Patent Act 1989

The Copyright, Design and Patent Act 1989 deals with a wide range of intellectual property, such as music, literature and software. The Act covers stealing software, using illegally copied software and manuals, and running purchased software on two or more machines at the same time, without a suitable licence. The legal penalties for violating the copyright law include unlimited fines and up to two years prison.

Although the Act prevents offenders copying software, more and more people are violating the law and are getting away with it. As a result, there are two organisations that aim to stop software being copied. The two organisations are:

* The Federation Against Software Theft (FAST)- this is a non-profit organisation which aim to promote the legal use of software

* The Business Software Alliance (BSA)- this organisation exists to make organisations and their employers aware of the law and encourage its carrying out

Health and Safety at Work Act 1974

The Health and Safety at Work Act 1974 (the short form is HASWA), provides the general duties and responsibilities that employers have to their employees and to members of the public, and to those that employees have to themselves and each other.

Under the Health and Safety Act 1974, all employers have to:

* ensure the health, safety and welfare at work of their employees, particularly regarding to the following:

o safe entry and exist routes

o safe working environment

o well-maintained, safe equipment

o safe storage of articles and substances

o provision of protective clothing

o information on safety

o suitable training and supervision

* prepare and continually update a written policy of the company and pass this to all employees

* allow for the appointment of safety representatives selected by a recognised trade union

Under the Health and Safety Act 1974, all employees have to:

* take reasonable care of their own health and safety and that of others who may be affected by their activities

* co-operate wit their employer and anyone acting on his or her behalf to meet the health and safety requirements

I have included a copy of IKEA Health and Safety policy in the Appendix section.

Health and Safety (Visual Display Screen Equipment) Regulations 1992

The health and safety regulations have an effect on employed workers, who regularly use Visual Display Units (VDU), for a significant part of their normal work. These regulations were introduced to prevent repetitive strain injury (RSI), fatigue and eye problems in the use of technological equipment.

Under the Health and Safety (Visual Display Screen Equipment) Regulations 1992, employers have to:

* analysis the workstations of employees covered by the Regulation and assess and reduce any risks

* look at the hardware, the environment and factors specific to the individuals using the equipment. If any risk found, the employer must take action to reduce them

* make sure that the workstations meet the minimum requirements

* make sure that there are good features in employees’ workstation. For example, the screen should have adjustable brightness and contrast controls. This allows employees to fin a comfortable level of their eyes, helping to prevent the problem of tired eyes and eyestrain

* plan work, so there are short, frequent breaks or changes of activity

* arrange and pay for eye and eyesight tests and provide employees with spectacles. Employers are responsible for providing further eye tests at regular intervals

* provide health and safety training, so employees can able to use all aspects of their workstation equipment, safely, and know hw to make best use of it to prevent health problems, e.g. by adjusting the chair

Employees also have a responsibility to:

* use workstations and equipment correctly, in accordance with training provided by the employers

* bring any problems to the attention of their employer immediately and co-operate in the correction of these problems

I have included a copy of IKEA Health and Safety policy in the Appendix section.